gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] branch master updated (87430bf69 -> d95fbcb04)


From: gnunet
Subject: [GNUnet-SVN] [gnurl] branch master updated (87430bf69 -> d95fbcb04)
Date: Tue, 11 Sep 2018 12:51:11 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a change to branch master
in repository gnurl.

    from 87430bf69 maketgz: Really use compress.
     new 1f6e38e6a examples/crawler.c: move #ifdef to column 0
     new 48cf45c5a schannel: fix MinGW compile break
     new d6417f6c2 openssl: assume engine support in 1.0.0 or later
     new 1b76c3890 conn: remove the boolean 'inuse' field
     new c8373e3df ares: check for NULL in completed-callback
     new 151d3c56d Curl_getoff_all_pipelines: improved for multiplexed
     new acefdd0cd multi: always do the COMPLETED procedure/state
     new 29b78a537 docs/SECURITY-PROCESS: mention bounty, drop pre-notify
     new 2c33105db schannel: enable CALG_TLS1PRF for w32api >= 5.1
     new 5b511b095 smb: fix memory-leak in URL parse error path
     new f8be737d8 content_encoding: accept up to 4 unknown trailer bytes after 
raw deflate data
     new 8c0041242 test1422: add required file feature
     new 092f6815c darwinssl: add support for ALPN negotiation
     new a82372e0f header output: switch off all styles, not just unbold
     new d1207c07d CMake: Update scripts to use consistent style
     new db2ac90ea RELEASE-NOTES: sync
     new 7bc118043 test1143: disable MSYS2's POSIX path conversion
     new 73af7bcd6 smb_getsock: always wait for write socket too
     new 7b9bc96c7 http2: several cleanups
     new 1550e844b test214: disable MSYS2's POSIX path conversion for URL
     new 6d13432bf tests: fixes for Windows line endlings
     new 81377cace vtls: set conn->data when closing TLS
     new 26e35844e test320: treat curl320.out file as binary
     new df57b439f auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer 
token
     new 6f5ef24f0 auth: pick Bearer authentication whenever a token is 
available
     new d0d48b427 system_win32: fix version checking
     new a7091ba75 reuse_conn(): free old_conn->options
     new 10d8f3f13 wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
     new 9526cbe6b docs/CURLOPT_WRITEFUNCTION: size is always 1
     new 812d05daf docs/CURLOPT_URL: fix indentation
     new 7212c4cd6 docs/INSTALL.md: minor formatting fixes
     new 7f5e57061 docs/examples: add hiperfifo example using linux 
epoll/timerfd
     new d39054194 mime: check Curl_rand_hex's return code
     new 3e9b3a379 curl: Fix segfault when -H @headerfile is empty
     new 35ecffb9b test1157: test -H from empty file
     new 10061f475 conn_free: updated comment to clarify
     new 1fb8048ab TODO: Support Authority Information Access certificate 
extension (AIA)
     new 4f223593c tests/http_pipe.py: Use /usr/bin/env to find python
     new ea6f57696 test1157: follow-up to 35ecffb9
     new 3db628360 sws: handle EINTR when calling select()
     new 089833147 examples/ephiperfifo: checksrc compliance
     new fe60cbfbb travis: run a 'make checksrc' too
     new 09e401e01 smb: fix memory leak on early failure
     new c3b297466 http2: clear the drain counter in Curl_http2_done
     new d6cf93011 retry: return error if rewind was necessary but didn't happen
     new e78f2cfe5 curl: use Content-Disposition before the "URL end" for -OJ
     new 1836d59ed HTTP: Don't attempt to needlessly decompress redirect body
     new 21b305dad mailmap: Daniel Jelinski
     new 6377da72b RELEASE-NOTES: synced
     new 276644ca1 general: fix printf specifiers
     new 45d45275e smb: don't mark it done in smb_do
     new b7bdf2100 test1307: disabled
     new 81be25487 hostip: fix unused variable warning
     new 7279c47f1 lib/Makefile: only do symbol hiding if told to
     new 8bab3e2eb DEPRECATE: remove release date from 7.62.0
     new 537763f7f travis: build darwinssl on macos 10.12
     new 7867aaa9a cmake: link curl to the OpenSSL targets instead of lib 
absolute paths
     new f826b4ce9 cmake: bumped minimum version to 3.4
     new c892795ea CMake: Respect BUILD_SHARED_LIBS
     new 298d2565e ssl: set engine implicitly when a PKCS#11 URI is provided
     new 1ba1dba76 windows: implement send buffer tuning
     new d38b4737f windows: follow up to the buffer-tuning 1ba1dba7
     new ebdb0d5c2 RELEASE-NOTES: synced
     new 3668d9d76 configure: fix for -lpthread detection with OpenSSL and 
pkg-config
     new aa2ad90ac openssl: fix debug messages
     new 489ac0175 telnet: Remove unused macros TELOPTS and TELCMDS
     new d5304c369 formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
     new 64c01db0c http_proxy: Remove unused macro SELECT_TIMEOUT
     new 1c14ba60c asyn-thread: Remove unused macro
     new 8ea0baed3 test1540: Remove unused macro TEST_HANG_TIMEOUT
     new 96d6d3801 test1531: Add timeout
     new c817a3b64 README.md: add LGTM.com code quality grade for C/C++
     new 6fac5a3e6 docs: mention NULL is fine input to several functions
     new 531cb203c lib1502: fix memory leak in torture test
     new 9fe9bd764 travis: execute "set -eo pipefail" for coverage build
     new 27cc5f1a9 openssl: fix potential NULL pointer deref in is_pkcs11_uri
     new 9e2f5eb32 RELEASE-NOTES: synced
     new 53d211bfd Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
     new 2a278fd73 CURLINFO_SIZE_UPLOAD: fix missing counter update
     new 25d2a1bae Silence GCC 8 cast-function-type warnings
     new f31911a80 GCC: silence -Wcast-function-type uniformly
     new b676b66f4 docs: Improve the manual pages of some callbacks
     new 220cd241c projects: Improve Windows perl detection in batch scripts
     new 41dabac76 Split non-portable part off test 1133
     new 60000eb82 .travis.yml: verify that man pages can be regenerated
     new 233908a55 docs: add disallow-username-in-url.d and haproxy-protocol.d 
on the list
     new 8440616f5 http: fix for tiny "HTTP/0.9" response
     new b85207199 travis: update to GCC 8
     new 9622c350a travis: disable h2 torture tests for "coverage"
     new 1e843a31a ssh-libssh: reduce excessive verbose output about pubkey auth
     new a4c7911a4 ssh-libssh: fix infinite connect loop on invalid private key
     new 39cb7130c TODO: host name sections in config files
     new ab66a8048 CMake: CMake config files are defining CURL_STATICLIB for 
static builds
     new d6757bbc7 RELEASE-NOTES: synced
     new 3001304ad travis: revert back to gcc-7 for coverage builds
     new ac86eabdb http2: check nghttp2_session_set_stream_user_data return code
     new 099f37e9c curl: warn the user if a given file name looks like an option
     new 09da53998 urldata: remove unused pipe_broke struct field
     new ba58ce669 test1268: check the stderr output as "text"
     new c7ea4ddd2 http2: make sure to send after RST_STREAM
     new 4939f3652 vtls: reinstantiate engine on duplicated handles
     new e6e9b006f upload: allocate upload buffer on-demand
     new 8c80a9d1e upload: change default UPLOAD_BUFSIZE to 64KB
     new 4c20b2048 RELEASE-NOTES: synced
     new a040ff88e docs/SECURITY-PROCESS: now we name the files after the CVE id
     new 9dad3bd66 SSLCERTS: improve the openssl command line
     new e29ff2be2 http2: avoid set_stream_user_data() before stream is assigned
     new 362e9cc89 INTERNALS: require GnuTLS >= 2.11.3
     new d26717584 x509asn1: make several functions static
     new a829c4b25 Remove unused definitions
     new d5c035105 configure: conditionally enable pedantic-errors
     new 60776a051 curl-compilers: enable -Wbad-function-cast on GCC
     new 15ed9f87e curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
     new 014ed7c22 Enable more GCC warnings
     new 93b34981f test1148: disable if decimal separator is not point
     new 205f5b597 x509asn1: use FALLTHROUGH
     new 396fc0843 http2: remove four unused nghttp2 callbacks
     new 78d5302b5 http2: abort the send_callback if not setup yet
     new 86b1e94ae Tests: fixes for Windows
     new 3c7511b92 RELEASE-NOTES: synced
     new 1b8ed4ad2 libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
     new 387e85efd cookie tests: treat files as text
     new 8f3c3cd08 gopher: Do not translate `?' to `%09'
     new 6b6c2b8d5 schannel: client certificate store opening fix
     new da2395842 README: add appveyor build badge [ci skip]
     new edfaf5a25 curl_threads: silence bad-function-cast warning
     new 20168b948 lib1522: fix curl_easy_setopt argument type
     new a7ba60bb7 docs: clarify NO_PROXY env variable functionality
     new 234538872 cmdline-opts/page-footer: fix edit mistake
     new f16bed0c4 curl: fix time-of-check, time-of-use race in dir creation
     new 0e7e5e1ad CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended 
connection reuse [ci skip]
     new cc67b0a2e CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci 
skip]
     new 2ad48cbf1 RELEASE-NOTES: synced
     new 843d16103 THANKS-filter: dedup Daniel Jeliński
     new c10f5b02a CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning
     new b842fa311 Don't use Windows path %PWD for SSH tests
     new e2ef8d6fa cookies: support creation-time attribute for cookies
     new 705cc899e tool_operate: Fix setting proxy TLS 1.3 ciphers
     new 9dda13bba ssh-libssh: use FALLTHROUGH to silence gcc8
     new 1a890997a all: s/int/size_t cleanup
     new b8b338351 test1148: fix precheck output
     new 19ebc2821 http2: Use correct format identifier for stream_id
     new 57d299a49 Curl_ntlm_core_mk_nt_hash: return error on too long password
     new 978574b50 openssl: Fix setting TLS 1.3 cipher suites
     new 351c0f3a5 tool_operate: Add http code 408 to transient list for --retry
     new 52c13d632 url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
     new daa3c450d sftp: don't send post-qoute sequence when retrying a 
connection
     new 908286b57 sftp: fix indentation
     new 53dab550b Curl_getoff_all_pipelines: ignore unused return values
     new 8f1bd8d35 RELEASE-NOTES: 7.61.1
     new 432eb5f5c THANKS: 7.61.1 status
     new 8046e5988 Merge tag 'curl-7_61_1'
     new d95fbcb04 guix.scm: adjust to version.

The 153 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .mailmap                                           |   1 +
 .travis.yml                                        |  21 +-
 CMake/CurlSymbolHiding.cmake                       |  92 ++---
 CMake/FindCARES.cmake                              |  38 +-
 CMake/FindGSS.cmake                                | 410 ++++++++++-----------
 CMake/FindLibSSH2.cmake                            |  14 +-
 CMake/FindNGHTTP2.cmake                            |   2 +-
 CMake/Macros.cmake                                 |  44 +--
 CMake/cmake_uninstall.cmake.in                     |  18 +-
 CMake/curl-config.cmake                            |  59 ---
 CMake/curl-config.cmake.in                         |  64 ++++
 CMakeLists.txt                                     | 159 ++++----
 Makefile.am                                        |   2 +-
 README.md                                          |   7 +-
 RELEASE-NOTES                                      | 401 ++++++++++----------
 acinclude.m4                                       |   2 +-
 appveyor.yml                                       |  22 +-
 configure.ac                                       |   8 +-
 docs/DEPRECATE.md                                  |   7 +-
 docs/HTTP2.md                                      |  17 +-
 docs/INSTALL.md                                    |   4 +-
 docs/INTERNALS.md                                  |   2 +-
 docs/SECURITY-PROCESS.md                           |  34 +-
 docs/SSLCERTS.md                                   |   4 +-
 docs/THANKS                                        |  21 ++
 docs/THANKS-filter                                 |   1 +
 docs/TODO                                          |  20 +
 docs/cmdline-opts/Makefile.inc                     |   3 +-
 docs/cmdline-opts/cert.d                           |   7 +
 docs/cmdline-opts/key.d                            |   7 +
 docs/cmdline-opts/page-footer                      |   5 +-
 docs/cmdline-opts/retry.d                          |   2 +-
 docs/examples/Makefile.inc                         |   2 +-
 docs/examples/crawler.c                            |   6 +-
 docs/examples/{hiperfifo.c => ephiperfifo.c}       | 264 ++++++++-----
 docs/examples/sslbackend.c                         |   4 +-
 docs/libcurl/gnurl_easy_cleanup.3                  |   5 +-
 docs/libcurl/gnurl_formfree.3                      |   5 +-
 docs/libcurl/gnurl_free.3                          |   5 +-
 docs/libcurl/gnurl_mime_free.3                     |   4 +-
 docs/libcurl/gnurl_multi_cleanup.3                 |   5 +-
 docs/libcurl/gnurl_share_cleanup.3                 |   4 +-
 docs/libcurl/gnurl_slist_free_all.3                |   5 +-
 docs/libcurl/libgnurl-thread.3                     |  12 +-
 docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3       |  14 +-
 docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3        |  15 +-
 docs/libcurl/opts/GNURLOPT_INTERLEAVEFUNCTION.3    |   4 +-
 docs/libcurl/opts/GNURLOPT_NOPROXY.3               |   4 +-
 docs/libcurl/opts/GNURLOPT_PROXY.3                 |   8 +-
 docs/libcurl/opts/GNURLOPT_READDATA.3              |   5 +-
 docs/libcurl/opts/GNURLOPT_READFUNCTION.3          |  10 +-
 docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3       |   4 +-
 docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3      |  10 +-
 docs/libcurl/opts/GNURLOPT_URL.3                   |   1 +
 docs/libcurl/opts/GNURLOPT_WRITEDATA.3             |   2 +-
 docs/libcurl/opts/GNURLOPT_WRITEFUNCTION.3         |   2 +-
 guix.scm                                           |   4 +-
 include/gnurl/curlver.h                            |   6 +-
 lib/CMakeLists.txt                                 |  29 +-
 lib/Makefile.am                                    |   3 +
 lib/asyn-ares.c                                    |  18 +-
 lib/asyn-thread.c                                  |   2 -
 lib/conncache.c                                    |  29 +-
 lib/content_encoding.c                             |  26 +-
 lib/cookie.c                                       |  76 +++-
 lib/cookie.h                                       |   4 +-
 lib/curl_ntlm_core.c                               |   5 +-
 lib/curl_setup.h                                   |   5 +
 lib/curl_threads.c                                 |   3 +-
 lib/dict.c                                         |   4 +-
 lib/easy.c                                         |   7 +
 lib/file.c                                         |   4 +-
 lib/formdata.c                                     |  11 +-
 lib/gopher.c                                       |  11 +-
 lib/hostasyn.c                                     |   4 +-
 lib/hostip.c                                       |   4 +
 lib/http.c                                         | 127 ++++---
 lib/http2.c                                        | 195 +++++-----
 lib/http2.h                                        |   4 +-
 lib/http_ntlm.c                                    |   2 +-
 lib/http_proxy.c                                   |   1 -
 lib/md5.c                                          |  38 +-
 lib/mime.c                                         |   9 +-
 lib/multi.c                                        | 134 ++++---
 lib/pipeline.c                                     |   6 +-
 lib/setopt.c                                       |   9 +-
 lib/sha256.c                                       |   7 +-
 lib/smb.c                                          | 105 +++---
 lib/smb.h                                          |   1 +
 lib/socks.c                                        |   6 +-
 lib/ssh-libssh.c                                   |  37 +-
 lib/ssh.c                                          |  37 +-
 lib/ssh.h                                          |   4 +-
 lib/strcase.h                                      |   1 -
 lib/system_win32.c                                 |  15 +-
 lib/telnet.c                                       |  10 +-
 lib/tftp.c                                         |   6 +-
 lib/transfer.c                                     |  76 +++-
 lib/transfer.h                                     |   4 +-
 lib/url.c                                          | 160 ++++----
 lib/url.h                                          |   3 +-
 lib/urldata.h                                      |  33 +-
 lib/vtls/cyassl.c                                  |   2 +
 lib/vtls/darwinssl.c                               |  62 ++++
 lib/vtls/openssl.c                                 |  48 ++-
 lib/vtls/schannel.c                                |  21 +-
 lib/vtls/vtls.c                                    |   5 +-
 lib/warnless.h                                     |   3 +
 lib/x509asn1.c                                     | 126 +++----
 m4/curl-compilers.m4                               |  18 +-
 projects/build-openssl.bat                         |  33 +-
 projects/checksrc.bat                              |   2 +-
 src/CMakeLists.txt                                 |   2 +-
 src/tool_cb_hdr.c                                  |  10 +-
 src/tool_cb_see.c                                  |   4 +-
 src/tool_dirhie.c                                  |  10 +-
 src/tool_getparam.c                                |  60 +--
 src/tool_metalink.c                                |  23 +-
 src/tool_operate.c                                 |  56 ++-
 src/tool_urlglob.c                                 |   6 +-
 tests/FILEFORMAT                                   |   1 +
 tests/data/DISABLED                                |   2 +
 tests/data/Makefile.inc                            |   9 +-
 tests/data/test1105                                |   2 +-
 tests/data/test1133                                |  12 +-
 tests/data/test1136                                |   2 +-
 tests/data/test1143                                |   5 +
 tests/data/test1148                                |   5 +-
 tests/data/test1151                                |   6 +-
 tests/data/test1155                                |   2 +-
 tests/data/{test260 => test1157}                   |   9 +-
 tests/data/{test1133 => test1158}                  |  35 +-
 tests/data/test1161                                |   2 +-
 tests/data/test1164                                |   2 +-
 tests/data/test1202                                |   2 +-
 tests/data/test1216                                |   2 +-
 tests/data/{test37 => test1266}                    |  19 +-
 tests/data/{test37 => test1267}                    |  19 +-
 tests/data/test1268                                |  41 +++
 tests/data/test1415                                |   6 +-
 tests/data/test1422                                |   1 +
 tests/data/test1446                                |   2 +-
 tests/data/{test1 => test1522}                     |  36 +-
 tests/data/test1554                                |   6 -
 tests/data/test2004                                |   2 +-
 tests/data/test2072                                |   2 +-
 tests/data/test214                                 |   4 +
 tests/data/test31                                  |  62 ++--
 tests/data/test320                                 |   2 +-
 tests/data/test46                                  |  16 +-
 tests/data/test506                                 |  28 +-
 tests/data/test582                                 |   2 +-
 tests/data/test583                                 |   2 +-
 tests/data/test600                                 |   2 +-
 tests/data/test601                                 |   2 +-
 tests/data/test602                                 |   2 +-
 tests/data/test603                                 |   2 +-
 tests/data/test604                                 |   2 +-
 tests/data/test605                                 |   2 +-
 tests/data/test606                                 |   2 +-
 tests/data/test607                                 |   2 +-
 tests/data/test608                                 |   2 +-
 tests/data/test609                                 |   2 +-
 tests/data/test61                                  |   4 +-
 tests/data/test610                                 |   2 +-
 tests/data/test611                                 |   2 +-
 tests/data/test612                                 |   2 +-
 tests/data/test613                                 |   2 +-
 tests/data/test614                                 |   2 +-
 tests/data/test615                                 |   2 +-
 tests/data/test616                                 |   2 +-
 tests/data/test617                                 |   2 +-
 tests/data/test618                                 |   2 +-
 tests/data/test619                                 |   2 +-
 tests/data/test620                                 |   2 +-
 tests/data/test621                                 |   2 +-
 tests/data/test622                                 |   2 +-
 tests/data/test623                                 |   2 +-
 tests/data/test624                                 |   2 +-
 tests/data/test625                                 |   2 +-
 tests/data/test626                                 |   2 +-
 tests/data/test628                                 |   2 +-
 tests/data/test629                                 |   2 +-
 tests/data/test630                                 |   2 +-
 tests/data/test631                                 |   2 +-
 tests/data/test632                                 |   2 +-
 tests/data/test633                                 |   2 +-
 tests/data/test634                                 |   2 +-
 tests/data/test635                                 |   2 +-
 tests/data/test636                                 |   2 +-
 tests/data/test637                                 |   2 +-
 tests/data/test638                                 |   2 +-
 tests/data/test639                                 |   2 +-
 tests/data/test640                                 |   2 +-
 tests/data/test641                                 |   2 +-
 tests/data/test642                                 |   2 +-
 tests/data/{test628 => test656}                    |  10 +-
 tests/data/test8                                   |   2 +-
 tests/http_pipe.py                                 |   2 +-
 tests/libtest/CMakeLists.txt                       |   7 +-
 tests/libtest/Makefile.inc                         |  12 +-
 .../libtest/chkdecimalpoint.c                      |  23 +-
 tests/libtest/lib1502.c                            |   2 +
 tests/libtest/lib1522.c                            |  87 +++++
 tests/libtest/lib1531.c                            |  11 +-
 tests/libtest/lib1540.c                            |   2 -
 tests/libtest/lib650.c                             |   5 +-
 tests/libtest/libntlmconnect.c                     |  15 +-
 tests/runtests.pl                                  |   4 +-
 tests/server/CMakeLists.txt                        |   4 +-
 tests/server/sockfilt.c                            |   3 +-
 tests/server/sws.c                                 |  40 +-
 tests/unit/CMakeLists.txt                          |   8 +-
 tests/unit/unit1394.c                              |   3 +
 214 files changed, 2492 insertions(+), 1858 deletions(-)
 delete mode 100644 CMake/curl-config.cmake
 create mode 100644 CMake/curl-config.cmake.in
 copy docs/examples/{hiperfifo.c => ephiperfifo.c} (64%)
 copy tests/data/{test260 => test1157} (81%)
 copy tests/data/{test1133 => test1158} (55%)
 copy tests/data/{test37 => test1266} (71%)
 copy tests/data/{test37 => test1267} (70%)
 create mode 100644 tests/data/test1268
 copy tests/data/{test1 => test1522} (69%)
 copy tests/data/{test628 => test656} (60%)
 copy lib/curl_range.h => tests/libtest/chkdecimalpoint.c (74%)
 create mode 100644 tests/libtest/lib1522.c

diff --git a/.mailmap b/.mailmap
index b1584e675..8acbf4901 100644
--- a/.mailmap
+++ b/.mailmap
@@ -44,3 +44,4 @@ Jiří Malák <address@hidden>
 Nick Zitzmann <address@hidden>
 Kees Dekker <address@hidden>
 Max Savenkov <address@hidden>
+Daniel Jelinski <address@hidden> <address@hidden>
diff --git a/.travis.yml b/.travis.yml
index 0045c5e0b..44e3be83f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -21,13 +21,14 @@ addons:
         packages:
             - cmake
             - gcc-7
+            - gcc-8
             - lcov
             - clang-6.0
             - valgrind
             - libev-dev
             - libc-ares-dev
-            - g++-7
-            - libstdc++-7-dev
+            - g++-8
+            - libstdc++-8-dev
             - stunnel4
             - libidn2-0-dev
             - libssh2-1-dev
@@ -42,7 +43,7 @@ matrix:
         - os: linux
           compiler: gcc
           dist: trusty
-          env: T=normal C="--with-gssapi --with-libssh2"
+          env: T=normal C="--with-gssapi --with-libssh2" CHECKSRC=1
         - os: linux
           compiler: gcc
           dist: trusty
@@ -101,6 +102,7 @@ matrix:
           env: T=debug C="--with-ssl=/usr/local/opt/libressl 
--with-libmetalink"
         - os: osx
           compiler: clang
+          osx_image: xcode9.2
           env: T=debug C="--without-ssl --with-darwinssl --with-libmetalink"
         - os: osx
           compiler: clang
@@ -134,7 +136,7 @@ install:
   - if [ $TRAVIS_OS_NAME = linux ]; then
       curl -L 
https://github.com/nghttp2/nghttp2/releases/download/v1.24.0/nghttp2-1.24.0.tar.gz
 |
          tar xzf - &&
-         (cd nghttp2-1.24.0 && CXX="g++-7" ./configure --prefix=/usr 
--disable-threads --enable-app && make && sudo make install);
+         (cd nghttp2-1.24.0 && CXX="g++-8" ./configure --prefix=/usr 
--disable-threads --enable-app && make && sudo make install);
     fi
 
 before_script:
@@ -227,15 +229,14 @@ before_script:
 
 script:
     - |
-        # Uncomment this when `coverage` runs on Trusty.
-        # set -eo pipefail
+        set -eo pipefail
         if [ "$T" = "coverage" ]; then
              export CC="gcc-7"
              ./configure --enable-debug --disable-shared --enable-code-coverage
              make
              make TFLAGS=-n test-nonflaky
              make "TFLAGS=-n -e" test-nonflaky
-             tests="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 200 201 
202 300 301 302 500 501 502 503 504 506 507 508 509 510 511 512 513 514 515 516 
517 518 519 600 601 700 701 702 800 801 802 803 900 901 902 903 1000 1001 1002 
1004 1100 1101 1200 1201 1302 1303 1304 1305 1306 1308 1400 1401 1402 1404 1450 
1451 1452 1502 1507 1508 1600 1602 1603 1605 1700 1701 1702 2001 3000"
+             tests="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 200 201 
202 300 301 302 500 501 502 503 504 506 507 508 509 510 511 512 513 514 515 516 
517 518 519 600 601 700 701 702 800 801 802 803 900 901 902 903 1000 1001 1002 
1004 1100 1101 1200 1201 1302 1303 1304 1305 1306 1308 1400 1401 1402 1404 1450 
1451 1452 1502 1507 1508 1600 1602 1603 1605 2001 3000"
              make "TFLAGS=-n -t $tests" test-nonflaky
              coveralls --gcov /usr/bin/gcov-7 --gcov-options '\-lp' -i src -e 
lib -e tests -e docs -b $PWD/src
              coveralls --gcov /usr/bin/gcov-7 --gcov-options '\-lp' -e src -i 
lib -e tests -e docs -b $PWD/lib
@@ -269,6 +270,9 @@ script:
              ./configure --enable-warnings --enable-werror $C
              make && make examples
              make test-nonflaky
+             if [ -n $CHECKSRC ]; then
+                make checksrc
+             fi
         fi
     - |
         set -eo pipefail
@@ -304,11 +308,12 @@ script:
             rm -rf curl-99.98.97
             # verify out-of-tree build
             (tar xf curl-99.98.97.tar.gz && \
+             touch curl-99.98.97/docs/{cmdline-opts,libcurl}/Makefile.inc && \
              mkdir build && \
              cd build && \
              ../curl-99.98.97/configure && \
              make && \
-             make TFLAGS=1 test)
+             make TFLAGS='-p 1 1139' test)
             # verify cmake build
             rm -rf curl-99.98.97
             (tar xf curl-99.98.97.tar.gz && \
diff --git a/CMake/CurlSymbolHiding.cmake b/CMake/CurlSymbolHiding.cmake
index 9f7d29633..15ba46e46 100644
--- a/CMake/CurlSymbolHiding.cmake
+++ b/CMake/CurlSymbolHiding.cmake
@@ -4,57 +4,57 @@ option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl 
internal symbols (=hide al
 mark_as_advanced(CURL_HIDDEN_SYMBOLS)
 
 if(CURL_HIDDEN_SYMBOLS)
-    set(SUPPORTS_SYMBOL_HIDING FALSE)
+  set(SUPPORTS_SYMBOL_HIDING FALSE)
 
-    if(CMAKE_C_COMPILER_ID MATCHES "Clang")
-        set(SUPPORTS_SYMBOL_HIDING TRUE)
-        set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
-        set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
-    elseif(CMAKE_COMPILER_IS_GNUCC)
-        if(NOT CMAKE_VERSION VERSION_LESS 2.8.10)
-            set(GCC_VERSION ${CMAKE_C_COMPILER_VERSION})
-        else()
-            execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
-                            OUTPUT_VARIABLE GCC_VERSION)
-        endif()
-        if(NOT GCC_VERSION VERSION_LESS 3.4)
-            # note: this is considered buggy prior to 4.0 but the autotools 
don't care, so let's ignore that fact
-            set(SUPPORTS_SYMBOL_HIDING TRUE)
-            set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ 
(\"default\")))")
-            set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
-        endif()
-    elseif(CMAKE_C_COMPILER_ID MATCHES "SunPro" AND NOT 
CMAKE_C_COMPILER_VERSION VERSION_LESS 8.0)
-        set(SUPPORTS_SYMBOL_HIDING TRUE)
-        set(_SYMBOL_EXTERN "__global")
-        set(_CFLAG_SYMBOLS_HIDE "-xldscope=hidden")
-    elseif(CMAKE_C_COMPILER_ID MATCHES "Intel" AND NOT 
CMAKE_C_COMPILER_VERSION VERSION_LESS 9.0)
-        # note: this should probably just check for version 9.1.045 but I'm 
not 100% sure
-        #       so let's to it the same way autotools do.
-        set(SUPPORTS_SYMBOL_HIDING TRUE)
-        set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
-        set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
-        check_c_source_compiles("#include <stdio.h>
-            int main (void) { printf(\"icc fvisibility bug test\"); return 0; 
}" _no_bug)
-        if(NOT _no_bug)
-            set(SUPPORTS_SYMBOL_HIDING FALSE)
-            set(_SYMBOL_EXTERN "")
-            set(_CFLAG_SYMBOLS_HIDE "")
-        endif()
-    elseif(MSVC)
-        set(SUPPORTS_SYMBOL_HIDING TRUE)
+  if(CMAKE_C_COMPILER_ID MATCHES "Clang")
+    set(SUPPORTS_SYMBOL_HIDING TRUE)
+    set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
+    set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
+  elseif(CMAKE_COMPILER_IS_GNUCC)
+    if(NOT CMAKE_VERSION VERSION_LESS 2.8.10)
+      set(GCC_VERSION ${CMAKE_C_COMPILER_VERSION})
+    else()
+      execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
+                      OUTPUT_VARIABLE GCC_VERSION)
+    endif()
+    if(NOT GCC_VERSION VERSION_LESS 3.4)
+      # note: this is considered buggy prior to 4.0 but the autotools don't 
care, so let's ignore that fact
+      set(SUPPORTS_SYMBOL_HIDING TRUE)
+      set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
+      set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
     endif()
+  elseif(CMAKE_C_COMPILER_ID MATCHES "SunPro" AND NOT CMAKE_C_COMPILER_VERSION 
VERSION_LESS 8.0)
+    set(SUPPORTS_SYMBOL_HIDING TRUE)
+    set(_SYMBOL_EXTERN "__global")
+    set(_CFLAG_SYMBOLS_HIDE "-xldscope=hidden")
+  elseif(CMAKE_C_COMPILER_ID MATCHES "Intel" AND NOT CMAKE_C_COMPILER_VERSION 
VERSION_LESS 9.0)
+    # note: this should probably just check for version 9.1.045 but I'm not 
100% sure
+    #       so let's to it the same way autotools do.
+    set(SUPPORTS_SYMBOL_HIDING TRUE)
+    set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))")
+    set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden")
+    check_c_source_compiles("#include <stdio.h>
+        int main (void) { printf(\"icc fvisibility bug test\"); return 0; }" 
_no_bug)
+    if(NOT _no_bug)
+      set(SUPPORTS_SYMBOL_HIDING FALSE)
+      set(_SYMBOL_EXTERN "")
+      set(_CFLAG_SYMBOLS_HIDE "")
+    endif()
+  elseif(MSVC)
+    set(SUPPORTS_SYMBOL_HIDING TRUE)
+  endif()
 
-    set(HIDES_CURL_PRIVATE_SYMBOLS ${SUPPORTS_SYMBOL_HIDING})
+  set(HIDES_CURL_PRIVATE_SYMBOLS ${SUPPORTS_SYMBOL_HIDING})
 elseif(MSVC)
-    if(NOT CMAKE_VERSION VERSION_LESS 3.7)
-        set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE) #present since 3.4.3 but 
broken
-        set(HIDES_CURL_PRIVATE_SYMBOLS FALSE)
-    else()
-        message(WARNING "Hiding private symbols regardless CURL_HIDDEN_SYMBOLS 
being disabled.")
-        set(HIDES_CURL_PRIVATE_SYMBOLS TRUE)
-    endif()
-elseif()
+  if(NOT CMAKE_VERSION VERSION_LESS 3.7)
+    set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE) #present since 3.4.3 but broken
     set(HIDES_CURL_PRIVATE_SYMBOLS FALSE)
+  else()
+    message(WARNING "Hiding private symbols regardless CURL_HIDDEN_SYMBOLS 
being disabled.")
+    set(HIDES_CURL_PRIVATE_SYMBOLS TRUE)
+  endif()
+elseif()
+  set(HIDES_CURL_PRIVATE_SYMBOLS FALSE)
 endif()
 
 set(CURL_CFLAG_SYMBOLS_HIDE ${_CFLAG_SYMBOLS_HIDE})
diff --git a/CMake/FindCARES.cmake b/CMake/FindCARES.cmake
index c4ab5f132..723044a64 100644
--- a/CMake/FindCARES.cmake
+++ b/CMake/FindCARES.cmake
@@ -7,36 +7,36 @@
 # also defined, but not for general use are
 # CARES_LIBRARY, where to find the c-ares library.
 
-FIND_PATH(CARES_INCLUDE_DIR ares.h
+find_path(CARES_INCLUDE_DIR ares.h
   /usr/local/include
   /usr/include
   )
 
-SET(CARES_NAMES ${CARES_NAMES} cares)
-FIND_LIBRARY(CARES_LIBRARY
+set(CARES_NAMES ${CARES_NAMES} cares)
+find_library(CARES_LIBRARY
   NAMES ${CARES_NAMES}
   PATHS /usr/lib /usr/local/lib
   )
 
-IF (CARES_LIBRARY AND CARES_INCLUDE_DIR)
-  SET(CARES_LIBRARIES ${CARES_LIBRARY})
-  SET(CARES_FOUND "YES")
-ELSE (CARES_LIBRARY AND CARES_INCLUDE_DIR)
-  SET(CARES_FOUND "NO")
-ENDIF (CARES_LIBRARY AND CARES_INCLUDE_DIR)
+if(CARES_LIBRARY AND CARES_INCLUDE_DIR)
+  set(CARES_LIBRARIES ${CARES_LIBRARY})
+  set(CARES_FOUND "YES")
+else()
+  set(CARES_FOUND "NO")
+endif()
 
 
-IF (CARES_FOUND)
-  IF (NOT CARES_FIND_QUIETLY)
-    MESSAGE(STATUS "Found c-ares: ${CARES_LIBRARIES}")
-  ENDIF (NOT CARES_FIND_QUIETLY)
-ELSE (CARES_FOUND)
-  IF (CARES_FIND_REQUIRED)
-    MESSAGE(FATAL_ERROR "Could not find c-ares library")
-  ENDIF (CARES_FIND_REQUIRED)
-ENDIF (CARES_FOUND)
+if(CARES_FOUND)
+  if(NOT CARES_FIND_QUIETLY)
+    message(STATUS "Found c-ares: ${CARES_LIBRARIES}")
+  endif()
+else()
+  if(CARES_FIND_REQUIRED)
+    message(FATAL_ERROR "Could not find c-ares library")
+  endif()
+endif()
 
-MARK_AS_ADVANCED(
+mark_as_advanced(
   CARES_LIBRARY
   CARES_INCLUDE_DIR
   )
diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake
index 60dcb73c9..7a637fc29 100644
--- a/CMake/FindGSS.cmake
+++ b/CMake/FindGSS.cmake
@@ -28,211 +28,209 @@ set(_GSS_ROOT_HINTS
 
 # try to find library using system pkg-config if user didn't specify root dir
 if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}")
-    if(UNIX)
-        find_package(PkgConfig QUIET)
-        pkg_search_module(_GSS_PKG ${_MIT_MODNAME} ${_HEIMDAL_MODNAME})
-        list(APPEND _GSS_ROOT_HINTS "${_GSS_PKG_PREFIX}")
-    elseif(WIN32)
-        list(APPEND _GSS_ROOT_HINTS 
"[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos;InstallDir]")
-    endif()
+  if(UNIX)
+    find_package(PkgConfig QUIET)
+    pkg_search_module(_GSS_PKG ${_MIT_MODNAME} ${_HEIMDAL_MODNAME})
+    list(APPEND _GSS_ROOT_HINTS "${_GSS_PKG_PREFIX}")
+  elseif(WIN32)
+    list(APPEND _GSS_ROOT_HINTS 
"[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos;InstallDir]")
+  endif()
 endif()
 
 if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional 
approach.
-    find_file(_GSS_CONFIGURE_SCRIPT
-        NAMES
-            "krb5-config"
-        HINTS
-            ${_GSS_ROOT_HINTS}
-        PATH_SUFFIXES
-            bin
-        NO_CMAKE_PATH
-        NO_CMAKE_ENVIRONMENT_PATH
+  find_file(_GSS_CONFIGURE_SCRIPT
+      NAMES
+          "krb5-config"
+      HINTS
+          ${_GSS_ROOT_HINTS}
+      PATH_SUFFIXES
+          bin
+      NO_CMAKE_PATH
+      NO_CMAKE_ENVIRONMENT_PATH
+  )
+
+  # if not found in user-supplied directories, maybe system knows better
+  find_file(_GSS_CONFIGURE_SCRIPT
+      NAMES
+          "krb5-config"
+      PATH_SUFFIXES
+          bin
+  )
+
+  if(_GSS_CONFIGURE_SCRIPT)
+    execute_process(
+          COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi"
+          OUTPUT_VARIABLE _GSS_CFLAGS
+          RESULT_VARIABLE _GSS_CONFIGURE_FAILED
+      )
+    message(STATUS "CFLAGS: ${_GSS_CFLAGS}")
+    if(NOT _GSS_CONFIGURE_FAILED) # 0 means success
+      # should also work in an odd case when multiple directories are given
+      string(STRIP "${_GSS_CFLAGS}" _GSS_CFLAGS)
+      string(REGEX REPLACE " +-I" ";" _GSS_CFLAGS "${_GSS_CFLAGS}")
+      string(REGEX REPLACE " +-([^I][^ \\t;]*)" ";-\\1"_GSS_CFLAGS 
"${_GSS_CFLAGS}")
+
+      foreach(_flag ${_GSS_CFLAGS})
+        if(_flag MATCHES "^-I.*")
+          string(REGEX REPLACE "^-I" "" _val "${_flag}")
+          list(APPEND _GSS_INCLUDE_DIR "${_val}")
+        else()
+          list(APPEND _GSS_COMPILER_FLAGS "${_flag}")
+        endif()
+      endforeach()
+    endif()
+
+    execute_process(
+        COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi"
+        OUTPUT_VARIABLE _GSS_LIB_FLAGS
+        RESULT_VARIABLE _GSS_CONFIGURE_FAILED
     )
+    message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}")
+
+    if(NOT _GSS_CONFIGURE_FAILED) # 0 means success
+      # this script gives us libraries and link directories. Blah. We have to 
deal with it.
+      string(STRIP "${_GSS_LIB_FLAGS}" _GSS_LIB_FLAGS)
+      string(REGEX REPLACE " +-(L|l)" ";-\\1" _GSS_LIB_FLAGS 
"${_GSS_LIB_FLAGS}")
+      string(REGEX REPLACE " +-([^Ll][^ \\t;]*)" ";-\\1"_GSS_LIB_FLAGS 
"${_GSS_LIB_FLAGS}")
+
+      foreach(_flag ${_GSS_LIB_FLAGS})
+        if(_flag MATCHES "^-l.*")
+          string(REGEX REPLACE "^-l" "" _val "${_flag}")
+          list(APPEND _GSS_LIBRARIES "${_val}")
+        elseif(_flag MATCHES "^-L.*")
+          string(REGEX REPLACE "^-L" "" _val "${_flag}")
+          list(APPEND _GSS_LINK_DIRECTORIES "${_val}")
+        else()
+          list(APPEND _GSS_LINKER_FLAGS "${_flag}")
+        endif()
+      endforeach()
+    endif()
 
-    # if not found in user-supplied directories, maybe system knows better
-    find_file(_GSS_CONFIGURE_SCRIPT
-        NAMES
-            "krb5-config"
-        PATH_SUFFIXES
-            bin
+    execute_process(
+        COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version"
+        OUTPUT_VARIABLE _GSS_VERSION
+        RESULT_VARIABLE _GSS_CONFIGURE_FAILED
     )
 
-    if(_GSS_CONFIGURE_SCRIPT)
-        execute_process(
-            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi"
-            OUTPUT_VARIABLE _GSS_CFLAGS
-            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
-        )
-message(STATUS "CFLAGS: ${_GSS_CFLAGS}")
-        if(NOT _GSS_CONFIGURE_FAILED) # 0 means success
-            # should also work in an odd case when multiple directories are 
given
-            string(STRIP "${_GSS_CFLAGS}" _GSS_CFLAGS)
-            string(REGEX REPLACE " +-I" ";" _GSS_CFLAGS "${_GSS_CFLAGS}")
-            string(REGEX REPLACE " +-([^I][^ \\t;]*)" ";-\\1"_GSS_CFLAGS 
"${_GSS_CFLAGS}")
-
-            foreach(_flag ${_GSS_CFLAGS})
-                if(_flag MATCHES "^-I.*")
-                    string(REGEX REPLACE "^-I" "" _val "${_flag}")
-                    list(APPEND _GSS_INCLUDE_DIR "${_val}")
-                else()
-                    list(APPEND _GSS_COMPILER_FLAGS "${_flag}")
-                endif()
-            endforeach()
-        endif()
+    # older versions may not have the "--version" parameter. In this case we 
just don't care.
+    if(_GSS_CONFIGURE_FAILED)
+      set(_GSS_VERSION 0)
+    endif()
 
-        execute_process(
-            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi"
-            OUTPUT_VARIABLE _GSS_LIB_FLAGS
-            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
-        )
-message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}")
-        if(NOT _GSS_CONFIGURE_FAILED) # 0 means success
-            # this script gives us libraries and link directories. Blah. We 
have to deal with it.
-            string(STRIP "${_GSS_LIB_FLAGS}" _GSS_LIB_FLAGS)
-            string(REGEX REPLACE " +-(L|l)" ";-\\1" _GSS_LIB_FLAGS 
"${_GSS_LIB_FLAGS}")
-            string(REGEX REPLACE " +-([^Ll][^ \\t;]*)" ";-\\1"_GSS_LIB_FLAGS 
"${_GSS_LIB_FLAGS}")
-
-            foreach(_flag ${_GSS_LIB_FLAGS})
-                if(_flag MATCHES "^-l.*")
-                    string(REGEX REPLACE "^-l" "" _val "${_flag}")
-                    list(APPEND _GSS_LIBRARIES "${_val}")
-                elseif(_flag MATCHES "^-L.*")
-                    string(REGEX REPLACE "^-L" "" _val "${_flag}")
-                    list(APPEND _GSS_LINK_DIRECTORIES "${_val}")
-                else()
-                    list(APPEND _GSS_LINKER_FLAGS "${_flag}")
-                endif()
-            endforeach()
-        endif()
+    execute_process(
+        COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor"
+        OUTPUT_VARIABLE _GSS_VENDOR
+        RESULT_VARIABLE _GSS_CONFIGURE_FAILED
+    )
 
+    # older versions may not have the "--vendor" parameter. In this case we 
just don't care.
+    if(_GSS_CONFIGURE_FAILED)
+      set(GSS_FLAVOUR "Heimdal") # most probably, shouldn't really matter
+    else()
+      if(_GSS_VENDOR MATCHES ".*H|heimdal.*")
+        set(GSS_FLAVOUR "Heimdal")
+      else()
+        set(GSS_FLAVOUR "MIT")
+      endif()
+    endif()
 
-        execute_process(
-            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version"
-            OUTPUT_VARIABLE _GSS_VERSION
-            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
-        )
+  else() # either there is no config script or we are on platform that doesn't 
provide one (Windows?)
 
-        # older versions may not have the "--version" parameter. In this case 
we just don't care.
-        if(_GSS_CONFIGURE_FAILED)
-            set(_GSS_VERSION 0)
-        endif()
+    find_path(_GSS_INCLUDE_DIR
+        NAMES
+            "gssapi/gssapi.h"
+        HINTS
+            ${_GSS_ROOT_HINTS}
+        PATH_SUFFIXES
+            include
+            inc
+    )
 
+    if(_GSS_INCLUDE_DIR) #jay, we've found something
+      set(CMAKE_REQUIRED_INCLUDES "${_GSS_INCLUDE_DIR}")
+      check_include_files( "gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" 
_GSS_HAVE_MIT_HEADERS)
 
-        execute_process(
-            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor"
-            OUTPUT_VARIABLE _GSS_VENDOR
-            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
-        )
+      if(_GSS_HAVE_MIT_HEADERS)
+        set(GSS_FLAVOUR "MIT")
+      else()
+        # prevent compiling the header - just check if we can include it
+        set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} 
-D__ROKEN_H__")
+        check_include_file( "roken.h" _GSS_HAVE_ROKEN_H)
+
+        check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H)
+        if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H)
+          set(GSS_FLAVOUR "Heimdal")
+        endif()
+        set(CMAKE_REQUIRED_DEFINITIONS "")
+      endif()
+    else()
+      # I'm not convienced if this is the right way but this is what autotools 
do at the moment
+      find_path(_GSS_INCLUDE_DIR
+          NAMES
+              "gssapi.h"
+          HINTS
+              ${_GSS_ROOT_HINTS}
+          PATH_SUFFIXES
+              include
+              inc
+      )
+
+      if(_GSS_INCLUDE_DIR)
+        set(GSS_FLAVOUR "Heimdal")
+      endif()
+    endif()
+
+    # if we have headers, check if we can link libraries
+    if(GSS_FLAVOUR)
+      set(_GSS_LIBDIR_SUFFIXES "")
+      set(_GSS_LIBDIR_HINTS ${_GSS_ROOT_HINTS})
+      get_filename_component(_GSS_CALCULATED_POTENTIAL_ROOT 
"${_GSS_INCLUDE_DIR}" PATH)
+      list(APPEND _GSS_LIBDIR_HINTS ${_GSS_CALCULATED_POTENTIAL_ROOT})
 
-        # older versions may not have the "--vendor" parameter. In this case 
we just don't care.
-        if(_GSS_CONFIGURE_FAILED)
-            set(GSS_FLAVOUR "Heimdal") # most probably, shouldn't really matter
+      if(WIN32)
+        if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+          list(APPEND _GSS_LIBDIR_SUFFIXES "lib/AMD64")
+          if(GSS_FLAVOUR STREQUAL "MIT")
+            set(_GSS_LIBNAME "gssapi64")
+          else()
+            set(_GSS_LIBNAME "libgssapi")
+          endif()
         else()
-            if(_GSS_VENDOR MATCHES ".*H|heimdal.*")
-                set(GSS_FLAVOUR "Heimdal")
-            else()
-                set(GSS_FLAVOUR "MIT")
-            endif()
+          list(APPEND _GSS_LIBDIR_SUFFIXES "lib/i386")
+          if(GSS_FLAVOUR STREQUAL "MIT")
+            set(_GSS_LIBNAME "gssapi32")
+          else()
+            set(_GSS_LIBNAME "libgssapi")
+          endif()
         endif()
-
-    else() # either there is no config script or we are on platform that 
doesn't provide one (Windows?)
-
-        find_path(_GSS_INCLUDE_DIR
-            NAMES
-                "gssapi/gssapi.h"
-            HINTS
-                ${_GSS_ROOT_HINTS}
-            PATH_SUFFIXES
-                include
-                inc
-        )
-
-        if(_GSS_INCLUDE_DIR) #jay, we've found something
-            set(CMAKE_REQUIRED_INCLUDES "${_GSS_INCLUDE_DIR}")
-            check_include_files( 
"gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" _GSS_HAVE_MIT_HEADERS)
-
-            if(_GSS_HAVE_MIT_HEADERS)
-                set(GSS_FLAVOUR "MIT")
-            else()
-                # prevent compiling the header - just check if we can include 
it
-                set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} 
-D__ROKEN_H__")
-                check_include_file( "roken.h" _GSS_HAVE_ROKEN_H)
-
-                check_include_file( "heimdal/roken.h" 
_GSS_HAVE_HEIMDAL_ROKEN_H)
-                if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H)
-                    set(GSS_FLAVOUR "Heimdal")
-                endif()
-                set(CMAKE_REQUIRED_DEFINITIONS "")
-            endif()
+      else()
+        list(APPEND _GSS_LIBDIR_SUFFIXES "lib;lib64") # those suffixes are not 
checked for HINTS
+        if(GSS_FLAVOUR STREQUAL "MIT")
+          set(_GSS_LIBNAME "gssapi_krb5")
         else()
-            # I'm not convienced if this is the right way but this is what 
autotools do at the moment
-            find_path(_GSS_INCLUDE_DIR
-                NAMES
-                    "gssapi.h"
-                HINTS
-                    ${_GSS_ROOT_HINTS}
-                PATH_SUFFIXES
-                    include
-                    inc
-            )
-
-            if(_GSS_INCLUDE_DIR)
-                set(GSS_FLAVOUR "Heimdal")
-            endif()
+          set(_GSS_LIBNAME "gssapi")
         endif()
+      endif()
 
-        # if we have headers, check if we can link libraries
-        if(GSS_FLAVOUR)
-            set(_GSS_LIBDIR_SUFFIXES "")
-            set(_GSS_LIBDIR_HINTS ${_GSS_ROOT_HINTS})
-            get_filename_component(_GSS_CALCULATED_POTENTIAL_ROOT 
"${_GSS_INCLUDE_DIR}" PATH)
-            list(APPEND _GSS_LIBDIR_HINTS ${_GSS_CALCULATED_POTENTIAL_ROOT})
-
-            if(WIN32)
-                if(CMAKE_SIZEOF_VOID_P EQUAL 8)
-                    list(APPEND _GSS_LIBDIR_SUFFIXES "lib/AMD64")
-                    if(GSS_FLAVOUR STREQUAL "MIT")
-                        set(_GSS_LIBNAME "gssapi64")
-                    else()
-                        set(_GSS_LIBNAME "libgssapi")
-                    endif()
-                else()
-                    list(APPEND _GSS_LIBDIR_SUFFIXES "lib/i386")
-                    if(GSS_FLAVOUR STREQUAL "MIT")
-                        set(_GSS_LIBNAME "gssapi32")
-                    else()
-                        set(_GSS_LIBNAME "libgssapi")
-                    endif()
-                endif()
-            else()
-                list(APPEND _GSS_LIBDIR_SUFFIXES "lib;lib64") # those suffixes 
are not checked for HINTS
-                if(GSS_FLAVOUR STREQUAL "MIT")
-                    set(_GSS_LIBNAME "gssapi_krb5")
-                else()
-                    set(_GSS_LIBNAME "gssapi")
-                endif()
-            endif()
-
-            find_library(_GSS_LIBRARIES
-                NAMES
-                    ${_GSS_LIBNAME}
-                HINTS
-                    ${_GSS_LIBDIR_HINTS}
-                PATH_SUFFIXES
-                    ${_GSS_LIBDIR_SUFFIXES}
-            )
-
-        endif()
+      find_library(_GSS_LIBRARIES
+          NAMES
+              ${_GSS_LIBNAME}
+          HINTS
+              ${_GSS_LIBDIR_HINTS}
+          PATH_SUFFIXES
+              ${_GSS_LIBDIR_SUFFIXES}
+      )
 
     endif()
+  endif()
 else()
-    if(_GSS_PKG_${_MIT_MODNAME}_VERSION)
-        set(GSS_FLAVOUR "MIT")
-        set(_GSS_VERSION _GSS_PKG_${_MIT_MODNAME}_VERSION)
-    else()
-        set(GSS_FLAVOUR "Heimdal")
-        set(_GSS_VERSION _GSS_PKG_${_MIT_HEIMDAL}_VERSION)
-    endif()
+  if(_GSS_PKG_${_MIT_MODNAME}_VERSION)
+    set(GSS_FLAVOUR "MIT")
+    set(_GSS_VERSION _GSS_PKG_${_MIT_MODNAME}_VERSION)
+  else()
+    set(GSS_FLAVOUR "Heimdal")
+    set(_GSS_VERSION _GSS_PKG_${_MIT_HEIMDAL}_VERSION)
+  endif()
 endif()
 
 set(GSS_INCLUDE_DIR ${_GSS_INCLUDE_DIR})
@@ -243,36 +241,34 @@ set(GSS_COMPILER_FLAGS ${_GSS_COMPILER_FLAGS})
 set(GSS_VERSION ${_GSS_VERSION})
 
 if(GSS_FLAVOUR)
+  if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal")
+    if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+      set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.amd64.manifest")
+    else()
+      set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.x86.manifest")
+    endif()
 
-    if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal")
-        if(CMAKE_SIZEOF_VOID_P EQUAL 8)
-            set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.amd64.manifest")
-        else()
-            set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.x86.manifest")
-        endif()
-
-        if(EXISTS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}")
-            file(STRINGS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}" 
heimdal_version_str
-                 REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$")
+    if(EXISTS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}")
+      file(STRINGS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}" 
heimdal_version_str
+           REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$")
 
-            string(REGEX MATCH "[0-9]\\.[^\"]+"
-                   GSS_VERSION "${heimdal_version_str}")
-        endif()
+      string(REGEX MATCH "[0-9]\\.[^\"]+"
+             GSS_VERSION "${heimdal_version_str}")
+    endif()
 
-        if(NOT GSS_VERSION)
-            set(GSS_VERSION "Heimdal Unknown")
-        endif()
-    elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT")
-        get_filename_component(_MIT_VERSION 
"[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos\\SDK\\CurrentVersion;VersionString]"
 NAME CACHE)
-        if(WIN32 AND _MIT_VERSION)
-            set(GSS_VERSION "${_MIT_VERSION}")
-        else()
-            set(GSS_VERSION "MIT Unknown")
-        endif()
+    if(NOT GSS_VERSION)
+      set(GSS_VERSION "Heimdal Unknown")
     endif()
+  elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT")
+    get_filename_component(_MIT_VERSION 
"[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos\\SDK\\CurrentVersion;VersionString]"
 NAME CACHE)
+    if(WIN32 AND _MIT_VERSION)
+      set(GSS_VERSION "${_MIT_VERSION}")
+    else()
+      set(GSS_VERSION "MIT Unknown")
+    endif()
+  endif()
 endif()
 
-
 include(FindPackageHandleStandardArgs)
 
 set(_GSS_REQUIRED_VARS GSS_LIBRARIES GSS_FLAVOUR)
diff --git a/CMake/FindLibSSH2.cmake b/CMake/FindLibSSH2.cmake
index 12a7c612b..84822dba7 100644
--- a/CMake/FindLibSSH2.cmake
+++ b/CMake/FindLibSSH2.cmake
@@ -5,14 +5,14 @@
 # LIBSSH2_INCLUDE_DIR - the libssh2 include directory
 # LIBSSH2_LIBRARY - the libssh2 library name
 
-if (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
+if(LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
   set(LibSSH2_FIND_QUIETLY TRUE)
-endif (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
+endif()
 
-FIND_PATH(LIBSSH2_INCLUDE_DIR libssh2.h
+find_path(LIBSSH2_INCLUDE_DIR libssh2.h
 )
 
-FIND_LIBRARY(LIBSSH2_LIBRARY NAMES ssh2
+find_library(LIBSSH2_LIBRARY NAMES ssh2
 )
 
 if(LIBSSH2_INCLUDE_DIR)
@@ -27,9 +27,9 @@ if(LIBSSH2_INCLUDE_DIR)
   string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_PATCH 
"${LIBSSH2_VERSION_PATCH}")
 
   set(LIBSSH2_VERSION 
"${LIBSSH2_VERSION_MAJOR}.${LIBSSH2_VERSION_MINOR}.${LIBSSH2_VERSION_PATCH}")
-endif(LIBSSH2_INCLUDE_DIR)
+endif()
 
 include(FindPackageHandleStandardArgs)
-FIND_PACKAGE_HANDLE_STANDARD_ARGS(LibSSH2 DEFAULT_MSG LIBSSH2_INCLUDE_DIR 
LIBSSH2_LIBRARY )
+find_package_handle_standard_args(LibSSH2 DEFAULT_MSG LIBSSH2_INCLUDE_DIR 
LIBSSH2_LIBRARY )
 
-MARK_AS_ADVANCED(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY LIBSSH2_VERSION_MAJOR 
LIBSSH2_VERSION_MINOR LIBSSH2_VERSION_PATCH LIBSSH2_VERSION)
+mark_as_advanced(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY LIBSSH2_VERSION_MAJOR 
LIBSSH2_VERSION_MINOR LIBSSH2_VERSION_PATCH LIBSSH2_VERSION)
diff --git a/CMake/FindNGHTTP2.cmake b/CMake/FindNGHTTP2.cmake
index 4e566cf02..348b9612d 100644
--- a/CMake/FindNGHTTP2.cmake
+++ b/CMake/FindNGHTTP2.cmake
@@ -14,5 +14,5 @@ find_package_handle_standard_args(NGHTTP2
       "Could NOT find NGHTTP2"
 )
 
-set(NGHTTP2_INCLUDE_DIRS ${NGHTTP2_INCLUDE_DIR} )
+set(NGHTTP2_INCLUDE_DIRS ${NGHTTP2_INCLUDE_DIR})
 set(NGHTTP2_LIBRARIES ${NGHTTP2_LIBRARY})
diff --git a/CMake/Macros.cmake b/CMake/Macros.cmake
index 87bf905f2..7f7134515 100644
--- a/CMake/Macros.cmake
+++ b/CMake/Macros.cmake
@@ -5,7 +5,7 @@
 # multiple times with a sequence of possibly dependent libraries in
 # order of least-to-most-dependent.  Some libraries depend on others
 # to link correctly.
-macro(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE)
+macro(check_library_exists_concat LIBRARY SYMBOL VARIABLE)
   check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} 
"${CMAKE_LIBRARY_PATH}"
     ${VARIABLE})
   if(${VARIABLE})
@@ -17,7 +17,7 @@ endmacro()
 # This macro is intended to be called multiple times with a sequence of
 # possibly dependent header files.  Some headers depend on others to be
 # compiled correctly.
-macro(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE)
+macro(check_include_file_concat FILE VARIABLE)
   check_include_files("${CURL_INCLUDES};${FILE}" ${VARIABLE})
   if(${VARIABLE})
     set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE})
@@ -26,7 +26,7 @@ macro(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE)
 endmacro()
 
 # For other curl specific tests, use this macro.
-macro(CURL_INTERNAL_TEST CURL_TEST)
+macro(curl_internal_test CURL_TEST)
   if(NOT DEFINED "${CURL_TEST}")
     set(MACRO_CHECK_FUNCTION_DEFINITIONS
       "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}")
@@ -58,43 +58,7 @@ macro(CURL_INTERNAL_TEST CURL_TEST)
   endif()
 endmacro()
 
-macro(CURL_INTERNAL_TEST_RUN CURL_TEST)
-  if(NOT DEFINED "${CURL_TEST}_COMPILE")
-    set(MACRO_CHECK_FUNCTION_DEFINITIONS
-      "-D${CURL_TEST} ${CMAKE_REQUIRED_FLAGS}")
-    if(CMAKE_REQUIRED_LIBRARIES)
-      set(CURL_TEST_ADD_LIBRARIES
-        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    endif()
-
-    message(STATUS "Performing Curl Test ${CURL_TEST}")
-    try_run(${CURL_TEST} ${CURL_TEST}_COMPILE
-      ${CMAKE_BINARY_DIR}
-      ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c
-      CMAKE_FLAGS 
-DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
-      "${CURL_TEST_ADD_LIBRARIES}"
-      OUTPUT_VARIABLE OUTPUT)
-    if(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
-      set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
-      message(STATUS "Performing Curl Test ${CURL_TEST} - Success")
-    else()
-      message(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
-      set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
-      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
-        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
-        "${OUTPUT}")
-      if(${CURL_TEST}_COMPILE)
-        file(APPEND
-          "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
-          "There was a problem running this test\n")
-      endif()
-      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
-        "\n\n")
-    endif()
-  endif()
-endmacro()
-
-macro(CURL_NROFF_CHECK)
+macro(curl_nroff_check)
   find_program(NROFF NAMES gnroff nroff)
   if(NROFF)
     # Need a way to write to stdin, this will do
diff --git a/CMake/cmake_uninstall.cmake.in b/CMake/cmake_uninstall.cmake.in
index d00a51665..db8e5367d 100644
--- a/CMake/cmake_uninstall.cmake.in
+++ b/CMake/cmake_uninstall.cmake.in
@@ -1,11 +1,11 @@
 if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
   message(FATAL_ERROR "Cannot find install manifest: 
@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
-endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
+endif()
 
-if (NOT DEFINED CMAKE_INSTALL_PREFIX)
-  set (CMAKE_INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@")
-endif ()
- message(${CMAKE_INSTALL_PREFIX})
+if(NOT DEFINED CMAKE_INSTALL_PREFIX)
+  set(CMAKE_INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@")
+endif()
+message(${CMAKE_INSTALL_PREFIX})
 
 file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
 string(REGEX REPLACE "\n" ";" files "${files}")
@@ -19,8 +19,8 @@ foreach(file ${files})
       )
     if(NOT "${rm_retval}" STREQUAL 0)
       message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
-    endif(NOT "${rm_retval}" STREQUAL 0)
-  else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
+    endif()
+  else()
     message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
-  endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
-endforeach(file)
+  endif()
+endforeach()
diff --git a/CMake/curl-config.cmake b/CMake/curl-config.cmake
deleted file mode 100644
index 119332cdd..000000000
--- a/CMake/curl-config.cmake
+++ /dev/null
@@ -1,59 +0,0 @@
-
-get_filename_component(_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
-
-if(NOT CURL_FIND_COMPONENTS)
-    set(CURL_FIND_COMPONENTS curl libcurl)
-    if(CURL_FIND_REQUIRED)
-        set(CURL_FIND_REQUIRED_curl TRUE)
-        set(CURL_FIND_REQUIRED_libcurl TRUE)
-    endif()
-endif()
-
-set(_curl_missing_components)
-foreach(_comp ${CURL_FIND_COMPONENTS})
-    if(EXISTS "${_DIR}/${_comp}-target.cmake")
-        include("${_DIR}/${_comp}-target.cmake")
-        set(CURL_${_comp}_FOUND TRUE)
-    else()
-        set(CURL_${_comp}_FOUND FALSE)
-        if(CURL_FIND_REQUIRED_${_comp})
-            set(CURL_FOUND FALSE)
-            list(APPEND _curl_missing_components ${_comp})
-        endif()
-    endif()
-endforeach()
-
-if(_curl_missing_components)
-    set(CURL_NOT_FOUND_MESSAGE "Following required components not found: " 
${_curl_missing_components})
-else()
-    if(TARGET CURL::libcurl)
-        string(TOUPPER "${CMAKE_BUILD_TYPE}" _curl_current_config)
-        if(NOT _curl_current_config)
-            set(_curl_current_config "NOCONFIG")
-        endif()
-        get_target_property(_curl_configurations CURL::libcurl 
IMPORTED_CONFIGURATIONS)
-        list(FIND _curl_configurations "${_curl_current_config}" _i)
-        if(_i LESS 0)
-            set(_curl_config "RELEASE")
-            list(FIND _curl_configurations "${_curl_current_config}" _i)
-            if(_i LESS 0)
-                set(_curl_config "NOCONFIG")
-                list(FIND _curl_configurations "${_curl_current_config}" _i)
-            endif()
-        endif()
-
-        if(_i LESS 0)
-            set(_curl_current_config "") # let CMake pick config at random
-        else()
-           set(_curl_current_config "_${_curl_current_config}")
-        endif()
-
-        get_target_property(CURL_INCLUDE_DIRS CURL::libcurl 
INTERFACE_INCLUDE_DIRECTORIES)
-        get_target_property(CURL_LIBRARIES CURL::libcurl 
"LOCATION${_curl_current_config}")
-        set(_curl_current_config)
-        set(_curl_configurations)
-        set(_i)
-    endif()
-endif()
-
-unset(_curl_missing_components)
diff --git a/CMake/curl-config.cmake.in b/CMake/curl-config.cmake.in
new file mode 100644
index 000000000..73e04c606
--- /dev/null
+++ b/CMake/curl-config.cmake.in
@@ -0,0 +1,64 @@
+
+get_filename_component(_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
+
+if(NOT CURL_FIND_COMPONENTS)
+  set(CURL_FIND_COMPONENTS curl libcurl)
+  if(CURL_FIND_REQUIRED)
+    set(CURL_FIND_REQUIRED_curl TRUE)
+    set(CURL_FIND_REQUIRED_libcurl TRUE)
+  endif()
+endif()
+
+include(CMakeFindDependencyMacro)
+if(CURL_FIND_REQUIRED_libcurl)
+    find_dependency(OpenSSL "@OPENSSL_VERSION_MAJOR@")
+endif()
+
+set(_curl_missing_components)
+foreach(_comp ${CURL_FIND_COMPONENTS})
+  if(EXISTS "${_DIR}/${_comp}-target.cmake")
+    include("${_DIR}/${_comp}-target.cmake")
+    set(CURL_${_comp}_FOUND TRUE)
+  else()
+    set(CURL_${_comp}_FOUND FALSE)
+    if(CURL_FIND_REQUIRED_${_comp})
+      set(CURL_FOUND FALSE)
+      list(APPEND _curl_missing_components ${_comp})
+    endif()
+  endif()
+endforeach()
+
+if(_curl_missing_components)
+  set(CURL_NOT_FOUND_MESSAGE "Following required components not found: " 
${_curl_missing_components})
+else()
+  if(TARGET CURL::libcurl)
+    string(TOUPPER "${CMAKE_BUILD_TYPE}" _curl_current_config)
+    if(NOT _curl_current_config)
+      set(_curl_current_config "NOCONFIG")
+    endif()
+    get_target_property(_curl_configurations CURL::libcurl 
IMPORTED_CONFIGURATIONS)
+    list(FIND _curl_configurations "${_curl_current_config}" _i)
+    if(_i LESS 0)
+      set(_curl_config "RELEASE")
+      list(FIND _curl_configurations "${_curl_current_config}" _i)
+      if(_i LESS 0)
+        set(_curl_config "NOCONFIG")
+        list(FIND _curl_configurations "${_curl_current_config}" _i)
+      endif()
+    endif()
+
+    if(_i LESS 0)
+      set(_curl_current_config "") # let CMake pick config at random
+    else()
+      set(_curl_current_config "_${_curl_current_config}")
+    endif()
+
+    get_target_property(CURL_INCLUDE_DIRS CURL::libcurl 
INTERFACE_INCLUDE_DIRECTORIES)
+    get_target_property(CURL_LIBRARIES CURL::libcurl 
"LOCATION${_curl_current_config}")
+    set(_curl_current_config)
+    set(_curl_configurations)
+    set(_i)
+  endif()
+endif()
+
+unset(_curl_missing_components)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 69a0e18b2..36afadb12 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -38,24 +38,24 @@
 # To check:
 # (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my 
box while the plain configure script did not.
 # (From Daniel Stenberg) The gcc command line use neither -g nor any -O 
options. As a developer, I also treasure our configure scripts's --enable-debug 
option that sets a long range of "picky" compiler options.
-cmake_minimum_required(VERSION 2.8.12 FATAL_ERROR)
+cmake_minimum_required(VERSION 3.4 FATAL_ERROR)
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
 include(Utilities)
 include(Macros)
 include(CMakeDependentOption)
 include(CheckCCompilerFlag)
 
-project( CURL C )
+project(CURL C)
 
 message(WARNING "the curl cmake build system is poorly maintained. Be aware")
 
-file (READ ${CURL_SOURCE_DIR}/include/gnurl/curlver.h CURL_VERSION_H_CONTENTS)
-string (REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*"
+file(READ ${CURL_SOURCE_DIR}/include/gnurl/curlver.h CURL_VERSION_H_CONTENTS)
+string(REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*"
   CURL_VERSION ${CURL_VERSION_H_CONTENTS})
-string (REGEX REPLACE "[^\"]+\"" "" CURL_VERSION ${CURL_VERSION})
-string (REGEX MATCH "#define LIBCURL_VERSION_NUM 0x[0-9a-fA-F]+"
+string(REGEX REPLACE "[^\"]+\"" "" CURL_VERSION ${CURL_VERSION})
+string(REGEX MATCH "#define LIBCURL_VERSION_NUM 0x[0-9a-fA-F]+"
   CURL_VERSION_NUM ${CURL_VERSION_H_CONTENTS})
-string (REGEX REPLACE "[^0]+0x" "" CURL_VERSION_NUM ${CURL_VERSION_NUM})
+string(REGEX REPLACE "[^0]+0x" "" CURL_VERSION_NUM ${CURL_VERSION_NUM})
 
 include_regular_expression("^.*$")    # Sukender: Is it necessary?
 
@@ -71,19 +71,19 @@ set(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}")
 set(OS "\"${CMAKE_SYSTEM_NAME}\"")
 
 include_directories(${PROJECT_BINARY_DIR}/include/gnurl)
-include_directories( ${CURL_SOURCE_DIR}/include )
+include_directories(${CURL_SOURCE_DIR}/include)
 
 option(CURL_WERROR "Turn compiler warnings into errors" OFF)
 option(PICKY_COMPILER "Enable picky compiler options" ON)
 option(BUILD_CURL_EXE "Set to ON to build curl executable." ON)
-option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
+option(BUILD_SHARED_LIBS "Build shared libraries" ON)
 option(ENABLE_ARES "Set to ON to enable c-ares support" OFF)
 if(WIN32)
   option(CURL_STATIC_CRT "Set to ON to build libcurl with static CRT on 
Windows (/MT)." OFF)
   option(ENABLE_INET_PTON "Set to OFF to prevent usage of inet_pton when 
building against modern SDKs while still requiring compatibility with older 
Windows versions, such as Windows XP, Windows Server 2003 etc." ON)
 endif()
 
-CMAKE_DEPENDENT_OPTION(ENABLE_THREADED_RESOLVER "Set to ON to enable threaded 
DNS lookup"
+cmake_dependent_option(ENABLE_THREADED_RESOLVER "Set to ON to enable threaded 
DNS lookup"
         ON "NOT ENABLE_ARES"
         OFF)
 
@@ -91,11 +91,11 @@ option(ENABLE_DEBUG "Set to ON to enable curl debug 
features" OFF)
 option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" 
OFF)
 
 if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
-  if (PICKY_COMPILER)
-    foreach (_CCOPT -pedantic -Wall -W -Wpointer-arith -Wwrite-strings 
-Wunused -Wshadow -Winline -Wnested-externs -Wmissing-declarations 
-Wmissing-prototypes -Wno-long-long -Wfloat-equal -Wno-multichar -Wsign-compare 
-Wundef -Wno-format-nonliteral -Wendif-labels -Wstrict-prototypes 
-Wdeclaration-after-statement -Wstrict-aliasing=3 -Wcast-align -Wtype-limits 
-Wold-style-declaration -Wmissing-parameter-type -Wempty-body -Wclobbered 
-Wignored-qualifiers -Wconversion -Wno-sign-conversion -W [...]
+  if(PICKY_COMPILER)
+    foreach(_CCOPT -pedantic -Wall -W -Wpointer-arith -Wwrite-strings -Wunused 
-Wshadow -Winline -Wnested-externs -Wmissing-declarations -Wmissing-prototypes 
-Wno-long-long -Wfloat-equal -Wno-multichar -Wsign-compare -Wundef 
-Wno-format-nonliteral -Wendif-labels -Wstrict-prototypes 
-Wdeclaration-after-statement -Wstrict-aliasing=3 -Wcast-align -Wtype-limits 
-Wold-style-declaration -Wmissing-parameter-type -Wempty-body -Wclobbered 
-Wignored-qualifiers -Wconversion -Wno-sign-conversion -Wv [...]
       # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each 
new
       # test result in.
-      CHECK_C_COMPILER_FLAG(${_CCOPT} OPT${_CCOPT})
+      check_c_compiler_flag(${_CCOPT} OPT${_CCOPT})
       if(OPT${_CCOPT})
         set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_CCOPT}")
       endif()
@@ -103,7 +103,7 @@ if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
   endif()
 endif()
 
-if (ENABLE_DEBUG)
+if(ENABLE_DEBUG)
   # DEBUGBUILD will be defined only for Debug builds
   if(NOT CMAKE_VERSION VERSION_LESS 3.0)
     set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS 
$<$<CONFIG:Debug>:DEBUGBUILD>)
@@ -113,7 +113,7 @@ if (ENABLE_DEBUG)
   set(ENABLE_CURLDEBUG ON)
 endif()
 
-if (ENABLE_CURLDEBUG)
+if(ENABLE_CURLDEBUG)
   set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG)
 endif()
 
@@ -128,7 +128,7 @@ set(CURL_LIBS "")
 if(ENABLE_ARES)
   set(USE_ARES 1)
   find_package(CARES REQUIRED)
-  list(APPEND CURL_LIBS ${CARES_LIBRARY} )
+  list(APPEND CURL_LIBS ${CARES_LIBRARY})
   set(CURL_LIBS ${CURL_LIBS} ${CARES_LIBRARY})
 endif()
 
@@ -205,10 +205,10 @@ if(ENABLE_IPV6 AND NOT WIN32)
   endif()
 endif()
 
-CURL_NROFF_CHECK()
+curl_nroff_check()
 find_package(Perl)
 
-CMAKE_DEPENDENT_OPTION(ENABLE_MANUAL "to provide the built-in manual"
+cmake_dependent_option(ENABLE_MANUAL "to provide the built-in manual"
     ON "NROFF_USEFUL;PERL_FOUND"
     OFF)
 
@@ -240,14 +240,14 @@ if(${CMAKE_SYSTEM_NAME} MATCHES AIX)
 endif()
 
 # Include all the necessary files for macros
-include (CheckFunctionExists)
-include (CheckIncludeFile)
-include (CheckIncludeFiles)
-include (CheckLibraryExists)
-include (CheckSymbolExists)
-include (CheckTypeSize)
-include (CheckCSourceCompiles)
-include (CMakeDependentOption)
+include(CheckFunctionExists)
+include(CheckIncludeFile)
+include(CheckIncludeFiles)
+include(CheckLibraryExists)
+include(CheckSymbolExists)
+include(CheckTypeSize)
+include(CheckCSourceCompiles)
+include(CMakeDependentOption)
 
 # On windows preload settings
 if(WIN32)
@@ -352,8 +352,8 @@ if(CMAKE_USE_OPENSSL)
   set(USE_OPENSSL ON)
   set(HAVE_LIBCRYPTO ON)
   set(HAVE_LIBSSL ON)
-  list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
-  include_directories(${OPENSSL_INCLUDE_DIR})
+  list(APPEND CURL_LIBS OpenSSL::SSL OpenSSL::Crypto)
+
   set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
   check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
   check_include_file("openssl/err.h"    HAVE_OPENSSL_ERR_H)
@@ -475,7 +475,6 @@ if(NOT CURL_DISABLE_LDAP)
       endif()
     endif()
   endif()
-
 endif()
 
 # No ldap, no ldaps.
@@ -625,7 +624,6 @@ else()
   unset(USE_UNIX_SOCKETS CACHE)
 endif()
 
-
 #
 # CA handling
 #
@@ -637,67 +635,66 @@ set(CURL_CA_PATH "auto" CACHE STRING
     "Location of default CA path. Set 'none' to disable or 'auto' for 
auto-detection. Defaults to 'auto'.")
 
 if("${CURL_CA_BUNDLE}" STREQUAL "")
-    message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' 
or file path.")
+  message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or 
file path.")
 elseif("${CURL_CA_BUNDLE}" STREQUAL "none")
-    unset(CURL_CA_BUNDLE CACHE)
+  unset(CURL_CA_BUNDLE CACHE)
 elseif("${CURL_CA_BUNDLE}" STREQUAL "auto")
-    unset(CURL_CA_BUNDLE CACHE)
-    set(CURL_CA_BUNDLE_AUTODETECT TRUE)
+  unset(CURL_CA_BUNDLE CACHE)
+  set(CURL_CA_BUNDLE_AUTODETECT TRUE)
 else()
-    set(CURL_CA_BUNDLE_SET TRUE)
+  set(CURL_CA_BUNDLE_SET TRUE)
 endif()
 
 if("${CURL_CA_PATH}" STREQUAL "")
-    message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or 
directory path.")
+  message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or 
directory path.")
 elseif("${CURL_CA_PATH}" STREQUAL "none")
-    unset(CURL_CA_PATH CACHE)
+  unset(CURL_CA_PATH CACHE)
 elseif("${CURL_CA_PATH}" STREQUAL "auto")
-    unset(CURL_CA_PATH CACHE)
-    set(CURL_CA_PATH_AUTODETECT TRUE)
+  unset(CURL_CA_PATH CACHE)
+  set(CURL_CA_PATH_AUTODETECT TRUE)
 else()
-    set(CURL_CA_PATH_SET TRUE)
+  set(CURL_CA_PATH_SET TRUE)
 endif()
 
 if(CURL_CA_BUNDLE_SET AND CURL_CA_PATH_AUTODETECT)
-    # Skip autodetection of unset CA path because CA bundle is set explicitly
+  # Skip autodetection of unset CA path because CA bundle is set explicitly
 elseif(CURL_CA_PATH_SET AND CURL_CA_BUNDLE_AUTODETECT)
-    # Skip autodetection of unset CA bundle because CA path is set explicitly
+  # Skip autodetection of unset CA bundle because CA path is set explicitly
 elseif(CURL_CA_PATH_AUTODETECT OR CURL_CA_BUNDLE_AUTODETECT)
-    # first try autodetecting a CA bundle, then a CA path
-
-    if(CURL_CA_BUNDLE_AUTODETECT)
-        set(SEARCH_CA_BUNDLE_PATHS
-            /etc/ssl/certs/ca-certificates.crt
-            /etc/pki/tls/certs/ca-bundle.crt
-            /usr/share/ssl/certs/ca-bundle.crt
-            /usr/local/share/certs/ca-root-nss.crt
-            /etc/ssl/cert.pem)
-
-        foreach(SEARCH_CA_BUNDLE_PATH ${SEARCH_CA_BUNDLE_PATHS})
-            if(EXISTS "${SEARCH_CA_BUNDLE_PATH}")
-                message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}")
-                set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}")
-                set(CURL_CA_BUNDLE_SET TRUE CACHE BOOL "Path to the CA bundle 
has been set")
-                break()
-            endif()
-        endforeach()
-    endif()
+  # first try autodetecting a CA bundle, then a CA path
+
+  if(CURL_CA_BUNDLE_AUTODETECT)
+    set(SEARCH_CA_BUNDLE_PATHS
+        /etc/ssl/certs/ca-certificates.crt
+        /etc/pki/tls/certs/ca-bundle.crt
+        /usr/share/ssl/certs/ca-bundle.crt
+        /usr/local/share/certs/ca-root-nss.crt
+        /etc/ssl/cert.pem)
+
+    foreach(SEARCH_CA_BUNDLE_PATH ${SEARCH_CA_BUNDLE_PATHS})
+      if(EXISTS "${SEARCH_CA_BUNDLE_PATH}")
+        message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}")
+        set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}")
+        set(CURL_CA_BUNDLE_SET TRUE CACHE BOOL "Path to the CA bundle has been 
set")
+        break()
+      endif()
+    endforeach()
+  endif()
 
-    if(CURL_CA_PATH_AUTODETECT AND (NOT CURL_CA_PATH_SET))
-        if(EXISTS "/etc/ssl/certs")
-            set(CURL_CA_PATH "/etc/ssl/certs")
-            set(CURL_CA_PATH_SET TRUE CACHE BOOL "Path to the CA bundle has 
been set")
-        endif()
+  if(CURL_CA_PATH_AUTODETECT AND (NOT CURL_CA_PATH_SET))
+    if(EXISTS "/etc/ssl/certs")
+      set(CURL_CA_PATH "/etc/ssl/certs")
+      set(CURL_CA_PATH_SET TRUE CACHE BOOL "Path to the CA bundle has been 
set")
     endif()
+  endif()
 endif()
 
 if(CURL_CA_PATH_SET AND NOT USE_OPENSSL AND NOT USE_MBEDTLS)
-    message(FATAL_ERROR
-            "CA path only supported by OpenSSL, GnuTLS or mbed TLS. "
-            "Set CURL_CA_PATH=none or enable one of those TLS backends.")
+  message(FATAL_ERROR
+          "CA path only supported by OpenSSL, GnuTLS or mbed TLS. "
+          "Set CURL_CA_PATH=none or enable one of those TLS backends.")
 endif()
 
-
 # Check for header files
 if(NOT UNIX)
   check_include_file_concat("windows.h"      HAVE_WINDOWS_H)
@@ -895,7 +892,7 @@ if(WIN32)
     add_definitions(-D_WIN32_WINNT=0x0501)
   endif()
 else()
-    check_function_exists(inet_pton HAVE_INET_PTON)
+  check_function_exists(inet_pton HAVE_INET_PTON)
 endif()
 
 check_symbol_exists(fsetxattr "${CURL_INCLUDES}" HAVE_FSETXATTR)
@@ -1148,9 +1145,9 @@ function(TRANSFORM_MAKEFILE_INC INPUT_FILE OUTPUT_FILE)
 endfunction()
 
 if(WIN32 AND NOT CYGWIN)
-    set(CURL_INSTALL_CMAKE_DIR CMake)
+  set(CURL_INSTALL_CMAKE_DIR CMake)
 else()
-    set(CURL_INSTALL_CMAKE_DIR lib/cmake/curl)
+  set(CURL_INSTALL_CMAKE_DIR lib/cmake/curl)
 endif()
 
 if(USE_MANUAL)
@@ -1250,11 +1247,12 @@ set(CONFIGURE_OPTIONS       "")
 # TODO when to set "-DCURL_STATICLIB" for CPPFLAG_CURL_STATICLIB?
 set(CPPFLAG_CURL_STATICLIB  "")
 set(CURLVERSION             "${CURL_VERSION}")
-set(ENABLE_SHARED           "yes")
-if(CURL_STATICLIB)
-  set(ENABLE_STATIC         "yes")
-else()
+if(BUILD_SHARED_LIBS)
+  set(ENABLE_SHARED         "yes")
   set(ENABLE_STATIC         "no")
+else()
+  set(ENABLE_SHARED         "no")
+  set(ENABLE_STATIC         "yes")
 endif()
 set(exec_prefix             "\${prefix}")
 set(includedir              "\${prefix}/include")
@@ -1278,6 +1276,9 @@ set(REQUIRE_LIB_DEPS        "no")
 set(VERSIONNUM              "${CURL_VERSION_NUM}")
 
 # Finally generate a "curl-config" matching this config
+# Use:
+# * ENABLE_SHARED
+# * ENABLE_STATIC
 configure_file("${CURL_SOURCE_DIR}/curl-config.in"
                "${CURL_BINARY_DIR}/curl-config" @ONLY)
 install(FILES "${CURL_BINARY_DIR}/curl-config"
@@ -1311,9 +1312,9 @@ write_basic_package_version_file(
     COMPATIBILITY SameMajorVersion
 )
 
-configure_file(CMake/curl-config.cmake
+configure_file(CMake/curl-config.cmake.in
         "${PROJECT_BINARY_DIR}/curl-config.cmake"
-        COPYONLY
+        @ONLY
 )
 
 install(
diff --git a/Makefile.am b/Makefile.am
index 32043817c..810d4686e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -31,7 +31,7 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in    
  \
  CMake/CurlSymbolHiding.cmake CMake/FindCARES.cmake             \
  CMake/FindLibSSH2.cmake CMake/FindNGHTTP2.cmake                \
  CMake/FindMbedTLS.cmake CMake/cmake_uninstall.cmake.in         \
- CMake/curl-config.cmake
+ CMake/curl-config.cmake.in
 
 VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl
 VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist
diff --git a/README.md b/README.md
index e4dab23a6..d5f7a6347 100644
--- a/README.md
+++ b/README.md
@@ -2,9 +2,12 @@
 
 [![CII Best 
Practices](https://bestpractices.coreinfrastructure.org/projects/63/badge)](https://bestpractices.coreinfrastructure.org/projects/63)
 [![Coverity 
passed](https://scan.coverity.com/projects/curl/badge.svg)](https://scan.coverity.com/projects/curl)
-[![Build 
Status](https://travis-ci.org/curl/curl.svg?branch=master)](https://travis-ci.org/curl/curl)
+[![Travis-CI Build 
Status](https://travis-ci.org/curl/curl.svg?branch=master)](https://travis-ci.org/curl/curl)
+[![AppVeyor Build 
Status](https://ci.appveyor.com/api/projects/status/l1vv31029huhf4g4?svg=true)](https://ci.appveyor.com/project/curlorg/curl)
 [![Coverage 
Status](https://coveralls.io/repos/github/curl/curl/badge.svg)](https://coveralls.io/github/curl/curl)
-[![Backers on Open 
Collective](https://opencollective.com/curl/backers/badge.svg)](#backers) 
[![Sponsors on Open 
Collective](https://opencollective.com/curl/sponsors/badge.svg)](#sponsors)
+[![Backers on Open 
Collective](https://opencollective.com/curl/backers/badge.svg)](#backers)
+[![Sponsors on Open 
Collective](https://opencollective.com/curl/sponsors/badge.svg)](#sponsors)
+[![Language Grade: 
C/C++](https://img.shields.io/lgtm/grade/cpp/g/curl/curl.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/curl/curl/context:cpp)
 
 Curl is a command-line tool for transferring data specified with URL
 syntax. Find out how to use curl by reading [the curl.1 man
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 21fd6e9e3..0d8d27817 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,116 +1,115 @@
-Curl and libcurl 7.61.0
+Curl and libcurl 7.61.1
 
- Public curl releases:         175
+ Public curl releases:         176
  Command line options:         218
  curl_easy_setopt() options:   258
  Public functions in libcurl:  74
- Contributors:                 1766
-
-This release includes the following changes:
-
- o getinfo: add microsecond precise timers for seven intervals [3]
- o curl: show headers in bold, switch off with --no-styled-output [10]
- o httpauth: add support for Bearer tokens [16]
- o Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS [30]
- o curl: --tls13-ciphers and --proxy-tls13-ciphers [30]
- o Add CURLOPT_DISALLOW_USERNAME_IN_URL [32]
- o curl: --disallow-username-in-url [32]
+ Contributors:                 1787
 
 This release includes the following bugfixes:
 
- o CVE-2018-0500: smtp: fix SMTP send buffer overflow [82]
- o schannel: disable client cert option if APIs not available [1]
- o schannel: disable manual verify if APIs not available
- o tests/libtest/Makefile: Do not unconditionally add gcc-specific flags [2]
- o openssl: acknowledge --tls-max for default version too [4]
- o stub_gssapi: fix 'unused parameter' warnings
- o examples/progressfunc: make it build on both new and old libcurls [5]
- o docs: mention it is HA Proxy protocol "version 1" [6]
- o curl_fnmatch: only allow two asterisks for matching [7]
- o docs: clarify CURLOPT_HTTPGET [8]
- o configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE [9]
- o configure: do compile-time SIZEOF checks instead of run-time [9]
- o checksrc: make sure sizeof() is used *with* parentheses [11]
- o CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
- o schannel: make CAinfo parsing resilient to CR/LF [12]
- o tftp: make sure error is zero terminated before printfing it
- o http resume: skip body if http code 416 (range error) is ignored [13]
- o configure: add basic test of --with-ssl prefix [14]
- o cmake: set -d postfix for debug builds [15]
- o multi: provide a socket to wait for in Curl_protocol_getsock [17]
- o content_encoding: handle zlib versions too old for Z_BLOCK [18]
- o winbuild: only delete OUTFILE if it exists [19]
- o winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST [20]
- o schannel: add failf calls for client certificate failures [21]
- o cmake: Fix the test for fsetxattr and strerror_r
- o curl.1: Fix cmdline-opts reference errors [22]
- o cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
- o cmake: check for getpwuid_r [23]
- o configure: fix ssh2 linking when built with a static mbedtls [24]
- o psl: use latest psl and refresh it periodically [25]
- o fnmatch: insist on escaped bracket to match [26]
- o KNOWN_BUGS: restore text regarding #2101 [27]
- o INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib [28]
- o configure: override AR_FLAGS to silence warning [29]
- o os400: implement mime api EBCDIC wrappers
- o curl.rc: embed manifest for correct Windows version detection [31]
- o strictness: correct {infof, failf} format specifiers [33]
- o tests: update .gitignore for libtests [34]
- o configure: check for declaration of getpwuid_r [35]
- o fnmatch: use the system one if available [36]
- o CURLOPT_RESOLVE: always purge old entry first [37]
- o multi: remove a potentially bad DEBUGF() [38]
- o curl_addrinfo: use same #ifdef conditions in source as header
- o build: remove the Borland specific makefiles [39]
- o axTLS: not considered fit for use [40]
- o cmdline-opts/cert-type.d: mention "p12" as a recognized type
- o system.h: add support for IBM xlc C compiler [41]
- o tests/libtest: Add lib1521 to nodist_SOURCES [42]
- o mk-ca-bundle.pl: leave certificate name untouched [43]
- o boringssl + schannel: undef X509_NAME in lib/schannel.h [44]
- o openssl: assume engine support in 1.0.1 or later [45]
- o cppcheck: fix warnings [46]
- o test 46: make test pass after year 2025 [47]
- o schannel: support selecting ciphers [48]
- o Curl_debug: remove dead printhost code [49]
- o test 1455: unflakified [50]
- o Curl_init_do: handle NULL connection pointer passed in [51]
- o progress: remove a set of unused defines [52]
- o mk-ca-bundle.pl: make -u delete certdata.txt if found not changed [53]
- o GOVERNANCE.md: explains how this project is run [54]
- o configure: use pkg-config for c-ares detection [55]
- o configure: enhance ability to build with static openssl [56]
- o maketgz: fix sed issues on OSX [57]
- o multi: fix memory leak when stopped during name resolve [58]
- o CURLOPT_INTERFACE.3: interface names not supported on Windows
- o url: fix dangling conn->data pointer [59]
- o cmake: allow multiple SSL backends [60]
- o system.h: fix for gcc on 32 bit OpenServer [61]
- o ConnectionExists: make sure conn->data is set when "taking" a connection 
[62]
- o multi: fix crash due to dangling entry in connect-pending list [63]
- o CURLOPT_SSL_VERIFYPEER.3: Add performance note [64]
- o netrc: use a larger buffer to support longer passwords  [65]
- o url: check Curl_conncache_add_conn return code [66]
- o configure: Add dependent libraries after crypto [67]
- o easy_perform: faster local name resolves by using *multi_timeout() [68]
- o getnameinfo: not used, removed all configure checks [69]
- o travis: add a build using the synchronous name resolver [70]
- o CURLINFO_TLS_SSL_PTR.3: improve the example [71]
- o openssl: allow TLS 1.3 by default [72]
- o openssl: make the requested TLS version the *minimum* wanted [73]
- o openssl: Remove some dead code [74]
- o telnet: fix clang warnings [75]
- o DEPRECATE: new doc describing planned item removals [76]
- o example/crawler.c: simple crawler based on libxml2 [77]
- o libssh: goto DISCONNECT state on error, not SESSION_FREE [78]
- o CMake: Remove unused functions [79]
- o darwinssl: allow High Sierra users to build the code using GCC [80]
- o scripts: include _curl as part of CLEANFILES [81]
- o examples: fix -Wformat warnings
- o curl_setup: include <winerror.h> before <windows.h>
- o schannel: make more cipher options conditional [83]
- o CMake: remove redundant and old end-of-block syntax [84]
- o post303.d: clarify that this is an RFC violation [85]
+ o security advisory (CVE-2018-14618): NTLM password overflow via integer 
overflow [73]
+ o CURLINFO_SIZE_UPLOAD: fix missing counter update [46]
+ o CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
+ o CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse [72]
+ o Curl_getoff_all_pipelines: improved for multiplexed [3]
+ o DEPRECATE: remove release date from 7.62.0
+ o HTTP: Don't attempt to needlessly decompress redirect body [30]
+ o INTERNALS: require GnuTLS >= 2.11.3 [62]
+ o README.md: add LGTM.com code quality grade for C/C++ [42]
+ o SSLCERTS: improve the openssl command line
+ o Silence GCC 8 cast-function-type warnings [47]
+ o ares: check for NULL in completed-callback [3]
+ o asyn-thread: Remove unused macro [40]
+ o auth: only pick CURLAUTH_BEARER if we *have* a Bearer token [15]
+ o auth: pick Bearer authentication whenever a token is available [15]
+ o cmake: CMake config files are defining CURL_STATICLIB for static builds [54]
+ o cmake: Respect BUILD_SHARED_LIBS [35]
+ o cmake: Update scripts to use consistent style [9]
+ o cmake: bumped minimum version to 3.4 [34]
+ o cmake: link curl to the OpenSSL targets instead of lib absolute paths [34]
+ o configure: conditionally enable pedantic-errors [64]
+ o configure: fix for -lpthread detection with OpenSSL and pkg-config [38]
+ o conn: remove the boolean 'inuse' field [3]
+ o content_encoding: accept up to 4 unknown trailer bytes after raw deflate 
data [5]
+ o cookie tests: treat files as text
+ o cookies: support creation-time attribute for cookies [75]
+ o curl: Fix segfault when -H @headerfile is empty [23]
+ o curl: add http code 408 to transient list for --retry [78]
+ o curl: fix time-of-check, time-of-use race in dir creation [71]
+ o curl: use Content-Disposition before the "URL end" for -OJ [29]
+ o curl: warn the user if a given file name looks like an option [56]
+ o curl_threads: silence bad-function-cast warning [69]
+ o darwinssl: add support for ALPN negotiation [7]
+ o docs/CURLOPT_URL: fix indentation [20]
+ o docs/CURLOPT_WRITEFUNCTION: size is always 1 [19]
+ o docs/SECURITY-PROCESS: mention bounty, drop pre-notify
+ o docs/examples: add hiperfifo example using linux epoll/timerfd [21]
+ o docs: add disallow-username-in-url.d and haproxy-protocol.d to dist [50]
+ o docs: clarify NO_PROXY env variable functionality [70]
+ o docs: improved the manual pages of some callbacks [48]
+ o docs: mention NULL is fine input to several functions [43]
+ o formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT [40]
+ o gopher: Do not translate `?' to `%09' [67]
+ o header output: switch off all styles, not just unbold [8]
+ o hostip: fix unused variable warning
+ o http2: Use correct format identifier for stream_id [77]
+ o http2: abort the send_callback if not setup yet [63]
+ o http2: avoid set_stream_user_data() before stream is assigned [61]
+ o http2: check nghttp2_session_set_stream_user_data return code [55]
+ o http2: clear the drain counter in Curl_http2_done [27]
+ o http2: make sure to send after RST_STREAM [58]
+ o http2: separate easy handle from connections better [12]
+ o http: fix for tiny "HTTP/0.9" response [51]
+ o http_proxy: Remove unused macro SELECT_TIMEOUT [40]
+ o lib/Makefile: only do symbol hiding if told to [32]
+ o lib1502: fix memory leak in torture test [44]
+ o lib1522: fix curl_easy_setopt argument type
+ o libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation [66]
+ o mime: check Curl_rand_hex's return code [22]
+ o multi: always do the COMPLETED procedure/state [3]
+ o openssl: assume engine support in 1.0.0 or later [2]
+ o openssl: fix debug messages [39]
+ o projects: Improve Windows perl detection in batch scripts [49]
+ o retry: return error if rewind was necessary but didn't happen [28]
+ o reuse_conn(): memory leak - free old_conn->options [17]
+ o schannel: client certificate store opening fix [68]
+ o schannel: enable CALG_TLS1PRF for w32api >= 5.1
+ o schannel: fix MinGW compile break [1]
+ o sftp: don't send post-qoute sequence when retrying a connection [79]
+ o smb: fix memory leak on early failure [26]
+ o smb: fix memory-leak in URL parse error path [4]
+ o smb_getsock: always wait for write socket too [11]
+ o ssh-libssh: fix infinite connect loop on invalid private key [53]
+ o ssh-libssh: reduce excessive verbose output about pubkey auth [53]
+ o ssh-libssh: use FALLTHROUGH to silence gcc8 [76]
+ o ssl: set engine implicitly when a PKCS#11 URI is provided [36]
+ o sws: handle EINTR when calling select() [24]
+ o system_win32: fix version checking [16]
+ o telnet: Remove unused macros TELOPTS and TELCMDS [40]
+ o test1143: disable MSYS2's POSIX path conversion [10]
+ o test1148: disable if decimal separator is not point [65]
+ o test1307: (fnmatch testing) disabled [31]
+ o test1422: add required file feature [6]
+ o test1531: Add timeout [41]
+ o test1540: Remove unused macro TEST_HANG_TIMEOUT [40]
+ o test214: disable MSYS2's POSIX path conversion for URL
+ o test320: treat curl320.out file as binary [14]
+ o tests/http_pipe.py: Use /usr/bin/env to find python
+ o tests: Don't use Windows path %PWD for SSH tests [74]
+ o tests: fixes for Windows line endlings [13]
+ o tool_operate: Fix setting proxy TLS 1.3 ciphers
+ o travis: build darwinssl on macos 10.12 to fix linker errors [33]
+ o travis: execute "set -eo pipefail" for coverage build [45]
+ o travis: run a 'make checksrc' too [25]
+ o travis: update to GCC-8 [52]
+ o travis: verify that man pages can be regenerated [50]
+ o upload: allocate upload buffer on-demand [60]
+ o upload: change default UPLOAD_BUFSIZE to 64KB [60]
+ o urldata: remove unused pipe_broke struct field [57]
+ o vtls: reinstantiate engine on duplicated handles [59]
+ o windows: implement send buffer tuning [37]
+ o wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random [18]
 
 This release includes the following known bugs:
 
@@ -119,107 +118,99 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Adrian Peniak, Alejandro R. Sedeño, Andreas Olsson, Archangel_SDY on github,
-  Bernhard M. Wiedemann, Bernhard Walle, Björn Stenberg, bsammon on github,
-  Dagobert Michelsen, Daniel Stenberg, Dario Nieuwenhuis, Dave Reisner,
-  elephoenix on github, Fabrice Fontaine, Frank Gevaerts, Gaurav Malhotra,
-  Gisle Vanem, Ithubg on github, Jakub Zakrzewski, Javier Blazquez,
-  Jeroen Ooms, Johannes Schindelin, Kevin R. Bulgrien, Linus Lewandowski,
-  Lyman Epp, Mamta Upadhyay, Marcel Raad, Marian Klymov, Matteo Bignotti,
-  Max Dymond, Max Savenkov, Nick Zitzmann, Oleg Pudeyev, Patrick Monnerat,
-  Patrick Schlangen, Per Malmberg, Peter Varga, Peter Wu, Philip Prindeville,
-  pszemus on github, Raphael Gozzo, Ray Satiro, Richard Alcock,
-  Rikard Falkeborn, Robert Prag, Ruslan Baratov, Sean Miller, Sergei Nikulov,
-  Stephan Mühlstrasser, Vasiliy Faronov, Viktor Szakats, Vladimir Kotal,
-  Will Dietz, Yaakov Selkowitz, zzq1015 on github,
-  (55 contributors)
+  adnn on github, Anderson Toshiyuki Sasaki, Andrei Virtosu, Anton Gerasimov,
+  Bas van Schaik, Carie Pointer, Christopher Head, clbr on github,
+  Dan Fandrich, Daniel Gustafsson, Daniel Jeliński, Daniel Stenberg,
+  Darío Hereñú, Even Rouault, Harry Sintonen, Ihor Karpenko, Jakub Zakrzewski,
+  Jeffrey Walton, Jeroen Ooms, Johannes Schindelin, John Butterfield,
+  Josh Bialkowski, Kamil Dudka, Kirill Marchuk, Laurent Bonnans,
+  Leonardo Taccari, Marcel Raad, Markus Elfring, Michael Kaufmann,
+  Nick Zitzmann, Nikos Mavrogiannopoulos, Patrick Monnerat, Paul Howarth,
+  Przemysław Tomaszewski, pszemus on github, Ran Mozes, Ray Satiro,
+  Rikard Falkeborn, Rodger Combs, Ruslan Baratov, Sergei Nikulov,
+  Thomas Klausner, Tobias Blomberg, Viktor Szakats, Zero King, Zhaoyang Wu,
+  (46 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.haxx.se/bug/?i=2522
- [2] = https://curl.haxx.se/bug/?i=2576
- [3] = https://curl.haxx.se/bug/?i=2495
- [4] = https://curl.haxx.se/bug/?i=2571
- [5] = https://curl.haxx.se/bug/?i=2584
- [6] = https://curl.haxx.se/bug/?i=2579
- [7] = https://curl.haxx.se/bug/?i=2587
- [8] = https://curl.haxx.se/bug/?i=2590
- [9] = https://curl.haxx.se/bug/?i=2586
- [10] = https://curl.haxx.se/bug/?i=2538
- [11] = https://curl.haxx.se/bug/?i=2563
- [12] = https://curl.haxx.se/bug/?i=2592
- [13] = https://curl.haxx.se/bug/?i=1163
- [14] = https://curl.haxx.se/bug/?i=2580
- [15] = https://curl.haxx.se/bug/?i=2121
- [16] = https://curl.haxx.se/bug/?i=2102
- [17] = https://curl.haxx.se/mail/lib-2018-05/0062.html
- [18] = https://curl.haxx.se/bug/?i=2606
- [19] = https://curl.haxx.se/bug/?i=2602
- [20] = https://curl.haxx.se/bug/?i=2603
- [21] = https://curl.haxx.se/bug/?i=2604
- [22] = https://curl.haxx.se/bug/?i=2612
- [23] = https://curl.haxx.se/bug/?i=2609
- [24] = https://curl.haxx.se/bug/?i=2613
- [25] = https://curl.haxx.se/bug/?i=2553
- [26] = https://curl.haxx.se/bug/?i=2614
- [27] = https://curl.haxx.se/bug/?i=2618
- [28] = https://curl.haxx.se/bug/?i=2615
- [29] = https://curl.haxx.se/bug/?i=2617
- [30] = https://curl.haxx.se/bug/?i=2435
- [31] = https://curl.haxx.se/bug/?i=1221
- [32] = https://curl.haxx.se/bug/?i=2340
- [33] = https://curl.haxx.se/bug/?i=2623
- [34] = https://curl.haxx.se/bug/?i=2624
- [35] = https://curl.haxx.se/bug/?i=2609
- [36] = https://curl.haxx.se/bug/?i=2626
- [37] = https://curl.haxx.se/bug/?i=2622
- [38] = https://curl.haxx.se/bug/?i=2627
- [39] = https://curl.haxx.se/bug/?i=2629
- [40] = https://curl.haxx.se/bug/?i=2628
- [41] = https://curl.haxx.se/bug/?i=2637
- [42] = https://curl.haxx.se/bug/?i=2633
- [43] = https://curl.haxx.se/bug/?i=2640
- [44] = https://curl.haxx.se/bug/?i=2634
- [45] = https://curl.haxx.se/bug/?i=2641
- [46] = https://curl.haxx.se/bug/?i=2631
- [47] = https://curl.haxx.se/bug/?i=2646
- [48] = https://curl.haxx.se/bug/?i=2630
- [49] = https://curl.haxx.se/bug/?i=2647
- [50] = https://curl.haxx.se/bug/?i=2649
- [51] = https://curl.haxx.se/bug/?i=2653
- [52] = https://curl.haxx.se/bug/?i=2654
- [53] = https://curl.haxx.se/bug/?i=2655
- [54] = https://curl.haxx.se/bug/?i=2657
- [55] = https://curl.haxx.se/bug/?i=2203
- [56] = https://curl.haxx.se/bug/?i=2199
- [57] = https://curl.haxx.se/bug/?i=2660
- [58] = https://curl.haxx.se/bug/?i=1968
- [59] = https://curl.haxx.se/bug/?i=2669
- [60] = https://curl.haxx.se/bug/?i=2665
- [61] = https://curl.haxx.se/mail/lib-2018-06/0100.html
- [62] = https://curl.haxx.se/bug/?i=2674
- [63] = https://curl.haxx.se/bug/?i=2677
- [64] = https://curl.haxx.se/bug/?i=2673
- [65] = https://curl.haxx.se/bug/?i=2676
- [66] = https://curl.haxx.se/bug/?i=2681
- [67] = https://curl.haxx.se/bug/?i=2684
- [68] = https://curl.haxx.se/bug/?i=2685
- [69] = https://curl.haxx.se/bug/?i=2687
- [70] = https://curl.haxx.se/bug/?i=2689
- [71] = https://curl.haxx.se/bug/?i=2690
- [72] = https://curl.haxx.se/bug/?i=2692
- [73] = https://curl.haxx.se/bug/?i=2691
- [74] = https://curl.haxx.se/bug/?i=2698
- [75] = https://curl.haxx.se/bug/?i=2696
- [76] = https://curl.haxx.se/dev/deprecate.html
- [77] = https://curl.haxx.se/bug/?i=2706
- [78] = https://curl.haxx.se/bug/?i=2708
- [79] = https://curl.haxx.se/bug/?i=2711
- [80] = https://curl.haxx.se/bug/?i=2656
- [81] = https://curl.haxx.se/bug/?i=2718
- [82] = https://curl.haxx.se/docs/adv_2018-70a2.html
- [83] = https://curl.haxx.se/bug/?i=2721
- [84] = https://curl.haxx.se/bug/?i=2715
- [85] = https://curl.haxx.se/bug/?i=2723
+ [1] = https://github.com/curl/curl/pull/2721#issuecomment-403636043
+ [2] = https://curl.haxx.se/bug/?i=2732
+ [3] = https://curl.haxx.se/bug/?i=2733
+ [4] = https://curl.haxx.se/bug/?i=2740
+ [5] = https://curl.haxx.se/bug/?i=2719
+ [6] = https://curl.haxx.se/bug/?i=2741
+ [7] = https://curl.haxx.se/bug/?i=2731
+ [8] = https://curl.haxx.se/bug/?i=2736
+ [9] = https://curl.haxx.se/bug/?i=2727
+ [10] = https://curl.haxx.se/bug/?i=2765
+ [11] = https://curl.haxx.se/bug/?i=2768
+ [12] = https://curl.haxx.se/bug/?i=2751
+ [13] = https://curl.haxx.se/bug/?i=2772
+ [14] = https://curl.haxx.se/bug/?i=2776
+ [15] = https://curl.haxx.se/bug/?i=2754
+ [16] = https://curl.haxx.se/bug/?i=2792
+ [17] = https://curl.haxx.se/bug/?i=2790
+ [18] = https://curl.haxx.se/bug/?i=2784
+ [19] = https://curl.haxx.se/bug/?i=2787
+ [20] = https://curl.haxx.se/bug/?i=2788
+ [21] = https://curl.haxx.se/bug/?i=2804
+ [22] = https://curl.haxx.se/bug/?i=2795
+ [23] = https://curl.haxx.se/bug/?i=2797
+ [24] = https://curl.haxx.se/bug/?i=2808
+ [25] = https://curl.haxx.se/bug/?i=2811
+ [26] = https://curl.haxx.se/bug/?i=2769
+ [27] = https://curl.haxx.se/bug/?i=2800
+ [28] = https://curl.haxx.se/bug/?i=2801
+ [29] = https://curl.haxx.se/bug/?i=2783
+ [30] = https://curl.haxx.se/bug/?i=2798
+ [31] = https://curl.haxx.se/bug/?i=2825
+ [32] = https://curl.haxx.se/bug/?i=2830
+ [33] = https://curl.haxx.se/bug/?i=2835
+ [34] = https://curl.haxx.se/bug/?i=2753
+ [35] = https://curl.haxx.se/bug/?i=2755
+ [36] = https://curl.haxx.se/bug/?i=2333
+ [37] = https://curl.haxx.se/mail/lib-2018-07/0080.html
+ [38] = https://curl.haxx.se/bug/?i=2848
+ [39] = https://curl.haxx.se/bug/?i=2806
+ [40] = https://curl.haxx.se/bug/?i=2852
+ [41] = https://curl.haxx.se/bug/?i=2853
+ [42] = https://curl.haxx.se/bug/?i=2857
+ [43] = https://curl.haxx.se/bug/?i=2837
+ [44] = https://curl.haxx.se/bug/?i=2861
+ [45] = https://curl.haxx.se/bug/?i=2862
+ [46] = https://curl.haxx.se/bug/?i=2847
+ [47] = https://curl.haxx.se/bug/?i=2860
+ [48] = https://curl.haxx.se/bug/?i=2868
+ [49] = https://curl.haxx.se/bug/?i=2865
+ [50] = https://curl.haxx.se/bug/?i=2856
+ [51] = https://curl.haxx.se/bug/?i=2420
+ [52] = https://curl.haxx.se/bug/?i=2869
+ [53] = https://curl.haxx.se/bug/?i=2879
+ [54] = https://curl.haxx.se/bug/?i=2817
+ [55] = https://curl.haxx.se/bug/?i=2880
+ [56] = https://curl.haxx.se/bug/?i=2885
+ [57] = https://curl.haxx.se/bug/?i=2871
+ [58] = https://curl.haxx.se/bug/?i=2882
+ [59] = https://curl.haxx.se/bug/?i=2829
+ [60] = https://curl.haxx.se/bug/?i=2892
+ [61] = https://curl.haxx.se/bug/?i=2894
+ [62] = https://curl.haxx.se/bug/?i=2890
+ [63] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
+ [64] = https://curl.haxx.se/bug/?i=2747
+ [65] = https://curl.haxx.se/bug/?i=2786
+ [66] = https://curl.haxx.se/bug/?i=2904
+ [67] = https://curl.haxx.se/bug/?i=2910
+ [68] = https://curl.haxx.se/mail/lib-2018-08/0198.html
+ [69] = https://curl.haxx.se/bug/?i=2908
+ [70] = https://curl.haxx.se/bug/?i=2773
+ [71] = https://curl.haxx.se/bug/?i=2739
+ [72] = https://curl.haxx.se/bug/?i=2915
+ [73] = https://curl.haxx.se/docs/CVE-2018-14618.html
+ [74] = https://curl.haxx.se/bug/?i=2920
+ [75] = https://curl.haxx.se/bug/?i=2524
+ [76] = https://curl.haxx.se/bug/?i=2922
+ [77] = https://curl.haxx.se/bug/?i=2928
+ [78] = https://curl.haxx.se/bug/?i=2925
+ [79] = https://curl.haxx.se/bug/?i=2939
diff --git a/acinclude.m4 b/acinclude.m4
index f32e86cda..355ee3a61 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2158,7 +2158,7 @@ AC_DEFUN([CURL_VERIFY_RUNTIMELIBS], [
     dnl point also is available run-time!
     AC_MSG_CHECKING([run-time libs availability])
     CURL_RUN_IFELSE([
-main()
+int main()
 {
   return 0;
 }
diff --git a/appveyor.yml b/appveyor.yml
index e2664b4cb..b39a23446 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -7,66 +7,66 @@ environment:
         PRJ_CFG: Release
         OPENSSL: OFF
         TESTING: OFF
-        STATICLIB: OFF
+        SHARED: ON
       - PRJ_GEN: "Visual Studio 12 2013 Win64"
         BDIR: msvc2013
         PRJ_CFG: Release
         OPENSSL: OFF
         TESTING: OFF
-        STATICLIB: OFF
+        SHARED: ON
       - PRJ_GEN: "Visual Studio 14 2015 Win64"
         BDIR: msvc2015
         PRJ_CFG: Release
         OPENSSL: OFF
         TESTING: OFF
-        STATICLIB: OFF
+        SHARED: ON
       - PRJ_GEN: "Visual Studio 11 2012 Win64"
         BDIR: msvc2012
         PRJ_CFG: Release
         OPENSSL: ON
         TESTING: OFF
-        STATICLIB: OFF
+        SHARED: ON
       - PRJ_GEN: "Visual Studio 12 2013 Win64"
         BDIR: msvc2013
         PRJ_CFG: Release
         OPENSSL: ON
         TESTING: OFF
-        STATICLIB: OFF
+        SHARED: ON
       - PRJ_GEN: "Visual Studio 14 2015 Win64"
         BDIR: msvc2015
         PRJ_CFG: Release
         OPENSSL: ON
         TESTING: OFF
-        STATICLIB: OFF
+        SHARED: ON
       - PRJ_GEN: "Visual Studio 11 2012 Win64"
         BDIR: msvc2012
         PRJ_CFG: Release
         OPENSSL: OFF
         TESTING: ON
-        STATICLIB: ON
+        SHARED: OFF
       - PRJ_GEN: "Visual Studio 12 2013 Win64"
         BDIR: msvc2013
         PRJ_CFG: Release
         OPENSSL: OFF
         TESTING: ON
-        STATICLIB: ON
+        SHARED: OFF
       - PRJ_GEN: "Visual Studio 14 2015 Win64"
         BDIR: msvc2015
         PRJ_CFG: Release
         OPENSSL: OFF
         TESTING: ON
-        STATICLIB: ON
+        SHARED: OFF
       - PRJ_GEN: "Visual Studio 14 2015"
         BDIR: msvc2015
         PRJ_CFG: Release
         OPENSSL: OFF
         TESTING: ON
-        STATICLIB: ON
+        SHARED: OFF
 
 build_script:
     - mkdir build.%BDIR%
     - cd build.%BDIR%
-    - cmake .. -G"%PRJ_GEN%" -DCMAKE_USE_OPENSSL=%OPENSSL% 
-DCURL_STATICLIB=%STATICLIB% -DBUILD_TESTING=%TESTING% -DCURL_WERROR=ON
+    - cmake .. -G"%PRJ_GEN%" -DCMAKE_USE_OPENSSL=%OPENSSL% 
-DBUILD_SHARED_LIBS=%SHARED% -DBUILD_TESTING=%TESTING% -DCURL_WERROR=ON
     - cmake --build . --config %PRJ_CFG% --clean-first
 
 # whitelist branches to avoid testing feature branches twice (as branch and as 
pull request)
diff --git a/configure.ac b/configure.ac
index b21dd584f..113db4a43 100755
--- a/configure.ac
+++ b/configure.ac
@@ -61,6 +61,13 @@ AC_SUBST(CONFIGURE_OPTIONS)
 CURL_CFLAG_EXTRAS=""
 if test X"$want_werror" = Xyes; then
   CURL_CFLAG_EXTRAS="-Werror"
+  if test "$compiler_id" = "GNU_C"; then
+    dnl enable -pedantic-errors for GCC 5 and later,
+    dnl as before that it was the same as -Werror=pedantic
+    if test "$compiler_num" -ge "500"; then
+      CURL_CFLAG_EXTRAS="$CURL_CFLAG_EXTRAS -pedantic-errors"
+    fi
+  fi
 fi
 AC_SUBST(CURL_CFLAG_EXTRAS)
 
@@ -1473,7 +1480,6 @@ dnl Default to compiler & linker defaults for SSL files & 
libraries.
 OPT_SSL=off
 dnl Default to no CA bundle
 ca="no"
-
 dnl **********************************************************************
 dnl Check for the random seed preferences
 dnl **********************************************************************
diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md
index 4506fae5c..eefcf839f 100644
--- a/docs/DEPRECATE.md
+++ b/docs/DEPRECATE.md
@@ -53,10 +53,9 @@ In 2018, pipelining *should* be abandoned and HTTP/2 should 
be used instead.
 
 ### State
 
-In 7.62.0 (release planned to happen in September 2018), we add code
-that ignores the "enable pipeline" option setting). The *setopt() function
-would still return "OK" though so the application couldn't tell that this is
-happening.
+In 7.62.0, we will add code that ignores the "enable pipeline" option
+setting). The *setopt() function would still return "OK" though so the
+application couldn't tell that this is happening.
 
 Users who truly need pipelining from that version will need to modify the code
 (ever so slightly) and rebuild.
diff --git a/docs/HTTP2.md b/docs/HTTP2.md
index efbe69991..e20ce0cab 100644
--- a/docs/HTTP2.md
+++ b/docs/HTTP2.md
@@ -55,14 +55,15 @@ The challenge is the ALPN and NPN support and all our 
different SSL
 backends. You may need a fairly updated SSL library version for it to provide
 the necessary TLS features. Right now we support:
 
-  - OpenSSL:   ALPN and NPN
-  - libressl:  ALPN and NPN
-  - BoringSSL: ALPN and NPN
-  - NSS:       ALPN and NPN
-  - GnuTLS:    ALPN
-  - mbedTLS:   ALPN
-  - SChannel:  ALPN
-  - wolfSSL:   ALPN
+  - OpenSSL:          ALPN and NPN
+  - libressl:         ALPN and NPN
+  - BoringSSL:        ALPN and NPN
+  - NSS:              ALPN and NPN
+  - GnuTLS:           ALPN
+  - mbedTLS:          ALPN
+  - SChannel:         ALPN
+  - wolfSSL:          ALPN
+  - Secure Transport: ALPN
 
 Multiplexing
 ------------
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 767105c95..91b268f60 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -45,11 +45,11 @@ your own home directory:
 The configure script always tries to find a working SSL library unless
 explicitly told not to. If you have OpenSSL installed in the default search
 path for your compiler/linker, you don't need to do anything special. If you
-have OpenSSL installed in /usr/local/ssl, you can run configure like:
+have OpenSSL installed in `/usr/local/ssl`, you can run configure like:
 
     ./configure --with-ssl
 
-If you have OpenSSL installed somewhere else (for example, /opt/OpenSSL) and
+If you have OpenSSL installed somewhere else (for example, `/opt/OpenSSL`) and
 you have pkg-config installed, set the pkg-config path first, like this:
 
     env PKG_CONFIG_PATH=/opt/OpenSSL/lib/pkgconfig ./configure --with-ssl
diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md
index 459684ba2..ab04fec7e 100644
--- a/docs/INTERNALS.md
+++ b/docs/INTERNALS.md
@@ -78,7 +78,7 @@ Dependencies
 ------------
 
  - OpenSSL      0.9.7
- - GnuTLS       1.2
+ - GnuTLS       2.11.3
  - zlib         1.1.4
  - libssh2      0.16
  - c-ares       1.6.0
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index 4991d5fb7..6ef7757ca 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -90,18 +90,6 @@ announcement.
 - The security web page on the web site should get the new vulnerability
   mentioned.
 
-Pre-notification
-----------------
-
-If you think you are or should be eligible for a pre-notification about
-upcoming security announcements for curl, we urge OS distros and similar
-vendors to primarily join the address@hidden list as that is one of the
-purposes of that list - and not just for curl of course.
-
-If you are not a distro or otherwise not suitable for address@hidden and yet
-want pre-notifications from us, contact the curl security team with a detailed
-and clear explanation why this is the case.
-
 curl-security (at haxx dot se)
 ------------------------------
 
@@ -121,19 +109,27 @@ Publishing Security Advisories
 1. Write up the security advisory, using markdown syntax. Use the same
    subtitles as last time to maintain consistency.
 
-2. Name the advisory file (and ultimately the URL to be used when the flaw
-   gets published), using a randomized component so that third parties that
-   are involved in the process for each individual flaw will not be given
-   insights about possible *other* flaws worked on in parallel.
-   `adv_YEAR_RANDOM.md` has been used before.
+2. Name the advisory file after the allocated CVE id.
 
 3. Add a line on the top of the array in `curl-www/docs/vuln.pm'.
 
 4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it
-   to the git repo.  Update the Makefile in the same directory to build the
-   HTML representation.
+   to the git repo.
 
 5. Run `make` in your local web checkout and verify that things look fine.
 
 6. On security advisory release day, push the changes on the curl-www
    repository's remote master branch.
+
+Hackerone Internet Bug Bounty
+-----------------------------
+
+The curl project does not run any bounty program on its own, but there are
+outside organizations that do. First report your issue the normal way and
+proceed as described in this document.
+
+Then, if the issue is [critical](https://hackerone.com/ibb-data), you are
+eligible to apply for a bounty from Hackerone for your find.
+
+Once your reported vulnerability has been publicly disclosed by the curl
+project, you can submit a [report to them](https://hackerone.com/ibb-data).
\ No newline at end of file
diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md
index 3fcd345b0..2c5be68e6 100644
--- a/docs/SSLCERTS.md
+++ b/docs/SSLCERTS.md
@@ -92,8 +92,8 @@ server, do one of the following:
     If you use the 'openssl' tool, this is one way to get extract the CA cert
     for a particular server:
 
-     - `openssl s_client -connect xxxxx.com:443 |tee logfile`
-     - type "QUIT", followed by the "ENTER" key
+     - `openssl s_client -showcerts -servername server -connect server:443 > 
cacert.pem`
+     - type "quit", followed by the "ENTER" key
      - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"
        markers.
      - If you want to see the data in the certificate, you can do: "openssl
diff --git a/docs/THANKS b/docs/THANKS
index 661fae084..77abcac45 100644
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -85,6 +85,7 @@ Anders Bakken
 Anders Gustafsson
 Anders Havn
 Anders Roxell
+Anderson Toshiyuki Sasaki
 Andi Jahja
 Andre Guibert de Bruet
 Andre Heinecke
@@ -105,6 +106,7 @@ Andrei Cipu
 Andrei Karas
 Andrei Kurushin
 Andrei Sedoi
+Andrei Virtosu
 Andrej E Baranov
 Andrew Benham
 Andrew Biggs
@@ -132,6 +134,7 @@ Anthony G. Basile
 Antoine Aubert
 Antoine Calando
 Anton Bychkov
+Anton Gerasimov
 Anton Kalmykov
 Anton Malov
 Anton Yabchinskiy
@@ -235,6 +238,7 @@ Cameron Kaiser
 Cameron MacMinn
 Camille Moncelier
 Caolan McNamara
+Carie Pointer
 Carlo Cannas
 Carlo Teubner
 Carlo Wood
@@ -275,6 +279,7 @@ Christian Weisgerber
 Christophe Demory
 Christophe Legry
 Christopher Conroy
+Christopher Head
 Christopher Palow
 Christopher R. Palmer
 Christopher Stone
@@ -334,6 +339,7 @@ Daniel Cater
 Daniel Egger
 Daniel Gustafsson
 Daniel Hwang
+Daniel Jeliński
 Daniel Johnson
 Daniel Kahn Gillmor
 Daniel Krügler
@@ -624,6 +630,7 @@ Hans-Jurgen May
 Hardeep Singh
 Haris Okanovic
 Harold Stuart
+Harry Sintonen
 Harshal Pradhan
 Hauke Duden
 He Qin
@@ -656,6 +663,7 @@ Ignacio Vazquez-Abrams
 Igor Franchuk
 Igor Novoseltsev
 Igor Polyakov
+Ihor Karpenko
 Iida Yosiaki
 Ilguiz Latypov
 Ilja van Sprundel
@@ -777,6 +785,7 @@ Johannes Bauer
 Johannes Ernst
 Johannes Schindelin
 John Bradshaw
+John Butterfield
 John Coffey
 John Crow
 John David Anglin
@@ -826,6 +835,7 @@ Joonas Kuorilehto
 Jose Alf
 Jose Kahan
 Josef Wolf
+Josh Bialkowski
 Josh Kapell
 Joshua Kwan
 Josue Andrade Gomes
@@ -891,6 +901,7 @@ Kim Minjoong
 Kim Rinnewitz
 Kim Vandry
 Kimmo Kinnunen
+Kirill Marchuk
 Kjell Ericson
 Kjetil Jacobsen
 Klaus Stein
@@ -921,6 +932,7 @@ Lars Johannesen
 Lars Nilsson
 Lars Torben Wilson
 Lau Hang Kin
+Laurent Bonnans
 Laurent Rabret
 Lauri Kasanen
 Laurie Clark-Michalek
@@ -935,6 +947,7 @@ Lenaic Lefever
 Lenny Rachitsky
 Leon Winter
 Leonardo Rosati
+Leonardo Taccari
 Liam Healy
 Lijo Antony
 Linas Vepstas
@@ -1299,6 +1312,7 @@ Pramod Sharma
 Prash Dush
 Praveen Pvs
 Priyanka Shah
+Przemysław Tomaszewski
 Puneet Pawaia
 Quagmire
 Quanah Gibson-Mount
@@ -1320,6 +1334,7 @@ Ralf S. Engelschall
 Ralph Beckmann
 Ralph Mitchell
 Ramana Mokkapati
+Ran Mozes
 Randall S. Becker
 Randy Armstrong
 Randy McMurchy
@@ -1391,6 +1406,7 @@ Robin Johnson
 Robin Kay
 Robson Braga Araujo
 Rod Widdowson
+Rodger Combs
 Rodney Simmons
 Rodric Glaser
 Rodrigo Silva
@@ -1584,6 +1600,7 @@ Timotej Lazar
 Timothe Litt
 Timothy Polich
 Tinus van den Berg
+Tobias Blomberg
 Tobias Markus
 Tobias Rundström
 Tobias Stoeckmann
@@ -1706,9 +1723,12 @@ Zachary Seguin
 Zdenek Pavlas
 Zekun Ni
 Zenju on github
+Zero King
+Zhaoyang Wu
 Zhouyihai Ding
 Zmey Petroff
 Zvi Har'El
+adnn on github
 afrind on github
 ahodesuka on github
 anshnd on github
@@ -1717,6 +1737,7 @@ asavah on github
 baumanj on github
 bsammon on github
 cbartl on github
+clbr on github
 cmfrolick on github
 dasimx on github
 destman on github
diff --git a/docs/THANKS-filter b/docs/THANKS-filter
index 76b5f50d5..f1a98318f 100644
--- a/docs/THANKS-filter
+++ b/docs/THANKS-filter
@@ -79,3 +79,4 @@ s/Henrik S. Gaßmann$/Henrik Gaßmann/
 s/moteus on github/Alexey Melnichuk/
 s/Rich Moore/Richard Moore/
 s/kdekker/Kees Dekker/
+s/Daniel Jelinski/Daniel Jeliński/
diff --git a/docs/TODO b/docs/TODO
index 269c93006..0ca6f0d52 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -113,6 +113,7 @@
  13.7 improve configure --with-ssl
  13.8 Support DANE
  13.9 Configurable loading of OpenSSL configuration file
+ 13.10 Support Authority Information Access certificate extension (AIA)
  13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
  13.12 Support HSTS
  13.13 Support HPKP
@@ -157,6 +158,7 @@
  18.17 consider file name from the redirected URL with -O ?
  18.18 retry on network is unreachable
  18.19 expand ~/ in config files
+ 18.20 host name sections in config files
 
  19. Build
  19.1 roffit
@@ -779,6 +781,17 @@ that doesn't exist on the server, just like 
--ftp-create-dirs.
 
  See https://github.com/curl/curl/issues/2724
 
+13.10 Support Authority Information Access certificate extension (AIA)
+
+ AIA can provide various things like CRLs but more importantly information
+ about intermediate CA certificates that can allow validation path to be
+ fullfilled when the HTTPS server doesn't itself provide them.
+
+ Since AIA is about downloading certs on demand to complete a TLS handshake,
+ it is probably a bit tricky to get done right.
+
+ See https://github.com/curl/curl/issues/2793
+
 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
 
  CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root
@@ -1084,6 +1097,13 @@ that doesn't exist on the server, just like 
--ftp-create-dirs.
 
  See https://github.com/curl/curl/issues/2317
 
+18.20 host name sections in config files
+
+ config files would be more powerful if they could set different
+ configurations depending on used URLs, host name or possibly origin. Then a
+ default .curlrc could a specific user-agent only when doing requests against
+ a certain site.
+
 
 19. Build
 
diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc
index 67fe1a04b..fe5fb5baf 100644
--- a/docs/cmdline-opts/Makefile.inc
+++ b/docs/cmdline-opts/Makefile.inc
@@ -47,6 +47,7 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d 
cacert.d capath.d cer
   tlsv1.3.d tlsv1.d trace-ascii.d trace.d trace-time.d tr-encoding.d    \
   unix-socket.d upload-file.d url.d use-ascii.d user-agent.d user.d     \
   verbose.d version.d write-out.d xattr.d request-target.d              \
-  styled-output.d tls13-ciphers.d proxy-tls13-ciphers.d
+  styled-output.d tls13-ciphers.d proxy-tls13-ciphers.d                 \
+  disallow-username-in-url.d haproxy-protocol.d
 
 OTHERPAGES = page-footer page-header
diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d
index adf62fc7a..510b8333f 100644
--- a/docs/cmdline-opts/cert.d
+++ b/docs/cmdline-opts/cert.d
@@ -23,6 +23,13 @@ nickname contains ":", it needs to be preceded by "\\" so 
that it is not
 recognized as password delimiter.  If the nickname contains "\\", it needs to
 be escaped as "\\\\" so that it is not recognized as an escape character.
 
+If curl is built against OpenSSL library, and the engine pkcs11 is available,
+then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
+a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a
+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
+as "pkcs11" if none was provided and the --cert-type option will be set as
+"ENG" if none was provided.
+
 (iOS and macOS only) If curl is built against Secure Transport, then the
 certificate string can either be the name of a certificate/private key in the
 system or user keychain, or the path to a PKCS#12-encoded certificate and
diff --git a/docs/cmdline-opts/key.d b/docs/cmdline-opts/key.d
index fbf583af0..4877b4238 100644
--- a/docs/cmdline-opts/key.d
+++ b/docs/cmdline-opts/key.d
@@ -7,4 +7,11 @@ Private key file name. Allows you to provide your private key 
in this separate
 file. For SSH, if not specified, curl tries the following candidates in order:
 '~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
 
+If curl is built against OpenSSL library, and the engine pkcs11 is available,
+then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a
+PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a
+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
+as "pkcs11" if none was provided and the --key-type option will be set as
+"ENG" if none was provided.
+
 If this option is used several times, the last one will be used.
diff --git a/docs/cmdline-opts/page-footer b/docs/cmdline-opts/page-footer
index 89bface65..defe7e8b2 100644
--- a/docs/cmdline-opts/page-footer
+++ b/docs/cmdline-opts/page-footer
@@ -20,9 +20,10 @@ protocol that curl supports and as specified in a URL. FTP, 
FTPS, POP3, IMAP,
 SMTP, LDAP etc.
 .IP "ALL_PROXY [protocol://]<host>[:port]"
 Sets the proxy server to use if no protocol-specific proxy is set.
-.IP "NO_PROXY <comma-separated list of hosts>"
+.IP "NO_PROXY <comma-separated list of hosts/domains>"
 list of host names that shouldn't go through any proxy. If set to an asterisk
-\&'*' only, it matches all hosts.
+\&'*' only, it matches all hosts. Each name in this list is matched as either
+a domain name which contains the hostname, or the hostname itself.
 
 This environment variable disables use of the proxy even when specified with
 the --proxy option. That is
diff --git a/docs/cmdline-opts/retry.d b/docs/cmdline-opts/retry.d
index 35215dfd4..32d1c799b 100644
--- a/docs/cmdline-opts/retry.d
+++ b/docs/cmdline-opts/retry.d
@@ -6,7 +6,7 @@ Help: Retry request if transient problems occur
 If a transient error is returned when curl tries to perform a transfer, it
 will retry this number of times before giving up. Setting the number to 0
 makes curl do no retries (which is the default). Transient error means either:
-a timeout, an FTP 4xx response code or an HTTP 5xx response code.
+a timeout, an FTP 4xx response code or an HTTP 408 or 5xx response code.
 
 When curl is about to retry a transfer, it will first wait one second and then
 for all forthcoming retries it will double the waiting time until it reaches
diff --git a/docs/examples/Makefile.inc b/docs/examples/Makefile.inc
index 9215b82fb..72eb0d4b8 100644
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -43,4 +43,4 @@ COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp 
cacertinmem.c  \
   sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c                 \
   smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp  \
   multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c                 \
-  threaded-shared-conn.c crawler.c
+  threaded-shared-conn.c crawler.c ephiperfifo.c
diff --git a/docs/examples/crawler.c b/docs/examples/crawler.c
index 946177486..dd1d9f700 100644
--- a/docs/examples/crawler.c
+++ b/docs/examples/crawler.c
@@ -149,9 +149,9 @@ int main(void)
   curl_multi_setopt(multi_handle, CURLMOPT_MAX_HOST_CONNECTIONS, 6L);
 
   /* enables http/2 if available */
-  #ifdef CURLPIPE_MULTIPLEX
-    curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
-  #endif
+#ifdef CURLPIPE_MULTIPLEX
+  curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
+#endif
 
   /* sets html start page */
   curl_multi_add_handle(multi_handle, make_handle(start_page));
diff --git a/docs/examples/hiperfifo.c b/docs/examples/ephiperfifo.c
similarity index 64%
copy from docs/examples/hiperfifo.c
copy to docs/examples/ephiperfifo.c
index eddeccd58..14b8ad9d3 100644
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/ephiperfifo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -20,18 +20,18 @@
  *
  ***************************************************************************/
 /* <DESC>
- * multi socket API usage with libevent 2
+ * multi socket API usage with epoll and timerfd
  * </DESC>
  */
 /* Example application source code using the multi socket interface to
-   download many files at once.
-
-Written by Jeff Pohlmeyer
-
-Requires libevent version 2 and a (POSIX?) system that has mkfifo().
+ * download many files at once.
+ *
+ * This example features the same basic functionality as hiperfifo.c does,
+ * but this uses epoll and timerfd instead of libevent.
+ *
+ * Written by Jeff Pohlmeyer, converted to use epoll by Josh Bialkowski
 
-This is an adaptation of libcurl's "hipev.c" and libevent's "event-test.c"
-sample programs.
+Requires a linux system with epoll
 
 When running, the program creates the named pipe "hiper.fifo"
 
@@ -57,20 +57,22 @@ callback.
 
 */
 
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
 #include <stdio.h>
-#include <string.h>
 #include <stdlib.h>
+#include <string.h>
+#include <sys/epoll.h>
+#include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/timerfd.h>
+#include <sys/types.h>
 #include <time.h>
 #include <unistd.h>
-#include <sys/poll.h>
+
 #include <gnurl/curl.h>
-#include <event2/event.h>
-#include <event2/event_struct.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include <sys/cdefs.h>
+#include <curl/multi.h>
 
 #ifdef __GNUC__
 #define _Unused __attribute__((unused))
@@ -84,13 +86,12 @@ callback.
 /* Global information, common to all connections */
 typedef struct _GlobalInfo
 {
-  struct event_base *evbase;
-  struct event fifo_event;
-  struct event timer_event;
+  int epfd;    /* epoll filedescriptor */
+  int tfd;     /* timer filedescriptor */
+  int fifofd;  /* fifo filedescriptor */
   CURLM *multi;
   int still_running;
   FILE *input;
-  int stopped;
 } GlobalInfo;
 
 
@@ -111,7 +112,6 @@ typedef struct _SockInfo
   CURL *easy;
   int action;
   long timeout;
-  struct event ev;
   GlobalInfo *global;
 } SockInfo;
 
@@ -141,35 +141,35 @@ static void mcode_or_die(const char *where, CURLMcode 
code)
   }
 }
 
+static void timer_cb(GlobalInfo* g, int revents);
 
-/* Update the event timer after curl_multi library calls */
-static int multi_timer_cb(CURLM *multi _Unused, long timeout_ms, GlobalInfo *g)
+/* Update the timer after curl_multi library does it's thing. Curl will
+ * inform us through this callback what it wants the new timeout to be,
+ * after it does some work. */
+static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 {
-  struct timeval timeout;
+  struct itimerspec its;
   CURLMcode rc;
 
-  timeout.tv_sec = timeout_ms/1000;
-  timeout.tv_usec = (timeout_ms%1000)*1000;
   fprintf(MSG_OUT, "multi_timer_cb: Setting timeout to %ld ms\n", timeout_ms);
 
-  /* TODO
-   *
-   * if timeout_ms is 0, call curl_multi_socket_action() at once!
-   *
-   * if timeout_ms is -1, just delete the timer
-   *
-   * for all other values of timeout_ms, this should set or *update*
-   * the timer to the new value
-   */
-  if(timeout_ms == 0) {
+  timerfd_settime(g->tfd, /*flags=*/0, &its, NULL);
+  if(timeout_ms > 0) {
+    its.it_interval.tv_sec = 1;
+    its.it_interval.tv_nsec = 0;
+    its.it_value.tv_sec = timeout_ms / 1000;
+    its.it_value.tv_nsec = (timeout_ms % 1000) * 1000;
+    timerfd_settime(g->tfd, /*flags=*/0, &its, NULL);
+  }
+  else if(timeout_ms == 0) {
     rc = curl_multi_socket_action(g->multi,
                                   CURL_SOCKET_TIMEOUT, 0, &g->still_running);
     mcode_or_die("multi_timer_cb: curl_multi_socket_action", rc);
   }
-  else if(timeout_ms == -1)
-    evtimer_del(&g->timer_event);
-  else
-    evtimer_add(&g->timer_event, &timeout);
+  else {
+    memset(&its, 0, sizeof(struct itimerspec));
+    timerfd_settime(g->tfd, /*flags=*/0, &its, NULL);
+  }
   return 0;
 }
 
@@ -198,21 +198,16 @@ static void check_multi_info(GlobalInfo *g)
       free(conn);
     }
   }
-  if(g->still_running == 0 && g->stopped)
-    event_base_loopbreak(g->evbase);
 }
 
-
-
-/* Called by libevent when we get action on a multi socket */
-static void event_cb(int fd, short kind, void *userp)
+/* Called by libevent when we get action on a multi socket filedescriptor*/
+static void event_cb(GlobalInfo *g, int fd, int revents)
 {
-  GlobalInfo *g = (GlobalInfo*) userp;
   CURLMcode rc;
+  struct itimerspec its;
 
-  int action =
-    (kind & EV_READ ? CURL_CSELECT_IN : 0) |
-    (kind & EV_WRITE ? CURL_CSELECT_OUT : 0);
+  int action = (revents & EPOLLIN ? CURL_POLL_IN : 0) |
+               (revents & EPOLLOUT ? CURL_POLL_OUT : 0);
 
   rc = curl_multi_socket_action(g->multi, fd, action, &g->still_running);
   mcode_or_die("event_cb: curl_multi_socket_action", rc);
@@ -220,19 +215,34 @@ static void event_cb(int fd, short kind, void *userp)
   check_multi_info(g);
   if(g->still_running <= 0) {
     fprintf(MSG_OUT, "last transfer done, kill timeout\n");
-    if(evtimer_pending(&g->timer_event, NULL)) {
-      evtimer_del(&g->timer_event);
-    }
+    memset(&its, 0, sizeof(struct itimerspec));
+    timerfd_settime(g->tfd, 0, &its, NULL);
   }
 }
 
-
-
-/* Called by libevent when our timeout expires */
-static void timer_cb(int fd _Unused, short kind _Unused, void *userp)
+/* Called by main loop when our timeout expires */
+static void timer_cb(GlobalInfo* g, int revents)
 {
-  GlobalInfo *g = (GlobalInfo *)userp;
   CURLMcode rc;
+  uint64_t count = 0;
+  ssize_t err = 0;
+
+  err = read(g->tfd, &count, sizeof(uint64_t));
+  if(err == -1) {
+    /* Note that we may call the timer callback even if the timerfd isn't
+     * readable. It's possible that there are multiple events stored in the
+     * epoll buffer (i.e. the timer may have fired multiple times). The
+     * event count is cleared after the first call so future events in the
+     * epoll buffer will fail to read from the timer. */
+    if(errno == EAGAIN) {
+      fprintf(MSG_OUT, "EAGAIN on tfd %d\n", g->tfd);
+      return;
+    }
+  }
+  if(err != sizeof(uint64_t)) {
+    fprintf(stderr, "read(tfd) == %ld", err);
+    perror("read(tfd)");
+  }
 
   rc = curl_multi_socket_action(g->multi,
                                   CURL_SOCKET_TIMEOUT, 0, &g->still_running);
@@ -243,10 +253,12 @@ static void timer_cb(int fd _Unused, short kind _Unused, 
void *userp)
 
 
 /* Clean up the SockInfo structure */
-static void remsock(SockInfo *f)
+static void remsock(SockInfo *f, GlobalInfo* g)
 {
   if(f) {
-    event_del(&f->ev);
+    if(f->sockfd) {
+      epoll_ctl(g->epfd, EPOLL_CTL_DEL, f->sockfd, NULL);
+    }
     free(f);
   }
 }
@@ -257,15 +269,21 @@ static void remsock(SockInfo *f)
 static void setsock(SockInfo *f, curl_socket_t s, CURL *e, int act,
                     GlobalInfo *g)
 {
-  int kind =
-     (act&CURL_POLL_IN?EV_READ:0)|(act&CURL_POLL_OUT?EV_WRITE:0)|EV_PERSIST;
+  struct epoll_event ev;
+  int kind = (act & CURL_POLL_IN ? EPOLLIN : 0) |
+             (act & CURL_POLL_OUT ? EPOLLOUT : 0);
+
+  if(f->sockfd) {
+    epoll_ctl(g->epfd, EPOLL_CTL_DEL, f->sockfd, NULL);
+  }
 
   f->sockfd = s;
   f->action = act;
   f->easy = e;
-  event_del(&f->ev);
-  event_assign(&f->ev, g->evbase, f->sockfd, kind, event_cb, g);
-  event_add(&f->ev, NULL);
+
+  ev.events = kind;
+  ev.data.fd = s;
+  epoll_ctl(g->epfd, EPOLL_CTL_ADD, s, &ev);
 }
 
 
@@ -273,7 +291,7 @@ static void setsock(SockInfo *f, curl_socket_t s, CURL *e, 
int act,
 /* Initialize a new SockInfo structure */
 static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
 {
-  SockInfo *fdp = calloc(sizeof(SockInfo), 1);
+  SockInfo *fdp = (SockInfo*)calloc(sizeof(SockInfo), 1);
 
   fdp->global = g;
   setsock(fdp, s, easy, action, g);
@@ -291,7 +309,7 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void 
*cbp, void *sockp)
           "socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
   if(what == CURL_POLL_REMOVE) {
     fprintf(MSG_OUT, "\n");
-    remsock(fdp);
+    remsock(fdp, g);
   }
   else {
     if(!fdp) {
@@ -338,7 +356,7 @@ static void new_conn(char *url, GlobalInfo *g)
   ConnInfo *conn;
   CURLMcode rc;
 
-  conn = calloc(1, sizeof(ConnInfo));
+  conn = (ConnInfo*)calloc(1, sizeof(ConnInfo));
   conn->error[0]='\0';
 
   conn->easy = curl_easy_init();
@@ -358,6 +376,8 @@ static void new_conn(char *url, GlobalInfo *g)
   curl_easy_setopt(conn->easy, CURLOPT_PROGRESSFUNCTION, prog_cb);
   curl_easy_setopt(conn->easy, CURLOPT_PROGRESSDATA, conn);
   curl_easy_setopt(conn->easy, CURLOPT_FOLLOWLOCATION, 1L);
+  curl_easy_setopt(conn->easy, CURLOPT_LOW_SPEED_TIME, 3L);
+  curl_easy_setopt(conn->easy, CURLOPT_LOW_SPEED_LIMIT, 10L);
   fprintf(MSG_OUT,
           "Adding easy %p to multi %p (%s)\n", conn->easy, g->multi, url);
   rc = curl_multi_add_handle(g->multi, conn->easy);
@@ -368,25 +388,18 @@ static void new_conn(char *url, GlobalInfo *g)
 }
 
 /* This gets called whenever data is received from the fifo */
-static void fifo_cb(int fd _Unused, short event _Unused, void *arg)
+static void fifo_cb(GlobalInfo* g, int revents)
 {
   char s[1024];
   long int rv = 0;
   int n = 0;
-  GlobalInfo *g = (GlobalInfo *)arg;
 
   do {
     s[0]='\0';
     rv = fscanf(g->input, "%1023s%n", s, &n);
     s[n]='\0';
     if(n && s[0]) {
-      if(!strcmp(s, "stop")) {
-        g->stopped = 1;
-        if(g->still_running == 0)
-          event_base_loopbreak(g->evbase);
-      }
-      else
-        new_conn(s, arg);  /* if we read a URL, go get it! */
+      new_conn(s, g); /* if we read a URL, go get it! */
     }
     else
       break;
@@ -399,6 +412,7 @@ static int init_fifo(GlobalInfo *g)
 {
   struct stat st;
   curl_socket_t sockfd;
+  struct epoll_event epev;
 
   fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
   if(lstat (fifo, &st) == 0) {
@@ -418,31 +432,71 @@ static int init_fifo(GlobalInfo *g)
     perror("open");
     exit(1);
   }
+
+  g->fifofd = sockfd;
   g->input = fdopen(sockfd, "r");
 
+  epev.events = EPOLLIN;
+  epev.data.fd = sockfd;
+  epoll_ctl(g->epfd, EPOLL_CTL_ADD, sockfd, &epev);
+
   fprintf(MSG_OUT, "Now, pipe some URL's into > %s\n", fifo);
-  event_assign(&g->fifo_event, g->evbase, sockfd, EV_READ|EV_PERSIST,
-               fifo_cb, g);
-  event_add(&g->fifo_event, NULL);
-  return (0);
+  return 0;
 }
 
 static void clean_fifo(GlobalInfo *g)
 {
-    event_del(&g->fifo_event);
+    epoll_ctl(g->epfd, EPOLL_CTL_DEL, g->fifofd, NULL);
     fclose(g->input);
     unlink(fifo);
 }
 
+
+int g_should_exit_ = 0;
+
+void SignalHandler(int signo)
+{
+  if(signo == SIGINT) {
+    g_should_exit_ = 1;
+  }
+}
+
 int main(int argc _Unused, char **argv _Unused)
 {
   GlobalInfo g;
+  int err;
+  int idx;
+  struct itimerspec its;
+  struct epoll_event ev;
+  struct epoll_event events[10];
+
+  g_should_exit_ = 0;
+  signal(SIGINT, SignalHandler);
 
   memset(&g, 0, sizeof(GlobalInfo));
-  g.evbase = event_base_new();
+  g.epfd = epoll_create1(EPOLL_CLOEXEC);
+  if(g.epfd == -1) {
+    perror("epoll_create1 failed");
+    exit(1);
+  }
+
+  g.tfd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK | TFD_CLOEXEC);
+  if(g.tfd == -1) {
+    perror("timerfd_create failed");
+    exit(1);
+  }
+
+  memset(&its, 0, sizeof(struct itimerspec));
+  its.it_interval.tv_sec = 1;
+  its.it_value.tv_sec = 1;
+  timerfd_settime(g.tfd, 0, &its, NULL);
+
+  ev.events = EPOLLIN;
+  ev.data.fd = g.tfd;
+  epoll_ctl(g.epfd, EPOLL_CTL_ADD, g.tfd, &ev);
+
   init_fifo(&g);
   g.multi = curl_multi_init();
-  evtimer_assign(&g.timer_event, g.evbase, timer_cb, &g);
 
   /* setup the generic multi interface options we want */
   curl_multi_setopt(g.multi, CURLMOPT_SOCKETFUNCTION, sock_cb);
@@ -453,13 +507,41 @@ int main(int argc _Unused, char **argv _Unused)
   /* we don't call any curl_multi_socket*() function yet as we have no handles
      added! */
 
-  event_base_dispatch(g.evbase);
+  fprintf(MSG_OUT, "Entering wait loop\n");
+  fflush(MSG_OUT);
+  while(!g_should_exit_) {
+    /* TODO(josh): use epoll_pwait to avoid a race on the signal. Mask the
+     * signal before the while loop, and then re-enable the signal during
+     * epoll wait. Mask at the end of the loop. */
+    err = epoll_wait(g.epfd, events, sizeof(events)/sizeof(struct epoll_event),
+                     10000);
+    if(err == -1) {
+      if(errno == EINTR) {
+        fprintf(MSG_OUT, "note: wait interrupted\n");
+        continue;
+      }
+      else {
+        perror("epoll_wait");
+        exit(1);
+      }
+    }
+
+    for(idx = 0; idx < err; ++idx) {
+      if(events[idx].data.fd == g.fifofd) {
+        fifo_cb(&g, events[idx].events);
+      }
+      else if(events[idx].data.fd == g.tfd) {
+        timer_cb(&g, events[idx].events);
+      }
+      else {
+        event_cb(&g, events[idx].data.fd, events[idx].events);
+      }
+    }
+  }
+
+  fprintf(MSG_OUT, "Exiting normally.\n");
+  fflush(MSG_OUT);
 
-  /* this, of course, won't get called since only way to stop this program is
-     via ctrl-C, but it is here to show how cleanup /would/ be done. */
-  clean_fifo(&g);
-  event_del(&g.timer_event);
-  event_base_free(g.evbase);
   curl_multi_cleanup(g.multi);
   return 0;
 }
diff --git a/docs/examples/sslbackend.c b/docs/examples/sslbackend.c
index 20aa000d7..6fc078181 100644
--- a/docs/examples/sslbackend.c
+++ b/docs/examples/sslbackend.c
@@ -57,9 +57,9 @@ int main(int argc, char **argv)
     return 0;
   }
   else if(isdigit(*name)) {
-    curl_sslbackend id = (curl_sslbackend)atoi(name);
+    int id = atoi(name);
 
-    result = curl_global_sslset(id, NULL, NULL);
+    result = curl_global_sslset((curl_sslbackend)id, NULL, NULL);
   }
   else
     result = curl_global_sslset(-1, name, NULL);
diff --git a/docs/libcurl/gnurl_easy_cleanup.3 
b/docs/libcurl/gnurl_easy_cleanup.3
index b399310a1..f5412376c 100644
--- a/docs/libcurl/gnurl_easy_cleanup.3
+++ b/docs/libcurl/gnurl_easy_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -47,6 +47,9 @@ Any use of the \fBhandle\fP after this function has been 
called and have
 returned, is illegal. \fIcurl_easy_cleanup(3)\fP kills the handle and all
 memory associated with it!
 
+Passing in a NULL pointer in \fIhandle\fP will make this function return
+immediately with no action.
+.SH "OLD TIMES"
 For libcurl versions before 7.17,: after you've called this function, you can
 safely remove all the strings you've previously told libcurl to use, as it
 won't use them anymore now.
diff --git a/docs/libcurl/gnurl_formfree.3 b/docs/libcurl/gnurl_formfree.3
index 80eabd3fd..d24d06e02 100644
--- a/docs/libcurl/gnurl_formfree.3
+++ b/docs/libcurl/gnurl_formfree.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,6 +40,9 @@ the \fIcurl_formadd(3)\fP invoke(s).
 
 \fBform\fP is the pointer as returned from a previous call to
 \fIcurl_formadd(3)\fP and may be NULL.
+
+Passing in a NULL pointer in \fIform\fP will make this function return
+immediately with no action.
 .SH AVAILABILITY
 Deprecated in 7.56.0.
 .SH RETURN VALUE
diff --git a/docs/libcurl/gnurl_free.3 b/docs/libcurl/gnurl_free.3
index 10ec9e160..ee7c622b6 100644
--- a/docs/libcurl/gnurl_free.3
+++ b/docs/libcurl/gnurl_free.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -31,5 +31,8 @@ curl_free - reclaim memory that has been obtained through a 
libcurl call
 curl_free reclaims memory that has been obtained through a libcurl call.  Use
 \fIcurl_free(3)\fP instead of free() to avoid anomalies that can result from
 differences in memory management between your application and libcurl.
+
+Passing in a NULL pointer in \fIptr\fP will make this function return
+immediately with no action.
 .SH "SEE ALSO"
 .BR curl_easy_unescape "(3), " curl_easy_escape "(3) "
diff --git a/docs/libcurl/gnurl_mime_free.3 b/docs/libcurl/gnurl_mime_free.3
index 48de206f6..666592cff 100644
--- a/docs/libcurl/gnurl_mime_free.3
+++ b/docs/libcurl/gnurl_mime_free.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,6 +40,8 @@ not be explicitly freed as they are by the top structure 
freeing.
 \fBmime\fP is the handle as returned from a previous call to
 \fIcurl_mime_init(3)\fP and may be NULL.
 
+Passing in a NULL pointer in \fImime\fP will make this function return
+immediately with no action.
 .SH AVAILABILITY
 As long as at least one of HTTP, SMTP or IMAP is enabled. Added in 7.56.0.
 .SH RETURN VALUE
diff --git a/docs/libcurl/gnurl_multi_cleanup.3 
b/docs/libcurl/gnurl_multi_cleanup.3
index e8090a99b..3994c1acc 100644
--- a/docs/libcurl/gnurl_multi_cleanup.3
+++ b/docs/libcurl/gnurl_multi_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,6 +40,9 @@ handle is no longer connected to the multi handle
 
 3 - \fIcurl_multi_cleanup(3)\fP should be called when all easy handles are
 removed
+
+Passing in a NULL pointer in \fImulti_handle\fP will make this function return
+CURLM_BAD_HANDLE immediately with no other action.
 .SH RETURN VALUE
 CURLMcode type, general libcurl multi interface error code. On success,
 CURLM_OK is returned.
diff --git a/docs/libcurl/gnurl_share_cleanup.3 
b/docs/libcurl/gnurl_share_cleanup.3
index 32e1f38d4..d63d2e6b6 100644
--- a/docs/libcurl/gnurl_share_cleanup.3
+++ b/docs/libcurl/gnurl_share_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -31,6 +31,8 @@ curl_share_cleanup - Clean up a shared object
 This function deletes a shared object. The share handle cannot be used anymore
 when this function has been called.
 
+Passing in a NULL pointer in \fIshare_handle\fP will make this function return
+immediately with no action.
 .SH RETURN VALUE
 CURLSHE_OK (zero) means that the option was set properly, non-zero means an
 error occurred as \fI<gnurl/curl.h>\fP defines. See the \fIlibcurl-errors.3\fP
diff --git a/docs/libcurl/gnurl_slist_free_all.3 
b/docs/libcurl/gnurl_slist_free_all.3
index 955984753..adbbd5611 100644
--- a/docs/libcurl/gnurl_slist_free_all.3
+++ b/docs/libcurl/gnurl_slist_free_all.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -30,6 +30,9 @@ curl_slist_free_all - free an entire curl_slist list
 .SH DESCRIPTION
 curl_slist_free_all() removes all traces of a previously built curl_slist
 linked list.
+
+Passing in a NULL pointer in \fIlist\fP will make this function return
+immediately with no action.
 .SH RETURN VALUE
 Nothing.
 .SH EXAMPLE
diff --git a/docs/libcurl/libgnurl-thread.3 b/docs/libcurl/libgnurl-thread.3
index c18676e7e..1433f63ff 100644
--- a/docs/libcurl/libgnurl-thread.3
+++ b/docs/libcurl/libgnurl-thread.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2015 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 2015 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -79,8 +79,14 @@ all handles. Everything will or might work fine except that 
timeouts are not
 honored during the DNS lookup - which you can work around by building libcurl
 with c-ares or threaded-resolver support. c-ares is a library that provides
 asynchronous name resolves. On some platforms, libcurl simply will not
-function properly multi-threaded unless the \fICURLOPT_NOSIGNAL(3)\fP option is
-set.
+function properly multi-threaded unless the \fICURLOPT_NOSIGNAL(3)\fP option
+is set.
+
+When \fICURLOPT_NOSIGNAL(3)\fP is set to 1L, your application needs to deal
+with the risk of a SIGPIPE (that at least the OpenSSL backend can
+trigger). Note that setting \fICURLOPT_NOSIGNAL(3)\fP to 0L will not work in a
+threaded situation as there will be race where libcurl risks restoring the
+former signal handler while another thread should still ignore it.
 .IP "Name resolving"
 \fBgethostby* functions and other system calls.\fP These functions, provided
 by your operating system, must be thread safe. It is very important that
diff --git a/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3 
b/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3
index f5a0025cf..1ef8e17e0 100644
--- a/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3
+++ b/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3
@@ -45,10 +45,14 @@ Alternatively, you can specify exactly the encoding or list 
of encodings you
 want in the response. Four encodings are supported: \fIidentity\fP, meaning
 non-compressed, \fIdeflate\fP which requests the server to compress its
 response using the zlib algorithm, \fIgzip\fP which requests the gzip
-algorithm and (since curl 7.57.0) \fIbr\fP which is brotli.
+algorithm and (since curl 7.57.0) \fIbr\fP which is brotli.  Provide them in
+the string as a comma-separated list of accepted encodings, like:
 
-Set this option to NULL to explicitly disable it, which makes libcurl not send
-an Accept-Encoding: header and not decompress contents automatically.
+  "br, gzip, deflate".
+
+Set \fICURLOPT_ACCEPT_ENCODING(3)\fP to NULL to explicitly disable it, which
+makes libcurl not send an Accept-Encoding: header and not decompress received
+contents automatically.
 
 You can also opt to just include the Accept-Encoding: header in your request
 with \fICURLOPT_HTTPHEADER(3)\fP but then there will be no automatic
@@ -88,6 +92,10 @@ if(curl) {
 .fi
 .SH AVAILABILITY
 This option was called CURLOPT_ENCODING before 7.21.6
+
+The specific libcurl you're using must have been built with zlib to be able to
+decompress gzip and deflate responses and with the brotli library to
+decompress brotli responses.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
diff --git a/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3 
b/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3
index 6410fc736..ea0902ebd 100644
--- a/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3
@@ -41,12 +41,15 @@ data. The header callback will be called once for each 
header and only
 complete header lines are passed on to the callback. Parsing headers is very
 easy using this. The size of the data pointed to by \fIbuffer\fP is \fIsize\fP
 multiplied with \fInmemb\fP. Do not assume that the header line is zero
-terminated! The pointer named \fIuserdata\fP is the one you set with the
-\fICURLOPT_HEADERDATA(3)\fP option. This callback function must return the
-number of bytes actually taken care of. If that amount differs from the amount
-passed in to your function, it'll signal an error to the library. This will
-cause the transfer to get aborted and the libcurl function in progress will
-return \fICURLE_WRITE_ERROR\fP.
+terminated!
+
+The pointer named \fIuserdata\fP is the one you set with the
+\fICURLOPT_HEADERDATA(3)\fP option.
+
+This callback function must return the number of bytes actually taken care of.
+If that amount differs from the amount passed in to your function, it'll signal
+an error to the library. This will cause the transfer to get aborted and the
+libcurl function in progress will return \fICURLE_WRITE_ERROR\fP.
 
 A complete HTTP header that is passed to this function can be up to
 \fICURL_MAX_HTTP_HEADER\fP (100K) bytes.
diff --git a/docs/libcurl/opts/GNURLOPT_INTERLEAVEFUNCTION.3 
b/docs/libcurl/opts/GNURLOPT_INTERLEAVEFUNCTION.3
index 326a29c46..08eb49ad9 100644
--- a/docs/libcurl/opts/GNURLOPT_INTERLEAVEFUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_INTERLEAVEFUNCTION.3
@@ -55,8 +55,8 @@ service RTP data when no requests are desired. If the 
application makes a
 request, (e.g.  \fICURL_RTSPREQ_PAUSE\fP) then the response handler will
 process any pending RTP data before marking the request as finished.
 
-The \fICURLOPT_WRITEDATA(3)\fP is passed in the \fIuserdata\fP argument in the
-callback.
+The \fICURLOPT_INTERLEAVEDATA(3)\fP is passed in the \fIuserdata\fP argument in
+the callback.
 .SH DEFAULT
 NULL, the interleave data is then passed to the regular write function:
 \fICURLOPT_WRITEFUNCTION(3)\fP.
diff --git a/docs/libcurl/opts/GNURLOPT_NOPROXY.3 
b/docs/libcurl/opts/GNURLOPT_NOPROXY.3
index b6b2a3d66..6000d40ca 100644
--- a/docs/libcurl/opts/GNURLOPT_NOPROXY.3
+++ b/docs/libcurl/opts/GNURLOPT_NOPROXY.3
@@ -52,7 +52,9 @@ brackets:
 The application does not have to keep the string around after setting this
 option.
 .SH "Environment variables"
-See \fIGNURLOPT_PROXY(3)\fP
+If there's an environment variable called \fBno_proxy\fP (or \fBNO_PROXY\fP),
+it will be used if the \fIGNURLOPT_NOPROXY(3)\fP option is not set. It works
+exactly the same way.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY.3 
b/docs/libcurl/opts/GNURLOPT_PROXY.3
index f6504d0f2..4dbede760 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -79,10 +79,8 @@ libcurl respects the proxy environment variables named 
\fBhttp_proxy\fP,
 proxy for that URL scheme. So for a "FTP://" URL, the \fBftp_proxy\fP is
 considered. \fBall_proxy\fP is used if no protocol specific proxy was set.
 
-If \fBno_proxy\fP (or \fBNO_PROXY\fP) is set, it can specify a list of host
-names to not use a proxy for (even if one of the previous mention variables
-are set). That is the exact equivalent of setting the \fICURLOPT_NOPROXY(3)\fP
-option.
+If \fBno_proxy\fP (or \fBNO_PROXY\fP) is set, it is the exact equivalent of
+setting the \fICURLOPT_NOPROXY(3)\fP option.
 
 The \fICURLOPT_PROXY(3)\fP and \fICURLOPT_NOPROXY(3)\fP options override
 environment variables.
diff --git a/docs/libcurl/opts/GNURLOPT_READDATA.3 
b/docs/libcurl/opts/GNURLOPT_READDATA.3
index 2b01b4bf5..e2844da3b 100644
--- a/docs/libcurl/opts/GNURLOPT_READDATA.3
+++ b/docs/libcurl/opts/GNURLOPT_READDATA.3
@@ -35,8 +35,9 @@ input in the 4th argument to the callback.
 If you don't specify a read callback but instead rely on the default internal
 read function, this data must be a valid readable FILE * (cast to 'void *').
 
-If you're using libcurl as a win32 DLL, you MUST use a
-\fICURLOPT_READFUNCTION(3)\fP if you set this option.
+If you're using libcurl as a win32 DLL, you \fBMUST\fP use a
+\fICURLOPT_READFUNCTION(3)\fP if you set this option or you will experience
+crashes.
 .SH DEFAULT
 By default, this is a FILE * to stdin.
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/GNURLOPT_READFUNCTION.3 
b/docs/libcurl/opts/GNURLOPT_READFUNCTION.3
index 08fbf3bc9..8faf1465c 100644
--- a/docs/libcurl/opts/GNURLOPT_READFUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_READFUNCTION.3
@@ -26,7 +26,7 @@ CURLOPT_READFUNCTION \- read callback for data uploads
 .SH SYNOPSIS
 #include <gnurl/curl.h>
 
-size_t read_callback(char *buffer, size_t size, size_t nitems, void *instream);
+size_t read_callback(char *buffer, size_t size, size_t nitems, void *userdata);
 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_READFUNCTION, read_callback);
 
@@ -39,9 +39,11 @@ the server. The data area pointed at by the pointer 
\fIbuffer\fP should be
 filled up with at most \fIsize\fP multiplied with \fInitems\fP number of bytes
 by your function.
 
-Your function must then return the actual number of bytes that it stored in
-that memory area. Returning 0 will signal end-of-file to the library and cause
-it to stop the current transfer.
+Set the \fIuserdata\fP argument with the \fICURLOPT_READDATA(3)\fP option.
+
+Your function must return the actual number of bytes that it stored in the data
+area pointed at by the pointer \fIbuffer\fP. Returning 0 will signal
+end-of-file to the library and cause it to stop the current transfer.
 
 If you stop the current transfer by returning 0 "pre-maturely" (i.e before the
 server expected it, like when you've said you will upload N bytes and you
diff --git a/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3 
b/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3
index 9715162b4..e6c22e4a9 100644
--- a/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3
+++ b/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -22,7 +22,7 @@
 .\"
 .TH CURLOPT_SSH_COMPRESSION 3 "05 Aug 2017" "libcurl 7.56.0" "curl_easy_setopt 
options"
 .SH NAME
-CURLOPT_SSH_COMPRESSION \- enables automatic decompression of HTTP downloads
+CURLOPT_SSH_COMPRESSION \- enables compression / decompression of SSH traffic
 .SH SYNOPSIS
 #include <gnurl/curl.h>
 
diff --git a/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3 
b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
index b0b8d6fda..427375657 100644
--- a/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,7 @@ shown above.
 
 This callback function gets called by libcurl just before the initialization
 of an SSL connection after having processed all other SSL related options to
-give a last chance to an application to modify the behaviour of the SSL
+give a last chance to an application to modify the behavior of the SSL
 initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL
 library's \fISSL_CTX\fP for OpenSSL or wolfSSL/CyaSSL, and a pointer to
 \fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the callback
@@ -57,6 +57,12 @@ To use this properly, a non-trivial amount of knowledge of 
your SSL library is
 necessary. For example, you can use this function to call library-specific
 callbacks to add additional validation code for certificates, and even to
 change the actual URI of an HTTPS request.
+
+WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application
+to reach in and modify SSL details in the connection without libcurl itself
+knowing anything about it, which then subsequently can lead to libcurl
+unknowingly reusing SSL connections with different properties. To remedy this
+you may set \fICURLOPT_FORBID_REUSE(3)\fP from the callback function.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/GNURLOPT_URL.3 b/docs/libcurl/opts/GNURLOPT_URL.3
index c477649c6..c1d4c1b0d 100644
--- a/docs/libcurl/opts/GNURLOPT_URL.3
+++ b/docs/libcurl/opts/GNURLOPT_URL.3
@@ -284,6 +284,7 @@ and get cut off by libcurl if provided literally. You will 
instead have to
 escape it by providing it as backslash and its ASCII value in hexadecimal:
 "\\23".
 
+.RS 0
 The application does not have to keep the string around after setting this
 option.
 .SH ENCODING
diff --git a/docs/libcurl/opts/GNURLOPT_WRITEDATA.3 
b/docs/libcurl/opts/GNURLOPT_WRITEDATA.3
index 30e2799eb..d8b63b220 100644
--- a/docs/libcurl/opts/GNURLOPT_WRITEDATA.3
+++ b/docs/libcurl/opts/GNURLOPT_WRITEDATA.3
@@ -37,7 +37,7 @@ callback's 4th argument. If you don't use a write callback, 
you must make
 The internal \fICURLOPT_WRITEFUNCTION(3)\fP will write the data to the FILE *
 given with this option, or to stdout if this option hasn't been set.
 
-If you're using libcurl as a win32 DLL, you \fBMUST\fP use the
+If you're using libcurl as a win32 DLL, you \fBMUST\fP use a
 \fICURLOPT_WRITEFUNCTION(3)\fP if you set this option or you will experience
 crashes.
 .SH DEFAULT
diff --git a/docs/libcurl/opts/GNURLOPT_WRITEFUNCTION.3 
b/docs/libcurl/opts/GNURLOPT_WRITEFUNCTION.3
index d85b25274..00b179100 100644
--- a/docs/libcurl/opts/GNURLOPT_WRITEFUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_WRITEFUNCTION.3
@@ -36,7 +36,7 @@ shown above.
 
 This callback function gets called by libcurl as soon as there is data
 received that needs to be saved.  \fIptr\fP points to the delivered data, and
-the size of that data is \fIsize\fP multiplied with \fInmemb\fP.
+the size of that data is \fInmemb\fP; \fIsize\fP is always 1.
 
 The callback function will be passed as much data as possible in all invokes,
 but you must not make any assumptions. It may be one byte, it may be
diff --git a/guix.scm b/guix.scm
index 639963be5..ed7766d5d 100644
--- a/guix.scm
+++ b/guix.scm
@@ -41,7 +41,7 @@
   (package
     (inherit gnurl)
     (name "gnurl-git")
-    (version (string-append "7.61.0-" "dev"))
+    (version (string-append "7.61.1-" "dev"))
     (source
      (local-file %source-dir
                  #:recursive? #t))
@@ -51,7 +51,7 @@
        ,@(package-native-inputs gnurl)))
     (arguments
      ;;`(;#:configure-flags '("--enable-gnurl")
-     `(;;#:configure-flags '("--disable-ntlm-wb")
+     `(#:configure-flags '("--disable-ntlm-wb")
        #:test-target "test"
        #:parallel-tests? #f
        #:phases
diff --git a/include/gnurl/curlver.h b/include/gnurl/curlver.h
index d28c1fe9c..12b2f9f91 100644
--- a/include/gnurl/curlver.h
+++ b/include/gnurl/curlver.h
@@ -30,13 +30,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.61.0-DEV"
+#define LIBCURL_VERSION "7.61.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
 #define LIBCURL_VERSION_MINOR 61
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x073D00
+#define LIBCURL_VERSION_NUM 0x073D01
 
 /*
  * This is the date and time when the full source package was created. The
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 6653d555f..87cbe8174 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -1,5 +1,13 @@
 set(LIB_NAME libcurl)
 
+if(BUILD_SHARED_LIBS)
+  set(CURL_STATICLIB NO)
+else()
+  set(CURL_STATICLIB YES)
+endif()
+
+# Use:
+# * CURL_STATICLIB
 configure_file(curl_config.h.cmake
   ${CMAKE_CURRENT_BINARY_DIR}/curl_config.h)
 
@@ -59,28 +67,23 @@ if(USE_ARES)
   include_directories(${CARES_INCLUDE_DIR})
 endif()
 
-if(CURL_STATICLIB)
-  # Static lib
-  set(CURL_USER_DEFINED_DYNAMIC_OR_STATIC STATIC)
-else()
-  # DLL / so dynamic lib
-  set(CURL_USER_DEFINED_DYNAMIC_OR_STATIC SHARED)
-endif()
-
 add_library(
   ${LIB_NAME}
-  ${CURL_USER_DEFINED_DYNAMIC_OR_STATIC}
   ${HHEADERS} ${CSOURCES}
   )
 
-if(MSVC AND CURL_STATICLIB)
+if(MSVC AND NOT BUILD_SHARED_LIBS)
   set_target_properties(${LIB_NAME} PROPERTIES STATIC_LIBRARY_FLAGS 
${CMAKE_EXE_LINKER_FLAGS})
 endif()
 
+if(NOT BUILD_SHARED_LIBS)
+    set_target_properties(${LIB_NAME} PROPERTIES INTERFACE_COMPILE_DEFINITIONS 
CURL_STATICLIB)
+endif()
+
 target_link_libraries(${LIB_NAME} ${CURL_LIBS})
 
 if(WIN32)
-  add_definitions( -D_USRDLL )
+  add_definitions(-D_USRDLL)
 endif()
 
 set_target_properties(${LIB_NAME} PROPERTIES COMPILE_DEFINITIONS 
BUILDING_LIBCURL)
@@ -95,14 +98,14 @@ set_target_properties(${LIB_NAME} PROPERTIES PREFIX "")
 set_target_properties(${LIB_NAME} PROPERTIES IMPORT_PREFIX "")
 
 if(WIN32)
-  if(NOT CURL_STATICLIB)
+  if(BUILD_SHARED_LIBS)
     # Add "_imp" as a suffix before the extension to avoid conflicting with 
the statically linked "libcurl.lib"
     set_target_properties(${LIB_NAME} PROPERTIES IMPORT_SUFFIX "_imp.lib")
   endif()
 endif()
 
 target_include_directories(${LIB_NAME} INTERFACE
-       $<INSTALL_INTERFACE:include>)
+  $<INSTALL_INTERFACE:include>)
 
 install(TARGETS ${LIB_NAME}
   EXPORT libcurl-target
diff --git a/lib/Makefile.am b/lib/Makefile.am
index f43dc2964..b54ff573b 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -107,8 +107,11 @@ endif
 if CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS
 libgnurl_la_LDFLAGS_EXTRA += -Wl,--version-script=libcurl.vers
 else
+# if symbol-hiding is enabled, hide them!
+if DOING_CURL_SYMBOL_HIDING
 libgnurl_la_LDFLAGS_EXTRA += -export-symbols-regex '^curl_.*'
 endif
+endif
 
 if USE_CPPFLAG_CURL_STATICLIB
 libgnurl_la_CPPFLAGS_EXTRA += -DCURL_STATICLIB
diff --git a/lib/asyn-ares.c b/lib/asyn-ares.c
index 00fe1adb5..5cfb2602d 100644
--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -475,17 +475,19 @@ static void query_completed_cb(void *arg,  /* (struct 
connectdata *) */
     return;
 
   res = (struct ResolverResults *)conn->async.os_specific;
-  res->num_pending--;
+  if(res) {
+    res->num_pending--;
 
-  if(CURL_ASYNC_SUCCESS == status) {
-    Curl_addrinfo *ai = Curl_he2ai(hostent, conn->async.port);
-    if(ai) {
-      compound_results(res, ai);
+    if(CURL_ASYNC_SUCCESS == status) {
+      Curl_addrinfo *ai = Curl_he2ai(hostent, conn->async.port);
+      if(ai) {
+        compound_results(res, ai);
+      }
     }
+    /* A successful result overwrites any previous error */
+    if(res->last_status != ARES_SUCCESS)
+      res->last_status = status;
   }
-  /* A successful result overwrites any previous error */
-  if(res->last_status != ARES_SUCCESS)
-    res->last_status = status;
 }
 
 /*
diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
index c7c1a0086..2a59294e5 100644
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -182,8 +182,6 @@ static struct thread_sync_data 
*conn_thread_sync_data(struct connectdata *conn)
   return &(((struct thread_data *)conn->async.os_specific)->tsd);
 }
 
-#define CONN_THREAD_SYNC_DATA(conn) &(((conn)->async.os_specific)->tsd);
-
 /* Destroy resolver thread synchronization data */
 static
 void destroy_thread_sync_data(struct thread_sync_data * tsd)
diff --git a/lib/conncache.c b/lib/conncache.c
index 335c0c43d..e77c975a4 100644
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -63,10 +63,9 @@
 
 static void conn_llist_dtor(void *user, void *element)
 {
-  struct connectdata *data = element;
+  struct connectdata *conn = element;
   (void)user;
-
-  data->bundle = NULL;
+  conn->bundle = NULL;
 }
 
 static CURLcode bundle_create(struct Curl_easy *data,
@@ -313,7 +312,7 @@ void Curl_conncache_remove_conn(struct connectdata *conn, 
bool lock)
      due to a failed connection attempt, before being added to a bundle */
   if(bundle) {
     if(lock) {
-      CONN_LOCK(conn->data);
+      CONN_LOCK(data);
     }
     bundle_remove_conn(bundle, conn);
     if(bundle->num_connections == 0)
@@ -321,11 +320,11 @@ void Curl_conncache_remove_conn(struct connectdata *conn, 
bool lock)
     conn->bundle = NULL; /* removed from it */
     if(connc) {
       connc->num_conn--;
-      DEBUGF(infof(conn->data, "The cache now contains %zu members\n",
+      DEBUGF(infof(data, "The cache now contains %zu members\n",
                    connc->num_conn));
     }
     if(lock) {
-      CONN_UNLOCK(conn->data);
+      CONN_UNLOCK(data);
     }
   }
 }
@@ -433,19 +432,11 @@ bool Curl_conncache_return_conn(struct connectdata *conn)
     infof(data, "Connection cache is full, closing the oldest one.\n");
 
     conn_candidate = Curl_conncache_extract_oldest(data);
-
     if(conn_candidate) {
-      /* Set the connection's owner correctly */
-      conn_candidate->data = data;
-
       /* the winner gets the honour of being disconnected */
-      (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
+      (void)Curl_disconnect(data, conn_candidate, /* dead_connection */ FALSE);
     }
   }
-  CONN_LOCK(data);
-  conn->inuse = FALSE; /* Mark the connection unused */
-  conn->data = NULL; /* no owner */
-  CONN_UNLOCK(data);
 
   return (conn_candidate == conn) ? FALSE : TRUE;
 
@@ -479,7 +470,7 @@ Curl_conncache_extract_bundle(struct Curl_easy *data,
   while(curr) {
     conn = curr->ptr;
 
-    if(!conn->inuse) {
+    if(!CONN_INUSE(conn)) {
       /* Set higher score for the age passed since the connection was used */
       score = Curl_timediff(now, conn->now);
 
@@ -496,6 +487,7 @@ Curl_conncache_extract_bundle(struct Curl_easy *data,
     data->state.conn_cache->num_conn--;
     DEBUGF(infof(data, "The cache now contains %zu members\n",
                  data->state.conn_cache->num_conn));
+    conn_candidate->data = data; /* associate! */
   }
 
   return conn_candidate;
@@ -536,7 +528,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data)
     while(curr) {
       conn = curr->ptr;
 
-      if(!conn->inuse) {
+      if(!CONN_INUSE(conn)) {
         /* Set higher score for the age passed since the connection was used */
         score = Curl_timediff(now, conn->now);
 
@@ -557,6 +549,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data)
     connc->num_conn--;
     DEBUGF(infof(data, "The cache now contains %zu members\n",
                  connc->num_conn));
+    conn_candidate->data = data; /* associate! */
   }
   CONN_UNLOCK(data);
 
@@ -577,7 +570,7 @@ void Curl_conncache_close_all_connections(struct conncache 
*connc)
                                      pointer */
     /* This will remove the connection from the cache */
     connclose(conn, "kill all");
-    (void)Curl_disconnect(conn, FALSE);
+    (void)Curl_disconnect(connc->closure_handle, conn, FALSE);
     sigpipe_restore(&pipe_st);
 
     conn = Curl_conncache_find_first_connection(connc);
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index 1a5235bdc..5074b246e 100644
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -71,13 +71,13 @@
 #define RESERVED     0xE0 /* bits 5..7: reserved */
 
 typedef enum {
-  ZLIB_UNINIT,          /* uninitialized */
-  ZLIB_INIT,            /* initialized */
-  ZLIB_INFLATING,       /* Inflating started. */
-  ZLIB_GZIP_HEADER,     /* reading gzip header */
-  ZLIB_GZIP_TRAILER,    /* reading gzip trailer */
-  ZLIB_GZIP_INFLATING,  /* inflating gzip stream */
-  ZLIB_INIT_GZIP        /* initialized in transparent gzip mode */
+  ZLIB_UNINIT,               /* uninitialized */
+  ZLIB_INIT,                 /* initialized */
+  ZLIB_INFLATING,            /* inflating started. */
+  ZLIB_EXTERNAL_TRAILER,     /* reading external trailer */
+  ZLIB_GZIP_HEADER,          /* reading gzip header */
+  ZLIB_GZIP_INFLATING,       /* inflating gzip stream */
+  ZLIB_INIT_GZIP             /* initialized in transparent gzip mode */
 } zlibInitState;
 
 /* Writer parameters. */
@@ -150,8 +150,8 @@ static CURLcode process_trailer(struct connectdata *conn, 
zlib_params *zp)
   if(result || !zp->trailerlen)
     result = exit_zlib(conn, z, &zp->zlib_init, result);
   else {
-    /* Only occurs for gzip with zlib < 1.2.0.4. */
-    zp->zlib_init = ZLIB_GZIP_TRAILER;
+    /* Only occurs for gzip with zlib < 1.2.0.4 or raw deflate. */
+    zp->zlib_init = ZLIB_EXTERNAL_TRAILER;
   }
   return result;
 }
@@ -233,6 +233,7 @@ static CURLcode inflate_stream(struct connectdata *conn,
           z->next_in = orig_in;
           z->avail_in = nread;
           zp->zlib_init = ZLIB_INFLATING;
+          zp->trailerlen = 4; /* Tolerate up to 4 unknown trailer bytes. */
           done = FALSE;
           break;
         }
@@ -287,6 +288,9 @@ static CURLcode deflate_unencode_write(struct connectdata 
*conn,
   z->next_in = (Bytef *) buf;
   z->avail_in = (uInt) nbytes;
 
+  if(zp->zlib_init == ZLIB_EXTERNAL_TRAILER)
+    return process_trailer(conn, zp);
+
   /* Now uncompress the data */
   return inflate_stream(conn, writer, ZLIB_INFLATING);
 }
@@ -532,7 +536,7 @@ static CURLcode gzip_unencode_write(struct connectdata 
*conn,
   }
   break;
 
-  case ZLIB_GZIP_TRAILER:
+  case ZLIB_EXTERNAL_TRAILER:
     z->next_in = (Bytef *) buf;
     z->avail_in = (uInt) nbytes;
     return process_trailer(conn, zp);
diff --git a/lib/cookie.c b/lib/cookie.c
index 72aaa7636..fd7341f0b 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -40,7 +40,7 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
         received from a server.
 
         The function need to replace previously stored lines that this new
-        line superceeds.
+        line supersedes.
 
         It may remove lines that are expired.
 
@@ -250,9 +250,9 @@ static const char *get_top_domain(const char * const 
domain, size_t *outlen)
   len = strlen(domain);
   last = memrchr(domain, '.', len);
   if(last) {
-    first = memrchr(domain, '.', (size_t) (last - domain));
+    first = memrchr(domain, '.', (last - domain));
     if(first)
-      len -= (size_t) (++first - domain);
+      len -= (++first - domain);
   }
 
   if(outlen)
@@ -717,9 +717,9 @@ Curl_cookie_add(struct Curl_easy *data,
       if(!queryp)
         endslash = strrchr(path, '/');
       else
-        endslash = memrchr(path, '/', (size_t)(queryp - path));
+        endslash = memrchr(path, '/', (queryp - path));
       if(endslash) {
-        size_t pathlen = (size_t)(endslash-path + 1); /* include end slash */
+        size_t pathlen = (endslash-path + 1); /* include end slash */
         co->path = malloc(pathlen + 1); /* one extra for the zero byte */
         if(co->path) {
           memcpy(co->path, path, pathlen);
@@ -874,9 +874,10 @@ Curl_cookie_add(struct Curl_easy *data,
   }
 
   co->livecookie = c->running;
+  co->creationtime = ++c->lastct;
 
   /* now, we have parsed the incoming line, we must now check if this
-     superceeds an already existing cookie, which it may if the previous have
+     supersedes an already existing cookie, which it may if the previous have
      the same domain and path as this */
 
   /* at first, remove expired cookies */
@@ -952,6 +953,9 @@ Curl_cookie_add(struct Curl_easy *data,
       if(replace_old) {
         co->next = clist->next; /* get the next-pointer first */
 
+        /* when replacing, creationtime is kept from old */
+        co->creationtime = clist->creationtime;
+
         /* then free all the old pointers */
         free(clist->name);
         free(clist->value);
@@ -1141,12 +1145,24 @@ static int cookie_sort(const void *p1, const void *p2)
   if(l1 != l2)
     return (l2 > l1) ? 1 : -1 ;  /* avoid size_t <=> int conversions */
 
-  /* 3 - compare cookie names */
-  if(c1->name && c2->name)
-    return strcmp(c1->name, c2->name);
+  /* 3 - compare cookie name lengths */
+  l1 = c1->name ? strlen(c1->name) : 0;
+  l2 = c2->name ? strlen(c2->name) : 0;
 
-  /* sorry, can't be more deterministic */
-  return 0;
+  if(l1 != l2)
+    return (l2 > l1) ? 1 : -1;
+
+  /* 4 - compare cookie creation time */
+  return (c2->creationtime > c1->creationtime) ? 1 : -1;
+}
+
+/* sort cookies only according to creation time */
+static int cookie_sort_ct(const void *p1, const void *p2)
+{
+  struct Cookie *c1 = *(struct Cookie **)p1;
+  struct Cookie *c2 = *(struct Cookie **)p2;
+
+  return (c2->creationtime > c1->creationtime) ? 1 : -1;
 }
 
 #define CLONE(field)                     \
@@ -1175,6 +1191,7 @@ static struct Cookie *dup_cookie(struct Cookie *src)
     d->secure = src->secure;
     d->livecookie = src->livecookie;
     d->httponly = src->httponly;
+    d->creationtime = src->creationtime;
   }
   return d;
 
@@ -1439,6 +1456,8 @@ static int cookie_output(struct CookieInfo *c, const char 
*dumphere)
   bool use_stdout = FALSE;
   char *format_ptr;
   unsigned int i;
+  unsigned int j;
+  struct Cookie **array;
 
   if((NULL == c) || (0 == c->numcookies))
     /* If there are no known cookies, we don't write or even create any
@@ -1452,6 +1471,10 @@ static int cookie_output(struct CookieInfo *c, const 
char *dumphere)
   if(0 == c->numcookies)
     return 0;
 
+  array = malloc(sizeof(struct Cookie *) * c->numcookies);
+  if(!array)
+    return 1;
+
   if(!strcmp("-", dumphere)) {
     /* use stdout */
     out = stdout;
@@ -1459,8 +1482,10 @@ static int cookie_output(struct CookieInfo *c, const 
char *dumphere)
   }
   else {
     out = fopen(dumphere, FOPEN_WRITETEXT);
-    if(!out)
+    if(!out) {
+      free(array);
       return 1; /* failure */
+    }
   }
 
   fputs("# Netscape HTTP Cookie File\n"
@@ -1468,22 +1493,33 @@ static int cookie_output(struct CookieInfo *c, const 
char *dumphere)
         "# This file was generated by libcurl! Edit at your own risk.\n\n",
         out);
 
+  j = 0;
   for(i = 0; i < COOKIE_HASH_SIZE; i++) {
     for(co = c->cookies[i]; co; co = co->next) {
       if(!co->domain)
         continue;
-      format_ptr = get_netscape_format(co);
-      if(format_ptr == NULL) {
-        fprintf(out, "#\n# Fatal libcurl error\n");
-        if(!use_stdout)
-          fclose(out);
-        return 1;
+      array[j++] = co;
+    }
+  }
+
+  qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct);
+
+  for(i = 0; i < j; i++) {
+    format_ptr = get_netscape_format(array[i]);
+    if(format_ptr == NULL) {
+      fprintf(out, "#\n# Fatal libcurl error\n");
+      if(!use_stdout) {
+        free(array);
+        fclose(out);
       }
-      fprintf(out, "%s\n", format_ptr);
-      free(format_ptr);
+      return 1;
     }
+    fprintf(out, "%s\n", format_ptr);
+    free(format_ptr);
   }
 
+  free(array);
+
   if(!use_stdout)
     fclose(out);
 
diff --git a/lib/cookie.h b/lib/cookie.h
index 8be887cc9..b2ec17a35 100644
--- a/lib/cookie.h
+++ b/lib/cookie.h
@@ -34,7 +34,7 @@ struct Cookie {
   char *domain;      /* domain = <this> */
   curl_off_t expires;  /* expires = <this> */
   char *expirestr;   /* the plain text version */
-  bool tailmatch;    /* weather we do tail-matchning of the domain name */
+  bool tailmatch;    /* whether we do tail-matching of the domain name */
 
   /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */
   char *version;     /* Version = <value> */
@@ -43,6 +43,7 @@ struct Cookie {
   bool secure;       /* whether the 'secure' keyword was used */
   bool livecookie;   /* updated from a server, not a stored file */
   bool httponly;     /* true if the httponly directive is present */
+  int creationtime;  /* time when the cookie was written */
 };
 
 #define COOKIE_HASH_SIZE 256
@@ -55,6 +56,7 @@ struct CookieInfo {
   bool running;    /* state info, for cookie adding information */
   long numcookies; /* number of cookies in the "jar" */
   bool newsession; /* new session, discard session cookies on load */
+  int lastct;      /* last creation-time used in the jar */
 };
 
 /* This is the maximum line length we accept for a cookie line. RFC 2109
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index e27cab353..922e85a92 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -557,8 +557,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
                                    unsigned char *ntbuffer /* 21 bytes */)
 {
   size_t len = strlen(password);
-  unsigned char *pw = len ? malloc(len * 2) : strdup("");
+  unsigned char *pw;
   CURLcode result;
+  if(len > SIZE_T_MAX/2) /* avoid integer overflow */
+    return CURLE_OUT_OF_MEMORY;
+  pw = len ? malloc(len * 2) : strdup("");
   if(!pw)
     return CURLE_OUT_OF_MEMORY;
 
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 748cce07d..191845fc6 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -801,6 +801,11 @@ endings either CRLF or LF so 't' is appropriate.
 #define CURL_SA_FAMILY_T unsigned short
 #endif
 
+/* Some convenience macros to get the larger/smaller value out of two given.
+   We prefix with CURL to prevent name collisions. */
+#define CURLMAX(x,y) ((x)>(y)?(x):(y))
+#define CURLMIN(x,y) ((x)<(y)?(x):(y))
+
 /* Some versions of the Android SDK is missing the declaration */
 #if defined(HAVE_GETPWUID_R) && defined(HAVE_DECL_GETPWUID_R_MISSING)
 struct passwd;
diff --git a/lib/curl_threads.c b/lib/curl_threads.c
index 9259c3f4d..4cb32b180 100644
--- a/lib/curl_threads.c
+++ b/lib/curl_threads.c
@@ -108,7 +108,8 @@ curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL 
*func) (void *),
 #ifdef _WIN32_WCE
   t = CreateThread(NULL, 0, func, arg, 0, NULL);
 #else
-  t = (curl_thread_t)_beginthreadex(NULL, 0, func, arg, 0, NULL);
+  uintptr_t thread_handle = _beginthreadex(NULL, 0, func, arg, 0, NULL);
+  t = (curl_thread_t)thread_handle;
 #endif
   if((t == 0) || (t == LongToHandle(-1L))) {
 #ifdef _WIN32_WCE
diff --git a/lib/dict.c b/lib/dict.c
index 43339076f..57c4c7408 100644
--- a/lib/dict.c
+++ b/lib/dict.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -101,7 +101,7 @@ static char *unescape_word(struct Curl_easy *data, const 
char *inputbuff)
   if(!newp || result)
     return NULL;
 
-  dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */
+  dictp = malloc(len*2 + 1); /* add one for terminating zero */
   if(dictp) {
     char *ptr;
     char ch;
diff --git a/lib/easy.c b/lib/easy.c
index 0b3912e66..f7da11155 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -958,6 +958,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy 
*data)
     outcurl->change.referer_alloc = TRUE;
   }
 
+  /* Reinitialize an SSL engine for the new handle
+   * note: the engine name has already been copied by dupset */
+  if(outcurl->set.str[STRING_SSL_ENGINE]) {
+    if(Curl_ssl_set_engine(outcurl, outcurl->set.str[STRING_SSL_ENGINE]))
+      goto fail;
+  }
+
   /* Clone the resolver handle, if present, for the new handle */
   if(Curl_resolver_duphandle(&outcurl->state.resolver,
                              data->state.resolver))
diff --git a/lib/file.c b/lib/file.c
index e4ac8dfa4..10688c13a 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -306,7 +306,7 @@ static CURLcode file_upload(struct connectdata *conn)
   while(!result) {
     size_t nread;
     size_t nwrite;
-    int readcount;
+    size_t readcount;
     result = Curl_fillreadbuffer(conn, (int)data->set.buffer_size, &readcount);
     if(result)
       break;
@@ -314,7 +314,7 @@ static CURLcode file_upload(struct connectdata *conn)
     if(readcount <= 0)  /* fix questionable compare error. curlvms */
       break;
 
-    nread = (size_t)readcount;
+    nread = readcount;
 
     /*skip bytes before resume point*/
     if(data->state.resume_from) {
diff --git a/lib/formdata.c b/lib/formdata.c
index ba683e976..5a6cdd644 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -39,15 +39,12 @@
 #include "sendf.h"
 #include "strdup.h"
 #include "rand.h"
+#include "warnless.h"
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
 #include "curl_memory.h"
 #include "memdebug.h"
 
-/* What kind of Content-Type to use on un-specified files with unrecognized
-   extensions. */
-#define HTTPPOST_CONTENTTYPE_DEFAULT "application/octet-stream"
-
 #define HTTPPOST_PTRNAME CURL_HTTPPOST_PTRNAME
 #define HTTPPOST_FILENAME CURL_HTTPPOST_FILENAME
 #define HTTPPOST_PTRCONTENTS CURL_HTTPPOST_PTRCONTENTS
@@ -304,7 +301,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
        * Set the contents property.
        */
     case CURLFORM_PTRCONTENTS:
-      current_form->flags |= HTTPPOST_PTRCONTENTS; /* fall through */
+      current_form->flags |= HTTPPOST_PTRCONTENTS;
+      /* FALLTHROUGH */
     case CURLFORM_COPYCONTENTS:
       if(current_form->value)
         return_value = CURL_FORMADD_OPTION_TWICE;
@@ -881,7 +879,8 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
                compatibility: use of "-" pseudo file name should be avoided. */
             result = curl_mime_data_cb(part, (curl_off_t) -1,
                                        (curl_read_callback) fread,
-                                       (curl_seek_callback) fseek,
+                                       CURLX_FUNCTION_CAST(curl_seek_callback,
+                                                           fseek),
                                        NULL, (void *) stdin);
           }
           else
diff --git a/lib/gopher.c b/lib/gopher.c
index 0ee3ffe00..c9fca4207 100644
--- a/lib/gopher.c
+++ b/lib/gopher.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -89,22 +89,15 @@ static CURLcode gopher_do(struct connectdata *conn, bool 
*done)
   /* Create selector. Degenerate cases: / and /1 => convert to "" */
   if(strlen(path) <= 2) {
     sel = (char *)"";
-    len = (int)strlen(sel);
+    len = strlen(sel);
   }
   else {
     char *newp;
-    size_t j, i;
 
     /* Otherwise, drop / and the first character (i.e., item type) ... */
     newp = path;
     newp += 2;
 
-    /* ... then turn ? into TAB for search servers, Veronica, etc. ... */
-    j = strlen(newp);
-    for(i = 0; i<j; i++)
-      if(newp[i] == '?')
-        newp[i] = '\x09';
-
     /* ... and finally unescape */
     result = Curl_urldecode(data, newp, 0, &sel, &len, FALSE);
     if(result)
diff --git a/lib/hostasyn.c b/lib/hostasyn.c
index 7b6e8568a..e7b399ed2 100644
--- a/lib/hostasyn.c
+++ b/lib/hostasyn.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -131,7 +131,7 @@ CURLcode Curl_async_resolved(struct connectdata *conn,
   if(result)
     /* We're not allowed to return failure with memory left allocated
        in the connectdata struct, free those here */
-    Curl_disconnect(conn, FALSE); /* close the connection */
+    Curl_disconnect(conn->data, conn, TRUE); /* close the connection */
 
   return result;
 }
diff --git a/lib/hostip.c b/lib/hostip.c
index d809578e1..bc20f7153 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -907,7 +907,9 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
       char *entry_id;
       size_t entry_len;
       char address[64];
+#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
       char *addresses = NULL;
+#endif
       char *addr_begin;
       char *addr_end;
       char *port_ptr;
@@ -930,7 +932,9 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
         goto err;
 
       port = (int)tmp_port;
+#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
       addresses = end_ptr + 1;
+#endif
 
       while(*end_ptr) {
         size_t alen;
diff --git a/lib/http.c b/lib/http.c
index 588bab599..f1885f583 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -158,18 +158,20 @@ CURLcode Curl_http_setup_conn(struct connectdata *conn)
   /* allocate the HTTP-specific struct for the Curl_easy, only to survive
      during this request */
   struct HTTP *http;
-  DEBUGASSERT(conn->data->req.protop == NULL);
+  struct Curl_easy *data = conn->data;
+  DEBUGASSERT(data->req.protop == NULL);
 
   http = calloc(1, sizeof(struct HTTP));
   if(!http)
     return CURLE_OUT_OF_MEMORY;
 
   Curl_mime_initpart(&http->form, conn->data);
-  conn->data->req.protop = http;
-
-  Curl_http2_setup_conn(conn);
-  Curl_http2_setup_req(conn->data);
+  data->req.protop = http;
 
+  if(!CONN_INUSE(conn))
+    /* if not alredy multi-using, setup connection details */
+    Curl_http2_setup_conn(conn);
+  Curl_http2_setup_req(data);
   return CURLE_OK;
 }
 
@@ -340,11 +342,11 @@ static CURLcode http_output_bearer(struct connectdata 
*conn)
  *
  * return TRUE if one was picked
  */
-static bool pickoneauth(struct auth *pick)
+static bool pickoneauth(struct auth *pick, unsigned long mask)
 {
   bool picked;
   /* only deal with authentication we want */
-  unsigned long avail = pick->avail & pick->want;
+  unsigned long avail = pick->avail & pick->want & mask;
   picked = TRUE;
 
   /* The order of these checks is highly relevant, as this will be the order
@@ -506,6 +508,10 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
   bool pickhost = FALSE;
   bool pickproxy = FALSE;
   CURLcode result = CURLE_OK;
+  unsigned long authmask = ~0ul;
+
+  if(!conn->oauth_bearer)
+    authmask &= (unsigned long)~CURLAUTH_BEARER;
 
   if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
     /* this is a transient response code, ignore */
@@ -514,17 +520,18 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
   if(data->state.authproblem)
     return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;
 
-  if(conn->bits.user_passwd &&
+  if((conn->bits.user_passwd || conn->oauth_bearer) &&
      ((data->req.httpcode == 401) ||
       (conn->bits.authneg && data->req.httpcode < 300))) {
-    pickhost = pickoneauth(&data->state.authhost);
+    pickhost = pickoneauth(&data->state.authhost, authmask);
     if(!pickhost)
       data->state.authproblem = TRUE;
   }
   if(conn->bits.proxy_user_passwd &&
      ((data->req.httpcode == 407) ||
       (conn->bits.authneg && data->req.httpcode < 300))) {
-    pickproxy = pickoneauth(&data->state.authproxy);
+    pickproxy = pickoneauth(&data->state.authproxy,
+                            authmask & ~CURLAUTH_BEARER);
     if(!pickproxy)
       data->state.authproblem = TRUE;
   }
@@ -1116,7 +1123,8 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
   CURLcode result;
   char *ptr;
   size_t size;
-  struct HTTP *http = conn->data->req.protop;
+  struct Curl_easy *data = conn->data;
+  struct HTTP *http = data->req.protop;
   size_t sendsize;
   curl_socket_t sockfd;
   size_t headersize;
@@ -1136,7 +1144,7 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
 
   DEBUGASSERT(size > included_body_bytes);
 
-  result = Curl_convert_to_network(conn->data, ptr, headersize);
+  result = Curl_convert_to_network(data, ptr, headersize);
   /* Curl_convert_to_network calls failf if unsuccessful */
   if(result) {
     /* conversion failed, free memory and return to the caller */
@@ -1161,8 +1169,14 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
        must copy the data to the uploadbuffer first, since that is the buffer
        we will be using if this send is retried later.
     */
-    memcpy(conn->data->state.uploadbuffer, ptr, sendsize);
-    ptr = conn->data->state.uploadbuffer;
+    result = Curl_get_upload_buffer(data);
+    if(result) {
+      /* malloc failed, free memory and return to the caller */
+      Curl_add_buffer_free(in);
+      return result;
+    }
+    memcpy(data->state.ulbuf, ptr, sendsize);
+    ptr = data->state.ulbuf;
   }
   else
     sendsize = size;
@@ -1179,13 +1193,13 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
     size_t headlen = (size_t)amount>headersize ? headersize : (size_t)amount;
     size_t bodylen = amount - headlen;
 
-    if(conn->data->set.verbose) {
+    if(data->set.verbose) {
       /* this data _may_ contain binary stuff */
-      Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr, headlen);
+      Curl_debug(data, CURLINFO_HEADER_OUT, ptr, headlen);
       if(bodylen) {
         /* there was body data sent beyond the initial header part, pass that
            on to the debug callback too */
-        Curl_debug(conn->data, CURLINFO_DATA_OUT,
+        Curl_debug(data, CURLINFO_DATA_OUT,
                    ptr + headlen, bodylen);
       }
     }
@@ -1210,14 +1224,14 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
         ptr = in->buffer + amount;
 
         /* backup the currently set pointers */
-        http->backup.fread_func = conn->data->state.fread_func;
-        http->backup.fread_in = conn->data->state.in;
+        http->backup.fread_func = data->state.fread_func;
+        http->backup.fread_in = data->state.in;
         http->backup.postdata = http->postdata;
         http->backup.postsize = http->postsize;
 
         /* set the new pointers for the request-sending */
-        conn->data->state.fread_func = (curl_read_callback)readmoredata;
-        conn->data->state.in = (void *)conn;
+        data->state.fread_func = (curl_read_callback)readmoredata;
+        data->state.in = (void *)conn;
         http->postdata = ptr;
         http->postsize = (curl_off_t)size;
 
@@ -1913,6 +1927,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
   }
 
   http = data->req.protop;
+  DEBUGASSERT(http);
 
   if(!data->state.this_is_a_follow) {
     /* Free to avoid leaking memory on multiple requests*/
@@ -2879,6 +2894,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
       data->req.exp100 = EXP100_SEND_DATA; /* already sent */
       Curl_expire_done(data, EXPIRE_100_TIMEOUT);
     }
+    else
+      data->req.writebytecount = http->writebytecount;
   }
 
   if((conn->httpversion == 20) && data->req.upload_chunky)
@@ -2889,17 +2906,32 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
   return result;
 }
 
+typedef enum {
+  STATUS_UNKNOWN, /* not enough data to tell yet */
+  STATUS_DONE, /* a status line was read */
+  STATUS_BAD /* not a status line */
+} statusline;
+
+
+/* Check a string for a prefix. Check no more than 'len' bytes */
+static bool checkprefixmax(const char *prefix, const char *buffer, size_t len)
+{
+  size_t ch = CURLMIN(strlen(prefix), len);
+  return curl_strnequal(prefix, buffer, ch);
+}
+
 /*
  * checkhttpprefix()
  *
  * Returns TRUE if member of the list matches prefix of string
  */
-static bool
+static statusline
 checkhttpprefix(struct Curl_easy *data,
-                const char *s)
+                const char *s, size_t len)
 {
   struct curl_slist *head = data->set.http200aliases;
-  bool rc = FALSE;
+  statusline rc = STATUS_BAD;
+  statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN;
 #ifdef CURL_DOES_CONVERSIONS
   /* convert from the network encoding using a scratch area */
   char *scratch = strdup(s);
@@ -2916,15 +2948,15 @@ checkhttpprefix(struct Curl_easy *data,
 #endif /* CURL_DOES_CONVERSIONS */
 
   while(head) {
-    if(checkprefix(head->data, s)) {
-      rc = TRUE;
+    if(checkprefixmax(head->data, s, len)) {
+      rc = onmatch;
       break;
     }
     head = head->next;
   }
 
-  if(!rc && (checkprefix("HTTP/", s)))
-    rc = TRUE;
+  if((rc != STATUS_DONE) && (checkprefixmax("HTTP/", s, len)))
+    rc = onmatch;
 
 #ifdef CURL_DOES_CONVERSIONS
   free(scratch);
@@ -2933,11 +2965,12 @@ checkhttpprefix(struct Curl_easy *data,
 }
 
 #ifndef CURL_DISABLE_RTSP
-static bool
+static statusline
 checkrtspprefix(struct Curl_easy *data,
-                const char *s)
+                const char *s, size_t len)
 {
-  bool result = FALSE;
+  statusline result = STATUS_BAD;
+  statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN;
 
 #ifdef CURL_DOES_CONVERSIONS
   /* convert from the network encoding using a scratch area */
@@ -2950,30 +2983,31 @@ checkrtspprefix(struct Curl_easy *data,
     /* Curl_convert_from_network calls failf if unsuccessful */
     result = FALSE; /* can't return CURLE_foobar so return FALSE */
   }
-  else
-    result = checkprefix("RTSP/", scratch)? TRUE: FALSE;
+  else if(checkprefixmax("RTSP/", scratch, len))
+    result = onmatch;
   free(scratch);
 #else
   (void)data; /* unused */
-  result = checkprefix("RTSP/", s)? TRUE: FALSE;
+  if(checkprefixmax("RTSP/", s, len))
+    result = onmatch;
 #endif /* CURL_DOES_CONVERSIONS */
 
   return result;
 }
 #endif /* CURL_DISABLE_RTSP */
 
-static bool
+static statusline
 checkprotoprefix(struct Curl_easy *data, struct connectdata *conn,
-                 const char *s)
+                 const char *s, size_t len)
 {
 #ifndef CURL_DISABLE_RTSP
   if(conn->handler->protocol & CURLPROTO_RTSP)
-    return checkrtspprefix(data, s);
+    return checkrtspprefix(data, s, len);
 #else
   (void)conn;
 #endif /* CURL_DISABLE_RTSP */
 
-  return checkhttpprefix(data, s);
+  return checkhttpprefix(data, s, len);
 }
 
 /*
@@ -3087,12 +3121,15 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy 
*data,
       if(result)
         return result;
 
-      if(!k->headerline && (k->hbuflen>5)) {
-        /* make a first check that this looks like a protocol header */
-        if(!checkprotoprefix(data, conn, data->state.headerbuff)) {
+      if(!k->headerline) {
+        /* check if this looks like a protocol header */
+        statusline st = checkprotoprefix(data, conn, data->state.headerbuff,
+                                         k->hbuflen);
+        if(st == STATUS_BAD) {
           /* this is not the beginning of a protocol first header line */
           k->header = FALSE;
           k->badheader = HEADER_ALLBAD;
+          streamclose(conn, "bad HTTP: No end-of-message indicator");
           break;
         }
       }
@@ -3121,8 +3158,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy 
*data,
 
     if(!k->headerline) {
       /* the first read header */
-      if((k->hbuflen>5) &&
-         !checkprotoprefix(data, conn, data->state.headerbuff)) {
+      statusline st = checkprotoprefix(data, conn, data->state.headerbuff,
+                                       k->hbuflen);
+      if(st == STATUS_BAD) {
+        streamclose(conn, "bad HTTP: No end-of-message indicator");
         /* this is not the beginning of a protocol first header line */
         k->header = FALSE;
         if(*nread)
@@ -3491,7 +3530,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy 
*data,
              compare header line against list of aliases
           */
           if(!nc) {
-            if(checkhttpprefix(data, k->p)) {
+            if(checkhttpprefix(data, k->p, k->hbuflen) == STATUS_DONE) {
               nc = 1;
               k->httpcode = 200;
               conn->httpversion = 10;
diff --git a/lib/http2.c b/lib/http2.c
index ecb263235..efeb5b494 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -42,7 +42,6 @@
 #include "memdebug.h"
 
 #define H2_BUFSIZE 32768
-#define MIN(x,y) ((x)<(y)?(x):(y))
 
 #if (NGHTTP2_VERSION_NUM < 0x010000)
 #error too old nghttp2 version, upgrade!
@@ -154,6 +153,11 @@ static void http2_stream_free(struct HTTP *http)
   }
 }
 
+/*
+ * Disconnects *a* connection used for HTTP/2. It might be an old one from the
+ * connection cache and not the "main" one. Don't touch the easy handle!
+ */
+
 static CURLcode http2_disconnect(struct connectdata *conn,
                                  bool dead_connection)
 {
@@ -164,8 +168,6 @@ static CURLcode http2_disconnect(struct connectdata *conn,
 
   nghttp2_session_del(c->h2);
   Curl_safefree(c->inbuf);
-  http2_stream_free(conn->data->req.protop);
-  conn->data->state.drain = 0;
 
   H2BUGF(infof(conn->data, "HTTP/2 DISCONNECT done\n"));
 
@@ -368,6 +370,10 @@ static ssize_t send_callback(nghttp2_session *h2,
   (void)h2;
   (void)flags;
 
+  if(!c->send_underlying)
+    /* called before setup properly! */
+    return NGHTTP2_ERR_CALLBACK_FAILURE;
+
   written = ((Curl_send*)c->send_underlying)(conn, FIRSTSOCKET,
                                              data, length, &result);
 
@@ -441,6 +447,28 @@ char *curl_pushheader_byname(struct curl_pushheaders *h, 
const char *header)
   return NULL;
 }
 
+/*
+ * This specific transfer on this connection has been "drained".
+ */
+static void drained_transfer(struct Curl_easy *data,
+                             struct http_conn *httpc)
+{
+  DEBUGASSERT(httpc->drain_total >= data->state.drain);
+  httpc->drain_total -= data->state.drain;
+  data->state.drain = 0;
+}
+
+/*
+ * Mark this transfer to get "drained".
+ */
+static void drain_this(struct Curl_easy *data,
+                       struct http_conn *httpc)
+{
+  data->state.drain++;
+  httpc->drain_total++;
+  DEBUGASSERT(httpc->drain_total >= data->state.drain);
+}
+
 static struct Curl_easy *duphandle(struct Curl_easy *data)
 {
   struct Curl_easy *second = curl_easy_duphandle(data);
@@ -520,6 +548,7 @@ static int push_promise(struct Curl_easy *data,
     if(rv) {
       /* denied, kill off the new handle again */
       http2_stream_free(newhandle->req.protop);
+      newhandle->req.protop = NULL;
       (void)Curl_close(newhandle);
       goto fail;
     }
@@ -535,14 +564,22 @@ static int push_promise(struct Curl_easy *data,
     if(rc) {
       infof(data, "failed to add handle to multi\n");
       http2_stream_free(newhandle->req.protop);
+      newhandle->req.protop = NULL;
       Curl_close(newhandle);
       rv = 1;
       goto fail;
     }
 
     httpc = &conn->proto.httpc;
-    nghttp2_session_set_stream_user_data(httpc->h2,
-                                         frame->promised_stream_id, newhandle);
+    rv = nghttp2_session_set_stream_user_data(httpc->h2,
+                                              frame->promised_stream_id,
+                                              newhandle);
+    if(rv) {
+      infof(data, "failed to set user_data for stream %d\n",
+            frame->promised_stream_id);
+      DEBUGASSERT(0);
+      goto fail;
+    }
   }
   else {
     H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it!\n"));
@@ -640,7 +677,7 @@ static int on_frame_recv(nghttp2_session *session, const 
nghttp2_frame *frame,
     Curl_add_buffer(stream->header_recvbuf, "\r\n", 2);
 
     left = stream->header_recvbuf->size_used - stream->nread_header_recvbuf;
-    ncopy = MIN(stream->len, left);
+    ncopy = CURLMIN(stream->len, left);
 
     memcpy(&stream->mem[stream->memlen],
            stream->header_recvbuf->buffer + stream->nread_header_recvbuf,
@@ -653,8 +690,7 @@ static int on_frame_recv(nghttp2_session *session, const 
nghttp2_frame *frame,
     stream->len -= ncopy;
     stream->memlen += ncopy;
 
-    data_s->state.drain++;
-    httpc->drain_total++;
+    drain_this(data_s, httpc);
     {
       /* get the pointer from userp again since it was re-assigned above */
       struct connectdata *conn_s = (struct connectdata *)userp;
@@ -683,25 +719,6 @@ static int on_frame_recv(nghttp2_session *session, const 
nghttp2_frame *frame,
   return 0;
 }
 
-static int on_invalid_frame_recv(nghttp2_session *session,
-                                 const nghttp2_frame *frame,
-                                 int lib_error_code, void *userp)
-{
-  struct Curl_easy *data_s = NULL;
-  (void)userp;
-#if !defined(DEBUG_HTTP2) || defined(CURL_DISABLE_VERBOSE_STRINGS)
-  (void)lib_error_code;
-#endif
-
-  data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
-  if(data_s) {
-    H2BUGF(infof(data_s,
-                 "on_invalid_frame_recv() was called, error=%d:%s\n",
-                 lib_error_code, nghttp2_strerror(lib_error_code)));
-  }
-  return 0;
-}
-
 static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
                               int32_t stream_id,
                               const uint8_t *data, size_t len, void *userp)
@@ -727,14 +744,13 @@ static int on_data_chunk_recv(nghttp2_session *session, 
uint8_t flags,
   if(!stream)
     return NGHTTP2_ERR_CALLBACK_FAILURE;
 
-  nread = MIN(stream->len, len);
+  nread = CURLMIN(stream->len, len);
   memcpy(&stream->mem[stream->memlen], data, nread);
 
   stream->len -= nread;
   stream->memlen += nread;
 
-  data_s->state.drain++;
-  conn->proto.httpc.drain_total++;
+  drain_this(data_s, &conn->proto.httpc);
 
   /* if we receive data for another handle, wake that up */
   if(conn->data != data_s)
@@ -768,58 +784,13 @@ static int on_data_chunk_recv(nghttp2_session *session, 
uint8_t flags,
   return 0;
 }
 
-static int before_frame_send(nghttp2_session *session,
-                             const nghttp2_frame *frame,
-                             void *userp)
-{
-  struct Curl_easy *data_s;
-  (void)userp;
-
-  data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
-  if(data_s) {
-    H2BUGF(infof(data_s, "before_frame_send() was called\n"));
-  }
-
-  return 0;
-}
-static int on_frame_send(nghttp2_session *session,
-                         const nghttp2_frame *frame,
-                         void *userp)
-{
-  struct Curl_easy *data_s;
-  (void)userp;
-
-  data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
-  if(data_s) {
-    H2BUGF(infof(data_s, "on_frame_send() was called, length = %zd\n",
-                 frame->hd.length));
-  }
-  return 0;
-}
-static int on_frame_not_send(nghttp2_session *session,
-                             const nghttp2_frame *frame,
-                             int lib_error_code, void *userp)
-{
-  struct Curl_easy *data_s;
-  (void)userp;
-#if !defined(DEBUG_HTTP2) || defined(CURL_DISABLE_VERBOSE_STRINGS)
-  (void)lib_error_code;
-#endif
-
-  data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
-  if(data_s) {
-    H2BUGF(infof(data_s,
-                 "on_frame_not_send() was called, lib_error_code = %d\n",
-                 lib_error_code));
-  }
-  return 0;
-}
 static int on_stream_close(nghttp2_session *session, int32_t stream_id,
                            uint32_t error_code, void *userp)
 {
   struct Curl_easy *data_s;
   struct HTTP *stream;
   struct connectdata *conn = (struct connectdata *)userp;
+  int rv;
   (void)session;
   (void)stream_id;
 
@@ -840,14 +811,19 @@ static int on_stream_close(nghttp2_session *session, 
int32_t stream_id,
       return NGHTTP2_ERR_CALLBACK_FAILURE;
 
     stream->closed = TRUE;
-    data_s->state.drain++;
     httpc = &conn->proto.httpc;
-    httpc->drain_total++;
+    drain_this(data_s, httpc);
     httpc->error_code = error_code;
 
     /* remove the entry from the hash as the stream is now gone */
-    nghttp2_session_set_stream_user_data(session, stream_id, 0);
+    rv = nghttp2_session_set_stream_user_data(session, stream_id, 0);
+    if(rv) {
+      infof(data_s, "http/2: failed to clear user_data for stream %d!\n",
+            stream_id);
+      DEBUGASSERT(0);
+    }
     H2BUGF(infof(data_s, "Removed stream %u hash!\n", stream_id));
+    stream->stream_id = 0; /* cleared */
   }
   return 0;
 }
@@ -1052,7 +1028,7 @@ static ssize_t data_source_read_callback(nghttp2_session 
*session,
   else
     return NGHTTP2_ERR_INVALID_ARGUMENT;
 
-  nread = MIN(stream->upload_len, length);
+  nread = CURLMIN(stream->upload_len, length);
   if(nread > 0) {
     memcpy(buf, stream->upload_mem, nread);
     stream->upload_mem += nread;
@@ -1109,6 +1085,12 @@ void Curl_http2_done(struct connectdata *conn, bool 
premature)
   struct HTTP *http = data->req.protop;
   struct http_conn *httpc = &conn->proto.httpc;
 
+  if(!httpc->h2) /* not HTTP/2 ? */
+    return;
+
+  if(data->state.drain)
+    drained_transfer(data, httpc);
+
   if(http->header_recvbuf) {
     Curl_add_buffer_free(http->header_recvbuf);
     http->header_recvbuf = NULL; /* clear the pointer */
@@ -1126,15 +1108,24 @@ void Curl_http2_done(struct connectdata *conn, bool 
premature)
 
   if(premature) {
     /* RST_STREAM */
-    nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE, http->stream_id,
-                              NGHTTP2_STREAM_CLOSED);
+    if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE,
+                                  http->stream_id, NGHTTP2_STREAM_CLOSED))
+      (void)nghttp2_session_send(httpc->h2);
+
     if(http->stream_id == httpc->pause_stream_id) {
       infof(data, "stopped the pause stream!\n");
       httpc->pause_stream_id = 0;
     }
   }
-  if(http->stream_id) {
-    nghttp2_session_set_stream_user_data(httpc->h2, http->stream_id, 0);
+  /* -1 means unassigned and 0 means cleared */
+  if(http->stream_id > 0) {
+    int rv = nghttp2_session_set_stream_user_data(httpc->h2,
+                                                  http->stream_id, 0);
+    if(rv) {
+      infof(data, "http/2: failed to clear user_data for stream %d!\n",
+            http->stream_id);
+      DEBUGASSERT(0);
+    }
     http->stream_id = 0;
   }
 }
@@ -1164,21 +1155,9 @@ CURLcode Curl_http2_init(struct connectdata *conn)
     /* nghttp2_on_frame_recv_callback */
     nghttp2_session_callbacks_set_on_frame_recv_callback
       (callbacks, on_frame_recv);
-    /* nghttp2_on_invalid_frame_recv_callback */
-    nghttp2_session_callbacks_set_on_invalid_frame_recv_callback
-      (callbacks, on_invalid_frame_recv);
     /* nghttp2_on_data_chunk_recv_callback */
     nghttp2_session_callbacks_set_on_data_chunk_recv_callback
       (callbacks, on_data_chunk_recv);
-    /* nghttp2_before_frame_send_callback */
-    nghttp2_session_callbacks_set_before_frame_send_callback
-      (callbacks, before_frame_send);
-    /* nghttp2_on_frame_send_callback */
-    nghttp2_session_callbacks_set_on_frame_send_callback
-      (callbacks, on_frame_send);
-    /* nghttp2_on_frame_not_send_callback */
-    nghttp2_session_callbacks_set_on_frame_not_send_callback
-      (callbacks, on_frame_not_send);
     /* nghttp2_on_stream_close_callback */
     nghttp2_session_callbacks_set_on_stream_close_callback
       (callbacks, on_stream_close);
@@ -1352,7 +1331,6 @@ CURLcode Curl_http2_done_sending(struct connectdata *conn)
   return result;
 }
 
-
 static ssize_t http2_handle_stream_close(struct connectdata *conn,
                                          struct Curl_easy *data,
                                          struct HTTP *stream, CURLcode *err)
@@ -1365,9 +1343,7 @@ static ssize_t http2_handle_stream_close(struct 
connectdata *conn,
     httpc->pause_stream_id = 0;
   }
 
-  DEBUGASSERT(httpc->drain_total >= data->state.drain);
-  httpc->drain_total -= data->state.drain;
-  data->state.drain = 0;
+  drained_transfer(data, httpc);
 
   if(httpc->pause_stream_id == 0) {
     if(h2_process_pending_input(conn, httpc, err) != 0) {
@@ -1510,7 +1486,7 @@ static ssize_t http2_recv(struct connectdata *conn, int 
sockindex,
     /* If there is body data pending for this stream to return, do that */
     size_t left =
       stream->header_recvbuf->size_used - stream->nread_header_recvbuf;
-    size_t ncopy = MIN(len, left);
+    size_t ncopy = CURLMIN(len, left);
     memcpy(mem, stream->header_recvbuf->buffer + stream->nread_header_recvbuf,
            ncopy);
     stream->nread_header_recvbuf += ncopy;
@@ -1546,7 +1522,7 @@ static ssize_t http2_recv(struct connectdata *conn, int 
sockindex,
   }
   else if(stream->pausedata) {
     DEBUGASSERT(httpc->pause_stream_id == stream->stream_id);
-    nread = MIN(len, stream->pauselen);
+    nread = CURLMIN(len, stream->pauselen);
     memcpy(mem, stream->pausedata, nread);
 
     stream->pausedata += nread;
@@ -1678,9 +1654,7 @@ static ssize_t http2_recv(struct connectdata *conn, int 
sockindex,
                    stream->stream_id));
     }
     else if(!stream->closed) {
-      DEBUGASSERT(httpc->drain_total >= data->state.drain);
-      httpc->drain_total -= data->state.drain;
-      data->state.drain = 0; /* this stream is hereby drained */
+      drained_transfer(data, httpc);
     }
 
     return retlen;
@@ -2154,9 +2128,14 @@ CURLcode Curl_http2_switched(struct connectdata *conn,
       return CURLE_HTTP2;
     }
 
-    nghttp2_session_set_stream_user_data(httpc->h2,
-                                         stream->stream_id,
-                                         conn->data);
+    rv = nghttp2_session_set_stream_user_data(httpc->h2,
+                                              stream->stream_id,
+                                              data);
+    if(rv) {
+      infof(data, "http/2: failed to set user_data for stream %d!\n",
+            stream->stream_id);
+      DEBUGASSERT(0);
+    }
   }
   else {
     populate_settings(conn, httpc);
diff --git a/lib/http2.h b/lib/http2.h
index f597c805e..21cd9b848 100644
--- a/lib/http2.h
+++ b/lib/http2.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -65,7 +65,7 @@ void Curl_http2_cleanup_dependencies(struct Curl_easy *data);
 #define Curl_http2_request_upgrade(x,y) CURLE_UNSUPPORTED_PROTOCOL
 #define Curl_http2_setup(x) CURLE_UNSUPPORTED_PROTOCOL
 #define Curl_http2_switched(x,y,z) CURLE_UNSUPPORTED_PROTOCOL
-#define Curl_http2_setup_conn(x)
+#define Curl_http2_setup_conn(x) Curl_nop_stmt
 #define Curl_http2_setup_req(x)
 #define Curl_http2_init_state(x)
 #define Curl_http2_init_userset(x)
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index fd5540b5d..a9b33f98e 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -228,7 +228,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool 
proxy)
     /* connection is already authenticated,
      * don't send a header in future requests */
     ntlm->state = NTLMSTATE_LAST;
-    /* fall-through */
+    /* FALLTHROUGH */
   case NTLMSTATE_LAST:
     Curl_safefree(*allocuserpwd);
     authp->done = TRUE;
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 3a1a7f82f..1e7a3b988 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -192,7 +192,6 @@ static CURLcode CONNECT(struct connectdata *conn,
 
 #define SELECT_OK      0
 #define SELECT_ERROR   1
-#define SELECT_TIMEOUT 2
 
   if(Curl_connect_complete(conn))
     return CURLE_OK; /* CONNECT is already completed */
diff --git a/lib/md5.c b/lib/md5.c
index d408a2aef..ed23945cb 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -484,29 +484,35 @@ static void MD5_Final(unsigned char *result, MD5_CTX *ctx)
 
 #endif /* CRYPTO LIBS */
 
-/* Disable this picky gcc-8 compiler warning */
-#if defined(__GNUC__) && (__GNUC__ >= 8)
-#pragma GCC diagnostic ignored "-Wcast-function-type"
-#endif
-
 const HMAC_params Curl_HMAC_MD5[] = {
   {
-    (HMAC_hinit_func) MD5_Init,           /* Hash initialization function. */
-    (HMAC_hupdate_func) MD5_Update,       /* Hash update function. */
-    (HMAC_hfinal_func) MD5_Final,         /* Hash computation end function. */
-    sizeof(MD5_CTX),                      /* Size of hash context structure. */
-    64,                                   /* Maximum key length. */
-    16                                    /* Result size. */
+    /* Hash initialization function. */
+    CURLX_FUNCTION_CAST(HMAC_hinit_func, MD5_Init),
+    /* Hash update function. */
+    CURLX_FUNCTION_CAST(HMAC_hupdate_func, MD5_Update),
+    /* Hash computation end function. */
+    CURLX_FUNCTION_CAST(HMAC_hfinal_func, MD5_Final),
+    /* Size of hash context structure. */
+    sizeof(MD5_CTX),
+    /* Maximum key length. */
+    64,
+    /* Result size. */
+    16
   }
 };
 
 const MD5_params Curl_DIGEST_MD5[] = {
   {
-    (Curl_MD5_init_func) MD5_Init,      /* Digest initialization function */
-    (Curl_MD5_update_func) MD5_Update,  /* Digest update function */
-    (Curl_MD5_final_func) MD5_Final,    /* Digest computation end function */
-    sizeof(MD5_CTX),                    /* Size of digest context struct */
-    16                                  /* Result size */
+    /* Digest initialization function */
+    CURLX_FUNCTION_CAST(Curl_MD5_init_func, MD5_Init),
+    /* Digest update function */
+    CURLX_FUNCTION_CAST(Curl_MD5_update_func, MD5_Update),
+    /* Digest computation end function */
+    CURLX_FUNCTION_CAST(Curl_MD5_final_func, MD5_Final),
+    /* Size of digest context struct */
+    sizeof(MD5_CTX),
+    /* Result size */
+    16
   }
 };
 
diff --git a/lib/mime.c b/lib/mime.c
index ca77649aa..0912e101e 100644
--- a/lib/mime.c
+++ b/lib/mime.c
@@ -1228,8 +1228,13 @@ curl_mime *curl_mime_init(struct Curl_easy *easy)
     }
 
     memset(mime->boundary, '-', 24);
-    Curl_rand_hex(easy, (unsigned char *) mime->boundary + 24,
-                  MIME_RAND_BOUNDARY_CHARS + 1);
+    if(Curl_rand_hex(easy, (unsigned char *) mime->boundary + 24,
+                     MIME_RAND_BOUNDARY_CHARS + 1)) {
+      /* failed to get random separator, bail out */
+      free(mime->boundary);
+      free(mime);
+      return NULL;
+    }
     mimesetstate(&mime->state, MIMESTATE_BEGIN, NULL);
   }
 
diff --git a/lib/multi.c b/lib/multi.c
index d340ed373..1faa8c822 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -107,6 +107,16 @@ static const char * const statename[]={
 /* function pointer called once when switching TO a state */
 typedef void (*init_multistate_func)(struct Curl_easy *data);
 
+static void Curl_init_completed(struct Curl_easy *data)
+{
+  /* this is a completed transfer */
+
+  /* Important: reset the conn pointer so that we don't point to memory
+     that could be freed anytime */
+  data->easy_conn = NULL;
+  Curl_expire_clear(data); /* stop all timers */
+}
+
 /* always use this function to change state, to make debugging easier */
 static void mstate(struct Curl_easy *data, CURLMstate state
 #ifdef DEBUGBUILD
@@ -116,17 +126,25 @@ static void mstate(struct Curl_easy *data, CURLMstate 
state
 {
   CURLMstate oldstate = data->mstate;
   static const init_multistate_func finit[CURLM_STATE_LAST] = {
-    NULL,
-    NULL,
+    NULL,              /* INIT */
+    NULL,              /* CONNECT_PEND */
     Curl_init_CONNECT, /* CONNECT */
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    Curl_connect_free /* DO */
-    /* the rest is NULL too */
+    NULL,              /* WAITRESOLVE */
+    NULL,              /* WAITCONNECT */
+    NULL,              /* WAITPROXYCONNECT */
+    NULL,              /* SENDPROTOCONNECT */
+    NULL,              /* PROTOCONNECT */
+    NULL,              /* WAITDO */
+    Curl_connect_free, /* DO */
+    NULL,              /* DOING */
+    NULL,              /* DO_MORE */
+    NULL,              /* DO_DONE */
+    NULL,              /* WAITPERFORM */
+    NULL,              /* PERFORM */
+    NULL,              /* TOOFAST */
+    NULL,              /* DONE */
+    Curl_init_completed, /* COMPLETED */
+    NULL               /* MSGSENT */
   };
 
 #if defined(DEBUGBUILD) && defined(CURL_DISABLE_VERBOSE_STRINGS)
@@ -574,6 +592,7 @@ static CURLcode multi_done(struct connectdata **connp,
     conn->dns_entry = NULL;
   }
   Curl_hostcache_prune(data);
+  Curl_safefree(data->state.ulbuf);
 
   /* if the transfer was completed in a paused state there can be buffered
      data left to free */
@@ -604,7 +623,7 @@ static CURLcode multi_done(struct connectdata **connp,
 #endif
      ) || conn->bits.close
        || (premature && !(conn->handler->flags & PROTOPT_STREAM))) {
-    CURLcode res2 = Curl_disconnect(conn, premature); /* close connection */
+    CURLcode res2 = Curl_disconnect(data, conn, premature);
 
     /* If we had an error already, make sure we return that one. But
        if we got a new error, return that. */
@@ -622,7 +641,7 @@ static CURLcode multi_done(struct connectdata **connp,
              conn->bits.conn_to_host ? conn->conn_to_host.dispname :
              conn->host.dispname);
 
-    /* the connection is no longer in use */
+    /* the connection is no longer in use by this transfer */
     if(Curl_conncache_return_conn(conn)) {
       /* remember the most recently used connection */
       data->state.lastconnect = conn;
@@ -856,12 +875,10 @@ static int multi_getsock(struct Curl_easy *data,
                                                   of sockets */
                          int numsocks)
 {
-  /* If the pipe broke, or if there's no connection left for this easy handle,
-     then we MUST bail out now with no bitmask set. The no connection case can
-     happen when this is called from curl_multi_remove_handle() =>
-     singlesocket() => multi_getsock().
+  /* The no connection case can happen when this is called from
+     curl_multi_remove_handle() => singlesocket() => multi_getsock().
   */
-  if(data->state.pipe_broke || !data->easy_conn)
+  if(!data->easy_conn)
     return 0;
 
   if(data->mstate > CURLM_STATE_CONNECT &&
@@ -1334,24 +1351,6 @@ static CURLMcode multi_runsingle(struct Curl_multi 
*multi,
     bool stream_error = FALSE;
     rc = CURLM_OK;
 
-    /* Handle the case when the pipe breaks, i.e., the connection
-       we're using gets cleaned up and we're left with nothing. */
-    if(data->state.pipe_broke) {
-      infof(data, "Pipe broke: handle %p, url = %s\n",
-            (void *)data, data->state.path);
-
-      if(data->mstate < CURLM_STATE_COMPLETED) {
-        /* Head back to the CONNECT state */
-        multistate(data, CURLM_STATE_CONNECT);
-        rc = CURLM_CALL_MULTI_PERFORM;
-        result = CURLE_OK;
-      }
-
-      data->state.pipe_broke = FALSE;
-      data->easy_conn = NULL;
-      continue;
-    }
-
     if(!data->easy_conn &&
        data->mstate > CURLM_STATE_CONNECT &&
        data->mstate < CURLM_STATE_DONE) {
@@ -1577,6 +1576,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
           multistate(data, CURLM_STATE_SENDPROTOCONNECT);
         }
       }
+      else if(result)
+        stream_error = TRUE;
       break;
 #endif
 
@@ -1931,6 +1932,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         CURLcode ret = Curl_retry_request(data->easy_conn, &newurl);
         if(!ret)
           retry = (newurl)?TRUE:FALSE;
+        else if(!result)
+          result = ret;
 
         if(retry) {
           /* if we are to retry, set the result to OK and consider the
@@ -2062,16 +2065,6 @@ static CURLMcode multi_runsingle(struct Curl_multi 
*multi,
       break;
 
     case CURLM_STATE_COMPLETED:
-      /* this is a completed transfer, it is likely to still be connected */
-
-      /* This node should be delinked from the list now and we should post
-         an information message that we are complete. */
-
-      /* Important: reset the conn pointer so that we don't point to memory
-         that could be freed anytime */
-      data->easy_conn = NULL;
-
-      Curl_expire_clear(data); /* stop all timers */
       break;
 
     case CURLM_STATE_MSGSENT:
@@ -2093,8 +2086,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         /* NOTE: no attempt to disconnect connections must be made
            in the case blocks above - cleanup happens only here */
 
-        data->state.pipe_broke = FALSE;
-
         /* Check if we can move pending requests to send pipe */
         process_pending_handles(multi); /* connection */
 
@@ -2109,7 +2100,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
             /* Don't attempt to send data over a connection that timed out */
             bool dead_connection = result == CURLE_OPERATION_TIMEDOUT;
             /* disconnect properly */
-            Curl_disconnect(data->easy_conn, dead_connection);
+            Curl_disconnect(data, data->easy_conn, dead_connection);
 
             /* This is where we make sure that the easy_conn pointer is reset.
                We don't have to do this in every case block above where a
@@ -2123,6 +2114,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         }
 
         multistate(data, CURLM_STATE_COMPLETED);
+        rc = CURLM_CALL_MULTI_PERFORM;
       }
       /* if there's still a connection to use, call the progress function */
       else if(data->easy_conn && Curl_pgrsUpdate(data->easy_conn)) {
@@ -2147,14 +2139,12 @@ static CURLMcode multi_runsingle(struct Curl_multi 
*multi,
       msg->extmsg.data.result = result;
 
       rc = multi_addmsg(multi, msg);
-
+      DEBUGASSERT(!data->easy_conn);
       multistate(data, CURLM_STATE_MSGSENT);
     }
   } while((rc == CURLM_CALL_MULTI_PERFORM) || multi_ischanged(multi, FALSE));
 
   data->result = result;
-
-
   return rc;
 }
 
@@ -2471,20 +2461,23 @@ void Curl_updatesocket(struct Curl_easy *data)
 
 void Curl_multi_closed(struct connectdata *conn, curl_socket_t s)
 {
-  struct Curl_multi *multi = conn->data->multi;
-  if(multi) {
-    /* this is set if this connection is part of a handle that is added to
-       a multi handle, and only then this is necessary */
-    struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s);
-
-    if(entry) {
-      if(multi->socket_cb)
-        multi->socket_cb(conn->data, s, CURL_POLL_REMOVE,
-                         multi->socket_userp,
-                         entry->socketp);
+  if(conn->data) {
+    /* if there's still an easy handle associated with this connection */
+    struct Curl_multi *multi = conn->data->multi;
+    if(multi) {
+      /* this is set if this connection is part of a handle that is added to
+         a multi handle, and only then this is necessary */
+      struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s);
+
+      if(entry) {
+        if(multi->socket_cb)
+          multi->socket_cb(conn->data, s, CURL_POLL_REMOVE,
+                           multi->socket_userp,
+                           entry->socketp);
 
-      /* now remove it from the socket hash */
-      sh_delentry(&multi->sockhash, s);
+        /* now remove it from the socket hash */
+        sh_delentry(&multi->sockhash, s);
+      }
     }
   }
 }
@@ -3135,12 +3128,15 @@ static void process_pending_handles(struct Curl_multi 
*multi)
   }
 }
 
-void Curl_set_in_callback(struct Curl_easy *easy, bool value)
+void Curl_set_in_callback(struct Curl_easy *data, bool value)
 {
-  if(easy->multi_easy)
-    easy->multi_easy->in_callback = value;
-  else if(easy->multi)
-      easy->multi->in_callback = value;
+  /* might get called when there is no data pointer! */
+  if(data) {
+    if(data->multi_easy)
+      data->multi_easy->in_callback = value;
+    else if(data->multi)
+      data->multi->in_callback = value;
+  }
 }
 
 bool Curl_is_in_callback(struct Curl_easy *easy)
diff --git a/lib/pipeline.c b/lib/pipeline.c
index d16b13cdf..0adc1cd48 100644
--- a/lib/pipeline.c
+++ b/lib/pipeline.c
@@ -6,7 +6,7 @@
  *                             \___|\___/|_| \_\_____|
  *
  * Copyright (C) 2013, Linus Nielsen Feltzing, <address@hidden>
- * Copyright (C) 2013 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2013 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -110,8 +110,8 @@ CURLcode Curl_add_handle_to_pipeline(struct Curl_easy 
*handle,
   pipeline = &conn->send_pipe;
 
   result = addHandleToPipeline(handle, pipeline);
-
-  if(pipeline == &conn->send_pipe && sendhead != conn->send_pipe.head) {
+  if((conn->bundle->multiuse == BUNDLE_PIPELINING) &&
+     (pipeline == &conn->send_pipe && sendhead != conn->send_pipe.head)) {
     /* this is a new one as head, expire it */
     Curl_pipeline_leave_write(conn); /* not in use yet */
     Curl_expire(conn->send_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
diff --git a/lib/setopt.c b/lib/setopt.c
index 5ecf5b97f..5c5f4b381 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -1603,14 +1603,19 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, 
CURLoption option,
      * String that holds the SSL crypto engine.
      */
     argptr = va_arg(param, char *);
-    if(argptr && argptr[0])
-      result = Curl_ssl_set_engine(data, argptr);
+    if(argptr && argptr[0]) {
+      result = Curl_setstropt(&data->set.str[STRING_SSL_ENGINE], argptr);
+      if(!result) {
+        result = Curl_ssl_set_engine(data, argptr);
+      }
+    }
     break;
 
   case CURLOPT_SSLENGINE_DEFAULT:
     /*
      * flag to set engine as default.
      */
+    Curl_setstropt(&data->set.str[STRING_SSL_ENGINE], NULL);
     result = Curl_ssl_set_engine_default(data);
     break;
   case CURLOPT_CRLF:
diff --git a/lib/sha256.c b/lib/sha256.c
index 3ac129612..f9287af23 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Florin Petriuc, <address@hidden>
+ * Copyright (C) 1998 - 2018, Florin Petriuc, <address@hidden>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -123,9 +123,6 @@ static const unsigned long K[64] = {
 #define Sigma1(x)   (S(x, 6) ^ S(x, 11) ^ S(x, 25))
 #define Gamma0(x)   (S(x, 7) ^ S(x, 18) ^ R(x, 3))
 #define Gamma1(x)   (S(x, 17) ^ S(x, 19) ^ R(x, 10))
-#ifndef MIN
-#define MIN(x, y)   (((x) < (y)) ? (x) : (y))
-#endif
 /* compress 512-bits */
 static int sha256_compress(struct sha256_state *md,
                            unsigned char *buf)
@@ -200,7 +197,7 @@ static int SHA256_Update(struct sha256_state *md,
       inlen -= block_size;
     }
     else {
-      n = MIN(inlen, (block_size - md->curlen));
+      n = CURLMIN(inlen, (block_size - md->curlen));
       memcpy(md->buf + md->curlen, in, n);
       md->curlen += n;
       in += n;
diff --git a/lib/smb.c b/lib/smb.c
index 9ac61505c..e4b18fcf5 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -59,6 +59,7 @@
 static CURLcode smb_setup_connection(struct connectdata *conn);
 static CURLcode smb_connect(struct connectdata *conn, bool *done);
 static CURLcode smb_connection_state(struct connectdata *conn, bool *done);
+static CURLcode smb_do(struct connectdata *conn, bool *done);
 static CURLcode smb_request_state(struct connectdata *conn, bool *done);
 static CURLcode smb_done(struct connectdata *conn, CURLcode status,
                          bool premature);
@@ -73,7 +74,7 @@ static CURLcode smb_parse_url_path(struct connectdata *conn);
 const struct Curl_handler Curl_handler_smb = {
   "SMB",                                /* scheme */
   smb_setup_connection,                 /* setup_connection */
-  ZERO_NULL,                            /* do_it */
+  smb_do,                               /* do_it */
   smb_done,                             /* done */
   ZERO_NULL,                            /* do_more */
   smb_connect,                          /* connect_it */
@@ -98,7 +99,7 @@ const struct Curl_handler Curl_handler_smb = {
 const struct Curl_handler Curl_handler_smbs = {
   "SMBS",                               /* scheme */
   smb_setup_connection,                 /* setup_connection */
-  ZERO_NULL,                            /* do_it */
+  smb_do,                               /* do_it */
   smb_done,                             /* done */
   ZERO_NULL,                            /* do_more */
   smb_connect,                          /* connect_it */
@@ -173,7 +174,6 @@ enum smb_req_state {
 /* SMB request data */
 struct smb_request {
   enum smb_req_state state;
-  char *share;
   char *path;
   unsigned short tid; /* Even if we connect to the same tree as another */
   unsigned short fid; /* request, the tid will be different */
@@ -182,7 +182,7 @@ struct smb_request {
 
 static void conn_state(struct connectdata *conn, enum smb_conn_state newstate)
 {
-  struct smb_conn *smb = &conn->proto.smbc;
+  struct smb_conn *smbc = &conn->proto.smbc;
 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
   /* For debug purposes */
   static const char * const names[] = {
@@ -194,12 +194,12 @@ static void conn_state(struct connectdata *conn, enum 
smb_conn_state newstate)
     /* LAST */
   };
 
-  if(smb->state != newstate)
+  if(smbc->state != newstate)
     infof(conn->data, "SMB conn %p state change from %s to %s\n",
-          (void *)smb, names[smb->state], names[newstate]);
+          (void *)smbc, names[smbc->state], names[newstate]);
 #endif
 
-  smb->state = newstate;
+  smbc->state = newstate;
 }
 
 static void request_state(struct connectdata *conn,
@@ -228,6 +228,8 @@ static void request_state(struct connectdata *conn,
   req->state = newstate;
 }
 
+/* this should setup things in the connection, not in the easy
+   handle */
 static CURLcode smb_setup_connection(struct connectdata *conn)
 {
   struct smb_request *req;
@@ -253,7 +255,6 @@ static CURLcode smb_connect(struct connectdata *conn, bool 
*done)
     return CURLE_LOGIN_DENIED;
 
   /* Initialize the connection state */
-  memset(smbc, 0, sizeof(*smbc));
   smbc->state = SMB_CONNECTING;
   smbc->recv_buf = malloc(MAX_MESSAGE_SIZE);
   if(!smbc->recv_buf)
@@ -366,7 +367,7 @@ static CURLcode smb_send(struct connectdata *conn, ssize_t 
len,
   ssize_t bytes_written;
   CURLcode result;
 
-  result = Curl_write(conn, FIRSTSOCKET, conn->data->state.uploadbuffer,
+  result = Curl_write(conn, FIRSTSOCKET, conn->data->state.ulbuf,
                       len, &bytes_written);
   if(result)
     return result;
@@ -392,7 +393,7 @@ static CURLcode smb_flush(struct connectdata *conn)
     return CURLE_OK;
 
   result = Curl_write(conn, FIRSTSOCKET,
-                      conn->data->state.uploadbuffer + smbc->sent,
+                      conn->data->state.ulbuf + smbc->sent,
                       len, &bytes_written);
   if(result)
     return result;
@@ -408,9 +409,12 @@ static CURLcode smb_flush(struct connectdata *conn)
 static CURLcode smb_send_message(struct connectdata *conn, unsigned char cmd,
                                  const void *msg, size_t msg_len)
 {
-  smb_format_message(conn, (struct smb_header *)conn->data->state.uploadbuffer,
+  CURLcode result = Curl_get_upload_buffer(conn->data);
+  if(result)
+    return result;
+  smb_format_message(conn, (struct smb_header *)conn->data->state.ulbuf,
                      cmd, msg_len);
-  memcpy(conn->data->state.uploadbuffer + sizeof(struct smb_header),
+  memcpy(conn->data->state.ulbuf + sizeof(struct smb_header),
          msg, msg_len);
 
   return smb_send(conn, sizeof(struct smb_header) + msg_len, 0);
@@ -475,11 +479,11 @@ static CURLcode smb_send_setup(struct connectdata *conn)
 
 static CURLcode smb_send_tree_connect(struct connectdata *conn)
 {
-  struct smb_request *req = conn->data->req.protop;
   struct smb_tree_connect msg;
+  struct smb_conn *smbc = &conn->proto.smbc;
   char *p = msg.bytes;
 
-  size_t byte_count = strlen(conn->host.name) + strlen(req->share);
+  size_t byte_count = strlen(conn->host.name) + strlen(smbc->share);
   byte_count += strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */
   if(byte_count > sizeof(msg.bytes))
     return CURLE_FILESIZE_EXCEEDED;
@@ -491,7 +495,7 @@ static CURLcode smb_send_tree_connect(struct connectdata 
*conn)
   MSGCAT("\\\\");
   MSGCAT(conn->host.name);
   MSGCAT("\\");
-  MSGCATNULL(req->share);
+  MSGCATNULL(smbc->share);
   MSGCATNULL(SERVICENAME); /* Match any type of service */
   byte_count = p - msg.bytes;
   msg.byte_count = smb_swap16((unsigned short)byte_count);
@@ -571,11 +575,15 @@ static CURLcode smb_send_read(struct connectdata *conn)
 
 static CURLcode smb_send_write(struct connectdata *conn)
 {
-  struct smb_write *msg = (struct smb_write *)conn->data->state.uploadbuffer;
+  struct smb_write *msg;
   struct smb_request *req = conn->data->req.protop;
   curl_off_t offset = conn->data->req.offset;
-
   curl_off_t upload_size = conn->data->req.size - conn->data->req.bytecount;
+  CURLcode result = Curl_get_upload_buffer(conn->data);
+  if(result)
+    return result;
+  msg = (struct smb_write *)conn->data->state.ulbuf;
+
   if(upload_size >= MAX_PAYLOAD_SIZE - 1) /* There is one byte of padding */
     upload_size = MAX_PAYLOAD_SIZE - 1;
 
@@ -602,9 +610,9 @@ static CURLcode smb_send_and_recv(struct connectdata *conn, 
void **msg)
 
   /* Check if there is data in the transfer buffer */
   if(!smbc->send_size && smbc->upload_size) {
-    int nread = smbc->upload_size > UPLOAD_BUFSIZE ? UPLOAD_BUFSIZE :
-      (int) smbc->upload_size;
-    conn->data->req.upload_fromhere = conn->data->state.uploadbuffer;
+    size_t nread = smbc->upload_size > UPLOAD_BUFSIZE ? UPLOAD_BUFSIZE :
+      smbc->upload_size;
+    conn->data->req.upload_fromhere = conn->data->state.ulbuf;
     result = Curl_fillreadbuffer(conn, nread, &nread);
     if(result && result != CURLE_AGAIN)
       return result;
@@ -910,55 +918,52 @@ static CURLcode smb_request_state(struct connectdata 
*conn, bool *done)
 static CURLcode smb_done(struct connectdata *conn, CURLcode status,
                          bool premature)
 {
-  struct smb_request *req = conn->data->req.protop;
-
   (void) premature;
-
-  Curl_safefree(req->share);
   Curl_safefree(conn->data->req.protop);
-
   return status;
 }
 
 static CURLcode smb_disconnect(struct connectdata *conn, bool dead)
 {
   struct smb_conn *smbc = &conn->proto.smbc;
-  struct smb_request *req = conn->data->req.protop;
-
   (void) dead;
-
+  Curl_safefree(smbc->share);
   Curl_safefree(smbc->domain);
   Curl_safefree(smbc->recv_buf);
-
-  /* smb_done is not always called, so cleanup the request */
-  if(req) {
-    Curl_safefree(req->share);
-  }
-
   return CURLE_OK;
 }
 
 static int smb_getsock(struct connectdata *conn, curl_socket_t *socks,
                        int numsocks)
 {
-  struct smb_conn *smbc = &conn->proto.smbc;
-
   if(!numsocks)
     return GETSOCK_BLANK;
 
   socks[0] = conn->sock[FIRSTSOCKET];
+  return GETSOCK_READSOCK(0) | GETSOCK_WRITESOCK(0);
+}
 
-  if(smbc->send_size || smbc->upload_size)
-    return GETSOCK_WRITESOCK(0);
+static CURLcode smb_do(struct connectdata *conn, bool *done)
+{
+  struct smb_conn *smbc = &conn->proto.smbc;
+  struct smb_request *req = conn->data->req.protop;
 
-  return GETSOCK_READSOCK(0);
+  *done = FALSE;
+  if(smbc->share) {
+    req->path = strchr(smbc->share, '\0');
+    if(req->path) {
+      req->path++;
+      return CURLE_OK;
+    }
+  }
+  return CURLE_URL_MALFORMAT;
 }
 
 static CURLcode smb_parse_url_path(struct connectdata *conn)
 {
   CURLcode result = CURLE_OK;
   struct Curl_easy *data = conn->data;
-  struct smb_request *req = data->req.protop;
+  struct smb_conn *smbc = &conn->proto.smbc;
   char *path;
   char *slash;
 
@@ -968,35 +973,29 @@ static CURLcode smb_parse_url_path(struct connectdata 
*conn)
     return result;
 
   /* Parse the path for the share */
-  req->share = strdup((*path == '/' || *path == '\\') ? path + 1 : path);
-  if(!req->share) {
-    free(path);
-
+  smbc->share = strdup((*path == '/' || *path == '\\') ? path + 1 : path);
+  free(path);
+  if(!smbc->share)
     return CURLE_OUT_OF_MEMORY;
-  }
 
-  slash = strchr(req->share, '/');
+  slash = strchr(smbc->share, '/');
   if(!slash)
-    slash = strchr(req->share, '\\');
+    slash = strchr(smbc->share, '\\');
 
   /* The share must be present */
   if(!slash) {
-    free(path);
-
+    Curl_safefree(smbc->share);
     return CURLE_URL_MALFORMAT;
   }
 
   /* Parse the path for the file path converting any forward slashes into
      backslashes */
   *slash++ = 0;
-  req->path = slash;
+
   for(; *slash; slash++) {
     if(*slash == '/')
       *slash = '\\';
   }
-
-  free(path);
-
   return CURLE_OK;
 }
 
diff --git a/lib/smb.h b/lib/smb.h
index c3ee7ae03..9ce6b5615 100644
--- a/lib/smb.h
+++ b/lib/smb.h
@@ -35,6 +35,7 @@ struct smb_conn {
   enum smb_conn_state state;
   char *user;
   char *domain;
+  char *share;
   unsigned char challenge[8];
   unsigned int session_key;
   unsigned short uid;
diff --git a/lib/socks.c b/lib/socks.c
index 73326e5c2..81f3eda28 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -222,8 +222,8 @@ CURLcode Curl_SOCKS4(const char *proxy_user,
     ssize_t actualread;
     ssize_t written;
     ssize_t hostnamelen = 0;
-    int packetsize = 9 +
-      (int)strlen((char *)socksreq + 8); /* size including NUL */
+    ssize_t packetsize = 9 +
+      strlen((char *)socksreq + 8); /* size including NUL */
 
     /* If SOCKS4a, set special invalid IP address 0.0.0.x */
     if(protocol4a) {
diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c
index 0bab59d03..0e06d1a30 100644
--- a/lib/ssh-libssh.c
+++ b/lib/ssh-libssh.c
@@ -497,7 +497,7 @@ restart:
       if(rc < 0)
         return SSH_ERROR;
 
-    /* fallthrough */
+    /* FALLTHROUGH */
     case 1:
       sshc->kbd_state = 1;
 
@@ -572,7 +572,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
       ssh_set_blocking(sshc->ssh_session, 0);
 
       state(conn, SSH_S_STARTUP);
-      /* fall-through */
+      /* FALLTHROUGH */
 
     case SSH_S_STARTUP:
       rc = ssh_connect(sshc->ssh_session);
@@ -586,7 +586,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
 
       state(conn, SSH_HOSTKEY);
 
-      /* fall-through */
+      /* FALLTHROUGH */
     case SSH_HOSTKEY:
 
       rc = myssh_is_known(conn);
@@ -595,7 +595,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
       }
 
       state(conn, SSH_AUTHLIST);
-      /* fall through */
+      /* FALLTHROUGH */
     case SSH_AUTHLIST:{
         sshc->authed = FALSE;
 
@@ -618,6 +618,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
         sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
         if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) {
           state(conn, SSH_AUTH_PKEY_INIT);
+          infof(data, "Authentication using SSH public key file\n");
         }
         else if(sshc->auth_methods & SSH_AUTH_METHOD_GSSAPI_MIC) {
           state(conn, SSH_AUTH_GSSAPI);
@@ -662,6 +663,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
         if(rc != SSH_OK) {
           failf(data, "Could not load private key file %s",
                 data->set.str[STRING_SSH_PRIVATE_KEY]);
+          MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED);
           break;
         }
 
@@ -670,8 +672,6 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
 
       }
       else {
-        infof(data, "Authentication using SSH public key file\n");
-
         rc = ssh_userauth_publickey_auto(sshc->ssh_session, NULL,
                                          data->set.ssl.key_passwd);
         if(rc == SSH_AUTH_AGAIN) {
@@ -759,7 +759,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
         MOVE_TO_ERROR_STATE(CURLE_LOGIN_DENIED);
       }
       state(conn, SSH_AUTH_PASS);
-      /* fall through */
+      /* FALLTHROUGH */
 
     case SSH_AUTH_PASS:
       rc = ssh_userauth_password(sshc->ssh_session, NULL, conn->passwd);
@@ -823,7 +823,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
         break;
       }
       state(conn, SSH_SFTP_REALPATH);
-      /* fall through */
+      /* FALLTHROUGH */
     case SSH_SFTP_REALPATH:
       /*
        * Get the "home" directory
@@ -1290,7 +1290,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
       if(sshc->readdir_attrs) {
         sshc->readdir_filename = sshc->readdir_attrs->name;
         sshc->readdir_longentry = sshc->readdir_attrs->longname;
-        sshc->readdir_len = (int)strlen(sshc->readdir_filename);
+        sshc->readdir_len = strlen(sshc->readdir_filename);
 
         if(data->set.ftp_list_only) {
           char *tmpLine;
@@ -1321,7 +1321,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
           }
         }
         else {
-          sshc->readdir_currLen = (int)strlen(sshc->readdir_longentry);
+          sshc->readdir_currLen = strlen(sshc->readdir_longentry);
           sshc->readdir_totalLen = 80 + sshc->readdir_currLen;
           sshc->readdir_line = calloc(sshc->readdir_totalLen, 1);
           if(!sshc->readdir_line) {
@@ -1382,12 +1382,12 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
         if(sshc->readdir_filename == NULL)
           sshc->readdir_len = 0;
         else
-          sshc->readdir_len = (int)strlen(sshc->readdir_tmp);
+          sshc->readdir_len = strlen(sshc->readdir_tmp);
         sshc->readdir_longentry = NULL;
         sshc->readdir_filename = sshc->readdir_tmp;
       }
       else {
-        sshc->readdir_len = (int)strlen(sshc->readdir_link_attrs->name);
+        sshc->readdir_len = strlen(sshc->readdir_link_attrs->name);
         sshc->readdir_filename = sshc->readdir_link_attrs->name;
         sshc->readdir_longentry = sshc->readdir_link_attrs->longname;
       }
@@ -1419,7 +1419,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
       sshc->readdir_longentry = NULL;
 
       state(conn, SSH_SFTP_READDIR_BOTTOM);
-      /* fall through */
+      /* FALLTHROUGH */
     case SSH_SFTP_READDIR_BOTTOM:
       sshc->readdir_currLen += snprintf(sshc->readdir_line +
                                         sshc->readdir_currLen,
@@ -1751,7 +1751,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
         MOVE_TO_ERROR_STATE(CURLE_COULDNT_CONNECT);
       }
       state(conn, SSH_SCP_DOWNLOAD);
-      /* fall through */
+      /* FALLTHROUGH */
 
     case SSH_SCP_DOWNLOAD:{
         curl_off_t bytecount;
@@ -1816,7 +1816,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
       ssh_set_blocking(sshc->ssh_session, 0);
 
       state(conn, SSH_SESSION_DISCONNECT);
-      /* fall through */
+      /* FALLTHROUGH */
 
     case SSH_SESSION_DISCONNECT:
       /* during weird times when we've been prematurely aborted, the channel
@@ -1833,7 +1833,7 @@ static CURLcode myssh_statemach_act(struct connectdata 
*conn, bool *block)
       conn->data->state.most_recent_ftp_entrypath = NULL;
 
       state(conn, SSH_SESSION_FREE);
-      /* fall through */
+      /* FALLTHROUGH */
     case SSH_SESSION_FREE:
       if(sshc->ssh_session) {
         ssh_free(sshc->ssh_session);
@@ -2390,7 +2390,8 @@ static CURLcode sftp_done(struct connectdata *conn, 
CURLcode status,
     /* Post quote commands are executed after the SFTP_CLOSE state to avoid
        errors that could happen due to open file handles during POSTQUOTE
        operation */
-    if(!status && !premature && conn->data->set.postquote) {
+    if(!status && !premature && conn->data->set.postquote &&
+       !conn->bits.retry) {
       sshc->nextstate = SSH_SFTP_POSTQUOTE_INIT;
       state(conn, SSH_SFTP_CLOSE);
     }
@@ -2448,7 +2449,7 @@ static ssize_t sftp_recv(struct connectdata *conn, int 
sockindex,
         return -1;
       }
 
-      /* fall-through */
+      /* FALLTHROUGH */
     case 1:
       conn->proto.sshc.sftp_recv_state = 1;
 
diff --git a/lib/ssh.c b/lib/ssh.c
index b289ee40b..afb111a77 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -659,7 +659,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, 
bool *block)
       libssh2_session_set_blocking(sshc->ssh_session, 0);
 
       state(conn, SSH_S_STARTUP);
-      /* fall-through */
+      /* FALLTHROUGH */
 
     case SSH_S_STARTUP:
       rc = libssh2_session_startup(sshc->ssh_session, (int)sock);
@@ -675,7 +675,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, 
bool *block)
 
       state(conn, SSH_HOSTKEY);
 
-      /* fall-through */
+      /* FALLTHROUGH */
     case SSH_HOSTKEY:
       /*
        * Before we authenticate we should check the hostkey's fingerprint
@@ -1933,17 +1933,17 @@ static CURLcode ssh_statemach_act(struct connectdata 
*conn, bool *block)
       break;
 
     case SSH_SFTP_READDIR:
-      sshc->readdir_len = libssh2_sftp_readdir_ex(sshc->sftp_handle,
-                                                  sshc->readdir_filename,
-                                                  PATH_MAX,
-                                                  sshc->readdir_longentry,
-                                                  PATH_MAX,
-                                                  &sshc->readdir_attrs);
-      if(sshc->readdir_len == LIBSSH2_ERROR_EAGAIN) {
-        rc = LIBSSH2_ERROR_EAGAIN;
+      rc = libssh2_sftp_readdir_ex(sshc->sftp_handle,
+                                   sshc->readdir_filename,
+                                   PATH_MAX,
+                                   sshc->readdir_longentry,
+                                   PATH_MAX,
+                                   &sshc->readdir_attrs);
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
       }
-      if(sshc->readdir_len > 0) {
+      if(rc > 0) {
+        sshc->readdir_len = (size_t) rc;
         sshc->readdir_filename[sshc->readdir_len] = '\0';
 
         if(data->set.ftp_list_only) {
@@ -1974,7 +1974,7 @@ static CURLcode ssh_statemach_act(struct connectdata 
*conn, bool *block)
           }
         }
         else {
-          sshc->readdir_currLen = (int)strlen(sshc->readdir_longentry);
+          sshc->readdir_currLen = strlen(sshc->readdir_longentry);
           sshc->readdir_totalLen = 80 + sshc->readdir_currLen;
           sshc->readdir_line = calloc(sshc->readdir_totalLen, 1);
           if(!sshc->readdir_line) {
@@ -2008,13 +2008,13 @@ static CURLcode ssh_statemach_act(struct connectdata 
*conn, bool *block)
           break;
         }
       }
-      else if(sshc->readdir_len == 0) {
+      else if(rc == 0) {
         Curl_safefree(sshc->readdir_filename);
         Curl_safefree(sshc->readdir_longentry);
         state(conn, SSH_SFTP_READDIR_DONE);
         break;
       }
-      else if(sshc->readdir_len <= 0) {
+      else if(rc < 0) {
         err = sftp_libssh2_last_error(sshc->sftp_session);
         result = sftp_libssh2_error_to_CURLE(err);
         sshc->actualcode = result?result:CURLE_SSH;
@@ -2029,16 +2029,16 @@ static CURLcode ssh_statemach_act(struct connectdata 
*conn, bool *block)
       break;
 
     case SSH_SFTP_READDIR_LINK:
-      sshc->readdir_len =
+      rc =
         libssh2_sftp_symlink_ex(sshc->sftp_session,
                                 sshc->readdir_linkPath,
                                 curlx_uztoui(strlen(sshc->readdir_linkPath)),
                                 sshc->readdir_filename,
                                 PATH_MAX, LIBSSH2_SFTP_READLINK);
-      if(sshc->readdir_len == LIBSSH2_ERROR_EAGAIN) {
-        rc = LIBSSH2_ERROR_EAGAIN;
+      if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
       }
+      sshc->readdir_len = (size_t) rc;
       Curl_safefree(sshc->readdir_linkPath);
 
       /* get room for the filename and extra output */
@@ -3219,7 +3219,8 @@ static CURLcode sftp_done(struct connectdata *conn, 
CURLcode status,
     /* Post quote commands are executed after the SFTP_CLOSE state to avoid
        errors that could happen due to open file handles during POSTQUOTE
        operation */
-    if(!status && !premature && conn->data->set.postquote) {
+    if(!status && !premature && conn->data->set.postquote &&
+       !conn->bits.retry) {
       sshc->nextstate = SSH_SFTP_POSTQUOTE_INIT;
       state(conn, SSH_SFTP_CLOSE);
     }
diff --git a/lib/ssh.h b/lib/ssh.h
index 1c1355077..0620aac32 100644
--- a/lib/ssh.h
+++ b/lib/ssh.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -131,7 +131,7 @@ struct ssh_conn {
                                  quote command fails) */
   char *homedir;              /* when doing SFTP we figure out home dir in the
                                  connect phase */
-  int readdir_len, readdir_totalLen, readdir_currLen;
+  size_t readdir_len, readdir_totalLen, readdir_currLen;
   char *readdir_line;
   char *readdir_linkPath;
   /* end of READDIR stuff */
diff --git a/lib/strcase.h b/lib/strcase.h
index 64615d8fd..6436e6937 100644
--- a/lib/strcase.h
+++ b/lib/strcase.h
@@ -46,6 +46,5 @@ char Curl_raw_toupper(char in);
 #define checkprefix(a,b)    curl_strnequal(a,b,strlen(a))
 
 void Curl_strntoupper(char *dest, const char *src, size_t n);
-char Curl_raw_toupper(char in);
 
 #endif /* HEADER_CURL_STRCASE_H */
diff --git a/lib/system_win32.c b/lib/system_win32.c
index d292bd6e1..f30e9c000 100644
--- a/lib/system_win32.c
+++ b/lib/system_win32.c
@@ -26,6 +26,7 @@
 
 #include <gnurl/curl.h>
 #include "system_win32.h"
+#include "warnless.h"
 
 /* The last #include files should be: */
 #include "curl_memory.h"
@@ -134,8 +135,9 @@ bool Curl_verify_windows_version(const unsigned int 
majorVersion,
       break;
 
     case VERSION_LESS_THAN_EQUAL:
-      if(osver.dwMajorVersion <= majorVersion &&
-         osver.dwMinorVersion <= minorVersion)
+      if(osver.dwMajorVersion < majorVersion ||
+        (osver.dwMajorVersion == majorVersion &&
+         osver.dwMinorVersion <= minorVersion))
         matched = TRUE;
       break;
 
@@ -146,8 +148,9 @@ bool Curl_verify_windows_version(const unsigned int 
majorVersion,
       break;
 
     case VERSION_GREATER_THAN_EQUAL:
-      if(osver.dwMajorVersion >= majorVersion &&
-         osver.dwMinorVersion >= minorVersion)
+      if(osver.dwMajorVersion > majorVersion ||
+        (osver.dwMajorVersion == majorVersion &&
+         osver.dwMinorVersion >= minorVersion))
         matched = TRUE;
       break;
 
@@ -278,7 +281,9 @@ HMODULE Curl_load_library(LPCTSTR filename)
 
   /* Attempt to find LoadLibraryEx() which is only available on Windows 2000
      and above */
-  pLoadLibraryEx = (LOADLIBRARYEX_FN) GetProcAddress(hKernel32, LOADLIBARYEX);
+  pLoadLibraryEx =
+    CURLX_FUNCTION_CAST(LOADLIBRARYEX_FN,
+                        (GetProcAddress(hKernel32, LOADLIBARYEX)));
 
   /* Detect if there's already a path in the filename and load the library if
      there is. Note: Both back slashes and forward slashes have been supported
diff --git a/lib/telnet.c b/lib/telnet.c
index 6fd339ce8..9af51410d 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -52,10 +52,6 @@
 #include "connect.h"
 #include "progress.h"
 #include "system_win32.h"
-
-#define  TELOPTS
-#define  TELCMDS
-
 #include "arpa_telnet.h"
 #include "select.h"
 #include "strcase.h"
@@ -1361,7 +1357,9 @@ static CURLcode telnet_do(struct connectdata *conn, bool 
*done)
   }
 
   /* Grab a pointer to WSACreateEvent */
-  create_event_func = (WSOCK2_EVENT) GetProcAddress(wsock2, "WSACreateEvent");
+  create_event_func =
+    CURLX_FUNCTION_CAST(WSOCK2_EVENT,
+                        (GetProcAddress(wsock2, "WSACreateEvent")));
   if(create_event_func == NULL) {
     failf(data, "failed to find WSACreateEvent function (%u)", GetLastError());
     FreeLibrary(wsock2);
@@ -1608,7 +1606,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool 
*done)
     case 0:                     /* timeout */
       pfd[0].revents = 0;
       pfd[1].revents = 0;
-      /* fall through */
+      /* FALLTHROUGH */
     default:                    /* read! */
       if(pfd[0].revents & POLLIN) {
         /* read data from network */
diff --git a/lib/tftp.c b/lib/tftp.c
index fb5aab054..8917c5459 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -712,7 +712,7 @@ static CURLcode tftp_tx(tftp_state_data_t *state, 
tftp_event_t event)
   ssize_t sbytes;
   CURLcode result = CURLE_OK;
   struct SingleRequest *k = &data->req;
-  int cb; /* Bytes currently read */
+  size_t cb; /* Bytes currently read */
 
   switch(event) {
 
@@ -765,7 +765,7 @@ static CURLcode tftp_tx(tftp_state_data_t *state, 
tftp_event_t event)
     state->retries = 0;
     setpacketevent(&state->spacket, TFTP_EVENT_DATA);
     setpacketblock(&state->spacket, state->block);
-    if(state->block > 1 && state->sbytes < (int)state->blksize) {
+    if(state->block > 1 && state->sbytes < state->blksize) {
       state->state = TFTP_STATE_FIN;
       return CURLE_OK;
     }
@@ -781,7 +781,7 @@ static CURLcode tftp_tx(tftp_state_data_t *state, 
tftp_event_t event)
                                    &cb);
       if(result)
         return result;
-      state->sbytes += cb;
+      state->sbytes += (int)cb;
       state->conn->data->req.upload_fromhere += cb;
     } while(state->sbytes < state->blksize && cb != 0);
 
diff --git a/lib/transfer.c b/lib/transfer.c
index 05c221b57..5c6bea8ad 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -106,15 +106,26 @@ char *Curl_checkheaders(const struct connectdata *conn,
 }
 #endif
 
+CURLcode Curl_get_upload_buffer(struct Curl_easy *data)
+{
+  if(!data->state.ulbuf) {
+    data->state.ulbuf = malloc(data->set.upload_buffer_size);
+    if(!data->state.ulbuf)
+      return CURLE_OUT_OF_MEMORY;
+  }
+  return CURLE_OK;
+}
+
 /*
  * This function will call the read callback to fill our buffer with data
  * to upload.
  */
-CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
+CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
+                             size_t *nreadp)
 {
   struct Curl_easy *data = conn->data;
-  size_t buffersize = (size_t)bytes;
-  int nread;
+  size_t buffersize = bytes;
+  size_t nread;
 #ifdef CURL_DOES_CONVERSIONS
   bool sending_http_headers = FALSE;
 
@@ -134,11 +145,9 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int 
bytes, int *nreadp)
     data->req.upload_fromhere += (8 + 2); /* 32bit hex + CRLF */
   }
 
-  /* this function returns a size_t, so we typecast to int to prevent warnings
-     with picky compilers */
   Curl_set_in_callback(data, true);
-  nread = (int)data->state.fread_func(data->req.upload_fromhere, 1,
-                                      buffersize, data->state.in);
+  nread = data->state.fread_func(data->req.upload_fromhere, 1,
+                                 buffersize, data->state.in);
   Curl_set_in_callback(data, false);
 
   if(nread == CURL_READFUNC_ABORT) {
@@ -167,7 +176,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int 
bytes, int *nreadp)
 
     return CURLE_OK; /* nothing was read */
   }
-  else if((size_t)nread > buffersize) {
+  else if(nread > buffersize) {
     /* the read function returned a too large value */
     *nreadp = 0;
     failf(data, "read function returned funny value");
@@ -226,13 +235,13 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, 
int bytes, int *nreadp)
 #ifdef CURL_DOES_CONVERSIONS
     {
       CURLcode result;
-      int length;
+      size_t length;
       if(data->set.prefer_ascii)
         /* translate the protocol and data */
         length = nread;
       else
         /* just translate the protocol portion */
-        length = (int)strlen(hexbuffer);
+        length = strlen(hexbuffer);
       result = Curl_convert_to_network(data, data->req.upload_fromhere,
                                        length);
       /* Curl_convert_to_network calls failf if unsuccessful */
@@ -247,7 +256,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int 
bytes, int *nreadp)
       infof(data, "Signaling end of chunked upload via terminating chunk.\n");
     }
 
-    nread += (int)strlen(endofline_native); /* for the added end of line */
+    nread += strlen(endofline_native); /* for the added end of line */
   }
 #ifdef CURL_DOES_CONVERSIONS
   else if((data->set.prefer_ascii) && (!sending_http_headers)) {
@@ -797,7 +806,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
                                            nread);
             }
           }
-          else
+          else if(!k->ignorebody)
             result = Curl_unencode_write(conn, k->writer_stack, k->str, nread);
         }
         k->badheader = HEADER_NORMAL; /* taken care of now */
@@ -869,6 +878,26 @@ static CURLcode done_sending(struct connectdata *conn,
   return CURLE_OK;
 }
 
+#ifdef WIN32
+#ifndef SIO_IDEAL_SEND_BACKLOG_QUERY
+#define SIO_IDEAL_SEND_BACKLOG_QUERY 0x4004747B
+#endif
+
+static void win_update_buffer_size(curl_socket_t sockfd)
+{
+  int result;
+  ULONG ideal;
+  DWORD ideallen;
+  result = WSAIoctl(sockfd, SIO_IDEAL_SEND_BACKLOG_QUERY, 0, 0,
+                    &ideal, sizeof(ideal), &ideallen, 0, 0);
+  if(result == 0) {
+    setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF,
+               (const char *)&ideal, sizeof(ideal));
+  }
+}
+#else
+#define win_update_buffer_size(x)
+#endif
 
 /*
  * Send data to upload to the server, when the socket is writable.
@@ -894,13 +923,16 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
     /* only read more data if there's no upload data already
        present in the upload buffer */
     if(0 == k->upload_present) {
+      result = Curl_get_upload_buffer(data);
+      if(result)
+        return result;
       /* init the "upload from here" pointer */
-      k->upload_fromhere = data->state.uploadbuffer;
+      k->upload_fromhere = data->state.ulbuf;
 
       if(!k->upload_done) {
         /* HTTP pollution, this should be written nicer to become more
            protocol agnostic. */
-        int fillcount;
+        size_t fillcount;
         struct HTTP *http = k->protop;
 
         if((k->exp100 == EXP100_SENDING_REQUEST) &&
@@ -931,7 +963,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
         if(result)
           return result;
 
-        nread = (ssize_t)fillcount;
+        nread = fillcount;
       }
       else
         nread = 0; /* we're done uploading/reading */
@@ -959,7 +991,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
          (data->set.crlf))) {
         /* Do we need to allocate a scratch buffer? */
         if(!data->state.scratch) {
-          data->state.scratch = malloc(2 * data->set.buffer_size);
+          data->state.scratch = malloc(2 * UPLOAD_BUFSIZE);
           if(!data->state.scratch) {
             failf(data, "Failed to alloc scratch buffer!");
 
@@ -1020,10 +1052,11 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
                         k->upload_fromhere, /* buffer pointer */
                         k->upload_present,  /* buffer size */
                         &bytes_written);    /* actually sent */
-
     if(result)
       return result;
 
+    win_update_buffer_size(conn->writesockfd);
+
     if(data->set.verbose)
       /* show the data before we change the pointer upload_fromhere */
       Curl_debug(data, CURLINFO_DATA_OUT, k->upload_fromhere,
@@ -1050,7 +1083,10 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
     }
     else {
       /* we've uploaded that buffer now */
-      k->upload_fromhere = data->state.uploadbuffer;
+      result = Curl_get_upload_buffer(data);
+      if(result)
+        return result;
+      k->upload_fromhere = data->state.ulbuf;
       k->upload_present = 0; /* no more bytes left */
 
       if(k->upload_done) {
@@ -1482,7 +1518,7 @@ static size_t strlen_url(const char *url, bool relative)
     switch(*ptr) {
     case '?':
       left = FALSE;
-      /* fall through */
+      /* FALLTHROUGH */
     default:
       if(urlchar_needs_escaping(*ptr))
         newlen += 2;
@@ -1527,7 +1563,7 @@ static void strcpy_url(char *output, const char *url, 
bool relative)
     switch(*iptr) {
     case '?':
       left = FALSE;
-      /* fall through */
+      /* FALLTHROUGH */
     default:
       if(urlchar_needs_escaping(*iptr)) {
         snprintf(optr, 4, "%%%02x", *iptr);
diff --git a/lib/transfer.h b/lib/transfer.h
index 9ba398d27..9263e5b69 100644
--- a/lib/transfer.h
+++ b/lib/transfer.h
@@ -51,9 +51,11 @@ int Curl_single_getsock(const struct connectdata *conn,
                         curl_socket_t *socks,
                         int numsocks);
 CURLcode Curl_readrewind(struct connectdata *conn);
-CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp);
+CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
+                             size_t *nreadp);
 CURLcode Curl_retry_request(struct connectdata *conn, char **url);
 bool Curl_meets_timecondition(struct Curl_easy *data, time_t timeofdoc);
+CURLcode Curl_get_upload_buffer(struct Curl_easy *data);
 
 /* This sets up a forthcoming transfer */
 void
diff --git a/lib/url.c b/lib/url.c
index 27b2c1e14..f15900889 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -127,7 +127,6 @@ bool curl_win32_idn_to_ascii(const char *in, char **out);
 
 static void conn_free(struct connectdata *conn);
 static void free_fixed_hostname(struct hostname *host);
-static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke);
 static CURLcode parse_url_login(struct Curl_easy *data,
                                 struct connectdata *conn,
                                 char **userptr, char **passwdptr,
@@ -368,11 +367,9 @@ CURLcode Curl_close(struct Curl_easy *data)
 
   Curl_safefree(data->state.buffer);
   Curl_safefree(data->state.headerbuff);
-
+  Curl_safefree(data->state.ulbuf);
   Curl_flush_cookies(data, 1);
-
   Curl_digest_cleanup(data);
-
   Curl_safefree(data->info.contenttype);
   Curl_safefree(data->info.wouldredirect);
 
@@ -535,6 +532,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
   set->expect_100_timeout = 1000L; /* Wait for a second by default. */
   set->sep_headers = TRUE; /* separated header lists by default */
   set->buffer_size = READBUFFER_SIZE;
+  set->upload_buffer_size = UPLOAD_BUFSIZE;
   set->happy_eyeballs_timeout = CURL_HET_DEFAULT;
 
   Curl_http2_init_userset(set);
@@ -734,20 +732,23 @@ static void conn_free(struct connectdata *conn)
  * primary connection, like when freeing room in the connection cache or
  * killing of a dead old connection.
  *
+ * A connection needs an easy handle when closing down. We support this passed
+ * in separately since the connection to get closed here is often already
+ * disassociated from an easy handle.
+ *
  * This function MUST NOT reset state in the Curl_easy struct if that
  * isn't strictly bound to the life-time of *this* particular connection.
  *
  */
 
-CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
+CURLcode Curl_disconnect(struct Curl_easy *data,
+                         struct connectdata *conn, bool dead_connection)
 {
-  struct Curl_easy *data;
   if(!conn)
     return CURLE_OK; /* this is closed and fine already */
-  data = conn->data;
 
   if(!data) {
-    DEBUGF(fprintf(stderr, "DISCONNECT without easy handle, ignoring\n"));
+    DEBUGF(infof(data, "DISCONNECT without easy handle, ignoring\n"));
     return CURLE_OK;
   }
 
@@ -755,13 +756,12 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool 
dead_connection)
    * If this connection isn't marked to force-close, leave it open if there
    * are other users of it
    */
-  if(!conn->bits.close &&
-     (conn->send_pipe.size + conn->recv_pipe.size)) {
-    DEBUGF(infof(data, "Curl_disconnect, usecounter: %zu\n",
-                 conn->send_pipe.size + conn->recv_pipe.size));
+  if(CONN_INUSE(conn) && !dead_connection) {
+    DEBUGF(infof(data, "Curl_disconnect when inuse: %zu\n", CONN_INUSE(conn)));
     return CURLE_OK;
   }
 
+  conn->data = data;
   if(conn->dns_entry != NULL) {
     Curl_resolv_unlock(data, conn->dns_entry);
     conn->dns_entry = NULL;
@@ -787,16 +787,12 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool 
dead_connection)
   free_fixed_hostname(&conn->http_proxy.host);
   free_fixed_hostname(&conn->socks_proxy.host);
 
+  DEBUGASSERT(conn->data == data);
+  /* this assumes that the pointer is still there after the connection was
+     detected from the cache */
   Curl_ssl_close(conn, FIRSTSOCKET);
 
-  /* Indicate to all handles on the pipe that we're dead */
-  if(Curl_pipeline_wanted(data->multi, CURLPIPE_ANY)) {
-    signalPipeClose(&conn->send_pipe, TRUE);
-    signalPipeClose(&conn->recv_pipe, TRUE);
-  }
-
   conn_free(conn);
-
   return CURLE_OK;
 }
 
@@ -848,6 +844,7 @@ static int IsPipeliningPossible(const struct Curl_easy 
*handle,
   return avail;
 }
 
+/* Returns non-zero if a handle was removed */
 int Curl_removeHandleFromPipeline(struct Curl_easy *handle,
                                   struct curl_llist *pipeline)
 {
@@ -884,6 +881,16 @@ static void Curl_printPipeline(struct curl_llist *pipeline)
 static struct Curl_easy* gethandleathead(struct curl_llist *pipeline)
 {
   struct curl_llist_element *curr = pipeline->head;
+#ifdef DEBUGBUILD
+  {
+    struct curl_llist_element *p = pipeline->head;
+    while(p) {
+      struct Curl_easy *e = p->ptr;
+      DEBUGASSERT(GOOD_EASY_HANDLE(e));
+      p = p->next;
+    }
+  }
+#endif
   if(curr) {
     return (struct Curl_easy *) curr->ptr;
   }
@@ -896,41 +903,22 @@ static struct Curl_easy* gethandleathead(struct 
curl_llist *pipeline)
 void Curl_getoff_all_pipelines(struct Curl_easy *data,
                                struct connectdata *conn)
 {
-  bool recv_head = (conn->readchannel_inuse &&
-                    Curl_recvpipe_head(data, conn));
-  bool send_head = (conn->writechannel_inuse &&
-                    Curl_sendpipe_head(data, conn));
-
-  if(Curl_removeHandleFromPipeline(data, &conn->recv_pipe) && recv_head)
-    Curl_pipeline_leave_read(conn);
-  if(Curl_removeHandleFromPipeline(data, &conn->send_pipe) && send_head)
-    Curl_pipeline_leave_write(conn);
-}
-
-static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke)
-{
-  struct curl_llist_element *curr;
-
-  if(!pipeline)
+  if(!conn->bundle)
     return;
+  if(conn->bundle->multiuse == BUNDLE_PIPELINING) {
+    bool recv_head = (conn->readchannel_inuse &&
+                      Curl_recvpipe_head(data, conn));
+    bool send_head = (conn->writechannel_inuse &&
+                      Curl_sendpipe_head(data, conn));
 
-  curr = pipeline->head;
-  while(curr) {
-    struct curl_llist_element *next = curr->next;
-    struct Curl_easy *data = (struct Curl_easy *) curr->ptr;
-
-#ifdef DEBUGBUILD /* debug-only code */
-    if(data->magic != CURLEASY_MAGIC_NUMBER) {
-      /* MAJOR BADNESS */
-      infof(data, "signalPipeClose() found BAAD easy handle\n");
-    }
-#endif
-
-    if(pipe_broke)
-      data->state.pipe_broke = TRUE;
-    Curl_multi_handlePipeBreak(data);
-    Curl_llist_remove(pipeline, curr, NULL);
-    curr = next;
+    if(Curl_removeHandleFromPipeline(data, &conn->recv_pipe) && recv_head)
+      Curl_pipeline_leave_read(conn);
+    if(Curl_removeHandleFromPipeline(data, &conn->send_pipe) && send_head)
+      Curl_pipeline_leave_write(conn);
+  }
+  else {
+    (void)Curl_removeHandleFromPipeline(data, &conn->recv_pipe);
+    (void)Curl_removeHandleFromPipeline(data, &conn->send_pipe);
   }
 }
 
@@ -959,7 +947,7 @@ static bool extract_if_dead(struct connectdata *conn,
                             struct Curl_easy *data)
 {
   size_t pipeLen = conn->send_pipe.size + conn->recv_pipe.size;
-  if(!pipeLen && !conn->inuse) {
+  if(!pipeLen && !CONN_INUSE(conn)) {
     /* The check for a dead socket makes sense only if there are no
        handles in pipeline and the connection isn't already marked in
        use */
@@ -982,6 +970,7 @@ static bool extract_if_dead(struct connectdata *conn,
     if(dead) {
       infof(data, "Connection %ld seems to be dead!\n", conn->connection_id);
       Curl_conncache_remove_conn(conn, FALSE);
+      conn->data = NULL; /* detach */
       return TRUE;
     }
   }
@@ -1025,7 +1014,7 @@ static void prune_dead_connections(struct Curl_easy *data)
     while(Curl_conncache_foreach(data, data->state.conn_cache, &prune,
                                  call_extract_if_dead)) {
       /* disconnect it */
-      (void)Curl_disconnect(prune.extracted, /* dead_connection */TRUE);
+      (void)Curl_disconnect(data, prune.extracted, /* dead_connection */TRUE);
     }
     data->state.conn_cache->last_cleanup = now;
   }
@@ -1139,7 +1128,7 @@ ConnectionExists(struct Curl_easy *data,
 
       if(extract_if_dead(check, data)) {
         /* disconnect it */
-        (void)Curl_disconnect(check, /* dead_connection */TRUE);
+        (void)Curl_disconnect(data, check, /* dead_connection */TRUE);
         continue;
       }
 
@@ -1267,12 +1256,12 @@ ConnectionExists(struct Curl_easy *data,
         }
       }
 
-      if(!canpipe && check->inuse)
+      if(!canpipe && CONN_INUSE(check))
         /* this request can't be pipelined but the checked connection is
            already in use so we skip it */
         continue;
 
-      if((check->inuse) && (check->data->multi != needle->data->multi))
+      if(CONN_INUSE(check) && (check->data->multi != needle->data->multi))
         /* this could be subject for pipeline/multiplex use, but only
            if they belong to the same multi handle */
         continue;
@@ -1464,7 +1453,6 @@ ConnectionExists(struct Curl_easy *data,
 
   if(chosen) {
     /* mark it as used before releasing the lock */
-    chosen->inuse = TRUE;
     chosen->data = data; /* own it! */
     Curl_conncache_unlock(needle);
     *usethis = chosen;
@@ -2486,18 +2474,6 @@ static CURLcode setup_connection_internals(struct 
connectdata *conn)
 {
   const struct Curl_handler * p;
   CURLcode result;
-  struct Curl_easy *data = conn->data;
-
-  /* in some case in the multi state-machine, we go back to the CONNECT state
-     and then a second (or third or...) call to this function will be made
-     without doing a DISCONNECT or DONE in between (since the connection is
-     yet in place) and therefore this function needs to first make sure
-     there's no lingering previous data allocated. */
-  Curl_free_request_state(data);
-
-  memset(&data->req, 0, sizeof(struct SingleRequest));
-  data->req.maxdownload = -1;
-
   conn->socktype = SOCK_STREAM; /* most of them are TCP streams */
 
   /* Perform setup complement if some. */
@@ -3993,6 +3969,7 @@ static void reuse_conn(struct connectdata *old_conn,
 
   Curl_safefree(old_conn->user);
   Curl_safefree(old_conn->passwd);
+  Curl_safefree(old_conn->options);
   Curl_safefree(old_conn->http_proxy.user);
   Curl_safefree(old_conn->socks_proxy.user);
   Curl_safefree(old_conn->http_proxy.passwd);
@@ -4356,6 +4333,10 @@ static CURLcode create_conn(struct Curl_easy *data,
     data->set.str[STRING_SSL_CIPHER_LIST_ORIG];
   data->set.proxy_ssl.primary.cipher_list =
     data->set.str[STRING_SSL_CIPHER_LIST_PROXY];
+  data->set.ssl.primary.cipher_list13 =
+    data->set.str[STRING_SSL_CIPHER13_LIST_ORIG];
+  data->set.proxy_ssl.primary.cipher_list13 =
+    data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
 
   data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
   data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
@@ -4481,11 +4462,9 @@ static CURLcode create_conn(struct Curl_easy *data,
         conn_candidate = Curl_conncache_extract_bundle(data, bundle);
         Curl_conncache_unlock(conn);
 
-        if(conn_candidate) {
-          /* Set the connection's owner correctly, then kill it */
-          conn_candidate->data = data;
-          (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
-        }
+        if(conn_candidate)
+          (void)Curl_disconnect(data, conn_candidate,
+                                /* dead_connection */ FALSE);
         else {
           infof(data, "No more connections allowed to host: %zu\n",
                 max_host_connections);
@@ -4504,12 +4483,9 @@ static CURLcode create_conn(struct Curl_easy *data,
 
       /* The cache is full. Let's see if we can kill a connection. */
       conn_candidate = Curl_conncache_extract_oldest(data);
-
-      if(conn_candidate) {
-        /* Set the connection's owner correctly, then kill it */
-        conn_candidate->data = data;
-        (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
-      }
+      if(conn_candidate)
+        (void)Curl_disconnect(data, conn_candidate,
+                              /* dead_connection */ FALSE);
       else {
         infof(data, "No connections available in cache\n");
         connections_available = FALSE;
@@ -4526,9 +4502,6 @@ static CURLcode create_conn(struct Curl_easy *data,
       goto out;
     }
     else {
-      /* Mark the connection as used, before we add it */
-      conn->inuse = TRUE;
-
       /*
        * This is a brand new connection, so let's store it in the connection
        * cache of ours!
@@ -4671,12 +4644,16 @@ CURLcode Curl_connect(struct Curl_easy *data,
 
   *asyncp = FALSE; /* assume synchronous resolves by default */
 
+  /* init the single-transfer specific data */
+  Curl_free_request_state(data);
+  memset(&data->req, 0, sizeof(struct SingleRequest));
+  data->req.maxdownload = -1;
+
   /* call the stuff that needs to be called */
   result = create_conn(data, in_connect, asyncp);
 
   if(!result) {
-    /* no error */
-    if((*in_connect)->send_pipe.size || (*in_connect)->recv_pipe.size)
+    if(CONN_INUSE(*in_connect))
       /* pipelining */
       *protocol_done = TRUE;
     else if(!*asyncp) {
@@ -4691,12 +4668,11 @@ CURLcode Curl_connect(struct Curl_easy *data,
     *in_connect = NULL;
     return result;
   }
-
-  if(result && *in_connect) {
-    /* We're not allowed to return failure with memory left allocated
-       in the connectdata struct, free those here */
-    Curl_disconnect(*in_connect, FALSE); /* close the connection */
-    *in_connect = NULL;           /* return a NULL */
+  else if(result && *in_connect) {
+    /* We're not allowed to return failure with memory left allocated in the
+       connectdata struct, free those here */
+    Curl_disconnect(data, *in_connect, TRUE);
+    *in_connect = NULL; /* return a NULL */
   }
 
   return result;
diff --git a/lib/url.h b/lib/url.h
index a70bd5466..ef3ebf03e 100644
--- a/lib/url.h
+++ b/lib/url.h
@@ -39,7 +39,8 @@ void Curl_freeset(struct Curl_easy * data);
 CURLcode Curl_close(struct Curl_easy *data); /* opposite of curl_open() */
 CURLcode Curl_connect(struct Curl_easy *, struct connectdata **,
                       bool *async, bool *protocol_connect);
-CURLcode Curl_disconnect(struct connectdata *, bool dead_connection);
+CURLcode Curl_disconnect(struct Curl_easy *data,
+                         struct connectdata *, bool dead_connection);
 CURLcode Curl_protocol_connect(struct connectdata *conn, bool *done);
 CURLcode Curl_protocol_connecting(struct connectdata *conn, bool *done);
 CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done);
diff --git a/lib/urldata.h b/lib/urldata.h
index 524881652..f6b009a43 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -143,8 +143,13 @@ typedef ssize_t (Curl_recv)(struct connectdata *conn, /* 
connection data */
 #endif /* HAVE_LIBSSH2_H */
 
 /* The upload buffer size, should not be smaller than CURL_MAX_WRITE_SIZE, as
-   it needs to hold a full buffer as could be sent in a write callback */
-#define UPLOAD_BUFSIZE CURL_MAX_WRITE_SIZE
+   it needs to hold a full buffer as could be sent in a write callback.
+
+   The size was 16KB for many years but was bumped to 64KB because it makes
+   libcurl able to do significantly faster uploads in some circumstances. Even
+   larger buffers can help further, but this is deemed a fair memory/speed
+   compromise. */
+#define UPLOAD_BUFSIZE 65536
 
 /* The "master buffer" is for HTTP pipelining */
 #define MASTERBUF_SIZE 16384
@@ -157,11 +162,6 @@ typedef ssize_t (Curl_recv)(struct connectdata *conn, /* 
connection data */
 #define GOOD_EASY_HANDLE(x) \
   ((x) && ((x)->magic == CURLEASY_MAGIC_NUMBER))
 
-/* Some convenience macros to get the larger/smaller value out of two given.
-   We prefix with CURL to prevent name collisions. */
-#define CURLMAX(x,y) ((x)>(y)?(x):(y))
-#define CURLMIN(x,y) ((x)<(y)?(x):(y))
-
 #ifdef HAVE_GSSAPI
 /* Types needed for krb5-ftp connections */
 struct krb5buffer {
@@ -782,11 +782,12 @@ struct connectdata {
   curl_closesocket_callback fclosesocket; /* function closing the socket(s) */
   void *closesocket_client;
 
-  bool inuse; /* This is a marker for the connection cache logic. If this is
-                 TRUE this handle is being used by one or more easy handles
-                 and can only used by any other easy handle without careful
-                 consideration (== only for pipelining/multiplexing) and it
-                 cannot be used by another multi handle! */
+  /* This is used by the connection cache logic. If this returns TRUE, this
+     handle is being used by one or more easy handles and can only used by any
+     other easy handle without careful consideration (== only for
+     pipelining/multiplexing) and it cannot be used by another multi
+     handle! */
+#define CONN_INUSE(c) ((c)->send_pipe.size + (c)->recv_pipe.size)
 
   /**** Fields set when inited and not modified again */
   long connection_id; /* Contains a unique number to make it easier to
@@ -1225,7 +1226,7 @@ struct UrlState {
   size_t headersize;   /* size of the allocation */
 
   char *buffer; /* download buffer */
-  char uploadbuffer[UPLOAD_BUFSIZE + 1]; /* upload buffer */
+  char *ulbuf; /* alloced upload buffer or NULL */
   curl_off_t current_speed;  /* the ProgressShow() function sets this,
                                 bytes / second */
   bool this_is_a_follow; /* this is a followed Location: request */
@@ -1287,9 +1288,6 @@ struct UrlState {
                             involved in this request */
   bool expect100header;  /* TRUE if we added Expect: 100-continue */
 
-  bool pipe_broke; /* TRUE if the connection we were pipelined on broke
-                      and we need to restart from the beginning */
-
 #if !defined(WIN32) && !defined(MSDOS) && !defined(__EMX__) && \
     !defined(__SYMBIAN32__)
 /* do FTP line-end conversions on most platforms */
@@ -1412,6 +1410,7 @@ enum dupstring {
   STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */
   STRING_SSL_ISSUERCERT_ORIG, /* issuer cert file to check certificate */
   STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */
+  STRING_SSL_ENGINE,      /* name of ssl engine */
   STRING_USERNAME,        /* <username>, if used */
   STRING_PASSWORD,        /* <password>, if used */
   STRING_OPTIONS,         /* <options>, if used */
@@ -1564,6 +1563,8 @@ struct UserDefined {
   curl_proxytype proxytype; /* what kind of proxy that is in use */
   long dns_cache_timeout; /* DNS cache timeout */
   long buffer_size;      /* size of receive buffer to use */
+  long upload_buffer_size; /* size of upload buffer to use,
+                              keep it >= CURL_MAX_WRITE_SIZE */
   void *private_data; /* application-private data */
 
   struct curl_slist *http200aliases; /* linked list of aliases for http200 */
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 0e940487a..e10398ac3 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -968,6 +968,8 @@ static CURLcode Curl_cyassl_random(struct Curl_easy *data,
     return CURLE_FAILED_INIT;
   if(RNG_GenerateBlock(&rng, entropy, (unsigned)length))
     return CURLE_FAILED_INIT;
+  if(FreeRng(&rng))
+    return CURLE_FAILED_INIT;
   return CURLE_OK;
 }
 
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index f29b5acad..1aea0dc3d 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -1573,6 +1573,35 @@ static CURLcode darwinssl_connect_step1(struct 
connectdata *conn,
   }
 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
 
+#if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
+  if(conn->bits.tls_enable_alpn) {
+    if(__builtin_available(macOS 10.13.4, iOS 11, *)) {
+      CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
+                                                       &kCFTypeArrayCallBacks);
+
+#ifdef USE_NGHTTP2
+      if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+         (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
+        CFArrayAppendValue(alpnArr, CFSTR(NGHTTP2_PROTO_VERSION_ID));
+        infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+      }
+#endif
+
+      CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1));
+      infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+      /* expects length prefixed preference ordered list of protocols in wire
+       * format
+       */
+      err = SSLSetALPNProtocols(BACKEND->ssl_ctx, alpnArr);
+      if(err != noErr)
+        infof(data, "WARNING: failed to set ALPN protocols; OSStatus %d\n",
+              err);
+      CFRelease(alpnArr);
+    }
+  }
+#endif
+
   if(SSL_SET_OPTION(key)) {
     infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
           "Transport. The private key must be in the Keychain.\n");
@@ -2467,6 +2496,39 @@ darwinssl_connect_step2(struct connectdata *conn, int 
sockindex)
         break;
     }
 
+#if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
+    if(conn->bits.tls_enable_alpn) {
+      if(__builtin_available(macOS 10.13.4, iOS 11, *)) {
+        CFArrayRef alpnArr = NULL;
+        CFStringRef chosenProtocol = NULL;
+        err = SSLCopyALPNProtocols(BACKEND->ssl_ctx, &alpnArr);
+
+        if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= 1)
+          chosenProtocol = CFArrayGetValueAtIndex(alpnArr, 0);
+
+#ifdef USE_NGHTTP2
+        if(chosenProtocol &&
+           !CFStringCompare(chosenProtocol, CFSTR(NGHTTP2_PROTO_VERSION_ID),
+                            0)) {
+          conn->negnpn = CURL_HTTP_VERSION_2;
+        }
+        else
+#endif
+        if(chosenProtocol &&
+           !CFStringCompare(chosenProtocol, CFSTR(ALPN_HTTP_1_1), 0)) {
+          conn->negnpn = CURL_HTTP_VERSION_1_1;
+        }
+        else
+          infof(data, "ALPN, server did not agree to a protocol\n");
+
+        /* chosenProtocol is a reference to the string within alpnArr
+           and doesn't need to be freed separately */
+        if(alpnArr)
+          CFRelease(alpnArr);
+      }
+    }
+#endif
+
     return CURLE_OK;
   }
 }
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 0b1929bd7..a487f553c 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -69,7 +69,7 @@
 #include <openssl/ocsp.h>
 #endif
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && /* 1.0.1 or later */     \
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && /* 1.0.0 or later */     \
   !defined(OPENSSL_NO_ENGINE)
 #define USE_OPENSSL_ENGINE
 #include <openssl/engine.h>
@@ -558,8 +558,20 @@ static int ssl_ui_writer(UI *ui, UI_STRING *uis)
   }
   return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
 }
+
+/*
+ * Check if a given string is a PKCS#11 URI
+ */
+static bool is_pkcs11_uri(const char *string)
+{
+  return (string && strncasecompare(string, "pkcs11:", 7));
+}
+
 #endif
 
+static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
+                                     const char *engine);
+
 static
 int cert_stuff(struct connectdata *conn,
                SSL_CTX* ctx,
@@ -622,6 +634,16 @@ int cert_stuff(struct connectdata *conn,
     case SSL_FILETYPE_ENGINE:
 #if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
       {
+        /* Implicitly use pkcs11 engine if none was provided and the
+         * cert_file is a PKCS#11 URI */
+        if(!data->state.engine) {
+          if(is_pkcs11_uri(cert_file)) {
+            if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) {
+              return 0;
+            }
+          }
+        }
+
         if(data->state.engine) {
           const char *cmd_name = "LOAD_CERT_CTRL";
           struct {
@@ -798,6 +820,17 @@ int cert_stuff(struct connectdata *conn,
 #ifdef USE_OPENSSL_ENGINE
       {                         /* XXXX still needs some work */
         EVP_PKEY *priv_key = NULL;
+
+        /* Implicitly use pkcs11 engine if none was provided and the
+         * key_file is a PKCS#11 URI */
+        if(!data->state.engine) {
+          if(is_pkcs11_uri(key_file)) {
+            if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) {
+              return 0;
+            }
+          }
+        }
+
         if(data->state.engine) {
           UI_METHOD *ui_method =
             UI_create_method((char *)"curl user interface");
@@ -1936,7 +1969,15 @@ static void ssl_tls_trace(int direction, int ssl_ver, 
int content_type,
     }
     else
 #endif
-    {
+    if(content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+      msg_type = *(char *)buf;
+      msg_name = "Change cipher spec";
+    }
+    else if(content_type == SSL3_RT_ALERT) {
+      msg_type = (((char *)buf)[0] << 8) + ((char *)buf)[1];
+      msg_name = SSL_alert_desc_string_long(msg_type);
+    }
+    else {
       msg_type = *(char *)buf;
       msg_name = ssl_msg_type(ssl_ver, msg_type);
     }
@@ -3766,6 +3807,9 @@ const struct Curl_ssl Curl_ssl_openssl = {
   SSLSUPP_CERTINFO |
   SSLSUPP_PINNEDPUBKEY |
   SSLSUPP_SSL_CTX |
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
+  SSLSUPP_TLS13_CIPHERSUITES |
+#endif
   SSLSUPP_HTTPS_PROXY,
 
   sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 382efb525..8f6c301d1 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -285,7 +285,15 @@ get_alg_id_by_name(char *name)
 #ifdef CALG_HMAC
   CIPHEROPTION(CALG_HMAC);
 #endif
+#if !defined(__W32API_MAJOR_VERSION) || \
+    !defined(__W32API_MINOR_VERSION) || \
+    defined(__MINGW64_VERSION_MAJOR) || \
+    (__W32API_MAJOR_VERSION > 5)     || \
+    ((__W32API_MAJOR_VERSION == 5) && (__W32API_MINOR_VERSION > 0))
+  /* CALG_TLS1PRF has a syntax error in MinGW's w32api up to version 5.0,
+     see https://osdn.net/projects/mingw/ticket/38391 */
   CIPHEROPTION(CALG_TLS1PRF);
+#endif
 #ifdef CALG_HASH_REPLACE_OWF
   CIPHEROPTION(CALG_HASH_REPLACE_OWF);
 #endif
@@ -594,12 +602,15 @@ schannel_connect_step1(struct connectdata *conn, int 
sockindex)
         return result;
       }
 
-      cert_store = CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0,
-                                 (HCRYPTPROV)NULL,
-                                 cert_store_name, cert_store_path);
+      cert_store =
+        CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0,
+                      (HCRYPTPROV)NULL,
+                      CERT_STORE_OPEN_EXISTING_FLAG | cert_store_name,
+                      cert_store_path);
       if(!cert_store) {
-        failf(data, "schannel: Failed to open cert store %s %s",
-              cert_store_name, cert_store_path);
+        failf(data, "schannel: Failed to open cert store %x %s, "
+              "last error is %x",
+              cert_store_name, cert_store_path, GetLastError());
         Curl_unicodefree(cert_path);
         return CURLE_SSL_CONNECT_ERROR;
       }
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index bf96518bc..b61c64034 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -96,7 +96,8 @@ Curl_ssl_config_matches(struct ssl_primary_config* data,
      Curl_safe_strcasecompare(data->clientcert, needle->clientcert) &&
      Curl_safe_strcasecompare(data->random_file, needle->random_file) &&
      Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) &&
-     Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list))
+     Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
+     Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13))
     return TRUE;
 
   return FALSE;
@@ -119,6 +120,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config 
*source,
   CLONE_STRING(random_file);
   CLONE_STRING(egdsocket);
   CLONE_STRING(cipher_list);
+  CLONE_STRING(cipher_list13);
 
   return TRUE;
 }
@@ -131,6 +133,7 @@ void Curl_free_primary_ssl_config(struct 
ssl_primary_config* sslc)
   Curl_safefree(sslc->random_file);
   Curl_safefree(sslc->egdsocket);
   Curl_safefree(sslc->cipher_list);
+  Curl_safefree(sslc->cipher_list13);
 }
 
 #ifdef USE_SSL
diff --git a/lib/warnless.h b/lib/warnless.h
index e31323971..6d515962e 100644
--- a/lib/warnless.h
+++ b/lib/warnless.h
@@ -26,6 +26,9 @@
 #include <gnurl/curl.h> /* for curl_socket_t */
 #endif
 
+#define CURLX_FUNCTION_CAST(target_type, func) \
+  (target_type)(void (*) (void))(func)
+
 unsigned short curlx_ultous(unsigned long ulnum);
 
 unsigned char curlx_ultouc(unsigned long ulnum);
diff --git a/lib/x509asn1.c b/lib/x509asn1.c
index f4f172a53..16fa7abb1 100644
--- a/lib/x509asn1.c
+++ b/lib/x509asn1.c
@@ -40,10 +40,6 @@
 #include "curl_memory.h"
 #include "memdebug.h"
 
-/* For overflow checks. */
-#define CURL_SIZE_T_MAX         ((size_t)-1)
-
-
 /* ASN.1 OIDs. */
 static const char       cnOID[] = "2.5.4.3";    /* Common name. */
 static const char       sanOID[] = "2.5.29.17"; /* Subject alternative name. */
@@ -108,8 +104,8 @@ static const curl_OID   OIDtable[] = {
  */
 
 
-const char *Curl_getASN1Element(curl_asn1Element *elem,
-                                const char *beg, const char *end)
+static const char *getASN1Element(curl_asn1Element *elem,
+                                  const char *beg, const char *end)
 {
   unsigned char b;
   unsigned long len;
@@ -146,7 +142,7 @@ const char *Curl_getASN1Element(curl_asn1Element *elem,
       return (const char *) NULL;
     elem->beg = beg;
     while(beg < end && *beg) {
-      beg = Curl_getASN1Element(&lelem, beg, end);
+      beg = getASN1Element(&lelem, beg, end);
       if(!beg)
         return (const char *) NULL;
     }
@@ -206,7 +202,7 @@ static const char *octet2str(const char *beg, const char 
*end)
   /* Convert an ASN.1 octet string to a printable string.
      Return the dynamically allocated string, or NULL if an error occurs. */
 
-  if(n <= (CURL_SIZE_T_MAX - 1) / 3) {
+  if(n <= (SIZE_T_MAX - 1) / 3) {
     buf = malloc(3 * n + 1);
     if(buf)
       for(n = 0; beg < end; n += 3)
@@ -287,7 +283,7 @@ utf8asn1str(char **to, int type, const char *from, const 
char *end)
 
   if(inlength % size)
     return -1;  /* Length inconsistent with character size. */
-  if(inlength / size > (CURL_SIZE_T_MAX - 1) / 4)
+  if(inlength / size > (SIZE_T_MAX - 1) / 4)
     return -1;  /* Too big. */
   buf = malloc(4 * (inlength / size) + 1);
   if(!buf)
@@ -306,10 +302,10 @@ utf8asn1str(char **to, int type, const char *from, const 
char *end)
       case 4:
         wc = (wc << 8) | *(const unsigned char *) from++;
         wc = (wc << 8) | *(const unsigned char *) from++;
-        /* fallthrough */
+        /* FALLTHROUGH */
       case 2:
         wc = (wc << 8) | *(const unsigned char *) from++;
-        /* fallthrough */
+        /* FALLTHROUGH */
       default: /* case 1: */
         wc = (wc << 8) | *(const unsigned char *) from++;
       }
@@ -546,7 +542,7 @@ static const char *UTime2str(const char *beg, const char 
*end)
                        tzl, tzp);
 }
 
-const char *Curl_ASN1tostr(curl_asn1Element *elem, int type)
+static const char *ASN1tostr(curl_asn1Element *elem, int type)
 {
   /* Convert an ASN.1 element to a printable string.
      Return the dynamically allocated string, or NULL if an error occurs. */
@@ -605,12 +601,12 @@ static ssize_t encodeDN(char *buf, size_t n, 
curl_asn1Element *dn)
      Return the total string length, even if larger than `n'. */
 
   for(p1 = dn->beg; p1 < dn->end;) {
-    p1 = Curl_getASN1Element(&rdn, p1, dn->end);
+    p1 = getASN1Element(&rdn, p1, dn->end);
     for(p2 = rdn.beg; p2 < rdn.end;) {
-      p2 = Curl_getASN1Element(&atv, p2, rdn.end);
-      p3 = Curl_getASN1Element(&oid, atv.beg, atv.end);
-      Curl_getASN1Element(&value, p3, atv.end);
-      str = Curl_ASN1tostr(&oid, 0);
+      p2 = getASN1Element(&atv, p2, rdn.end);
+      p3 = getASN1Element(&oid, atv.beg, atv.end);
+      getASN1Element(&value, p3, atv.end);
+      str = ASN1tostr(&oid, 0);
       if(!str)
         return -1;
 
@@ -640,7 +636,7 @@ static ssize_t encodeDN(char *buf, size_t n, 
curl_asn1Element *dn)
       l++;
 
       /* Generate value. */
-      str = Curl_ASN1tostr(&value, 0);
+      str = ASN1tostr(&value, 0);
       if(!str)
         return -1;
       for(p3 = str; *p3; p3++) {
@@ -655,7 +651,7 @@ static ssize_t encodeDN(char *buf, size_t n, 
curl_asn1Element *dn)
   return l;
 }
 
-const char *Curl_DNtostr(curl_asn1Element *dn)
+static const char *DNtostr(curl_asn1Element *dn)
 {
   char *buf = (char *) NULL;
   ssize_t n = encodeDN(buf, 0, dn);
@@ -694,17 +690,17 @@ int Curl_parseX509(curl_X509certificate *cert,
   cert->certificate.end = end;
 
   /* Get the sequence content. */
-  if(!Curl_getASN1Element(&elem, beg, end))
+  if(!getASN1Element(&elem, beg, end))
     return -1;  /* Invalid bounds/size. */
   beg = elem.beg;
   end = elem.end;
 
   /* Get tbsCertificate. */
-  beg = Curl_getASN1Element(&tbsCertificate, beg, end);
+  beg = getASN1Element(&tbsCertificate, beg, end);
   /* Skip the signatureAlgorithm. */
-  beg = Curl_getASN1Element(&cert->signatureAlgorithm, beg, end);
+  beg = getASN1Element(&cert->signatureAlgorithm, beg, end);
   /* Get the signatureValue. */
-  Curl_getASN1Element(&cert->signature, beg, end);
+  getASN1Element(&cert->signature, beg, end);
 
   /* Parse TBSCertificate. */
   beg = tbsCertificate.beg;
@@ -713,28 +709,28 @@ int Curl_parseX509(curl_X509certificate *cert,
   cert->version.header = NULL;
   cert->version.beg = &defaultVersion;
   cert->version.end = &defaultVersion + sizeof(defaultVersion);
-  beg = Curl_getASN1Element(&elem, beg, end);
+  beg = getASN1Element(&elem, beg, end);
   if(elem.tag == 0) {
-    Curl_getASN1Element(&cert->version, elem.beg, elem.end);
-    beg = Curl_getASN1Element(&elem, beg, end);
+    getASN1Element(&cert->version, elem.beg, elem.end);
+    beg = getASN1Element(&elem, beg, end);
   }
   cert->serialNumber = elem;
   /* Get signature algorithm. */
-  beg = Curl_getASN1Element(&cert->signatureAlgorithm, beg, end);
+  beg = getASN1Element(&cert->signatureAlgorithm, beg, end);
   /* Get issuer. */
-  beg = Curl_getASN1Element(&cert->issuer, beg, end);
+  beg = getASN1Element(&cert->issuer, beg, end);
   /* Get notBefore and notAfter. */
-  beg = Curl_getASN1Element(&elem, beg, end);
-  ccp = Curl_getASN1Element(&cert->notBefore, elem.beg, elem.end);
-  Curl_getASN1Element(&cert->notAfter, ccp, elem.end);
+  beg = getASN1Element(&elem, beg, end);
+  ccp = getASN1Element(&cert->notBefore, elem.beg, elem.end);
+  getASN1Element(&cert->notAfter, ccp, elem.end);
   /* Get subject. */
-  beg = Curl_getASN1Element(&cert->subject, beg, end);
+  beg = getASN1Element(&cert->subject, beg, end);
   /* Get subjectPublicKeyAlgorithm and subjectPublicKey. */
-  beg = Curl_getASN1Element(&cert->subjectPublicKeyInfo, beg, end);
-  ccp = Curl_getASN1Element(&cert->subjectPublicKeyAlgorithm,
+  beg = getASN1Element(&cert->subjectPublicKeyInfo, beg, end);
+  ccp = getASN1Element(&cert->subjectPublicKeyAlgorithm,
                             cert->subjectPublicKeyInfo.beg,
                             cert->subjectPublicKeyInfo.end);
-  Curl_getASN1Element(&cert->subjectPublicKey, ccp,
+  getASN1Element(&cert->subjectPublicKey, ccp,
                       cert->subjectPublicKeyInfo.end);
   /* Get optional issuerUiqueID, subjectUniqueID and extensions. */
   cert->issuerUniqueID.tag = cert->subjectUniqueID.tag = 0;
@@ -745,19 +741,19 @@ int Curl_parseX509(curl_X509certificate *cert,
   cert->extensions.header = NULL;
   cert->extensions.beg = cert->extensions.end = "";
   if(beg < end)
-    beg = Curl_getASN1Element(&elem, beg, end);
+    beg = getASN1Element(&elem, beg, end);
   if(elem.tag == 1) {
     cert->issuerUniqueID = elem;
     if(beg < end)
-      beg = Curl_getASN1Element(&elem, beg, end);
+      beg = getASN1Element(&elem, beg, end);
   }
   if(elem.tag == 2) {
     cert->subjectUniqueID = elem;
     if(beg < end)
-      beg = Curl_getASN1Element(&elem, beg, end);
+      beg = getASN1Element(&elem, beg, end);
   }
   if(elem.tag == 3)
-    Curl_getASN1Element(&cert->extensions, elem.beg, elem.end);
+    getASN1Element(&cert->extensions, elem.beg, elem.end);
   return 0;
 }
 
@@ -785,12 +781,12 @@ static const char *dumpAlgo(curl_asn1Element *param,
 
   /* Get algorithm parameters and return algorithm name. */
 
-  beg = Curl_getASN1Element(&oid, beg, end);
+  beg = getASN1Element(&oid, beg, end);
   param->header = NULL;
   param->tag = 0;
   param->beg = param->end = end;
   if(beg < end)
-    Curl_getASN1Element(param, beg, end);
+    getASN1Element(param, beg, end);
   return OID2str(oid.beg, oid.end, TRUE);
 }
 
@@ -801,7 +797,7 @@ static void do_pubkey_field(struct Curl_easy *data, int 
certnum,
 
   /* Generate a certificate information record for the public key. */
 
-  output = Curl_ASN1tostr(elem, 0);
+  output = ASN1tostr(elem, 0);
   if(output) {
     if(data->set.ssl.certinfo)
       Curl_ssl_push_certinfo(data, certnum, label, output);
@@ -825,10 +821,10 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
   /* Generate all information records for the public key. */
 
   /* Get the public key (single element). */
-  Curl_getASN1Element(&pk, pubkey->beg + 1, pubkey->end);
+  getASN1Element(&pk, pubkey->beg + 1, pubkey->end);
 
   if(strcasecompare(algo, "rsaEncryption")) {
-    p = Curl_getASN1Element(&elem, pk.beg, pk.end);
+    p = getASN1Element(&elem, pk.beg, pk.end);
     /* Compute key length. */
     for(q = elem.beg; !*q && q < elem.end; q++)
       ;
@@ -849,22 +845,22 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
     }
     /* Generate coefficients. */
     do_pubkey_field(data, certnum, "rsa(n)", &elem);
-    Curl_getASN1Element(&elem, p, pk.end);
+    getASN1Element(&elem, p, pk.end);
     do_pubkey_field(data, certnum, "rsa(e)", &elem);
   }
   else if(strcasecompare(algo, "dsa")) {
-    p = Curl_getASN1Element(&elem, param->beg, param->end);
+    p = getASN1Element(&elem, param->beg, param->end);
     do_pubkey_field(data, certnum, "dsa(p)", &elem);
-    p = Curl_getASN1Element(&elem, p, param->end);
+    p = getASN1Element(&elem, p, param->end);
     do_pubkey_field(data, certnum, "dsa(q)", &elem);
-    Curl_getASN1Element(&elem, p, param->end);
+    getASN1Element(&elem, p, param->end);
     do_pubkey_field(data, certnum, "dsa(g)", &elem);
     do_pubkey_field(data, certnum, "dsa(pub_key)", &pk);
   }
   else if(strcasecompare(algo, "dhpublicnumber")) {
-    p = Curl_getASN1Element(&elem, param->beg, param->end);
+    p = getASN1Element(&elem, param->beg, param->end);
     do_pubkey_field(data, certnum, "dh(p)", &elem);
-    Curl_getASN1Element(&elem, param->beg, param->end);
+    getASN1Element(&elem, param->beg, param->end);
     do_pubkey_field(data, certnum, "dh(g)", &elem);
     do_pubkey_field(data, certnum, "dh(pub_key)", &pk);
   }
@@ -903,7 +899,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
     return CURLE_OUT_OF_MEMORY;
 
   /* Subject. */
-  ccp = Curl_DNtostr(&cert.subject);
+  ccp = DNtostr(&cert.subject);
   if(!ccp)
     return CURLE_OUT_OF_MEMORY;
   if(data->set.ssl.certinfo)
@@ -913,7 +909,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
   free((char *) ccp);
 
   /* Issuer. */
-  ccp = Curl_DNtostr(&cert.issuer);
+  ccp = DNtostr(&cert.issuer);
   if(!ccp)
     return CURLE_OUT_OF_MEMORY;
   if(data->set.ssl.certinfo)
@@ -937,7 +933,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
     infof(data, "   Version: %lu (0x%lx)\n", version + 1, version);
 
   /* Serial number. */
-  ccp = Curl_ASN1tostr(&cert.serialNumber, 0);
+  ccp = ASN1tostr(&cert.serialNumber, 0);
   if(!ccp)
     return CURLE_OUT_OF_MEMORY;
   if(data->set.ssl.certinfo)
@@ -958,7 +954,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
   free((char *) ccp);
 
   /* Start Date. */
-  ccp = Curl_ASN1tostr(&cert.notBefore, 0);
+  ccp = ASN1tostr(&cert.notBefore, 0);
   if(!ccp)
     return CURLE_OUT_OF_MEMORY;
   if(data->set.ssl.certinfo)
@@ -968,7 +964,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
   free((char *) ccp);
 
   /* Expire Date. */
-  ccp = Curl_ASN1tostr(&cert.notAfter, 0);
+  ccp = ASN1tostr(&cert.notAfter, 0);
   if(!ccp)
     return CURLE_OUT_OF_MEMORY;
   if(data->set.ssl.certinfo)
@@ -992,7 +988,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
 /* TODO: extensions. */
 
   /* Signature. */
-  ccp = Curl_ASN1tostr(&cert.signature, 0);
+  ccp = ASN1tostr(&cert.signature, 0);
   if(!ccp)
     return CURLE_OUT_OF_MEMORY;
   if(data->set.ssl.certinfo)
@@ -1051,7 +1047,7 @@ static const char *checkOID(const char *beg, const char 
*end,
   /* Check if first ASN.1 element at `beg' is the given OID.
      Return a pointer in the source after the OID if found, else NULL. */
 
-  ccp = Curl_getASN1Element(&e, beg, end);
+  ccp = getASN1Element(&e, beg, end);
   if(!ccp || e.tag != CURL_ASN1_OBJECT_IDENTIFIER)
     return (const char *) NULL;
 
@@ -1110,19 +1106,19 @@ CURLcode Curl_verifyhost(struct connectdata *conn,
 
   /* Process extensions. */
   for(p = cert.extensions.beg; p < cert.extensions.end && matched != 1;) {
-    p = Curl_getASN1Element(&ext, p, cert.extensions.end);
+    p = getASN1Element(&ext, p, cert.extensions.end);
     /* Check if extension is a subjectAlternativeName. */
     ext.beg = checkOID(ext.beg, ext.end, sanOID);
     if(ext.beg) {
-      ext.beg = Curl_getASN1Element(&elem, ext.beg, ext.end);
+      ext.beg = getASN1Element(&elem, ext.beg, ext.end);
       /* Skip critical if present. */
       if(elem.tag == CURL_ASN1_BOOLEAN)
-        ext.beg = Curl_getASN1Element(&elem, ext.beg, ext.end);
+        ext.beg = getASN1Element(&elem, ext.beg, ext.end);
       /* Parse the octet string contents: is a single sequence. */
-      Curl_getASN1Element(&elem, elem.beg, elem.end);
+      getASN1Element(&elem, elem.beg, elem.end);
       /* Check all GeneralNames. */
       for(q = elem.beg; matched != 1 && q < elem.end;) {
-        q = Curl_getASN1Element(&name, q, elem.end);
+        q = getASN1Element(&name, q, elem.end);
         switch(name.tag) {
         case 2: /* DNS name. */
           len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING,
@@ -1162,9 +1158,9 @@ CURLcode Curl_verifyhost(struct connectdata *conn,
   /* we have to look to the last occurrence of a commonName in the
      distinguished one to get the most significant one. */
   while(q < cert.subject.end) {
-    q = Curl_getASN1Element(&dn, q, cert.subject.end);
+    q = getASN1Element(&dn, q, cert.subject.end);
     for(p = dn.beg; p < dn.end;) {
-      p = Curl_getASN1Element(&elem, p, dn.end);
+      p = getASN1Element(&elem, p, dn.end);
       /* We have a DN's AttributeTypeAndValue: check it in case it's a CN. */
       elem.beg = checkOID(elem.beg, elem.end, cnOID);
       if(elem.beg)
@@ -1173,7 +1169,7 @@ CURLcode Curl_verifyhost(struct connectdata *conn,
   }
 
   /* Check the CN if found. */
-  if(!Curl_getASN1Element(&elem, name.beg, name.end))
+  if(!getASN1Element(&elem, name.beg, name.end))
     failf(data, "SSL: unable to obtain common name from peer certificate");
   else {
     len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end);
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
index c1ae6a559..b90e44d98 100644
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@@ -977,6 +977,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
           dnl Only gcc 2.95 or later
           if test "$compiler_num" -ge "295"; then
             tmp_CFLAGS="$tmp_CFLAGS -Wno-long-long"
+            tmp_CFLAGS="$tmp_CFLAGS -Wbad-function-cast"
           fi
           #
           dnl Only gcc 2.96 or later
@@ -1011,6 +1012,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
           dnl Only gcc 3.4 or later
           if test "$compiler_num" -ge "304"; then
             tmp_CFLAGS="$tmp_CFLAGS -Wdeclaration-after-statement"
+            tmp_CFLAGS="$tmp_CFLAGS -Wold-style-definition"
           fi
           #
           dnl Only gcc 4.0 or later
@@ -1029,6 +1031,8 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
             tmp_CFLAGS="$tmp_CFLAGS -Wmissing-parameter-type -Wempty-body"
             tmp_CFLAGS="$tmp_CFLAGS -Wclobbered -Wignored-qualifiers"
             tmp_CFLAGS="$tmp_CFLAGS -Wconversion -Wno-sign-conversion -Wvla"
+            dnl required for -Warray-bounds, included in -Wall
+            tmp_CFLAGS="$tmp_CFLAGS -ftree-vrp"
           fi
           #
           dnl Only gcc 4.5 or later
@@ -1044,12 +1048,23 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
             tmp_CFLAGS="$tmp_CFLAGS -Wdouble-promotion"
           fi
           #
+          dnl only gcc 4.8 or later
+          if test "$compiler_num" -ge "408"; then
+            tmp_CFLAGS="$tmp_CFLAGS -Wformat=2"
+          fi
+          #
+          dnl Only gcc 5 or later
+          if test "$compiler_num" -ge "500"; then
+            tmp_CFLAGS="$tmp_CFLAGS -Warray-bounds=2"
+          fi
+          #
           dnl Only gcc 6 or later
           if test "$compiler_num" -ge "600"; then
             tmp_CFLAGS="$tmp_CFLAGS -Wshift-negative-value"
             tmp_CFLAGS="$tmp_CFLAGS -Wshift-overflow=2"
-            tmp_CFLAGS="$tmp_CFLAGS -Wnull-dereference"
+            tmp_CFLAGS="$tmp_CFLAGS -Wnull-dereference 
-fdelete-null-pointer-checks"
             tmp_CFLAGS="$tmp_CFLAGS -Wduplicated-cond"
+            tmp_CFLAGS="$tmp_CFLAGS -Wunused-const-variable"
           fi
           #
           dnl Only gcc 7 or later
@@ -1059,6 +1074,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
             tmp_CFLAGS="$tmp_CFLAGS -Walloc-zero"
             tmp_CFLAGS="$tmp_CFLAGS -Wformat-overflow=2"
             tmp_CFLAGS="$tmp_CFLAGS -Wformat-truncation=2"
+            tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough=4"
           fi
           #
         fi
diff --git a/projects/build-openssl.bat b/projects/build-openssl.bat
index 9fd49b780..98daff529 100644
--- a/projects/build-openssl.bat
+++ b/projects/build-openssl.bat
@@ -153,26 +153,21 @@ rem 
***************************************************************************
   rem Check we have Visual Studio installed
   if not exist "%ABS_VC_PATH%" goto novc
 
-  
   if not defined PERL_PATH (
-       rem Check we have Perl in our path 
-       rem using !! below as %% was having \Microsoft was unexpected error.
-       echo !PATH! | findstr /I /C:"\Perl" 1>nul
-       if errorlevel 1 (
-               rem It isn't so check we have it installed and set the path if 
it is
-               if exist "%SystemDrive%\Perl" (
-               set "PATH=%SystemDrive%\Perl\bin;%PATH%"
-               ) else (
-               if exist "%SystemDrive%\Perl64" (
-                       set "PATH=%SystemDrive%\Perl64\bin;%PATH%"
-               ) else (
-
-
-
-                       goto noperl
-               )
-               )
-       )
+    rem Check we have Perl in our path
+    perl --version <NUL 1>NUL 2>&1
+    if errorlevel 1 (
+      rem It isn't so check we have it installed and set the path if it is
+      if exist "%SystemDrive%\Perl" (
+        set "PATH=%SystemDrive%\Perl\bin;%PATH%"
+      ) else (
+        if exist "%SystemDrive%\Perl64" (
+          set "PATH=%SystemDrive%\Perl64\bin;%PATH%"
+        ) else (
+          goto noperl
+        )
+      )
+    )
   ) else (
     set "PATH=%PERL_PATH%\Perl\bin;%PATH%"
   )
diff --git a/projects/checksrc.bat b/projects/checksrc.bat
index 3c38f50e6..5c8debf11 100644
--- a/projects/checksrc.bat
+++ b/projects/checksrc.bat
@@ -73,7 +73,7 @@ rem 
***************************************************************************
 
 :prerequisites
   rem Check we have Perl in our path
-  echo %PATH% | findstr /I /C:"\Perl" 1>nul
+  perl --version <NUL 1>NUL 2>&1
   if errorlevel 1 (
     rem It isn't so check we have it installed and set the path if it is
     if exist "%SystemDrive%\Perl" (
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index d75f47f17..a289886bd 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -62,7 +62,7 @@ include_directories(
   )
 
 #Build curl executable
-target_link_libraries( ${EXE_NAME} libcurl ${CURL_LIBS})
+target_link_libraries(${EXE_NAME} libcurl ${CURL_LIBS})
 
 
################################################################################
 
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
index 88ce5e13b..04bc7e17b 100644
--- a/src/tool_cb_hdr.c
+++ b/src/tool_cb_hdr.c
@@ -42,7 +42,10 @@ static char *parse_filename(const char *ptr, size_t len);
 #define BOLDOFF
 #else
 #define BOLD "\x1b[1m"
-#define BOLDOFF "\x1b[21m"
+/* Switch off bold by settting "all attributes off" since the explicit
+   bold-off code (21) isn't supported everywhere - like in the mac
+   Terminal. */
+#define BOLDOFF "\x1b[0m"
 #endif
 
 /*
@@ -103,9 +106,6 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, 
void *userdata)
      (protocol & (CURLPROTO_HTTPS|CURLPROTO_HTTP))) {
     const char *p = str + 20;
 
-    if(!outs->stream && !tool_create_output_file(outs, FALSE))
-      return failure;
-
     /* look for the 'filename=' parameter
        (encoded filenames (*=) are not supported) */
     for(;;) {
@@ -153,6 +153,8 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, 
void *userdata)
       }
       break;
     }
+    if(!outs->stream && !tool_create_output_file(outs, FALSE))
+      return failure;
   }
 
   if(hdrcbdata->config->show_headers &&
diff --git a/src/tool_cb_see.c b/src/tool_cb_see.c
index 621d440f4..061b2bb3d 100644
--- a/src/tool_cb_see.c
+++ b/src/tool_cb_see.c
@@ -118,10 +118,12 @@ int tool_seek_cb(void *userdata, curl_off_t offset, int 
whence)
 
 int tool_ftruncate64(int fd, curl_off_t where)
 {
+  intptr_t handle = _get_osfhandle(fd);
+
   if(_lseeki64(fd, where, SEEK_SET) < 0)
     return -1;
 
-  if(!SetEndOfFile((HANDLE)_get_osfhandle(fd)))
+  if(!SetEndOfFile((HANDLE)handle))
     return -1;
 
   return 0;
diff --git a/src/tool_dirhie.c b/src/tool_dirhie.c
index a01f9dc5f..36c06941c 100644
--- a/src/tool_dirhie.c
+++ b/src/tool_dirhie.c
@@ -139,12 +139,10 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE 
*errors)
         else
           snprintf(dirbuildup, outlen, "%s%s", DIR_CHAR, tempdir);
       }
-      if(access(dirbuildup, F_OK) == -1) {
-        if(-1 == mkdir(dirbuildup, (mode_t)0000750)) {
-          show_dir_errno(errors, dirbuildup);
-          result = CURLE_WRITE_ERROR;
-          break; /* get out of loop */
-        }
+      if((-1 == mkdir(dirbuildup, (mode_t)0000750)) && (errno != EEXIST)) {
+        show_dir_errno(errors, dirbuildup);
+        result = CURLE_WRITE_ERROR;
+        break; /* get out of loop */
       }
     }
     tempdir = tempdir2;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index cc3fcf3a5..aad147148 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -65,7 +65,8 @@ struct LongShort {
   enum {
     ARG_NONE,   /* stand-alone but not a boolean */
     ARG_BOOL,   /* accepts a --no-[name] prefix */
-    ARG_STRING  /* requires an argument */
+    ARG_STRING, /* requires an argument */
+    ARG_FILENAME /* requires an argument, usually a file name */
   } desc;
 };
 
@@ -75,7 +76,7 @@ static const struct LongShort aliases[]= {
   {"*@", "url",                      ARG_STRING},
   {"*4", "dns-ipv4-addr",            ARG_STRING},
   {"*6", "dns-ipv6-addr",            ARG_STRING},
-  {"*a", "random-file",              ARG_STRING},
+  {"*a", "random-file",              ARG_FILENAME},
   {"*b", "egd-file",                 ARG_STRING},
   {"*B", "oauth2-bearer",            ARG_STRING},
   {"*c", "connect-timeout",          ARG_STRING},
@@ -87,9 +88,9 @@ static const struct LongShort aliases[]= {
          /* 'epsv' made like this to make --no-epsv and --epsv to work
              although --disable-epsv is the documented option */
   {"*F", "dns-servers",              ARG_STRING},
-  {"*g", "trace",                    ARG_STRING},
+  {"*g", "trace",                    ARG_FILENAME},
   {"*G", "npn",                      ARG_BOOL},
-  {"*h", "trace-ascii",              ARG_STRING},
+  {"*h", "trace-ascii",              ARG_FILENAME},
   {"*H", "alpn",                     ARG_BOOL},
   {"*i", "limit-rate",               ARG_STRING},
   {"*j", "compressed",               ARG_BOOL},
@@ -108,7 +109,7 @@ static const struct LongShort aliases[]= {
   {"*s", "max-redirs",               ARG_STRING},
   {"*t", "proxy-ntlm",               ARG_BOOL},
   {"*u", "crlf",                     ARG_BOOL},
-  {"*v", "stderr",                   ARG_STRING},
+  {"*v", "stderr",                   ARG_FILENAME},
   {"*w", "interface",                ARG_STRING},
   {"*x", "krb",                      ARG_STRING},
   {"*x", "krb4",                     ARG_STRING},
@@ -177,7 +178,7 @@ static const struct LongShort aliases[]= {
   {"$J", "metalink",                 ARG_BOOL},
   {"$K", "sasl-ir",                  ARG_BOOL},
   {"$L", "test-event",               ARG_BOOL},
-  {"$M", "unix-socket",              ARG_STRING},
+  {"$M", "unix-socket",              ARG_FILENAME},
   {"$N", "path-as-is",               ARG_BOOL},
   {"$O", "socks5-gssapi-service",    ARG_STRING},
          /* 'socks5-gssapi-service' merged with'proxy-service-name' and
@@ -188,7 +189,7 @@ static const struct LongShort aliases[]= {
   {"$R", "expect100-timeout",        ARG_STRING},
   {"$S", "tftp-no-options",          ARG_BOOL},
   {"$U", "connect-to",               ARG_STRING},
-  {"$W", "abstract-unix-socket",     ARG_STRING},
+  {"$W", "abstract-unix-socket",     ARG_FILENAME},
   {"$X", "tls-max",                  ARG_STRING},
   {"$Y", "suppress-connect-headers", ARG_BOOL},
   {"$Z", "compressed-ssh",           ARG_BOOL},
@@ -219,19 +220,19 @@ static const struct LongShort aliases[]= {
   {"da", "data-ascii",               ARG_STRING},
   {"db", "data-binary",              ARG_STRING},
   {"de", "data-urlencode",           ARG_STRING},
-  {"D",  "dump-header",              ARG_STRING},
+  {"D",  "dump-header",              ARG_FILENAME},
   {"e",  "referer",                  ARG_STRING},
-  {"E",  "cert",                     ARG_STRING},
-  {"Ea", "cacert",                   ARG_STRING},
+  {"E",  "cert",                     ARG_FILENAME},
+  {"Ea", "cacert",                   ARG_FILENAME},
   {"Eb", "cert-type",                ARG_STRING},
-  {"Ec", "key",                      ARG_STRING},
+  {"Ec", "key",                      ARG_FILENAME},
   {"Ed", "key-type",                 ARG_STRING},
   {"Ee", "pass",                     ARG_STRING},
   {"Ef", "engine",                   ARG_STRING},
-  {"Eg", "capath",                   ARG_STRING},
+  {"Eg", "capath",                   ARG_FILENAME},
   {"Eh", "pubkey",                   ARG_STRING},
   {"Ei", "hostpubmd5",               ARG_STRING},
-  {"Ej", "crlfile",                  ARG_STRING},
+  {"Ej", "crlfile",                  ARG_FILENAME},
   {"Ek", "tlsuser",                  ARG_STRING},
   {"El", "tlspassword",              ARG_STRING},
   {"Em", "tlsauthtype",              ARG_STRING},
@@ -246,17 +247,17 @@ static const struct LongShort aliases[]= {
   {"Eu", "proxy-tlsuser",            ARG_STRING},
   {"Ev", "proxy-tlspassword",        ARG_STRING},
   {"Ew", "proxy-tlsauthtype",        ARG_STRING},
-  {"Ex", "proxy-cert",               ARG_STRING},
+  {"Ex", "proxy-cert",               ARG_FILENAME},
   {"Ey", "proxy-cert-type",          ARG_STRING},
-  {"Ez", "proxy-key",                ARG_STRING},
+  {"Ez", "proxy-key",                ARG_FILENAME},
   {"E0", "proxy-key-type",           ARG_STRING},
   {"E1", "proxy-pass",               ARG_STRING},
   {"E2", "proxy-ciphers",            ARG_STRING},
-  {"E3", "proxy-crlfile",            ARG_STRING},
+  {"E3", "proxy-crlfile",            ARG_FILENAME},
   {"E4", "proxy-ssl-allow-beast",    ARG_BOOL},
   {"E5", "login-options",            ARG_STRING},
-  {"E6", "proxy-cacert",             ARG_STRING},
-  {"E7", "proxy-capath",             ARG_STRING},
+  {"E6", "proxy-cacert",             ARG_FILENAME},
+  {"E7", "proxy-capath",             ARG_FILENAME},
   {"E8", "proxy-insecure",           ARG_BOOL},
   {"E9", "proxy-tlsv1",              ARG_NONE},
   {"EA", "socks5-basic",             ARG_BOOL},
@@ -277,7 +278,7 @@ static const struct LongShort aliases[]= {
   {"j",  "junk-session-cookies",     ARG_BOOL},
   {"J",  "remote-header-name",       ARG_BOOL},
   {"k",  "insecure",                 ARG_BOOL},
-  {"K",  "config",                   ARG_STRING},
+  {"K",  "config",                   ARG_FILENAME},
   {"l",  "list-only",                ARG_BOOL},
   {"L",  "location",                 ARG_BOOL},
   {"Lt", "location-trusted",         ARG_BOOL},
@@ -285,10 +286,10 @@ static const struct LongShort aliases[]= {
   {"M",  "manual",                   ARG_BOOL},
   {"n",  "netrc",                    ARG_BOOL},
   {"no", "netrc-optional",           ARG_BOOL},
-  {"ne", "netrc-file",               ARG_STRING},
+  {"ne", "netrc-file",               ARG_FILENAME},
   {"N",  "buffer",                   ARG_BOOL},
          /* 'buffer' listed as --no-buffer in the help */
-  {"o",  "output",                   ARG_STRING},
+  {"o",  "output",                   ARG_FILENAME},
   {"O",  "remote-name",              ARG_NONE},
   {"Oa", "remote-name-all",          ARG_BOOL},
   {"p",  "proxytunnel",              ARG_BOOL},
@@ -300,7 +301,7 @@ static const struct LongShort aliases[]= {
   {"s",  "silent",                   ARG_BOOL},
   {"S",  "show-error",               ARG_BOOL},
   {"t",  "telnet-option",            ARG_STRING},
-  {"T",  "upload-file",              ARG_STRING},
+  {"T",  "upload-file",              ARG_FILENAME},
   {"u",  "user",                     ARG_STRING},
   {"U",  "proxy-user",               ARG_STRING},
   {"v",  "verbose",                  ARG_BOOL},
@@ -342,7 +343,7 @@ void parse_cert_parameter(const char *cert_parameter,
    * looks like a RFC7512 PKCS#11 URI which can be used as-is.
    * Also if cert_parameter contains no colon nor backslash, this
    * means no passphrase was given and no characters escaped */
-  if(!strncmp(cert_parameter, "pkcs11:", 7) ||
+  if(curl_strnequal(cert_parameter, "pkcs11:", 7) ||
      !strpbrk(cert_parameter, ":\\")) {
     *certname = strdup(cert_parameter);
     return;
@@ -570,7 +571,7 @@ ParameterError getparameter(const char *flag, /* f or 
-long-flag */
       }
     }
 
-    if(aliases[hit].desc == ARG_STRING) {
+    if(aliases[hit].desc >= ARG_STRING) {
       /* this option requires an extra parameter */
       if(!longopt && parse[1]) {
         nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
@@ -580,6 +581,13 @@ ParameterError getparameter(const char *flag, /* f or 
-long-flag */
         return PARAM_REQUIRES_PARAMETER;
       else
         *usedarg = TRUE; /* mark it as used */
+
+      if((aliases[hit].desc == ARG_FILENAME) &&
+         (nextarg[0] == '-') && nextarg[1]) {
+        /* if the file name looks like a command line option */
+        warnf(global, "The file name argument '%s' looks like a flag.\n",
+              nextarg);
+      }
     }
     else if((aliases[hit].desc == ARG_NONE) && !toggle)
       return PARAM_NO_PREFIX;
@@ -1706,7 +1714,7 @@ ParameterError getparameter(const char *flag, /* f or 
-long-flag */
           warnf(global, "Failed to open %s!\n", &nextarg[1]);
         else {
           err = file2memory(&string, &len, file);
-          if(!err) {
+          if(!err && string) {
             /* Allow strtok() here since this isn't used threaded */
             /* !checksrc! disable BANNEDFUNC 2 */
             char *h = strtok(string, "\r\n");
@@ -1826,7 +1834,7 @@ ParameterError getparameter(const char *flag, /* f or 
-long-flag */
         config->default_node_flags = toggle?GETOUT_USEREMOTE:0;
         break;
       }
-      /* fall-through! */
+      /* FALLTHROUGH */
     case 'o': /* --output */
       /* output file */
     {
diff --git a/src/tool_metalink.c b/src/tool_metalink.c
index f8effd374..4c4261472 100644
--- a/src/tool_metalink.c
+++ b/src/tool_metalink.c
@@ -461,16 +461,11 @@ static void SHA256_Final(unsigned char digest[32], 
SHA256_CTX *ctx)
 
 #endif /* CRYPTO LIBS */
 
-/* Disable this picky gcc-8 compiler warning */
-#if defined(__GNUC__) && (__GNUC__ >= 8)
-#pragma GCC diagnostic ignored "-Wcast-function-type"
-#endif
-
 const digest_params MD5_DIGEST_PARAMS[] = {
   {
-    (Curl_digest_init_func) MD5_Init,
-    (Curl_digest_update_func) MD5_Update,
-    (Curl_digest_final_func) MD5_Final,
+    CURLX_FUNCTION_CAST(Curl_digest_init_func, MD5_Init),
+    CURLX_FUNCTION_CAST(Curl_digest_update_func, MD5_Update),
+    CURLX_FUNCTION_CAST(Curl_digest_final_func, MD5_Final),
     sizeof(MD5_CTX),
     16
   }
@@ -478,9 +473,9 @@ const digest_params MD5_DIGEST_PARAMS[] = {
 
 const digest_params SHA1_DIGEST_PARAMS[] = {
   {
-    (Curl_digest_init_func) SHA1_Init,
-    (Curl_digest_update_func) SHA1_Update,
-    (Curl_digest_final_func) SHA1_Final,
+    CURLX_FUNCTION_CAST(Curl_digest_init_func, SHA1_Init),
+    CURLX_FUNCTION_CAST(Curl_digest_update_func, SHA1_Update),
+    CURLX_FUNCTION_CAST(Curl_digest_final_func, SHA1_Final),
     sizeof(SHA_CTX),
     20
   }
@@ -488,9 +483,9 @@ const digest_params SHA1_DIGEST_PARAMS[] = {
 
 const digest_params SHA256_DIGEST_PARAMS[] = {
   {
-    (Curl_digest_init_func) SHA256_Init,
-    (Curl_digest_update_func) SHA256_Update,
-    (Curl_digest_final_func) SHA256_Final,
+    CURLX_FUNCTION_CAST(Curl_digest_init_func, SHA256_Init),
+    CURLX_FUNCTION_CAST(Curl_digest_update_func, SHA256_Update),
+    CURLX_FUNCTION_CAST(Curl_digest_final_func, SHA256_Final),
     sizeof(SHA256_CTX),
     32
   }
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 26fc251f5..2c3f6dd4c 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -113,6 +113,19 @@ static bool is_fatal_error(CURLcode code)
   return FALSE;
 }
 
+/*
+ * Check if a given string is a PKCS#11 URI
+ */
+static bool is_pkcs11_uri(const char *string)
+{
+  if(curl_strnequal(string, "pkcs11:", 7)) {
+    return TRUE;
+  }
+  else {
+    return FALSE;
+  }
+}
+
 #ifdef __VMS
 /*
  * get_vms_file_size does what it takes to get the real size of the file
@@ -1073,6 +1086,46 @@ static CURLcode operate_do(struct GlobalConfig *global,
           my_setopt_str(curl, CURLOPT_PINNEDPUBLICKEY, config->pinnedpubkey);
 
         if(curlinfo->features & CURL_VERSION_SSL) {
+          /* Check if config->cert is a PKCS#11 URI and set the
+           * config->cert_type if necessary */
+          if(config->cert) {
+            if(!config->cert_type) {
+              if(is_pkcs11_uri(config->cert)) {
+                config->cert_type = strdup("ENG");
+              }
+            }
+          }
+
+          /* Check if config->key is a PKCS#11 URI and set the
+           * config->key_type if necessary */
+          if(config->key) {
+            if(!config->key_type) {
+              if(is_pkcs11_uri(config->key)) {
+                config->key_type = strdup("ENG");
+              }
+            }
+          }
+
+          /* Check if config->proxy_cert is a PKCS#11 URI and set the
+           * config->proxy_type if necessary */
+          if(config->proxy_cert) {
+            if(!config->proxy_cert_type) {
+              if(is_pkcs11_uri(config->proxy_cert)) {
+                config->proxy_cert_type = strdup("ENG");
+              }
+            }
+          }
+
+          /* Check if config->proxy_key is a PKCS#11 URI and set the
+           * config->proxy_key_type if necessary */
+          if(config->proxy_key) {
+            if(!config->proxy_key_type) {
+              if(is_pkcs11_uri(config->proxy_key)) {
+                config->proxy_key_type = strdup("ENG");
+              }
+            }
+          }
+
           my_setopt_str(curl, CURLOPT_SSLCERT, config->cert);
           my_setopt_str(curl, CURLOPT_PROXY_SSLCERT, config->proxy_cert);
           my_setopt_str(curl, CURLOPT_SSLCERTTYPE, config->cert_type);
@@ -1220,7 +1273,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
           my_setopt_str(curl, CURLOPT_TLS13_CIPHERS, config->cipher13_list);
 
         if(config->proxy_cipher13_list)
-          my_setopt_str(curl, CURLOPT_PROXY_SSL_CIPHER_LIST,
+          my_setopt_str(curl, CURLOPT_PROXY_TLS13_CIPHERS,
                         config->proxy_cipher13_list);
 
         /* new in libcurl 7.9.2: */
@@ -1578,6 +1631,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
                 curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response);
 
                 switch(response) {
+                case 408: /* Request Timeout */
                 case 500: /* Internal Server Error */
                 case 502: /* Bad Gateway */
                 case 503: /* Service Unavailable */
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index fc8c2f529..e1b994108 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -34,8 +34,6 @@
 #define GLOBERROR(string, column, code) \
   glob->error = string, glob->pos = column, code
 
-void glob_cleanup(URLGlob* glob);
-
 static CURLcode glob_fixed(URLGlob *glob, char *fixed, size_t len)
 {
   URLPattern *pat = &glob->pattern[glob->size];
@@ -116,7 +114,7 @@ static CURLcode glob_set(URLGlob *glob, char **patternp,
       if(multiply(amount, pat->content.Set.size + 1))
         return GLOBERROR("range overflow", 0, CURLE_URL_MALFORMAT);
 
-      /* fall-through */
+      /* FALLTHROUGH */
     case ',':
 
       *buf = '\0';
@@ -159,7 +157,7 @@ static CURLcode glob_set(URLGlob *glob, char **patternp,
         ++pattern;
         ++(*posp);
       }
-      /* intentional fallthrough */
+      /* FALLTHROUGH */
     default:
       *buf++ = *pattern++;              /* copy character to set element */
       ++(*posp);
diff --git a/tests/FILEFORMAT b/tests/FILEFORMAT
index d584ac163..135ded6c1 100644
--- a/tests/FILEFORMAT
+++ b/tests/FILEFORMAT
@@ -169,6 +169,7 @@ connection-monitor When used, this will log [DISCONNECT] to 
the server.input
                log when the connection is disconnected.
 upgrade        when an HTTP upgrade header is found, the server will upgrade
                to http2
+swsclose       instruct server to close connection after response
 
 For TFTP:
 writedelay: [secs] delay this amount between reply packets (each packet being
diff --git a/tests/data/DISABLED b/tests/data/DISABLED
index 11d54b463..69eeec50d 100644
--- a/tests/data/DISABLED
+++ b/tests/data/DISABLED
@@ -18,3 +18,5 @@
 1510
 # Pipelining test that is causing false positives a little too often
 1903
+# fnmatch differences are just too common to make testing them sensible
+1307
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 0f204ecbb..85f66db60 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -83,7 +83,7 @@ test617 test618 test619 test620 test621 test622 test623 
test624 test625 \
 test626 test627 test628 test629 test630 test631 test632 test633 test634 \
 test635 test636 test637 test638 test639 test640 test641 test642 \
 test643 test644 test645 test646 test647 test648 test649 test650 test651 \
-test652 test653 test654 test655 \
+test652 test653 test654 test655 test656 \
 \
 test700 test701 test702 test703 test704 test705 test706 test707 test708 \
 test709 test710 test711 test712 test713 test714 test715 \
@@ -127,7 +127,7 @@ test1120 test1121 test1122 test1123 test1124 test1125 
test1126 test1127 \
 test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \
 test1136 test1137 test1138                   test1141 test1142 test1143 \
 test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
-test1152 test1153 test1154 test1155 test1156 \
+test1152 test1153 test1154 test1155 test1156 test1157 test1158 \
 \
 test1160 test1161 test1162 test1163 test1164 \
 test1170 test1171 \
@@ -139,7 +139,8 @@ test1228 test1229 test1230 test1231 test1232 test1233 
test1234 test1235 \
 test1236 test1237 test1238 test1239 test1240 test1241 test1242 test1243 \
 test1244 test1245 test1246 test1247 test1248 test1249 test1250 test1251 \
 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
-test1260 test1261 test1262 test1263 test1264 test1265 \
+test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 \
+test1268 \
 \
 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
 test1288 test1289 test1290 test1291 test1292 \
@@ -170,7 +171,7 @@ test1500 test1501 test1502 test1503 test1504 test1505 
test1506 test1507 \
 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
 test1516 test1517 \
 \
-test1520 test1521 \
+test1520 test1521 test1522 \
 \
 test1525 test1526 test1527 test1528 test1529 test1530 test1531 test1532 \
 test1533 test1534 test1535 test1536 test1537 test1538 \
diff --git a/tests/data/test1105 b/tests/data/test1105
index 4b5e0c836..782044583 100644
--- a/tests/data/test1105
+++ b/tests/data/test1105
@@ -58,8 +58,8 @@ userid=myname&password=mypassword
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-127.0.0.1      FALSE   /we/want/       FALSE   0       foobar  name
 127.0.0.1      FALSE   "/silly/"       FALSE   0       mismatch        this
+127.0.0.1      FALSE   /we/want/       FALSE   0       foobar  name
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test1133 b/tests/data/test1133
index b8ed56b2d..d71155eda 100644
--- a/tests/data/test1133
+++ b/tests/data/test1133
@@ -26,10 +26,10 @@ http
 HTTP RFC1867-type formposting with filename/data contains ',', ';', '"'
  </name>
  <command>
-http://%HOSTIP:%HTTPPORT/we/want/1133 -F 
"address@hidden"log/test1133,a\\\"nd;.txt\";type=mo/foo;filename=\"faker,and;.txt\""
 -F 'file2=@"log/test1133,a\"nd;.txt"' -F 
'file3=@"log/test1133,a\"nd;.txt";type=m/f,"log/test1133,a\"nd;.txt"' -F 
a="{\"field1\":\"value1\",\"field2\":\"value2\"}" -F 'b=" 
\\value1;type=\"whatever\" "; type=text/foo; charset=utf-8 ; filename=param_b'
+http://%HOSTIP:%HTTPPORT/we/want/1133 -F 
"address@hidden"log/test1133,and;.txt\";type=mo/foo;filename=\"faker,and;.txt\""
 -F 'file2=@"log/test1133,and;.txt"' -F 
'file3=@"log/test1133,and;.txt";type=m/f,"log/test1133,and;.txt"' -F 
a="{\"field1\":\"value1\",\"field2\":\"value2\"}" -F 'b=" 
\\value1;type=\"whatever\" "; type=text/foo; charset=utf-8 ; filename=param_b'
 </command>
 # We create this file before the command is invoked!
-<file name=log/test1133,a"nd;.txt>
+<file name=log/test1133,and;.txt>
 foo bar
 This is a bar foo
 bar
@@ -47,7 +47,7 @@ POST /we/want/1133 HTTP/1.1
 User-Agent: curl/7.10.4 (i686-pc-linux-gnu) libcurl/7.10.4 OpenSSL/0.9.7a ipv6 
zlib/1.1.3
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
-Content-Length: 1270
+Content-Length: 1264
 Expect: 100-continue
 Content-Type: multipart/form-data; 
boundary=----------------------------24e78000bd32
 
@@ -61,7 +61,7 @@ bar
 foo
 
 ------------------------------24e78000bd32
-Content-Disposition: form-data; name="file2"; filename="test1133,a\"nd;.txt"
+Content-Disposition: form-data; name="file2"; filename="test1133,and;.txt"
 Content-Type: text/plain
 
 foo bar
@@ -73,7 +73,7 @@ foo
 Content-Disposition: form-data; name="file3"
 Content-Type: multipart/mixed; 
boundary=----------------------------7f0e85a48b0b
 
-Content-Disposition: attachment; filename="test1133,a\"nd;.txt"
+Content-Disposition: attachment; filename="test1133,and;.txt"
 Content-Type: m/f
 
 foo bar
@@ -81,7 +81,7 @@ This is a bar foo
 bar
 foo
 
-Content-Disposition: attachment; filename="test1133,a\"nd;.txt"
+Content-Disposition: attachment; filename="test1133,and;.txt"
 Content-Type: text/plain
 
 foo bar
diff --git a/tests/data/test1136 b/tests/data/test1136
index 2030bd271..e18a92325 100644
--- a/tests/data/test1136
+++ b/tests/data/test1136
@@ -56,9 +56,9 @@ http://www.example.ck/1136 http://www.ck/1136 
http://z-1.compute-1.amazonaws.com
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
+.z-1.compute-1.amazonaws.com   TRUE    /       FALSE   0       test5   
forbidden5
 .www.ck        TRUE    /       FALSE   0       test4   allowed4
 .www.example.ck        TRUE    /       FALSE   0       test2   allowed2
-.z-1.compute-1.amazonaws.com   TRUE    /       FALSE   0       test5   
forbidden5
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test1143 b/tests/data/test1143
index 4f2f4435a..7776cfa87 100644
--- a/tests/data/test1143
+++ b/tests/data/test1143
@@ -28,6 +28,11 @@ HTTP URL with http:/ (one slash!)
  <command>
 http:/%HOSTIP:%HTTPPORT/want/1143
 </command>
+<setenv>
+# Needed for MSYS2 to not treat the argument as a POSIX path list
+# that has to be converted to Windows paths
+MSYS2_ARG_CONV_EXCL=http:/
+</setenv>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1148 b/tests/data/test1148
index f483bcd53..ba498698a 100644
--- a/tests/data/test1148
+++ b/tests/data/test1148
@@ -37,6 +37,9 @@ progress-bar
  <command>
 http://%HOSTIP:%HTTPPORT/1148 -# --stderr log/stderrlog1148
 </command>
+<precheck>
+perl -e '$ENV{"LC_NUMERIC"} = "en_US.UTF-8"; print "Test requires point as 
decimal separator" if system("./libtest/chkdecimalpoint");'
+</precheck>
 <setenv>
 LC_ALL=
 LC_NUMERIC=en_US.UTF-8
@@ -56,7 +59,7 @@ Accept: */*
 </protocol>
 # This allows the last 4 letters of the bar to get updated without it
 # matters. We're mostly checking the width of it anyway.
-<file name="log/stderrlog1148">
+<file name="log/stderrlog1148" mode="text">
 
bar 100.0%
 </file>
 <stripfile>
diff --git a/tests/data/test1151 b/tests/data/test1151
index 08658d8db..d793944c3 100644
--- a/tests/data/test1151
+++ b/tests/data/test1151
@@ -53,14 +53,14 @@ Host: %HOSTIP:%HTTPPORT
 Accept: */*
 
 </protocol>
-<file name="log/cookies1151.txt">
+<file name="log/cookies1151.txt" mode="text">
 # Netscape HTTP Cookie File
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-127.0.0.1      FALSE   /       FALSE   0       foobar  name
-127.0.0.1      FALSE   /       FALSE   0       
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 [...]
 127.0.0.1      FALSE   /       FALSE   0       
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
 [...]
+127.0.0.1      FALSE   /       FALSE   0       
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 [...]
+127.0.0.1      FALSE   /       FALSE   0       foobar  name
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test1155 b/tests/data/test1155
index 0eae2a9d4..9bf325460 100644
--- a/tests/data/test1155
+++ b/tests/data/test1155
@@ -43,7 +43,7 @@ Host: %HOSTIP:%HTTPPORT
 Accept: */*
 
 </protocol>
-<file name="log/cookies1155.txt">
+<file name="log/cookies1155.txt" mode="text">
 # Netscape HTTP Cookie File
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
diff --git a/tests/data/test260 b/tests/data/test1157
similarity index 81%
copy from tests/data/test260
copy to tests/data/test1157
index 589e86e8a..b0bbf244f 100644
--- a/tests/data/test260
+++ b/tests/data/test1157
@@ -3,6 +3,7 @@
 <keywords>
 HTTP
 HTTP GET
+-H
 </keywords>
 </info>
 
@@ -32,10 +33,12 @@ Funny-head: yesyes
 http
 </server>
  <name>
-HTTP GET URL without slash but with questionmark
+Get -H headers from empty file
  </name>
+<file name="log/heads1157.txt">
+</file>
  <command>
-"http://%HOSTIP:%HTTPPORT?260";
+http://%HOSTIP:%HTTPPORT/1157 -H @log/heads1157.txt
 </command>
 </client>
 
@@ -46,7 +49,7 @@ HTTP GET URL without slash but with questionmark
 ^User-Agent:.*
 </strip>
 <protocol>
-GET /?260 HTTP/1.1
+GET /1157 HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
 
diff --git a/tests/data/test1133 b/tests/data/test1158
similarity index 55%
copy from tests/data/test1133
copy to tests/data/test1158
index b8ed56b2d..62adc579d 100644
--- a/tests/data/test1133
+++ b/tests/data/test1158
@@ -22,14 +22,17 @@ blablabla
 <server>
 http
 </server>
- <name>
-HTTP RFC1867-type formposting with filename/data contains ',', ';', '"'
- </name>
- <command>
-http://%HOSTIP:%HTTPPORT/we/want/1133 -F 
"address@hidden"log/test1133,a\\\"nd;.txt\";type=mo/foo;filename=\"faker,and;.txt\""
 -F 'file2=@"log/test1133,a\"nd;.txt"' -F 
'file3=@"log/test1133,a\"nd;.txt";type=m/f,"log/test1133,a\"nd;.txt"' -F 
a="{\"field1\":\"value1\",\"field2\":\"value2\"}" -F 'b=" 
\\value1;type=\"whatever\" "; type=text/foo; charset=utf-8 ; filename=param_b'
+<name>
+HTTP RFC1867-type formposting with filename containing '"'
+</name>
+<command>
+http://%HOSTIP:%HTTPPORT/we/want/1158 -F 
"address@hidden"log/test1158\\\".txt\";type=mo/foo;filename=\"test1158\\\".txt\""
 -F 'file2=@"log/test1158\".txt"' -F 
'file3=@"log/test1158\".txt";type=m/f,"log/test1158\".txt"'
 </command>
+<precheck>
+perl -e "print 'Test requires a system supporting double quotes in file names' 
if ($^O eq 'msys');"
+</precheck>
 # We create this file before the command is invoked!
-<file name=log/test1133,a"nd;.txt>
+<file name=log/test1158".txt>
 foo bar
 This is a bar foo
 bar
@@ -43,16 +46,15 @@ foo
 ^(User-Agent:|Content-Type: multipart/form-data;|Content-Type: 
multipart/mixed; boundary=|-------).*
 </strip>
 <protocol>
-POST /we/want/1133 HTTP/1.1
+POST /we/want/1158 HTTP/1.1
 User-Agent: curl/7.10.4 (i686-pc-linux-gnu) libcurl/7.10.4 OpenSSL/0.9.7a ipv6 
zlib/1.1.3
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
-Content-Length: 1270
-Expect: 100-continue
+Content-Length: 954
 Content-Type: multipart/form-data; 
boundary=----------------------------24e78000bd32
 
 ------------------------------24e78000bd32
-Content-Disposition: form-data; name="file"; filename="faker,and;.txt"
+Content-Disposition: form-data; name="file"; filename="test1158\".txt"
 Content-Type: mo/foo
 
 foo bar
@@ -61,7 +63,7 @@ bar
 foo
 
 ------------------------------24e78000bd32
-Content-Disposition: form-data; name="file2"; filename="test1133,a\"nd;.txt"
+Content-Disposition: form-data; name="file2"; filename="test1158\".txt"
 Content-Type: text/plain
 
 foo bar
@@ -73,7 +75,7 @@ foo
 Content-Disposition: form-data; name="file3"
 Content-Type: multipart/mixed; 
boundary=----------------------------7f0e85a48b0b
 
-Content-Disposition: attachment; filename="test1133,a\"nd;.txt"
+Content-Disposition: attachment; filename="test1158\".txt"
 Content-Type: m/f
 
 foo bar
@@ -81,7 +83,7 @@ This is a bar foo
 bar
 foo
 
-Content-Disposition: attachment; filename="test1133,a\"nd;.txt"
+Content-Disposition: attachment; filename="test1158\".txt"
 Content-Type: text/plain
 
 foo bar
@@ -90,13 +92,6 @@ bar
 foo
 
 
-Content-Disposition: form-data; name="a"
-
-{"field1":"value1","field2":"value2"}
-Content-Disposition: form-data; name="b"; filename="param_b"
-Content-Type: text/foo; charset=utf-8
-
- \value1;type="whatever" 
 ------------------------------24e78000bd32--
 </protocol>
 </verify>
diff --git a/tests/data/test1161 b/tests/data/test1161
index 179531314..ee6f1d04a 100644
--- a/tests/data/test1161
+++ b/tests/data/test1161
@@ -43,7 +43,7 @@ Host: %HOSTIP:%HTTPPORT
 Accept: */*
 
 </protocol>
-<file name="log/cookies1161.txt">
+<file name="log/cookies1161.txt" mode="text">
 # Netscape HTTP Cookie File
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
diff --git a/tests/data/test1164 b/tests/data/test1164
index 061e395cc..be83aa4f3 100644
--- a/tests/data/test1164
+++ b/tests/data/test1164
@@ -45,7 +45,7 @@ Host: %HOSTIP:%HTTPPORT
 Accept: */*
 
 </protocol>
-<stdout>
+<stdout mode="text">
 208
 </stdout>
 </verify>
diff --git a/tests/data/test1202 b/tests/data/test1202
index 37d270acb..6c91a774c 100644
--- a/tests/data/test1202
+++ b/tests/data/test1202
@@ -26,7 +26,7 @@ gopher
 Gopher query
  </name>
  <command>
-"gopher://%HOSTIP:%GOPHERPORT/7/the/search/engine?query%20succeeded/1202";
+"gopher://%HOSTIP:%GOPHERPORT/7/the/search/engine%09query%20succeeded/1202";
 </command>
 </client>
 
diff --git a/tests/data/test1216 b/tests/data/test1216
index 5beda797d..be0f5c77a 100644
--- a/tests/data/test1216
+++ b/tests/data/test1216
@@ -51,7 +51,7 @@ GET http://example.fake/c/1216 HTTP/1.1
 Host: example.fake
 Accept: */*
 Proxy-Connection: Keep-Alive
-Cookie: moo2=indeed; moo3=indeed
+Cookie: moo3=indeed; moo2=indeed
 
 GET http://bexample.fake/c/1216 HTTP/1.1
 Host: bexample.fake
diff --git a/tests/data/test37 b/tests/data/test1266
similarity index 71%
copy from tests/data/test37
copy to tests/data/test1266
index 768762300..75ed7bdc9 100644
--- a/tests/data/test37
+++ b/tests/data/test1266
@@ -1,16 +1,19 @@
 <testcase>
 <info>
 <keywords>
-HTTP
-HTTP GET
-FAILURE
+HTTP/0.9
 </keywords>
 </info>
+
 #
 # Server-side
 <reply>
 <data>
+o
 </data>
+<servercmd>
+swsclose
+</servercmd>
 </reply>
 
 #
@@ -20,28 +23,24 @@ FAILURE
 http
 </server>
  <name>
-HTTP GET with nothing returned from server
+HTTP GET with a single-byte HTTP/0.9 response
  </name>
  <command>
-http://%HOSTIP:%HTTPPORT/37
+http://%HOSTIP:%HTTPPORT/1266
 </command>
 </client>
 
 #
 # Verify data after the test has been "shot"
 <verify>
-<errorcode>
-52
-</errorcode>
 <strip>
 ^User-Agent:.*
 </strip>
 <protocol>
-GET /37 HTTP/1.1
+GET /1266 HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
 
 </protocol>
 </verify>
-
 </testcase>
diff --git a/tests/data/test37 b/tests/data/test1267
similarity index 70%
copy from tests/data/test37
copy to tests/data/test1267
index 768762300..8f2a63b78 100644
--- a/tests/data/test37
+++ b/tests/data/test1267
@@ -1,16 +1,19 @@
 <testcase>
 <info>
 <keywords>
-HTTP
-HTTP GET
-FAILURE
+HTTP/0.9
 </keywords>
 </info>
+
 #
 # Server-side
 <reply>
 <data>
+HTTPr
 </data>
+<servercmd>
+swsclose
+</servercmd>
 </reply>
 
 #
@@ -20,28 +23,24 @@ FAILURE
 http
 </server>
  <name>
-HTTP GET with nothing returned from server
+HTTP GET with a invalid HTTP/1 response line start
  </name>
  <command>
-http://%HOSTIP:%HTTPPORT/37
+http://%HOSTIP:%HTTPPORT/1267
 </command>
 </client>
 
 #
 # Verify data after the test has been "shot"
 <verify>
-<errorcode>
-52
-</errorcode>
 <strip>
 ^User-Agent:.*
 </strip>
 <protocol>
-GET /37 HTTP/1.1
+GET /1267 HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
 
 </protocol>
 </verify>
-
 </testcase>
diff --git a/tests/data/test1268 b/tests/data/test1268
new file mode 100644
index 000000000..c5fe5f749
--- /dev/null
+++ b/tests/data/test1268
@@ -0,0 +1,41 @@
+<testcase>
+<info>
+<keywords>
+warning
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unix-sockets
+</features>
+ <name>
+file name argument looks like a flag
+ </name>
+ <command>
+--stderr log/moo1268 --unix-socket -k hej://moo
+</command>
+</client>
+
+<verify>
+<file name="log/moo1268" mode="text">
+Warning: The file name argument '-k' looks like a flag.
+curl: (1) Protocol "hej" not supported or disabled in libcurl
+</file>
+
+# we expect an error since we provide a weird URL
+<errorcode>
+1
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test1415 b/tests/data/test1415
index 560440407..f5660ba66 100644
--- a/tests/data/test1415
+++ b/tests/data/test1415
@@ -66,10 +66,10 @@ Proxy-Connection: Keep-Alive
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-.example.com   TRUE    /       FALSE   0       test1value      test1
-.example.com   TRUE    /       FALSE   2114380800      test2value      test2
-.example.com   TRUE    /       FALSE   2114380800      test4value      test4
 .example.com   TRUE    /       FALSE   2114380800      test7value      test7
+.example.com   TRUE    /       FALSE   2114380800      test4value      test4
+.example.com   TRUE    /       FALSE   2114380800      test2value      test2
+.example.com   TRUE    /       FALSE   0       test1value      test1
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test1422 b/tests/data/test1422
index df9d750dd..cbb2d63bc 100644
--- a/tests/data/test1422
+++ b/tests/data/test1422
@@ -28,6 +28,7 @@ Content-Disposition: filename=name1422; charset=funny; 
option=str//nge
 # -O and -J output in, using the CURL_TESTDIR variable
 <features>
 debug
+file
 </features>
 <server>
 http
diff --git a/tests/data/test1446 b/tests/data/test1446
index 7d5ec9fc2..96d634e1c 100644
--- a/tests/data/test1446
+++ b/tests/data/test1446
@@ -24,7 +24,7 @@ perl %SRCDIR/libtest/test613.pl prepare %PWD/log/test1446.dir
 SFTP with --remote-time
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/test1446.dir/rofile.txt --insecure --remote-time
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test1446.dir/rofile.txt --insecure 
--remote-time
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test613.pl postprocess %PWD/log/test1446.dir && \
diff --git a/tests/data/test1 b/tests/data/test1522
similarity index 69%
copy from tests/data/test1
copy to tests/data/test1522
index 7c0e1602a..91d6a33a2 100644
--- a/tests/data/test1
+++ b/tests/data/test1522
@@ -1,15 +1,13 @@
 <testcase>
 <info>
 <keywords>
-HTTP
-HTTP GET
+CURLINFO_SIZE_UPLOAD
 </keywords>
 </info>
 
-#
 # Server-side
 <reply>
-<data>
+<data nocheck="yes">
 HTTP/1.1 200 OK
 Date: Thu, 09 Nov 2010 14:49:00 GMT
 Server: test-server/fake
@@ -24,32 +22,32 @@ Funny-head: yesyes
 -foo-
 </data>
 </reply>
-
 #
 # Client-side
 <client>
 <server>
 http
 </server>
- <name>
-HTTP GET
- </name>
- <command>
-http://%HOSTIP:%HTTPPORT/1
+<tool>
+lib1522
+</tool>
+
+<name>
+CURLINFO_SIZE_UPLOAD with small SO_SNDBUF
+</name>
+
+<command>
+http://%HOSTIP:%HTTPPORT/1522
 </command>
 </client>
 
 #
 # Verify data after the test has been "shot"
 <verify>
-<strip>
-^User-Agent:.*
-</strip>
-<protocol>
-GET /1 HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-Accept: */*
-
-</protocol>
+<stdout>
+-foo-
+uploadSize = 40960
+!!!!!!!!!! PASS
+</stdout>
 </verify>
 </testcase>
diff --git a/tests/data/test1554 b/tests/data/test1554
index 06f189724..be48e02eb 100644
--- a/tests/data/test1554
+++ b/tests/data/test1554
@@ -38,8 +38,6 @@ run 1: foobar and so on fun!
 <- Mutex unlock
 -> Mutex lock
 <- Mutex unlock
--> Mutex lock
-<- Mutex unlock
 run 1: foobar and so on fun!
 -> Mutex lock
 <- Mutex unlock
@@ -49,8 +47,6 @@ run 1: foobar and so on fun!
 <- Mutex unlock
 -> Mutex lock
 <- Mutex unlock
--> Mutex lock
-<- Mutex unlock
 run 1: foobar and so on fun!
 -> Mutex lock
 <- Mutex unlock
@@ -58,8 +54,6 @@ run 1: foobar and so on fun!
 <- Mutex unlock
 -> Mutex lock
 <- Mutex unlock
--> Mutex lock
-<- Mutex unlock
 </datacheck>
 </reply>
 
diff --git a/tests/data/test2004 b/tests/data/test2004
index 8035183bb..4773f6903 100644
--- a/tests/data/test2004
+++ b/tests/data/test2004
@@ -30,7 +30,7 @@ sftp
 TFTP RRQ followed by SFTP retrieval followed by FILE followed by SCP retrieval 
then again in reverse order
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
tftp://%HOSTIP:%TFTPPORT//2004 sftp://%HOSTIP:%SSHPORT%PWD/log/test2004.txt 
file://localhost/%PWD/log/test2004.txt 
scp://%HOSTIP:%SSHPORT%PWD/log/test2004.txt 
file://localhost/%PWD/log/test2004.txt 
sftp://%HOSTIP:%SSHPORT%PWD/log/test2004.txt tftp://%HOSTIP:%TFTPPORT//2004 
--insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
tftp://%HOSTIP:%TFTPPORT//2004 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt 
file://localhost/%PWD/log/test2004.txt 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt 
file://localhost/%PWD/log/test2004.txt 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test2004.txt 
tftp://%HOSTIP:%TFTPPORT//2004 --insecure
 </command>
 <file name="log/test2004.txt">
 This is test data
diff --git a/tests/data/test2072 b/tests/data/test2072
index 0d2489ff1..cd26f22bd 100644
--- a/tests/data/test2072
+++ b/tests/data/test2072
@@ -27,7 +27,7 @@ file:// with unix path resolution behavior for the case of 
extra slashes
 file:////%PWD/log/test2072.txt
 </command>
 <precheck>
-perl -e "print 'Test requires a unix system' if ( $^O eq 'MSWin32' || $^O eq 
'cygwin' || $^O eq 'dos');"
+perl -e "print 'Test requires a unix system' if ( $^O eq 'MSWin32' || $^O eq 
'cygwin' || $^O eq 'dos' || $^O eq 'msys');"
 </precheck>
 <file name="log/test2072.txt">
 foo
diff --git a/tests/data/test214 b/tests/data/test214
index a9b8fcd07..930182f5d 100644
--- a/tests/data/test214
+++ b/tests/data/test214
@@ -31,6 +31,10 @@ HTTP URL with escaped { and }
 <command>
 "http://%HOSTIP:%HTTPPORT/\{\}\/214";
 </command>
+<setenv>
+# Needed for MSYS2 to not convert all backslashes to forward slashes
+MSYS2_ARG_CONV_EXCL=http://
+</setenv>
 </client>
 
 #
diff --git a/tests/data/test31 b/tests/data/test31
index 54e360a46..78f3766e9 100644
--- a/tests/data/test31
+++ b/tests/data/test31
@@ -100,38 +100,38 @@ Accept: */*
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-127.0.0.1      FALSE   /silly/ FALSE   0       ismatch this
-127.0.0.1      FALSE   /overwrite      FALSE   0       overwrite       this2
-127.0.0.1      FALSE   /secure1/       TRUE    0       sec1value       secure1
-127.0.0.1      FALSE   /secure2/       TRUE    0       sec2value       secure2
-127.0.0.1      FALSE   /secure3/       TRUE    0       sec3value       secure3
-127.0.0.1      FALSE   /secure4/       TRUE    0       sec4value       secure4
-127.0.0.1      FALSE   /secure5/       TRUE    0       sec5value       secure5
-127.0.0.1      FALSE   /secure6/       TRUE    0       sec6value       secure6
-127.0.0.1      FALSE   /secure7/       TRUE    0       sec7value       secure7
-127.0.0.1      FALSE   /secure8/       TRUE    0       sec8value       secure8
-127.0.0.1      FALSE   /secure9/       TRUE    0       secure  very1
-#HttpOnly_127.0.0.1    FALSE   /p1/    FALSE   0       httpo1  value1
-#HttpOnly_127.0.0.1    FALSE   /p2/    FALSE   0       httpo2  value2
-#HttpOnly_127.0.0.1    FALSE   /p3/    FALSE   0       httpo3  value3
-#HttpOnly_127.0.0.1    FALSE   /p4/    FALSE   0       httpo4  value4
-#HttpOnly_127.0.0.1    FALSE   /p4/    FALSE   0       httponly        myvalue1
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec      myvalue2
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec2     myvalue3
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec3     myvalue4
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec4     myvalue5
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec5     myvalue6
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec6     myvalue7
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec7     myvalue8
-#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec8     myvalue9
-127.0.0.1      FALSE   /       FALSE   0       partmatch       present
-127.0.0.1      FALSE   /we/want/       FALSE   2054030187      nodomain        
value
-#HttpOnly_127.0.0.1    FALSE   /silly/ FALSE   0       magic   yessir
-127.0.0.1      FALSE   /we/want/       FALSE   0       blexp   yesyes
-127.0.0.1      FALSE   /we/want/       FALSE   0       withspaces      yes  
within and around
-127.0.0.1      FALSE   /we/want/       FALSE   0       withspaces2     before 
equals
-127.0.0.1      FALSE   /we/want/       FALSE   0       prespace        yes 
before
 127.0.0.1      FALSE   /we/want/       TRUE    0       securewithspace after
+127.0.0.1      FALSE   /we/want/       FALSE   0       prespace        yes 
before
+127.0.0.1      FALSE   /we/want/       FALSE   0       withspaces2     before 
equals
+127.0.0.1      FALSE   /we/want/       FALSE   0       withspaces      yes  
within and around
+127.0.0.1      FALSE   /we/want/       FALSE   0       blexp   yesyes
+#HttpOnly_127.0.0.1    FALSE   /silly/ FALSE   0       magic   yessir
+127.0.0.1      FALSE   /we/want/       FALSE   2054030187      nodomain        
value
+127.0.0.1      FALSE   /       FALSE   0       partmatch       present
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec8     myvalue9
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec7     myvalue8
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec6     myvalue7
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec5     myvalue6
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec4     myvalue5
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec3     myvalue4
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec2     myvalue3
+#HttpOnly_127.0.0.1    FALSE   /p4/    TRUE    0       httpandsec      myvalue2
+#HttpOnly_127.0.0.1    FALSE   /p4/    FALSE   0       httponly        myvalue1
+#HttpOnly_127.0.0.1    FALSE   /p4/    FALSE   0       httpo4  value4
+#HttpOnly_127.0.0.1    FALSE   /p3/    FALSE   0       httpo3  value3
+#HttpOnly_127.0.0.1    FALSE   /p2/    FALSE   0       httpo2  value2
+#HttpOnly_127.0.0.1    FALSE   /p1/    FALSE   0       httpo1  value1
+127.0.0.1      FALSE   /secure9/       TRUE    0       secure  very1
+127.0.0.1      FALSE   /secure8/       TRUE    0       sec8value       secure8
+127.0.0.1      FALSE   /secure7/       TRUE    0       sec7value       secure7
+127.0.0.1      FALSE   /secure6/       TRUE    0       sec6value       secure6
+127.0.0.1      FALSE   /secure5/       TRUE    0       sec5value       secure5
+127.0.0.1      FALSE   /secure4/       TRUE    0       sec4value       secure4
+127.0.0.1      FALSE   /secure3/       TRUE    0       sec3value       secure3
+127.0.0.1      FALSE   /secure2/       TRUE    0       sec2value       secure2
+127.0.0.1      FALSE   /secure1/       TRUE    0       sec1value       secure1
+127.0.0.1      FALSE   /overwrite      FALSE   0       overwrite       this2
+127.0.0.1      FALSE   /silly/ FALSE   0       ismatch this
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test320 b/tests/data/test320
index 4b6f833ac..457a11eb2 100644
--- a/tests/data/test320
+++ b/tests/data/test320
@@ -58,7 +58,7 @@ simple TLS-SRP HTTPS GET, check user in response
 <verify>
 <protocol>
 </protocol>
-<file name="log/curl320.out" mode="text">
+<file name="log/curl320.out">
 HTTP/1.0 200 OK
 Content-type: text/html
 
diff --git a/tests/data/test46 b/tests/data/test46
index 64a7b86e4..5d849df75 100644
--- a/tests/data/test46
+++ b/tests/data/test46
@@ -74,16 +74,16 @@ Cookie: empty=; mooo2=indeed2; mooo=indeed
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-www.fake.come  FALSE   /       FALSE   2022144953      cookiecliente   si
-domain..tld    FALSE   /       FALSE   2139150993      mooo    indeed
-#HttpOnly_domain..tld  FALSE   /want   FALSE   2139150993      mooo2   indeed2
-domain..tld    FALSE   /want   FALSE   0       empty   
-domain..tld    FALSE   /       FALSE   2054030187      ckyPersistent   
permanent
-domain..tld    FALSE   /       FALSE   0       ckySession      temporary
-domain..tld    FALSE   /       FALSE   0       ASPSESSIONIDQGGQQSJJ    
GKNBDIFAAOFDPDAIEAKDIBKE
-domain..tld    FALSE   /       FALSE   0       justaname       
 domain..tld    FALSE   /want/  FALSE   0       simplyhuge      
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
 [...]
+domain..tld    FALSE   /       FALSE   0       justaname       
+domain..tld    FALSE   /       FALSE   0       ASPSESSIONIDQGGQQSJJ    
GKNBDIFAAOFDPDAIEAKDIBKE
+domain..tld    FALSE   /       FALSE   0       ckySession      temporary
+domain..tld    FALSE   /       FALSE   2054030187      ckyPersistent   
permanent
+domain..tld    FALSE   /want   FALSE   0       empty   
+#HttpOnly_domain..tld  FALSE   /want   FALSE   2139150993      mooo2   indeed2
+domain..tld    FALSE   /       FALSE   2139150993      mooo    indeed
 www.loser.com  FALSE   /       FALSE   2139150993      UID     99
+www.fake.come  FALSE   /       FALSE   2022144953      cookiecliente   si
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test506 b/tests/data/test506
index cd1a7dfc2..30f4aa9c0 100644
--- a/tests/data/test506
+++ b/tests/data/test506
@@ -205,14 +205,14 @@ lock:   cookie [Pigs in space]: 86
 unlock: cookie [Pigs in space]: 87
 loaded cookies:
 -----------------
-  .host.foo.com        TRUE    /       FALSE   1896263787      injected        
yes
-  .foo.com     TRUE    /       FALSE   1993463787      test1   overwritten1
-  .host.foo.com        TRUE    /       FALSE   1896263787      test2   two
-  .foo.com     TRUE    /       FALSE   1896263787      test3   three
-  .host.foo.com        TRUE    /       FALSE   2061978987      test4   
overwritten4
-  .host.foo.com        TRUE    /       FALSE   1896263787      test5   five
-  .www.host.foo.com    TRUE    /       FALSE   1993463787      test6   six
   www.host.foo.com     FALSE   /       FALSE   1993463787      test6   six_more
+  .www.host.foo.com    TRUE    /       FALSE   1993463787      test6   six
+  .host.foo.com        TRUE    /       FALSE   1896263787      test5   five
+  .host.foo.com        TRUE    /       FALSE   2061978987      test4   
overwritten4
+  .foo.com     TRUE    /       FALSE   1896263787      test3   three
+  .host.foo.com        TRUE    /       FALSE   1896263787      test2   two
+  .foo.com     TRUE    /       FALSE   1993463787      test1   overwritten1
+  .host.foo.com        TRUE    /       FALSE   1896263787      injected        
yes
 -----------------
 try SHARE_CLEANUP...
 lock:   share  [Pigs in space]: 88
@@ -236,14 +236,14 @@ http://%HOSTIP:%HTTPPORT/506
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-.host.foo.com  TRUE    /       FALSE   1896263787      injected        yes
-.foo.com       TRUE    /       FALSE   1993463787      test1   overwritten1
-.host.foo.com  TRUE    /       FALSE   1896263787      test2   two
-.foo.com       TRUE    /       FALSE   1896263787      test3   three
-.host.foo.com  TRUE    /       FALSE   2061978987      test4   overwritten4
-.host.foo.com  TRUE    /       FALSE   1896263787      test5   five
-.www.host.foo.com      TRUE    /       FALSE   1993463787      test6   six
 www.host.foo.com       FALSE   /       FALSE   1993463787      test6   six_more
+.www.host.foo.com      TRUE    /       FALSE   1993463787      test6   six
+.host.foo.com  TRUE    /       FALSE   1896263787      test5   five
+.host.foo.com  TRUE    /       FALSE   2061978987      test4   overwritten4
+.foo.com       TRUE    /       FALSE   1896263787      test3   three
+.host.foo.com  TRUE    /       FALSE   1896263787      test2   two
+.foo.com       TRUE    /       FALSE   1993463787      test1   overwritten1
+.host.foo.com  TRUE    /       FALSE   1896263787      injected        yes
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test582 b/tests/data/test582
index 64c32dbf9..65d85b232 100644
--- a/tests/data/test582
+++ b/tests/data/test582
@@ -24,7 +24,7 @@ lib582
 SFTP upload using multi interface
  </name>
  <command>
-Sftp://%HOSTIP:%SSHPORT%PWD/log/upload582.txt %PWD/log/file582.txt %USER:
+Sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/upload582.txt %PWD/log/file582.txt %USER:
 </command>
 <file name="log/file582.txt">
 Moooooooooooo
diff --git a/tests/data/test583 b/tests/data/test583
index 6ad7f7d0f..2c41ca1d2 100644
--- a/tests/data/test583
+++ b/tests/data/test583
@@ -29,7 +29,7 @@ SFTP with multi interface, remove handle early
 # name resolve will cause it to return rather quickly and thus we could trigger
 # the problem we're looking to verify.
  <command>
-sftp://localhost:%SSHPORT%PWD/log/upload583.txt %USER:
+sftp://localhost:%SSHPORT%POSIX_PWD/log/upload583.txt %USER:
 </command>
 </client>
 
diff --git a/tests/data/test600 b/tests/data/test600
index 1f3f6011c..2a139b817 100644
--- a/tests/data/test600
+++ b/tests/data/test600
@@ -24,7 +24,7 @@ sftp
 SFTP retrieval
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file600.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file600.txt --insecure
 </command>
 <file name="log/file600.txt">
 Test data
diff --git a/tests/data/test601 b/tests/data/test601
index 8e765a8ec..544a88068 100644
--- a/tests/data/test601
+++ b/tests/data/test601
@@ -24,7 +24,7 @@ scp
 SCP retrieval
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%PWD/log/file601.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file601.txt --insecure
 </command>
 <file name="log/file601.txt">
 Test data
diff --git a/tests/data/test602 b/tests/data/test602
index 6b75feb63..6bb0df3f4 100644
--- a/tests/data/test602
+++ b/tests/data/test602
@@ -21,7 +21,7 @@ sftp
 SFTP put
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file602.txt sftp://%HOSTIP:%SSHPORT%PWD/log/upload.602 --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file602.txt sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/upload.602 --insecure
 </command>
 <file name="log/file602.txt">
 Test data
diff --git a/tests/data/test603 b/tests/data/test603
index efa7d2ed0..879e4c0f7 100644
--- a/tests/data/test603
+++ b/tests/data/test603
@@ -21,7 +21,7 @@ scp
 SCP upload
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file603.txt scp://%HOSTIP:%SSHPORT%PWD/log/upload.603 --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file603.txt scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/upload.603 --insecure
 </command>
 <file name="log/file603.txt">
 Test data
diff --git a/tests/data/test604 b/tests/data/test604
index 566086e10..f76a7fb23 100644
--- a/tests/data/test604
+++ b/tests/data/test604
@@ -16,7 +16,7 @@ sftp
 SFTP retrieval of nonexistent file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/not-a-valid-file-moooo --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/not-a-valid-file-moooo --insecure
 </command>
 </client>
 
diff --git a/tests/data/test605 b/tests/data/test605
index 94329a528..a18ab2997 100644
--- a/tests/data/test605
+++ b/tests/data/test605
@@ -16,7 +16,7 @@ scp
 SCP retrieval of nonexistent file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%PWD/not-a-valid-file-moooo --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/not-a-valid-file-moooo --insecure
 </command>
 </client>
 
diff --git a/tests/data/test606 b/tests/data/test606
index 80a82e9a9..37e21086c 100644
--- a/tests/data/test606
+++ b/tests/data/test606
@@ -16,7 +16,7 @@ sftp
 SFTP invalid user login
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u not-a-valid-user: 
sftp://%HOSTIP:%SSHPORT%PWD/not-a-valid-file-moooo --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u not-a-valid-user: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/not-a-valid-file-moooo --insecure
 </command>
 </client>
 
diff --git a/tests/data/test607 b/tests/data/test607
index e34098743..e42245151 100644
--- a/tests/data/test607
+++ b/tests/data/test607
@@ -16,7 +16,7 @@ scp
 SCP invalid user login
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u not-a-valid-user: 
scp://%HOSTIP:%SSHPORT%PWD/not-a-valid-file-moooo --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u not-a-valid-user: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/not-a-valid-file-moooo --insecure
 </command>
 </client>
 
diff --git a/tests/data/test608 b/tests/data/test608
index c904bff9f..86391f085 100644
--- a/tests/data/test608
+++ b/tests/data/test608
@@ -24,7 +24,7 @@ sftp
 SFTP post-quote rename
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-rename 
%PWD/log/file608.txt %PWD/log/file608-renamed.txt" 
sftp://%HOSTIP:%SSHPORT%PWD/log/file608.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-rename 
%PWD/log/file608.txt %PWD/log/file608-renamed.txt" 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file608.txt --insecure
 </command>
 # Verify that the file was renamed properly, then rename the file back to what
 # it was so the verify section works and the file can be cleaned up.
diff --git a/tests/data/test609 b/tests/data/test609
index 59a217520..4a9da1a94 100644
--- a/tests/data/test609
+++ b/tests/data/test609
@@ -25,7 +25,7 @@ sftp
 SFTP post-quote mkdir failure
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-mkdir 
%PWD/log/file609.txt" sftp://%HOSTIP:%SSHPORT%PWD/log/file609.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-mkdir 
%PWD/log/file609.txt" sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file609.txt 
--insecure
 </command>
 <file name="log/file609.txt">
 Test file for mkdir test
diff --git a/tests/data/test61 b/tests/data/test61
index 74b8f6428..784163fa9 100644
--- a/tests/data/test61
+++ b/tests/data/test61
@@ -65,9 +65,9 @@ Accept: */*
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-#HttpOnly_.foo.com     TRUE    /we/want/       FALSE   2054030187      test    
yes
-.host.foo.com  TRUE    /we/want/       FALSE   2054030187      test2   yes
 .foo.com       TRUE    /moo    TRUE    0       test3   maybe
+.host.foo.com  TRUE    /we/want/       FALSE   2054030187      test2   yes
+#HttpOnly_.foo.com     TRUE    /we/want/       FALSE   2054030187      test    
yes
 </file>
 </verify>
 </testcase>
diff --git a/tests/data/test610 b/tests/data/test610
index a7c2ce389..179146419 100644
--- a/tests/data/test610
+++ b/tests/data/test610
@@ -27,7 +27,7 @@ perl %SRCDIR/libtest/test610.pl mkdir %PWD/log/test610.dir
 SFTP post-quote rmdir
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-rmdir 
%PWD/log/test610.dir" sftp://%HOSTIP:%SSHPORT%PWD/log/file610.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-rmdir 
%PWD/log/test610.dir" sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file610.txt 
--insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test610.pl gone %PWD/log/test610.dir
diff --git a/tests/data/test611 b/tests/data/test611
index bfdddde3a..f40a4bda3 100644
--- a/tests/data/test611
+++ b/tests/data/test611
@@ -27,7 +27,7 @@ perl %SRCDIR/libtest/test610.pl mkdir %PWD/log/test611.dir
 SFTP post-quote rename
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-rename 
%PWD/log/test611.dir %PWD/log/test611.new" 
sftp://%HOSTIP:%SSHPORT%PWD/log/file611.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-rename 
%PWD/log/test611.dir %PWD/log/test611.new" 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file611.txt --insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test610.pl rmdir %PWD/log/test611.new
diff --git a/tests/data/test612 b/tests/data/test612
index a8f2a5c0b..4fed660d7 100644
--- a/tests/data/test612
+++ b/tests/data/test612
@@ -24,7 +24,7 @@ sftp
 SFTP post-quote remove file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file612.txt -Q "-rm %PWD/log/file612.txt" 
sftp://%HOSTIP:%SSHPORT%PWD/log/upload.612  --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file612.txt -Q "-rm %PWD/log/file612.txt" 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/upload.612  --insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test610.pl gone %PWD/log/test612.txt
diff --git a/tests/data/test613 b/tests/data/test613
index 9b0b3fd35..c4d82fbf0 100644
--- a/tests/data/test613
+++ b/tests/data/test613
@@ -31,7 +31,7 @@ perl %SRCDIR/libtest/test613.pl prepare %PWD/log/test613.dir
 SFTP directory retrieval
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/test613.dir/ --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test613.dir/ --insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test613.pl postprocess %PWD/log/test613.dir 
%PWD/log/curl613.out
diff --git a/tests/data/test614 b/tests/data/test614
index 2184a22cf..bcc07275e 100644
--- a/tests/data/test614
+++ b/tests/data/test614
@@ -32,7 +32,7 @@ perl %SRCDIR/libtest/test613.pl prepare %PWD/log/test614.dir
 SFTP pre-quote chmod
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "chmod 444 
%PWD/log/test614.dir/plainfile.txt" 
sftp://%HOSTIP:%SSHPORT%PWD/log/test614.dir/ --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "chmod 444 
%PWD/log/test614.dir/plainfile.txt" 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test614.dir/ --insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test613.pl postprocess %PWD/log/test614.dir 
%PWD/log/curl614.out
diff --git a/tests/data/test615 b/tests/data/test615
index abe9902a3..7c50a28b1 100644
--- a/tests/data/test615
+++ b/tests/data/test615
@@ -20,7 +20,7 @@ perl %SRCDIR/libtest/test613.pl prepare %PWD/log/test615.dir
 SFTP put remote failure
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file615.txt sftp://%HOSTIP:%SSHPORT%PWD/log/test615.dir/rofile.txt 
--insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file615.txt sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test615.dir/rofile.txt 
--insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test613.pl postprocess %PWD/log/test615.dir
diff --git a/tests/data/test616 b/tests/data/test616
index a6a225de9..5b464b06d 100644
--- a/tests/data/test616
+++ b/tests/data/test616
@@ -23,7 +23,7 @@ sftp
 SFTP retrieval of empty file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file616.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file616.txt --insecure
 </command>
 <file name="log/file616.txt">
 </file>
diff --git a/tests/data/test617 b/tests/data/test617
index 4b183e4f0..21c1e3b3e 100644
--- a/tests/data/test617
+++ b/tests/data/test617
@@ -23,7 +23,7 @@ scp
 SCP retrieval of empty file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%PWD/log/file617.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file617.txt --insecure
 </command>
 <file name="log/file617.txt">
 </file>
diff --git a/tests/data/test618 b/tests/data/test618
index d545d6282..23f03ac68 100644
--- a/tests/data/test618
+++ b/tests/data/test618
@@ -15,7 +15,7 @@ sftp
 SFTP retrieval of two files
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file618.txt 
sftp://%HOSTIP:%SSHPORT%PWD/log/file618.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file618.txt 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file618.txt --insecure
 </command>
 <file name="log/file618.txt">
 Test data
diff --git a/tests/data/test619 b/tests/data/test619
index 303266fc5..3397c1f1a 100644
--- a/tests/data/test619
+++ b/tests/data/test619
@@ -15,7 +15,7 @@ scp
 SCP retrieval of two files
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%PWD/log/file619.txt 
scp://%HOSTIP:%SSHPORT%PWD/log/file619.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file619.txt 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file619.txt --insecure
 </command>
 <file name="log/file619.txt">
 Test data
diff --git a/tests/data/test620 b/tests/data/test620
index 1750ab932..28019e792 100644
--- a/tests/data/test620
+++ b/tests/data/test620
@@ -16,7 +16,7 @@ sftp
 SFTP retrieval of missing file followed by good file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/not-a-valid-file-moooo 
sftp://%HOSTIP:%SSHPORT%PWD/log/file620.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/not-a-valid-file-moooo 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file620.txt --insecure
 </command>
 <file name="log/file620.txt">
 Test data
diff --git a/tests/data/test621 b/tests/data/test621
index c75a284ca..2b39e9f7d 100644
--- a/tests/data/test621
+++ b/tests/data/test621
@@ -16,7 +16,7 @@ scp
 SCP retrieval of missing file followed by good file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%PWD/log/not-a-valid-file-moooo 
scp://%HOSTIP:%SSHPORT%PWD/log/file621.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/not-a-valid-file-moooo 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file621.txt --insecure
 </command>
 <file name="log/file621.txt">
 Test data
diff --git a/tests/data/test622 b/tests/data/test622
index e5a769c1c..8f1a6e46c 100644
--- a/tests/data/test622
+++ b/tests/data/test622
@@ -22,7 +22,7 @@ sftp
 SFTP put failure
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file622.txt 
sftp://%HOSTIP:%SSHPORT%PWD/log/nonexistent-directory/nonexistent-file 
--insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file622.txt 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/nonexistent-directory/nonexistent-file 
--insecure
 </command>
 <file name="log/file622.txt">
 Test data
diff --git a/tests/data/test623 b/tests/data/test623
index f4b32dcaf..2c6a4381d 100644
--- a/tests/data/test623
+++ b/tests/data/test623
@@ -22,7 +22,7 @@ scp
 SCP upload failure
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file623.txt 
scp://%HOSTIP:%SSHPORT%PWD/log/nonexistent-directory/nonexistent-file --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -T 
log/file623.txt 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/nonexistent-directory/nonexistent-file 
--insecure
 </command>
 <file name="log/file623.txt">
 Test data
diff --git a/tests/data/test624 b/tests/data/test624
index fa4ff08d7..15b65a8da 100644
--- a/tests/data/test624
+++ b/tests/data/test624
@@ -22,7 +22,7 @@ sftp
 SFTP put with --ftp-create-dirs
  </name>
  <command>
---ftp-create-dirs --key curl_client_key --pubkey curl_client_key.pub -u %USER: 
-T log/file624.txt sftp://%HOSTIP:%SSHPORT%PWD/log/test624.dir/upload.624 
--insecure
+--ftp-create-dirs --key curl_client_key --pubkey curl_client_key.pub -u %USER: 
-T log/file624.txt sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test624.dir/upload.624 
--insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test610.pl move %PWD/log/test624.dir/upload.624 
%PWD/log/upload.624 rmdir %PWD/log/test624.dir
diff --git a/tests/data/test625 b/tests/data/test625
index b3ec738cf..8a5a2ae39 100644
--- a/tests/data/test625
+++ b/tests/data/test625
@@ -22,7 +22,7 @@ sftp
 SFTP put with --ftp-create-dirs twice
  </name>
  <command>
---ftp-create-dirs --key curl_client_key --pubkey curl_client_key.pub -u %USER: 
-T log/file625.txt sftp://%HOSTIP:%SSHPORT%PWD/log/test625.a/upload.625 -T 
log/file625.txt sftp://%HOSTIP:%SSHPORT%PWD/log/test625.b/upload.625 --insecure
+--ftp-create-dirs --key curl_client_key --pubkey curl_client_key.pub -u %USER: 
-T log/file625.txt sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test625.a/upload.625 
-T log/file625.txt sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/test625.b/upload.625 
--insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test610.pl move %PWD/log/test625.a/upload.625 
%PWD/log/upload.625 rmdir %PWD/log/test625.a rm %PWD/log/test625.b/upload.625 
rmdir %PWD/log/test625.b
diff --git a/tests/data/test626 b/tests/data/test626
index a8c2a6c22..fd955692b 100644
--- a/tests/data/test626
+++ b/tests/data/test626
@@ -22,7 +22,7 @@ sftp
 SFTP invalid quote command
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q 
"invalid-command foo bar" sftp://%HOSTIP:%SSHPORT%PWD/log/file626.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q 
"invalid-command foo bar" sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file626.txt 
--insecure
 </command>
 <file name="log/file626.txt">
 Test file for rename test
diff --git a/tests/data/test628 b/tests/data/test628
index 37a6f1c64..b5aaec6a8 100644
--- a/tests/data/test628
+++ b/tests/data/test628
@@ -16,7 +16,7 @@ sftp
 SFTP invalid user login (password authentication)
  </name>
  <command>
--u not-a-valid-user: sftp://%HOSTIP:%SSHPORT%PWD/irrelevant-file  --insecure
+-u not-a-valid-user: sftp://%HOSTIP:%SSHPORT%POSIX_PWD/irrelevant-file  
--insecure
 </command>
 </client>
 
diff --git a/tests/data/test629 b/tests/data/test629
index 0c1791494..7ce5e3005 100644
--- a/tests/data/test629
+++ b/tests/data/test629
@@ -16,7 +16,7 @@ scp
 SCP invalid user login (password authentication)
  </name>
  <command>
--u not-a-valid-user: scp://%HOSTIP:%SSHPORT%PWD/irrelevant-file --insecure
+-u not-a-valid-user: scp://%HOSTIP:%SSHPORT%POSIX_PWD/irrelevant-file 
--insecure
 </command>
 </client>
 
diff --git a/tests/data/test630 b/tests/data/test630
index e2f6ff95f..bb19590be 100644
--- a/tests/data/test630
+++ b/tests/data/test630
@@ -17,7 +17,7 @@ sftp
 SFTP incorrect host key
  </name>
  <command>
---hostpubmd5 00000000000000000000000000000000 --key curl_client_key --pubkey 
curl_client_key.pub -u %USER: sftp://%HOSTIP:%SSHPORT%PWD/log/irrelevant-file 
--insecure
+--hostpubmd5 00000000000000000000000000000000 --key curl_client_key --pubkey 
curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/irrelevant-file --insecure
 </command>
 </client>
 
diff --git a/tests/data/test631 b/tests/data/test631
index 47b0acbb5..649fb70ac 100644
--- a/tests/data/test631
+++ b/tests/data/test631
@@ -17,7 +17,7 @@ scp
 SCP incorrect host key
  </name>
  <command>
---hostpubmd5 00000000000000000000000000000000 --key curl_client_key --pubkey 
curl_client_key.pub -u %USER: scp://%HOSTIP:%SSHPORT%PWD/log/irrelevant-file 
--insecure
+--hostpubmd5 00000000000000000000000000000000 --key curl_client_key --pubkey 
curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/irrelevant-file --insecure
 </command>
 </client>
 
diff --git a/tests/data/test632 b/tests/data/test632
index 2da0c798b..63f5630ad 100644
--- a/tests/data/test632
+++ b/tests/data/test632
@@ -20,7 +20,7 @@ sftp
 SFTP syntactically invalid host key
  </name>
  <command>
---hostpubmd5 00 --key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/irrelevant-file --insecure
+--hostpubmd5 00 --key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/irrelevant-file --insecure
 </command>
 </client>
 
diff --git a/tests/data/test633 b/tests/data/test633
index adfd109e0..d87bfb991 100644
--- a/tests/data/test633
+++ b/tests/data/test633
@@ -24,7 +24,7 @@ sftp
 SFTP retrieval with byte range
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file633.txt -r 5-9 --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file633.txt -r 5-9 --insecure
 </command>
 <file name="log/file633.txt">
 Test data
diff --git a/tests/data/test634 b/tests/data/test634
index 1fbb87925..c93e09e5c 100644
--- a/tests/data/test634
+++ b/tests/data/test634
@@ -25,7 +25,7 @@ sftp
 SFTP retrieval with byte range past end of file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file634.txt -r 5-99 --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file634.txt -r 5-99 --insecure
 </command>
 <file name="log/file634.txt">
 Test data
diff --git a/tests/data/test635 b/tests/data/test635
index a54929d4c..e572567f1 100644
--- a/tests/data/test635
+++ b/tests/data/test635
@@ -24,7 +24,7 @@ sftp
 SFTP retrieval with byte range relative to end of file
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file635.txt -r -9 --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file635.txt -r -9 --insecure
 </command>
 <file name="log/file635.txt">
 Test data
diff --git a/tests/data/test636 b/tests/data/test636
index df4ee7e63..29f165710 100644
--- a/tests/data/test636
+++ b/tests/data/test636
@@ -25,7 +25,7 @@ sftp
 SFTP retrieval with X- byte range
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file636.txt -r 5- --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file636.txt -r 5- --insecure
 </command>
 <file name="log/file636.txt">
 Test data
diff --git a/tests/data/test637 b/tests/data/test637
index ef0c81435..c0f760fec 100644
--- a/tests/data/test637
+++ b/tests/data/test637
@@ -23,7 +23,7 @@ sftp
 SFTP retrieval with invalid X- range
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file637.txt -r 99- --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file637.txt -r 99- --insecure
 </command>
 <file name="log/file637.txt">
 Test data
diff --git a/tests/data/test638 b/tests/data/test638
index c72cf636a..1e42596a5 100644
--- a/tests/data/test638
+++ b/tests/data/test638
@@ -29,7 +29,7 @@ perl %SRCDIR/libtest/test610.pl mkdir %PWD/log/test638.dir
 SFTP post-quote rename * asterisk accept-fail
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-*rename 
%PWD/log/test638.dir %PWD/log/test638.new" 
sftp://%HOSTIP:%SSHPORT%PWD/log/file638.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-*rename 
%PWD/log/test638.dir %PWD/log/test638.new" 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file638.txt --insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test610.pl rmdir %PWD/log/test638.new
diff --git a/tests/data/test639 b/tests/data/test639
index 8dfe85975..bb06be756 100644
--- a/tests/data/test639
+++ b/tests/data/test639
@@ -29,7 +29,7 @@ perl %SRCDIR/libtest/test610.pl mkdir %PWD/log/test639.dir
 SFTP post-quote rename * asterisk accept-fail
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-*rename 
%PWD/log/test639-not-exists-dir %PWD/log/test639.new" 
sftp://%HOSTIP:%SSHPORT%PWD/log/file639.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: -Q "-*rename 
%PWD/log/test639-not-exists-dir %PWD/log/test639.new" 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file639.txt --insecure
 </command>
 <postcheck>
 perl %SRCDIR/libtest/test610.pl rmdir %PWD/log/test639.dir
diff --git a/tests/data/test640 b/tests/data/test640
index e3e715ba1..979ac2ba7 100644
--- a/tests/data/test640
+++ b/tests/data/test640
@@ -23,7 +23,7 @@ sftp
 SFTP --head retrieval
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%PWD/log/file640.txt --insecure --head
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file640.txt --insecure --head
 </command>
 <file name="log/file640.txt">
 Test data
diff --git a/tests/data/test641 b/tests/data/test641
index beb59d6a7..cc1da944e 100644
--- a/tests/data/test641
+++ b/tests/data/test641
@@ -23,7 +23,7 @@ scp
 SCP --head retrieval
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%PWD/log/file641.txt --insecure --head
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: 
scp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file641.txt --insecure --head
 </command>
 <file name="log/file641.txt">
 Test data
diff --git a/tests/data/test642 b/tests/data/test642
index 41fd444fc..084626f04 100644
--- a/tests/data/test642
+++ b/tests/data/test642
@@ -24,7 +24,7 @@ sftp
 SFTP retrieval
  </name>
  <command>
---key curl_client_key --pubkey curl_client_key.pub -u %USER: --compressed-ssh 
sftp://%HOSTIP:%SSHPORT%PWD/log/file642.txt --insecure
+--key curl_client_key --pubkey curl_client_key.pub -u %USER: --compressed-ssh 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/log/file642.txt --insecure
 </command>
 <file name="log/file642.txt">
 Test data
diff --git a/tests/data/test628 b/tests/data/test656
similarity index 60%
copy from tests/data/test628
copy to tests/data/test656
index 37a6f1c64..8591490ed 100644
--- a/tests/data/test628
+++ b/tests/data/test656
@@ -13,21 +13,21 @@ FAILURE
 sftp
 </server>
  <name>
-SFTP invalid user login (password authentication)
+SFTP retrieval with nonexistent private key file
  </name>
  <command>
--u not-a-valid-user: sftp://%HOSTIP:%SSHPORT%PWD/irrelevant-file  --insecure
+--key DOES_NOT_EXIST --pubkey curl_client_key.pub -u %USER: 
sftp://%HOSTIP:%SSHPORT%POSIX_PWD/not-a-valid-file-moooo --insecure 
--connect-timeout 8
 </command>
 </client>
 
 #
 # Verify data after the test has been "shot"
 <verify>
-<errorcode>
-67
-</errorcode>
 <valgrind>
 disable
 </valgrind>
+<errorcode>
+67
+</errorcode>
 </verify>
 </testcase>
diff --git a/tests/data/test8 b/tests/data/test8
index ffc421ab8..2fc190060 100644
--- a/tests/data/test8
+++ b/tests/data/test8
@@ -62,7 +62,7 @@ perl -e 'if ("%HOSTIP" !~ /\.0\.0\.1$/) {print "Test only 
works for HOSTIPs endi
 GET /we/want/8 HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
-Cookie: cookie=perhaps; name with space=is weird but; trailingspace=removed; 
cookie=yes; foobar=name; blexp=yesyes
+Cookie: name with space=is weird but; trailingspace=removed; cookie=perhaps; 
cookie=yes; foobar=name; blexp=yesyes
 
 </protocol>
 </verify>
diff --git a/tests/http_pipe.py b/tests/http_pipe.py
index bc3217384..95389f494 100755
--- a/tests/http_pipe.py
+++ b/tests/http_pipe.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 
 # Copyright 2012 Google Inc. All Rights Reserved.
 #
diff --git a/tests/libtest/CMakeLists.txt b/tests/libtest/CMakeLists.txt
index afcd372d3..1d56ebe7b 100644
--- a/tests/libtest/CMakeLists.txt
+++ b/tests/libtest/CMakeLists.txt
@@ -1,6 +1,6 @@
 set(TARGET_LABEL_PREFIX "Test ")
 
-function(SETUP_TEST TEST_NAME)          # ARGN are the files in the test
+function(setup_test TEST_NAME)          # ARGN are the files in the test
   add_executable( ${TEST_NAME} ${ARGN} )
   string(TOUPPER ${TEST_NAME} UPPER_TEST_NAME)
 
@@ -14,7 +14,7 @@ function(SETUP_TEST TEST_NAME)          # ARGN are the files 
in the test
     include_directories(${CARES_INCLUDE_DIR})
   endif()
 
-  target_link_libraries( ${TEST_NAME} libcurl ${CURL_LIBS})
+  target_link_libraries(${TEST_NAME} libcurl ${CURL_LIBS})
 
   set_target_properties(${TEST_NAME}
     PROPERTIES COMPILE_DEFINITIONS ${UPPER_TEST_NAME})
@@ -56,6 +56,9 @@ add_custom_command(
     "${CMAKE_SOURCE_DIR}/include/gnurl/curl.h"
   VERBATIM)
 
+set_property(TARGET chkdecimalpoint
+  APPEND PROPERTY COMPILE_DEFINITIONS 
"CURLX_NO_MEMORY_CALLBACKS;CURL_STATICLIB")
+
   # # files used only in some libcurl test programs
 # SET(TESTUTIL testutil.c testutil.h)
 
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index ecb7d1dd4..238ef97d7 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -12,6 +12,7 @@ SUPPORTFILES = first.c test.h
 
 # These are all libcurl test programs
 noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
+ chkdecimalpoint                                                         \
  lib500 lib501 lib502 lib503 lib504 lib505 lib506 lib507 lib508 lib509   \
  lib510 lib511 lib512 lib513 lib514 lib515 lib516 lib517 lib518 lib519   \
  lib520 lib521 lib523 lib524 lib525 lib526 lib527 lib529 lib530 lib532   \
@@ -24,7 +25,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect     
           \
  lib1156 \
  lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \
  lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515         lib1517 \
- lib1520 lib1521 \
+ lib1520 lib1521 lib1522 \
  lib1525 lib1526 lib1527 lib1528 lib1529 lib1530 lib1531 lib1532 lib1533 \
  lib1534 lib1535 lib1536 lib1537 lib1538 \
  lib1540 \
@@ -32,6 +33,12 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect    
            \
  lib1900 \
  lib2033
 
+chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
+ ../../lib/curl_ctype.c
+chkdecimalpoint_LDADD =
+chkdecimalpoint_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB \
+ -DCURLX_NO_MEMORY_CALLBACKS
+
 chkhostname_SOURCES = chkhostname.c ../../lib/curl_gethostname.c
 chkhostname_LDADD = @CURL_NETWORK_LIBS@
 chkhostname_DEPENDENCIES =
@@ -408,6 +415,9 @@ lib1520_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1520
 nodist_lib1521_SOURCES = lib1521.c $(SUPPORTFILES)
 lib1521_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)
 
+lib1522_SOURCES = lib1522.c $(SUPPORTFILES)
+lib1522_CPPFLAGS = $(AM_CPPFLAGS)
+
 lib1525_SOURCES = lib1525.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1525_LDADD = $(TESTUTIL_LIBS)
 lib1525_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1525
diff --git a/lib/curl_range.h b/tests/libtest/chkdecimalpoint.c
similarity index 74%
copy from lib/curl_range.h
copy to tests/libtest/chkdecimalpoint.c
index 2350df992..b5f5070c0 100644
--- a/lib/curl_range.h
+++ b/tests/libtest/chkdecimalpoint.c
@@ -1,5 +1,3 @@
-#ifndef HEADER_CURL_RANGE_H
-#define HEADER_CURL_RANGE_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -22,9 +20,22 @@
  *
  ***************************************************************************/
 
-#include "curl_setup.h"
-#include "urldata.h"
+#include "curl_printf.h"
 
-CURLcode Curl_range(struct connectdata *conn);
+#include <string.h>
+#include <locale.h>
 
-#endif /* HEADER_CURL_RANGE_H */
+#define TOTAL_STR_LEN 4
+
+int main(void)
+{
+  char zero[TOTAL_STR_LEN] = {'\0'};
+  int chars;
+
+  setlocale(LC_NUMERIC, "");
+  chars = snprintf(zero, TOTAL_STR_LEN, "%.1f", 0.0);
+  if((chars == (TOTAL_STR_LEN - 1)) && (strcmp(zero, "0.0") == 0))
+    return 0;
+  else
+    return 1;
+}
diff --git a/tests/libtest/lib1502.c b/tests/libtest/lib1502.c
index 5b75e2f2a..bd7c7c864 100644
--- a/tests/libtest/lib1502.c
+++ b/tests/libtest/lib1502.c
@@ -79,6 +79,8 @@ int test(char *URL)
     easy = dup;
   }
   else {
+    curl_slist_free_all(dns_cache_list);
+    curl_easy_cleanup(easy);
     return CURLE_OUT_OF_MEMORY;
   }
 
diff --git a/tests/libtest/lib1522.c b/tests/libtest/lib1522.c
new file mode 100644
index 000000000..2de955284
--- /dev/null
+++ b/tests/libtest/lib1522.c
@@ -0,0 +1,87 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "test.h"
+
+/* test case and code based on https://github.com/curl/curl/issues/2847 */
+
+#include "testutil.h"
+#include "warnless.h"
+#include "memdebug.h"
+
+static char g_Data[40 * 1024]; /* POST 40KB */
+
+static int sockopt_callback(void *clientp, curl_socket_t curlfd,
+                            curlsocktype purpose)
+{
+  int sndbufsize = 4 * 1024; /* 4KB send buffer */
+  (void) clientp;
+  (void) purpose;
+#if defined(SOL_SOCKET) && defined(SO_SNDBUF)
+  setsockopt(curlfd, SOL_SOCKET, SO_SNDBUF,
+             (const char *)&sndbufsize, sizeof(sndbufsize));
+#else
+  (void)curlfd;
+#endif
+  return CURL_SOCKOPT_OK;
+}
+
+int test(char *URL)
+{
+  CURLcode code;
+  struct curl_slist *pHeaderList = NULL;
+  CURL *pCurl = curl_easy_init();
+  memset(g_Data, 'A', sizeof(g_Data)); /* send As! */
+
+  curl_easy_setopt(pCurl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
+  curl_easy_setopt(pCurl, CURLOPT_URL, URL);
+  curl_easy_setopt(pCurl, CURLOPT_POSTFIELDS, g_Data);
+  curl_easy_setopt(pCurl, CURLOPT_POSTFIELDSIZE, (long)sizeof(g_Data));
+
+  /* Remove "Expect: 100-continue" */
+  pHeaderList = curl_slist_append(pHeaderList, "Expect:");
+
+  curl_easy_setopt(pCurl, CURLOPT_HTTPHEADER, pHeaderList);
+
+  code = curl_easy_perform(pCurl);
+
+  if(code == CURLE_OK) {
+    curl_off_t uploadSize;
+    curl_easy_getinfo(pCurl, CURLINFO_SIZE_UPLOAD_T, &uploadSize);
+
+    printf("uploadSize = %ld\n", (long)uploadSize);
+
+    if((size_t) uploadSize == sizeof(g_Data)) {
+      printf("!!!!!!!!!! PASS\n");
+    }
+    else {
+      printf("!!!!!!!!!! FAIL\n");
+    }
+  }
+  else {
+    printf("curl_easy_perform() failed. e = %d\n", code);
+  }
+
+  curl_slist_free_all(pHeaderList);
+  curl_easy_cleanup(pCurl);
+
+  return 0;
+}
diff --git a/tests/libtest/lib1531.c b/tests/libtest/lib1531.c
index 5ee617e52..953f062d8 100644
--- a/tests/libtest/lib1531.c
+++ b/tests/libtest/lib1531.c
@@ -39,6 +39,8 @@ int test(char *URL)
   int msgs_left; /* how many messages are left */
   int res = CURLE_OK;
 
+  start_test_timing();
+
   global_init(CURL_GLOBAL_ALL);
 
   /* Allocate one CURL handle per transfer */
@@ -59,6 +61,8 @@ int test(char *URL)
   /* we start some action by calling perform right away */
   curl_multi_perform(multi_handle, &still_running);
 
+  abort_on_test_timeout();
+
   do {
     struct timeval timeout;
     int rc; /* select() return code */
@@ -127,6 +131,8 @@ int test(char *URL)
       curl_multi_perform(multi_handle, &still_running);
       break;
     }
+
+    abort_on_test_timeout();
   } while(still_running);
 
   /* See how the transfers went */
@@ -136,14 +142,17 @@ int test(char *URL)
       printf("HTTP transfer completed with status %d\n", msg->data.result);
       break;
     }
+
+    abort_on_test_timeout();
   } while(msg);
 
+test_cleanup:
   curl_multi_cleanup(multi_handle);
 
   /* Free the CURL handles */
   curl_easy_cleanup(easy);
   curl_global_cleanup();
 
-  return 0;
+  return res;
 }
 
diff --git a/tests/libtest/lib1540.c b/tests/libtest/lib1540.c
index 86ba085ca..c3f855490 100644
--- a/tests/libtest/lib1540.c
+++ b/tests/libtest/lib1540.c
@@ -79,8 +79,6 @@ static size_t write_callback(void *ptr, size_t size, size_t 
nmemb, void *userp)
   return CURL_WRITEFUNC_PAUSE;
 }
 
-#define TEST_HANG_TIMEOUT 60 * 1000
-
 int test(char *URL)
 {
   CURL *curls = NULL;
diff --git a/tests/libtest/lib650.c b/tests/libtest/lib650.c
index 056270cfb..79d60b624 100644
--- a/tests/libtest/lib650.c
+++ b/tests/libtest/lib650.c
@@ -62,6 +62,7 @@ int test(char *URL)
   struct curl_forms formarray[3];
   size_t formlength = 0;
   char flbuf[32];
+  long contentlength = 0;
 
   if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
     fprintf(stderr, "curl_global_init() failed\n");
@@ -94,11 +95,13 @@ int test(char *URL)
     goto test_cleanup;
   }
 
+  contentlength = (long)(strlen(data) - 1);
+
   /* Use a form array for the non-copy test. */
   formarray[0].option = CURLFORM_PTRCONTENTS;
   formarray[0].value = data;
   formarray[1].option = CURLFORM_CONTENTSLENGTH;
-  formarray[1].value = (char *) strlen(data) - 1;
+  formarray[1].value = (char *)(size_t)contentlength;
   formarray[2].option = CURLFORM_END;
   formarray[2].value = NULL;
   formrc = curl_formadd(&formpost,
diff --git a/tests/libtest/libntlmconnect.c b/tests/libtest/libntlmconnect.c
index 59f94b68a..e17b991a4 100644
--- a/tests/libtest/libntlmconnect.c
+++ b/tests/libtest/libntlmconnect.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2012 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -158,6 +158,9 @@ int test(char *url)
 
     multi_perform(multi, &running);
 
+    fprintf(stderr, "%s:%d running %d state %d\n",
+            __FILE__, __LINE__, running, state);
+
     abort_on_test_timeout();
 
     if(!running && state == NoMoreHandles)
@@ -179,14 +182,16 @@ int test(char *url)
       }
       state = num_handles < MAX_EASY_HANDLES ? ReadyForNewHandle
                                              : NoMoreHandles;
+      fprintf(stderr, "%s:%d new state %d\n",
+              __FILE__, __LINE__, state);
     }
 
     multi_timeout(multi, &timeout);
 
     /* At this point, timeout is guaranteed to be greater or equal than -1. */
 
-    fprintf(stderr, "%s:%d num_handles %d timeout %ld\n",
-            __FILE__, __LINE__, num_handles, timeout);
+    fprintf(stderr, "%s:%d num_handles %d timeout %ld running %d\n",
+            __FILE__, __LINE__, num_handles, timeout, running);
 
     if(timeout != -1L) {
       int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
@@ -194,8 +199,8 @@ int test(char *url)
       interval.tv_usec = (itimeout%1000)*1000;
     }
     else {
-      interval.tv_sec = TEST_HANG_TIMEOUT/1000 + 1;
-      interval.tv_usec = 0;
+      interval.tv_sec = 0;
+      interval.tv_usec = 5000;
 
       /* if there's no timeout and we get here on the last handle, we may
          already have read the last part of the stream so waiting makes no
diff --git a/tests/runtests.pl b/tests/runtests.pl
index 65a62ebae..2aa352cd4 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -152,7 +152,7 @@ my $NEGTELNETPORT;       # TELNET server port with 
negotiation
 
 my $srcdir = $ENV{'srcdir'} || '.';
 my $CURL="../src/gnurl".exe_ext(); # what curl executable to run on the tests
-my $VCURL=$CURL;   # what curl binary to use to verify the servers with
+my $VCURL="gnurl";   # what curl binary to use to verify the servers with
                    # VCURL is handy to set to the system one when the one you
                    # just built hangs or crashes and thus prevent verification
 my $DBGCURL=$CURL; #"../src/.libs/curl";  # alternative for debugging
@@ -195,6 +195,7 @@ my $memdump="$LOGDIR/memdump";
 my $memanalyze="$perl $srcdir/memanalyze.pl";
 
 my $pwd = getcwd();          # current working directory
+my $posix_pwd = $pwd;
 
 my $start;
 my $ftpchecktime=1; # time it took to verify our test FTP server
@@ -3200,6 +3201,7 @@ sub subVariables {
 
   $$thing =~ s/%CURL/$CURL/g;
   $$thing =~ s/%PWD/$pwd/g;
+  $$thing =~ s/%POSIX_PWD/$posix_pwd/g;
   $$thing =~ s/%SRCDIR/$srcdir/g;
   $$thing =~ s/%USER/$USER/g;
 
diff --git a/tests/server/CMakeLists.txt b/tests/server/CMakeLists.txt
index a80054477..c2493cec9 100644
--- a/tests/server/CMakeLists.txt
+++ b/tests/server/CMakeLists.txt
@@ -5,7 +5,7 @@ if(MSVC)
 endif()
 
 function(SETUP_EXECUTABLE TEST_NAME)    # ARGN are the files in the test
-  add_executable( ${TEST_NAME} ${ARGN} )
+  add_executable(${TEST_NAME} ${ARGN})
   string(TOUPPER ${TEST_NAME} UPPER_TEST_NAME)
 
   include_directories(
@@ -25,7 +25,7 @@ function(SETUP_EXECUTABLE TEST_NAME)    # ARGN are the files 
in the test
   # to build the servers.  In order to achieve proper linkage of these
   # files on Win32 targets it is necessary to build the test servers
   # with CURL_STATICLIB defined, independently of how libcurl is built.
-  if(NOT CURL_STATICLIB)
+  if(BUILD_SHARED_LIBS)
     set_target_properties(${TEST_NAME} PROPERTIES
       COMPILE_DEFINITIONS CURL_STATICLIB)       # ${UPPER_TEST_NAME}
   endif()
diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c
index 2fb947f15..10a16ef00 100644
--- a/tests/server/sockfilt.c
+++ b/tests/server/sockfilt.c
@@ -782,8 +782,9 @@ static int select_ws(int nfds, fd_set *readfds, fd_set 
*writefds,
             wsa++;
           }
           else {
+            curl_socket_t socket = curlx_sitosk(fds);
             WSACloseEvent(wsaevent);
-            handle = (HANDLE) curlx_sitosk(fds);
+            handle = (HANDLE) socket;
             handle = select_ws_wait(handle, waitevent);
             handles[nfd] = handle;
             data[thd].thread = handle;
diff --git a/tests/server/sws.c b/tests/server/sws.c
index ec11224f5..fbe7761d8 100644
--- a/tests/server/sws.c
+++ b/tests/server/sws.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -124,6 +124,8 @@ struct httprequest {
   bool connmon;   /* monitor the state of the connection, log disconnects */
   bool upgrade;   /* test case allows upgrade to http2 */
   bool upgrade_request; /* upgrade request found and allowed */
+  bool close;     /* similar to swsclose in response: close connection after
+                     response is sent */
   int done_processing;
 };
 
@@ -177,6 +179,9 @@ const char *serverlogfile = DEFAULT_LOGFILE;
 /* upgrade to http2 */
 #define CMD_UPGRADE "upgrade"
 
+/* close connection */
+#define CMD_SWSCLOSE "swsclose"
+
 #define END_OF_HEADERS "\r\n\r\n"
 
 enum {
@@ -361,7 +366,7 @@ static int parse_servercmd(struct httprequest *req)
   int error;
 
   filename = test2file(req->testno);
-
+  req->close = FALSE;
   stream = fopen(filename, "rb");
   if(!stream) {
     error = errno;
@@ -414,6 +419,10 @@ static int parse_servercmd(struct httprequest *req)
         logmsg("enabled upgrade to http2");
         req->upgrade = TRUE;
       }
+      else if(!strncmp(CMD_SWSCLOSE, cmd, strlen(CMD_SWSCLOSE))) {
+        logmsg("swsclose: close this connection after response");
+        req->close = TRUE;
+      }
       else if(1 == sscanf(cmd, "pipe: %d", &num)) {
         logmsg("instructed to allow a pipe size of %d", num);
         if(num < 0)
@@ -1194,7 +1203,7 @@ static int send_doc(curl_socket_t sock, struct 
httprequest *req)
   /* If the word 'swsclose' is present anywhere in the reply chunk, the
      connection will be closed after the data has been sent to the requesting
      client... */
-  if(strstr(buffer, "swsclose") || !count) {
+  if(strstr(buffer, "swsclose") || !count || req->close) {
     persistent = FALSE;
     logmsg("connection close instruction \"swsclose\" found in response");
   }
@@ -1536,18 +1545,18 @@ static void http_connect(curl_socket_t *infdp,
     if(got_exit_signal)
       break;
 
-    rc = select((int)maxfd + 1, &input, &output, NULL, &timeout);
+    do {
+      rc = select((int)maxfd + 1, &input, &output, NULL, &timeout);
+    } while(rc < 0 && errno == EINTR && !got_exit_signal);
+
+    if(got_exit_signal)
+      break;
 
     if(rc > 0) {
       /* socket action */
-      bool tcp_fin_wr;
+      bool tcp_fin_wr = FALSE;
       timeout_count = 0;
 
-      if(got_exit_signal)
-        break;
-
-      tcp_fin_wr = FALSE;
-
       /* ---------------------------------------------------------- */
 
       /* passive mode FTP may establish a secondary tunnel */
@@ -2289,7 +2298,13 @@ int main(int argc, char *argv[])
     if(got_exit_signal)
       goto sws_cleanup;
 
-    rc = select((int)maxfd + 1, &input, &output, NULL, &timeout);
+    do {
+      rc = select((int)maxfd + 1, &input, &output, NULL, &timeout);
+    } while(rc < 0 && errno == EINTR && !got_exit_signal);
+
+    if(got_exit_signal)
+      goto sws_cleanup;
+
     if(rc < 0) {
       error = SOCKERRNO;
       logmsg("select() failed with error: (%d) %s",
@@ -2297,9 +2312,6 @@ int main(int argc, char *argv[])
       goto sws_cleanup;
     }
 
-    if(got_exit_signal)
-      goto sws_cleanup;
-
     if(rc == 0) {
       /* Timed out - try again */
       continue;
diff --git a/tests/unit/CMakeLists.txt b/tests/unit/CMakeLists.txt
index ea265b3e5..06fc6b05c 100644
--- a/tests/unit/CMakeLists.txt
+++ b/tests/unit/CMakeLists.txt
@@ -42,10 +42,10 @@ foreach(_testfile ${UT_SRC})
 
   if(HIDES_CURL_PRIVATE_SYMBOLS)
     set_target_properties(${_testname}
-         PROPERTIES
-               EXCLUDE_FROM_ALL TRUE
-               EXCLUDE_FROM_DEFAULT_BUILD TRUE
-       )
+      PROPERTIES
+      EXCLUDE_FROM_ALL TRUE
+      EXCLUDE_FROM_DEFAULT_BUILD TRUE
+    )
   else()
     add_test(NAME ${_testname}
              COMMAND ${_testname} "http://www.google.com";
diff --git a/tests/unit/unit1394.c b/tests/unit/unit1394.c
index 667991d1e..010f052ec 100644
--- a/tests/unit/unit1394.c
+++ b/tests/unit/unit1394.c
@@ -56,6 +56,9 @@ UNITTEST_START
     "foo:bar\\\\",            "foo",                "bar\\\\",
     "foo:bar:",               "foo",                "bar:",
     "foo\\::bar\\:",          "foo:",               "bar\\:",
+    "pkcs11:foobar",          "pkcs11:foobar",      NULL,
+    "PKCS11:foobar",          "PKCS11:foobar",      NULL,
+    "PkCs11:foobar",          "PkCs11:foobar",      NULL,
 #ifdef WIN32
     "c:\\foo:bar:baz",        "c:\\foo",            "bar:baz",
     "c:\\foo\\:bar:baz",      "c:\\foo:bar",        "baz",

-- 
To stop receiving notification emails like this one, please contact
address@hidden



reply via email to

[Prev in Thread] Current Thread [Next in Thread]