Snap for 9806563 from b8a443cf65e9c83cc179195ace84bd273158d7e3 to udc-d1-releaseandroid-14.0.0_r9 android-14.0.0_r8 android-14.0.0_r7 android-14.0.0_r6 android-14.0.0_r5 android-14.0.0_r4 android-14.0.0_r3 android-14.0.0_r12 android-14.0.0_r11 android-14.0.0_r10 android14-d1-s7-release android14-d1-s6-release android14-d1-s5-release android14-d1-s4-release android14-d1-s3-release android14-d1-s2-release android14-d1-s1-release android14-d1-release

Change-Id: Ie6ba551498dfbe2c98875a9c370f342982a9ef45
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-24 01:10:29 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-24 01:10:29 +0000
commit: fccbdadea9428b34e2aeeee59e87b5eed985c8c1 (patch)
tree: 1da6691d1333d1574468678a5354e12ad3a4e760
parent: c392dd49023a4747eae43ab79f60aa1b1dc0be18 (diff)
parent: b8a443cf65e9c83cc179195ace84bd273158d7e3 (diff)
download: curl-android14-d1-s5-release.tar.gz
2150 files changed, 37850 insertions, 24358 deletions
diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml
index ecda1cc99..a8ac0f7ff 100644
--- a/.azure-pipelines.yml
+++ b/.azure-pipelines.yml
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,9 +21,9 @@
 # SPDX-License-Identifier: curl
 #
 ###########################################################################
-# Starter pipeline
-# Start with a minimal pipeline that you can customize to build and deploy your code.
-# Add steps that build, run tests, deploy, and more:
+# https://dev.azure.com/daniel0244/curl/_build?view=runs
+#
+# Azure Pipelines configuration:
 # https://aka.ms/yaml
 
 trigger:
@@ -31,6 +31,14 @@ trigger:
     include:
     - 'master'
     - '*/ci'
+  paths:
+    exclude:
+    - '.circleci/*'
+    - '.cirrus.yml'
+    - '.github/*'
+    - 'appveyor.yml'
+    - 'packages/*'
+    - 'plan9/*'
 
 pr:
   branches:
@@ -223,7 +231,7 @@ stages:
           name: 32-bit (legacy)
           container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw:ltsc2019
           container_cmd: C:\MinGW\msys\1.0\bin\sh
-          configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --without-ssl
+          configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --without-ssl --with-mingw1-deprecated
           tests: "!203 !1143"
         v1_mingw32:
           name: 32-bit w/o zlib
@@ -255,7 +263,7 @@ stages:
           name: 32-bit Schannel/SSPI/WinIDN (legacy)
           container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw:ltsc2019
           container_cmd: C:\MinGW\msys\1.0\bin\sh
-          configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --enable-sspi --with-schannel --with-winidn
+          configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --enable-sspi --with-schannel --with-winidn --with-mingw1-deprecated
           tests: "!203 !305 !311 !312 !313 !404 !1143 !2033 !2035 !2038 !2041 !2042 !2048 !2070 !2079 !2087 !3023 !3024"
         v1_mingw32_schannel:
           name: 32-bit Schannel/SSPI/WinIDN w/o zlib
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 7782ceacf..33a9dcd3f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2021, 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -78,9 +78,10 @@ commands:
     steps:
       - run:
           command: |
-            curl -LO https://github.com/wolfSSL/wolfssl/archive/v5.1.1-stable.tar.gz
-            tar -xzf v5.1.1-stable.tar.gz
-            cd wolfssl-5.1.1-stable
+            WOLFSSL_VER=5.5.4
+            curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v$WOLFSSL_VER-stable.tar.gz
+            tar -xzf v$WOLFSSL_VER-stable.tar.gz
+            cd wolfssl-$WOLFSSL_VER-stable
             ./autogen.sh
             ./configure --enable-tls13 --enable-all --enable-harden --prefix=$HOME/wssl
             make install
@@ -89,9 +90,10 @@ commands:
     steps:
       - run:
           command: |
-            curl -LO https://github.com/wolfSSL/wolfssh/archive/v1.4.8-stable.tar.gz
-            tar -xzf v1.4.8-stable.tar.gz
-            cd wolfssh-1.4.8-stable
+            WOLFSSH_VER=1.4.12
+            curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssh/archive/v$WOLFSSH_VER-stable.tar.gz
+            tar -xzf v$WOLFSSH_VER-stable.tar.gz
+            cd wolfssh-$WOLFSSH_VER-stable
             ./autogen.sh
             ./configure --with-wolfssl=$HOME/wssl --prefix=$HOME/wssh --enable-scp --enable-sftp --disable-examples
             make install
diff --git a/.cirrus.yml b/.cirrus.yml
index e67bcb069..574f85cb7 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,16 +21,29 @@
 # SPDX-License-Identifier: curl
 #
 ###########################################################################
-# Cirrus CI configuration
 # https://cirrus-ci.com/github/curl/curl
+#
+# Cirrus CI configuration:
+# https://cirrus-ci.org/guide/writing-tasks/
 
 freebsd_task:
+  skip: "changesIncludeOnly(
+    '.azure-pipelines.yml',
+    '.circleci/**',
+    '.github/**',
+    'appveyor.yml',
+    'packages/**',
+    'plan9/**',
+    'projects/**',
+    'winbuild/**'
+    )"
+
   name: FreeBSD
 
   matrix:
-    - name: FreeBSD 13.1
+    - name: FreeBSD 13.2
       freebsd_instance:
-        image_family: freebsd-13-1
+        image_family: freebsd-13-2
     - name: FreeBSD 12.4
       freebsd_instance:
         image_family: freebsd-12-4
@@ -77,6 +90,15 @@ freebsd_task:
     - make V=1 install
 
 windows_task:
+  skip: "changesIncludeOnly(
+    '.azure-pipelines.yml',
+    '.circleci/**',
+    '.github/**',
+    'appveyor.yml',
+    'packages/**',
+    'plan9/**'
+    )"
+
   name: Windows
   timeout_in: 120m
   windows_container:
@@ -135,6 +157,17 @@ windows_task:
     %container_cmd% -l -c "cd $(echo '%cd%') && %make_cmd% TFLAGS='!IDN !SCP ~612 ~1056 %tests%' test-ci"
 
 macos_task:
+  skip: "changesIncludeOnly(
+    '.azure-pipelines.yml',
+    '.circleci/**',
+    '.github/**',
+    'appveyor.yml',
+    'packages/**',
+    'plan9/**',
+    'projects/**',
+    'winbuild/**'
+    )"
+
   name: macOS arm64
   macos_instance:
     image: ghcr.io/cirruslabs/macos-ventura-xcode:latest
@@ -210,7 +243,7 @@ macos_task:
 
   pkginstall_script:
     - echo libtool autoconf automake pkg-config ${install_packages} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
-    - brew update && for i in 1 2 3; do brew bundle install --no-lock --file /tmp/Brewfile && break || sleep 1; done
+    - "while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done"
     - sudo -H python3 -m pip install --upgrade pip
     - sudo -H python3 -m pip install impacket
   configure_script:
diff --git a/.dcignore b/.dcignore
index 2d835fe93..e33af3ecc 100644
--- a/.dcignore
+++ b/.dcignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.dir-locals.el b/.dir-locals.el
index 0cc71f7fc..f6248c2ec 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -5,7 +5,7 @@
 ;;;                            | (__| |_| |  _ <| |___
 ;;;                             \___|\___/|_| \_\_____|
 ;;;
-;;; Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+;;; Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 ;;;
 ;;; This software is licensed as described in the file COPYING, which
 ;;; you should have received as part of this distribution. The terms
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
index 75611b6e5..c627bfd69 100644
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1,4 +1,4 @@
-# Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.gitattributes b/.gitattributes
index eccad57dc..481fd5cff 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index b9e2519b9..9e7b6e391 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,13 +1,3 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
-
-# Code owners for CI configuration
-## GitHub Actions
-.github/workflows/ @cmeister2 @mback2k
-## AppVeyor
-appveyor.yml @MarcelRaad @mback2k
-tests/appveyor.pm @mback2k
-## Azure Pipelines
-.azure-pipelines.yml @cmeister2 @mback2k
-tests/azure.pm @mback2k
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
index 60f77c753..18be9ed22 100644
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
index 0b38c2b74..f02b2d3f1 100644
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index eb314f9ae..9ca2c8fd1 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 000000000..03d378c10
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,298 @@
+# Copyright (C) Daniel Fandrich, <dan@coneharvesters.com>, et al.
+#
+# SPDX-License-Identifier: curl
+
+# The workflow configures the .github/workflows/label.yml action
+# to add labels to pull requests. This is not (yet?) a replacement for human
+# triaging, but is intended to add labels to the easy cases. If the matching
+# language becomes more powerful, more cases should be able to be handled.
+#
+# The biggest low-hanging problem is this:
+# It looks like there's no way of specifying that a label be added if *all* the
+# files match *any* one of a number of globs. This feature request is tracked
+# in https://github.com/actions/labeler/issues/423
+
+authentication:
+- all: ['docs/mk-ca-bundle.1']
+- all: ['docs/libcurl/opts/CURLINFO_HTTPAUTH*']
+- all: ['docs/libcurl/opts/CURLINFO_PROXYAUTH*']
+- all: ['docs/libcurl/opts/CURLOPT_KRB*']
+- all: ['docs/libcurl/opts/CURLOPT_SASL*']
+- all: ['docs/libcurl/opts/CURLOPT_SERVICE_NAME*']
+- all: ['docs/libcurl/opts/CURLOPT_USERNAME*']
+- all: ['docs/libcurl/opts/CURLOPT_USERPWD*']
+- all: ['docs/libcurl/opts/CURLOPT_XOAUTH*']
+- all: ['lib/*gssapi*']
+- all: ['lib/*krb5*']
+- all: ['lib/*ntlm*']
+- all: ['lib/curl_sasl.*']
+- all: ['lib/http_aws*']
+- all: ['lib/http_digest.*']
+- all: ['lib/http_negotiate.*']
+- all: ['lib/vauth/**']
+- all: ['tests/server/fake_ntlm.c']
+
+build:
+- all: ['**/CMakeLists.txt']
+- all: ['**/Makefile.am']
+- all: ['**/Makefile.mk']
+- all: ['**/*.inc']
+- all: ['**/*.m4']
+- all: ['**/*.mk']
+- all: ['lib/libcurl*.in']
+- all: ['CMake/**']
+- all: ['configure.ac']
+- all: ['m4/**']
+- all: ['MacOSX-Framework']
+- all: ['packages/**']
+- all: ['plan9/**']
+- all: ['projects/**']
+- all: ['winbuild/**']
+
+CI:
+- any: ['.azure-pipelines.yml']
+- any: ['.circleci/**']
+- any: ['.cirrus.yml']
+- any: ['.github/**']
+- any: ['appveyor.yml']
+- any: ['tests/azure.pm']
+- any: ['tests/appveyor.pm']
+- any: ['tests/CI.pm']
+
+cmake:
+- all: ['**/CMakeLists.txt']
+- all: ['CMake/**']
+
+cmdline tool:
+- all: ['docs/cmdline-opts/**']
+- all: ['src/**']
+
+connecting & proxies:
+- all: ['docs/CONNECTION-FILTERS.md']
+- all: ['docs/libcurl/opts/CURLINFO_CONNECT*']
+- all: ['docs/libcurl/opts/CURLINFO_PROXY*']
+- all: ['docs/libcurl/opts/CURLOPT_ADDRESS*']
+- all: ['docs/libcurl/opts/CURLOPT_CONNECT*']
+- all: ['docs/libcurl/opts/CURLOPT_HAPROXY*']
+- all: ['docs/libcurl/opts/CURLOPT_OPENSOCKET*']
+- all: ['docs/libcurl/opts/CURLOPT_PRE_PROXY*']
+- all: ['docs/libcurl/opts/CURLOPT_PROXY*']
+- all: ['docs/libcurl/opts/CURLOPT_SOCKOPT*']
+- all: ['docs/libcurl/opts/CURLOPT_SOCKS*']
+- all: ['docs/libcurl/opts/CURLOPT_TCP*']
+- all: ['docs/libcurl/opts/CURLOPT_TIMEOUT*']
+- all: ['lib/cf-socket.*']
+- all: ['lib/cfilters.*']
+- all: ['lib/conncache.*']
+- all: ['lib/connect.*']
+- all: ['lib/http_proxy.*']
+- all: ['lib/if2ip.*']
+- all: ['lib/noproxy.*']
+- all: ['lib/socks.*']
+- all: ['tests/server/socksd.c']
+
+cookies:
+- all: ['docs/HTTP-COOKIES.md']
+- all: ['docs/libcurl/opts/CURLINFO_COOKIE*']
+- all: ['docs/libcurl/opts/CURLOPT_COOKIE*']
+- all: ['lib/cookie.*']
+- all: ['lib/psl.*']
+
+cryptography:
+- all: ['docs/CIPHERS.md']
+- all: ['docs/RUSTLS.md']
+- all: ['docs/libcurl/opts/CURLOPT_EGDSOCKET*']
+- all: ['lib/*sha256*']
+- all: ['lib/curl_des.*']
+- all: ['lib/curl_hmac.*']
+- all: ['lib/curl_md?.*']
+- all: ['lib/md?.*']
+- all: ['lib/rand.*']
+
+DICT:
+- all: ['lib/dict.*']
+- all: ['tests/dictserver.py']
+
+documentation:
+- all: ['**/*.md']
+- all: ['**/*.txt', '!**/CMakeLists.txt']
+- all: ['**/*.1']
+- all: ['**/*.3']
+- all: ['CHANGES']
+- all: ['docs/**', '!docs/examples/**']
+- all: ['GIT-INFO']
+- all: ['LICENSES/**']
+- all: ['README']
+- all: ['RELEASE-NOTES']
+
+FTP:
+- all: ['docs/libcurl/opts/CURLINFO_FTP*']
+- all: ['docs/libcurl/opts/CURLOPT_FTP*']
+- all: ['docs/libcurl/opts/CURLOPT_WILDCARDMATCH*']
+- all: ['lib/curl_fnmatch.*']
+- all: ['lib/curl_range.*']
+- all: ['lib/ftp*']
+- all: ['tests/ftp*']
+
+GOPHER:
+- all: ['lib/gopher*']
+
+HTTP:
+- all: ['docs/HSTS.md']
+- all: ['docs/HTTP-COOKIES.md']
+- all: ['docs/libcurl/opts/CURLINFO_COOKIE*']
+- all: ['docs/libcurl/opts/CURLOPT_COOKIE*']
+- all: ['docs/libcurl/opts/CURLINFO_HTTP_**']
+- all: ['docs/libcurl/opts/CURLINFO_REDIRECT*']
+- all: ['docs/libcurl/opts/CURLINFO_REFER*']
+- all: ['docs/libcurl/opts/CURLOPT_FOLLOWLOCATION*']
+- all: ['docs/libcurl/opts/CURLOPT_HSTS*']
+- all: ['docs/libcurl/opts/CURLOPT_HTTP*']
+- all: ['docs/libcurl/opts/CURLOPT_POST.*']
+- all: ['docs/libcurl/opts/CURLOPT_POSTFIELD*']
+- all: ['docs/libcurl/opts/CURLOPT_POSTREDIR*']
+- all: ['docs/libcurl/opts/CURLOPT_REDIR*']
+- all: ['docs/libcurl/opts/CURLOPT_REFER*']
+- all: ['docs/libcurl/opts/CURLOPT_TRAILER*']
+- all: ['docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING*']
+- all: ['lib/cf-https*']
+- all: ['lib/cookie.*']
+- all: ['lib/h2h3.*']
+- all: ['lib/http*']
+- all: ['tests/http*']
+- all: ['tests/http-server.pl']
+- all: ['tests/http/*']
+- all: ['tests/nghttp*']
+- all: ['tests/tests-http/*']
+
+HTTP/2:
+- all: ['docs/HTTP2.md']
+- all: ['docs/libcurl/opts/CURLOPT_STREAM*']
+- all: ['lib/http2*']
+- all: ['tests/http2-server.pl']
+
+HTTP/3:
+- all: ['.github/workflows/ngtcp2*']
+- all: ['.github/workflows/pytest.yml']
+- all: ['docs/HTTP3.md']
+- all: ['lib/vquic/**']
+- all: ['tests/http3-server.pl']
+- all: ['tests/nghttpx.conf']
+
+Hyper:
+- all: ['lib/c-hyper.*']
+
+IMAP:
+- all: ['lib/imap*']
+
+LDAP:
+- all: ['lib/*ldap*']
+
+libcurl API:
+- all: ['docs/libcurl/ABI.md']
+- any: ['include/curl/**']
+
+MIME:
+- all: ['docs/libcurl/curl_mime_*']
+- all: ['docs/libcurl/opts/CURLOPT_MIME*']
+- all: ['lib/mime*']
+
+MQTT:
+- all: ['docs/MQTT.md']
+- all: ['lib/mqtt*']
+- all: ['tests/server/mqttd.c']
+
+name lookup:
+- all: ['docs/libcurl/opts/CURLINFO_NAMELOOKUP*']
+- all: ['docs/libcurl/opts/CURLOPT_DNS*']
+- all: ['docs/libcurl/opts/CURLOPT_DOH*']
+- all: ['docs/libcurl/opts/CURLOPT_RESOLVE*']
+- all: ['lib/asyn*']
+- all: ['lib/curl_gethostname.*']
+- all: ['lib/doh*']
+- all: ['lib/host*']
+- all: ['lib/idn*']
+- all: ['lib/inet_pton.*']
+- all: ['lib/socketpair*']
+- all: ['tests/server/resolve.c']
+
+POP3:
+- all: ['lib/pop3.*']
+
+RTMP:
+- all: ['lib/curl_rtmp.*']
+
+RTSP:
+- all: ['docs/libcurl/opts/CURLINFO_RTSP*']
+- all: ['docs/libcurl/opts/CURLOPT_RTSP*']
+- all: ['lib/rtsp.*']
+- all: ['tests/rtspserver.pl']
+- all: ['tests/server/rtspd.c']
+
+SCP/SFTP:
+- all: ['docs/libcurl/opts/CURLOPT_SSH*']
+- all: ['lib/vssh/**']
+- all: ['tests/sshhelp.pm']
+- all: ['tests/sshserver.pl']
+
+script:
+- all: ['**/*.pl']
+- all: ['**/*.sh']
+- all: ['curl-config.in']
+- all: ['docs/curl-config.1']
+- all: ['docs/mk-ca-bundle.1']
+- all: ['docs/THANKS-filter']
+- all: ['scripts/**']
+
+SMB:
+- all: ['lib/smb.*']
+- all: ['tests/smbserver.py']
+
+SMTP:
+- all: ['docs/libcurl/opts/CURLOPT_MAIL*']
+- all: ['lib/smtp.*']
+
+tests:
+- any: ['tests/**']
+
+TFTP:
+- all: ['lib/tftp.*']
+- all: ['tests/tftpserver.pl']
+- all: ['tests/server/tftp*']
+
+TLS:
+- all: ['docs/HYPER.md']
+- all: ['docs/SSL*']
+- all: ['docs/libcurl/opts/CURLINFO_CA*']
+- all: ['docs/libcurl/opts/CURLINFO_CERT*']
+- all: ['docs/libcurl/opts/CURLINFO_SSL*']
+- all: ['docs/libcurl/opts/CURLINFO_TLS*']
+- all: ['docs/libcurl/opts/CURLOPT_CA*']
+- all: ['docs/libcurl/opts/CURLOPT_CERT*']
+- all: ['docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY*']
+- all: ['docs/libcurl/opts/CURLOPT_SSL*']
+- all: ['docs/libcurl/opts/CURLOPT_TLS*']
+- all: ['docs/libcurl/opts/CURLOPT_USE_SSL*']
+- all: ['lib/vtls/**']
+
+URL:
+- all: ['**/urlapi*']
+- all: ['docs/libcurl/curl_url*']
+- all: ['docs/URL-SYNTAX.md']
+- all: ['include/curl/urlapi.h']
+- all: ['lib/urlapi*']
+- all: ['lib/url.*']
+
+WebSocket:
+- all: ['docs/WEBSOCKET.md*']
+- all: ['docs/libcurl/opts/CURLOPT_WS_*']
+- all: ['docs/libcurl/curl_ws_*']
+- all: ['include/curl/websockets.h']
+- all: ['lib/ws.*']
+
+Windows:
+- all: ['lib/*win32*']
+- all: ['lib/curl_multibyte.*']
+- all: ['lib/rename.*']
+- all: ['projects/**']
+- all: ['winbuild/**']
diff --git a/.github/lock.yml b/.github/lock.yml
index 41b99477c..ab30d2a82 100644
--- a/.github/lock.yml
+++ b/.github/lock.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/scripts/cleanspell.pl b/.github/scripts/cleanspell.pl
index 0b3b4279f..a9c85f2f3 100755
--- a/.github/scripts/cleanspell.pl
+++ b/.github/scripts/cleanspell.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/perl
-# Copyright (C) 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 #
diff --git a/.github/scripts/spellcheck.words b/.github/scripts/spellcheck.words
index 9f3906b80..1a7223e0f 100644
--- a/.github/scripts/spellcheck.words
+++ b/.github/scripts/spellcheck.words
@@ -1,4 +1,4 @@
-# Copyright (C) 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 #
@@ -20,6 +20,8 @@ AmigaOS
 AmiSSL
 anyauth
 anycast
+apache
+Apache
 API
 APIs
 APOP
@@ -135,6 +137,7 @@ CURLE
 CURLH
 curlimages
 curlrc
+curltest
 customizable
 CVE
 CVSS
@@ -265,6 +268,7 @@ GSKit
 gskit
 GSS
 GSSAPI
+GTFO
 Guenter
 Gunderson
 Gustafsson
@@ -294,6 +298,8 @@ hsts
 HTC
 html
 http
+httpd
+HTTPD
 HTTPAUTH
 httpget
 HttpGet
@@ -329,6 +335,9 @@ IoT
 ipadOS
 IPCXN
 IPv
+IPv4
+IPv4/6
+IPv6
 IRIs
 IRIX
 Itanium
@@ -573,8 +582,11 @@ PSL
 pthreads
 PTR
 ptr
+punycode
 py
 pycurl
+pytest
+Pytest
 QNX
 QoS
 Qubes
diff --git a/.github/scripts/spellcheck.yaml b/.github/scripts/spellcheck.yaml
index 1c6062822..4e4e13d48 100644
--- a/.github/scripts/spellcheck.yaml
+++ b/.github/scripts/spellcheck.yaml
@@ -1,4 +1,4 @@
-# Copyright (C) 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 #
diff --git a/.github/stale.yml b/.github/stale.yml
index ae4b35a85..dc239b56c 100644
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/workflows/appveyor-status.yml b/.github/workflows/appveyor-status.yml
index f2bdc32cd..9b638b52c 100644
--- a/.github/workflows/appveyor-status.yml
+++ b/.github/workflows/appveyor-status.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 674d1a5c9..c7f6107d5 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   schedule:
     - cron: '0 0 * * 4'
 
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index b08f5cf89..520be7635 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,28 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
diff --git a/.github/workflows/hacktoberfest-accepted.yml b/.github/workflows/hacktoberfest-accepted.yml
index 5a326539f..c78ff4e30 100644
--- a/.github/workflows/hacktoberfest-accepted.yml
+++ b/.github/workflows/hacktoberfest-accepted.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -32,8 +32,8 @@ jobs:
 
       - name: Check whether repo participates in Hacktoberfest
         run: |
-          gh config set prompt disabled && echo "::set-output name=label::$(
-            gh repo view --json repositoryTopics --jq '.repositoryTopics[].name' | grep '^hacktoberfest$')"
+          gh config set prompt disabled && echo "label=$(
+            gh repo view --json repositoryTopics --jq '.repositoryTopics[].name' | grep '^hacktoberfest$')" >> $GITHUB_OUTPUT
         id: check
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
new file mode 100644
index 000000000..baab1e42a
--- /dev/null
+++ b/.github/workflows/label.yml
@@ -0,0 +1,28 @@
+# Copyright (C) Daniel Fandrich, <dan@coneharvesters.com>, et al.
+#
+# SPDX-License-Identifier: curl
+
+# This workflow will triage pull requests and apply a label based on the
+# paths that are modified in the pull request.
+#
+# To use this workflow, you will need to set up a .github/labeler.yml
+# file with configuration.  For more information, see:
+# https://github.com/actions/labeler
+
+name: Labeler
+on: [pull_request_target]
+
+jobs:
+  label:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+        # Workaround for actions/labeler#112
+        sync-labels: ''
diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml
index 295384afb..18d12990b 100644
--- a/.github/workflows/linkcheck.yml
+++ b/.github/workflows/linkcheck.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index 92fed1ff7..bfef08e99 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
@@ -23,63 +43,69 @@ jobs:
   autotools:
     name: ${{ matrix.build.name }}
     runs-on: 'ubuntu-latest'
+    container: ${{ matrix.build.container }}
     timeout-minutes: 90
     strategy:
       fail-fast: false
       matrix:
         build:
+        - name: quiche
+          install_packages: zlib1g-dev
+          install_steps: quiche pytest
+          configure: LDFLAGS="-Wl,-rpath,/home/runner/work/curl/curl/quiche/target/release" --with-openssl=/home/runner/work/curl/curl/quiche/quiche/deps/boringssl/src --enable-debug --with-quiche=/home/runner/work/curl/curl/quiche/target/release
+
         - name: bearssl
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev
-          install_steps: bearssl
+          install_packages: zlib1g-dev
+          install_steps: bearssl pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/bear/lib" --with-bearssl=$HOME/bear --enable-debug
 
         - name: bearssl-clang
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev clang
+          install_packages: zlib1g-dev clang
           install_steps: bearssl
           configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/bear/lib" --with-bearssl=$HOME/bear --enable-debug
 
         - name: libressl
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev
-          install_steps: libressl
+          install_packages: zlib1g-dev
+          install_steps: libressl pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug
 
         - name: libressl-clang
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev clang
+          install_packages: zlib1g-dev clang
           install_steps: libressl
           configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug
 
         - name: mbedtls
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev libnghttp2-dev
-          install_steps: mbedtls
+          install_packages: libnghttp2-dev
+          install_steps: mbedtls pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/mbed/lib" --with-mbedtls=$HOME/mbed --enable-debug
 
         - name: mbedtls-clang
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev libnghttp2-dev clang
+          install_packages: libnghttp2-dev clang
           install_steps: mbedtls
           configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/mbed/lib" --with-mbedtls=$HOME/mbed --enable-debug
 
         - name: msh3
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev
+          install_packages: zlib1g-dev
           install_steps: quictls msh3
           configure: LDFLAGS="-Wl,-rpath,$HOME/msh3/lib -Wl,-rpath,$HOME/quictls/lib" --with-msh3=$HOME/msh3 --with-openssl=$HOME/quictls --enable-debug
 
         - name: openssl3
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev
-          install_steps: gcc-11 openssl3
+          install_packages: zlib1g-dev
+          install_steps: gcc-11 openssl3 pytest
           configure: LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib64" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
 
         - name: openssl3-O3
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev
+          install_packages: zlib1g-dev
           install_steps: gcc-11 openssl3
           configure: CFLAGS=-O3 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib64" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
 
         - name: openssl3-clang
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev clang
+          install_packages: zlib1g-dev clang
           install_steps: openssl3
           configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib64" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets
 
         - name: event-based
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev libssh-dev
+          install_packages: libssh-dev
           configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
           tflags: -n -e '!TLS-SRP'
 
@@ -88,31 +114,40 @@ jobs:
           configure: LDFLAGS="-Wl,-rpath,$HOME/hyper/target/debug" --with-openssl --with-hyper=$HOME/hyper --enable-debug --enable-websockets
 
         - name: rustls
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev
-          install_steps: rust rustls
+          install_steps: rust rustls pytest
           configure: --with-rustls=$HOME/rustls --enable-debug
 
         - name: Intel compiler - without SSL
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev
+          install_packages: zlib1g-dev
           install_steps: intel
           configure: CC=icc --enable-debug --without-ssl
 
         - name: Intel compiler - OpenSSL
-          install_packages: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libssl-dev
+          install_packages: zlib1g-dev libssl-dev
           install_steps: intel
           configure: CC=icc --enable-debug --with-openssl
 
         - name: NSS
-          install_packages: clang libnss3-dev libpsl-dev libbrotli-dev libzstd-dev libnghttp2-dev nss-plugin-pem
+          install_packages: clang libnss3-dev libnghttp2-dev nss-plugin-pem
           configure: CC=clang CPPFLAGS="-isystem /usr/include/nss" --with-nss --enable-debug --with-nss-deprecated
 
+        - name: Slackware-openssl-with-gssapi-gcc
+          # These are essentially the same flags used to build the curl Slackware package
+          # https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild
+          configure: --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs
+          # Docker Hub image that `container-job` executes in
+          container: 'andy5995/slackware-build-essential:15.0'
+
     steps:
-    - run: |
+    - if: ${{ matrix.build.container == null }}
+      run: |
         sudo apt-get update
-        sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install_packages }}
+        sudo apt-get install libtool autoconf automake pkg-config stunnel4 libpsl-dev libbrotli-dev libzstd-dev ${{ matrix.build.install_packages }}
         sudo python3 -m pip install impacket
       name: 'install prereqs and impacket'
 
+    - uses: actions/checkout@v3
+
     - if: ${{ contains(matrix.build.install_steps, 'gcc-11') }}
       run: |
         sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa
@@ -125,7 +160,7 @@ jobs:
 
     - if: ${{ contains(matrix.build.install_steps, 'bearssl') }}
       run: |
-        curl -LO https://bearssl.org/bearssl-0.6.tar.gz
+        curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://bearssl.org/bearssl-0.6.tar.gz
         tar -xzf bearssl-0.6.tar.gz
         cd bearssl-0.6
         make
@@ -136,16 +171,37 @@ jobs:
 
     - if: ${{ contains(matrix.build.install_steps, 'libressl') }}
       run: |
-        git clone --depth=1 -b v3.5.3 https://github.com/libressl-portable/portable.git libressl-git
+        git clone --depth=1 -b v3.6.1 https://github.com/libressl-portable/portable.git libressl-git
         cd libressl-git
         ./autogen.sh
         ./configure --prefix=$HOME/libressl
         make install
       name: 'install libressl'
 
+    - if: ${{ contains(matrix.build.install_steps, 'quiche') }}
+      run: |
+        git clone --depth=1 --recursive https://github.com/cloudflare/quiche.git
+        cd quiche
+        #### Work-around https://github.com/curl/curl/issues/7927 #######
+        #### See https://github.com/alexcrichton/cmake-rs/issues/131 ####
+        sed -i -e 's/cmake = "0.1"/cmake = "=0.1.45"/' quiche/Cargo.toml
+
+        # /home/runner/work/curl/curl/boringssl
+
+        cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog --verbose
+        mkdir -v quiche/deps/boringssl/src/lib
+        ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/
+
+        # include dir
+        # /home/runner/work/curl/curl/quiche/quiche/deps/boringssl/src/include
+        # lib dir
+        # /home/runner/work/curl/curl/quiche/quiche/deps/boringssl/src/lib
+
+      name: 'build quiche and boringssl'
+
     - if: ${{ contains(matrix.build.install_steps, 'mbedtls') }}
       run: |
-        git clone --depth=1 -b v3.1.0 https://github.com/ARMmbed/mbedtls
+        git clone --depth=1 -b v3.3.0 https://github.com/ARMmbed/mbedtls
         cd mbedtls
         make DESTDIR=$HOME/mbed install
       name: 'install mbedtls'
@@ -160,7 +216,7 @@ jobs:
 
     - if: ${{ contains(matrix.build.install_steps, 'quictls') }}
       run: |
-        git clone --depth=1 -b OpenSSL_1_1_1j+quic https://github.com/quictls/openssl
+        git clone --depth=1 -b OpenSSL_1_1_1t+quic https://github.com/quictls/openssl
         cd openssl
         ./config enable-tls1_3 --prefix=$HOME/quictls
         make install_sw
@@ -168,7 +224,7 @@ jobs:
 
     - if: ${{ contains(matrix.build.install_steps, 'msh3') }}
       run: |
-        git clone --depth=1 --recursive https://github.com/nibanks/msh3
+        git clone -b v0.6.0 --depth=1 --recursive https://github.com/nibanks/msh3
         cd msh3 && mkdir build && cd build
         cmake -G 'Unix Makefiles' -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=$HOME/msh3 ..
         cmake --build .
@@ -178,14 +234,14 @@ jobs:
     - if: ${{ contains(matrix.build.install_steps, 'rust') }}
       run: |
         cd $HOME
-        curl https://sh.rustup.rs -sSf | sh -s -- -y
+        curl -sSf --compressed https://sh.rustup.rs/ | sh -s -- -y
         source $HOME/.cargo/env
         rustup toolchain install nightly
       name: 'install rust'
 
     - if: ${{ contains(matrix.build.install_steps, 'rustls') }}
       run: |
-        git clone --depth=1 -b v0.8.2 --recursive https://github.com/rustls/rustls-ffi.git
+        git clone --depth=1 -b v0.9.2 --recursive https://github.com/rustls/rustls-ffi.git
         cd rustls-ffi
         make DESTDIR=$HOME/rustls install
       name: 'install rustls'
@@ -202,14 +258,24 @@ jobs:
     - if: ${{ contains(matrix.build.install_steps, 'intel') }}
       run: |
         cd /tmp
-        curl https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | sudo apt-key add -
+        curl -sSf --compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | sudo apt-key add -
         sudo add-apt-repository "deb https://apt.repos.intel.com/oneapi all main"
         sudo apt install --no-install-recommends intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic
         source /opt/intel/oneapi/setvars.sh
         printenv >> $GITHUB_ENV
       name: 'install Intel compilers'
 
-    - uses: actions/checkout@v3
+    - if: ${{ contains(matrix.build.install_steps, 'pytest') }}
+      run: |
+        sudo apt-get install apache2 apache2-dev libnghttp2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install pytest and apach2-dev mod-h2'
 
     - run: autoreconf -fi
       name: 'autoreconf'
@@ -230,3 +296,12 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    - if: ${{ contains(matrix.build.install_steps, 'pytest') }}
+      # run for `tests` directory, so pytest does not pick up any other
+      # packages we might have built here
+      run:
+        pytest tests
+      name: 'run pytest'
+      env:
+        TFLAGS: "${{ matrix.build.tflags }}"
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 4d4847fd0..6733c8932 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
@@ -19,6 +39,9 @@ concurrency:
 
 permissions: {}
 
+env:
+  DEVELOPER_DIR: /Applications/Xcode_14.0.1.app/Contents/Developer
+
 jobs:
   autotools:
     name: ${{ matrix.build.name }}
@@ -89,7 +112,7 @@ jobs:
     # Run this command with retries because of spurious failures seen
     # while running the tests, for example
     # https://github.com/curl/curl/runs/4095721123?check_suite_focus=true
-    - run: brew update && for i in 1 2 3; do brew bundle install --no-lock --file /tmp/Brewfile && break || sleep 1; done
+    - run: "while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; false; } done; false Too many retries; done"
       name: 'brew install'
 
     - run: python3 -m pip install impacket
@@ -131,8 +154,8 @@ jobs:
         - CC: clang
           CXX: clang++
           CFLAGS: "-mmacosx-version-min=10.15 -Wno-deprecated-declarations"
-        - CC: gcc-11
-          CXX: g++-11
+        - CC: gcc-12
+          CXX: g++-12
           CFLAGS: "-mmacosx-version-min=10.15 -Wno-error=undef -Wno-error=conversion"
         build:
         - name: OpenSSL
@@ -148,7 +171,7 @@ jobs:
     - run: echo libtool autoconf automake pkg-config ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
       name: 'brew bundle'
 
-    - run: brew update && brew bundle install --no-lock --file /tmp/Brewfile
+    - run: "while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; false; } done; false Too many retries; done"
       name: 'brew install'
 
     - run: python3 -m pip install impacket
diff --git a/.github/workflows/ngtcp2-gnutls.yml b/.github/workflows/ngtcp2-gnutls.yml
index 96e21a49b..c80fd151b 100644
--- a/.github/workflows/ngtcp2-gnutls.yml
+++ b/.github/workflows/ngtcp2-gnutls.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   # Hardcoded workflow filename as workflow name above is just Linux again
@@ -50,11 +70,12 @@ jobs:
     - run: |
         sudo apt-get update
         sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }}
-        sudo python3 -m pip install impacket
-      name: 'install prereqs and impacket'
+        sudo apt-get install apache2 apache2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+      name: 'install prereqs and impacket, pytest, crypto'
 
     - run: |
-        git clone --depth=1 -b openssl-3.0.7+quic https://github.com/quictls/openssl
+        git clone --depth=1 -b openssl-3.0.8+quic https://github.com/quictls/openssl
         cd openssl
         ./config --prefix=$HOME/all --libdir=$HOME/all/lib
         make install_sw
@@ -69,7 +90,7 @@ jobs:
       name: 'install nettle'
 
     - run: |
-        git clone --depth=1 -b 3.7.7 https://github.com/gnutls/gnutls.git
+        git clone --depth=1 -b 3.8.0 https://github.com/gnutls/gnutls.git
         cd gnutls
         ./bootstrap
         ./configure ${{ matrix.build.gnutls-configure }} --prefix=$HOME/all
@@ -77,7 +98,7 @@ jobs:
       name: 'install gnutls'
 
     - run: |
-        git clone --depth=1 https://github.com/ngtcp2/nghttp3
+        git clone --depth=1 -b v0.8.0 https://github.com/ngtcp2/nghttp3
         cd nghttp3
         autoreconf -fi
         ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-lib-only
@@ -85,7 +106,7 @@ jobs:
       name: 'install nghttp3'
 
     - run: |
-        git clone --depth=1 https://github.com/ngtcp2/ngtcp2
+        git clone --depth=1 -b v0.13.1 https://github.com/ngtcp2/ngtcp2
         cd ngtcp2
         autoreconf -fi
         ./configure ${{ matrix.build.ngtcp2-configure }} --with-openssl --with-gnutls
@@ -93,13 +114,22 @@ jobs:
       name: 'install ngtcp2'
 
     - run: |
-        git clone --depth=1 https://github.com/nghttp2/nghttp2
+        git clone --depth=1 -b v1.52.0 https://github.com/nghttp2/nghttp2
         cd nghttp2
         autoreconf -fi
         ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-http3
         make install
       name: 'install nghttp2'
 
+    - run: |
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install mod_h2'
+
     - uses: actions/checkout@v3
 
     - run: autoreconf -fi
@@ -121,3 +151,8 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    - run: pytest -v
+      name: 'run pytest'
+      env:
+        TFLAGS: "${{ matrix.build.tflags }}"
diff --git a/.github/workflows/ngtcp2-quictls.yml b/.github/workflows/ngtcp2-quictls.yml
index 0662dea78..60b406fc6 100644
--- a/.github/workflows/ngtcp2-quictls.yml
+++ b/.github/workflows/ngtcp2-quictls.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   # Hardcoded workflow filename as workflow name above is just Linux again
@@ -41,18 +61,19 @@ jobs:
     - run: |
         sudo apt-get update
         sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }}
-        sudo python3 -m pip install impacket
-      name: 'install prereqs and impacket'
+        sudo apt-get install apache2 apache2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+      name: 'install prereqs and impacket, pytest, crypto'
 
     - run: |
-        git clone --depth=1 -b openssl-3.0.7+quic https://github.com/quictls/openssl
+        git clone --depth=1 -b openssl-3.0.8+quic https://github.com/quictls/openssl
         cd openssl
         ./config --prefix=$HOME/all --libdir=$HOME/all/lib
         make install_sw
       name: 'install quictls'
 
     - run: |
-        git clone --depth=1 https://github.com/ngtcp2/nghttp3
+        git clone --depth=1 -b v0.8.0 https://github.com/ngtcp2/nghttp3
         cd nghttp3
         autoreconf -fi
         ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-lib-only
@@ -60,7 +81,7 @@ jobs:
       name: 'install nghttp3'
 
     - run: |
-        git clone --depth=1 https://github.com/ngtcp2/ngtcp2
+        git clone --depth=1 -b v0.13.1 https://github.com/ngtcp2/ngtcp2
         cd ngtcp2
         autoreconf -fi
         ./configure ${{ matrix.build.ngtcp2-configure }} --with-openssl
@@ -68,13 +89,22 @@ jobs:
       name: 'install ngtcp2'
 
     - run: |
-        git clone --depth=1 https://github.com/nghttp2/nghttp2
+        git clone --depth=1 -b v1.52.0 https://github.com/nghttp2/nghttp2
         cd nghttp2
         autoreconf -fi
         ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-http3
         make install
       name: 'install nghttp2'
 
+    - run: |
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install mod_h2'
+
     - uses: actions/checkout@v3
 
     - run: autoreconf -fi
@@ -96,3 +126,9 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    - run: pytest -v
+      name: 'run pytest'
+      env:
+        TFLAGS: "${{ matrix.build.tflags }}"
+
diff --git a/.github/workflows/ngtcp2-wolfssl.yml b/.github/workflows/ngtcp2-wolfssl.yml
index 15de87ae7..3cfcdd208 100644
--- a/.github/workflows/ngtcp2-wolfssl.yml
+++ b/.github/workflows/ngtcp2-wolfssl.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   # Hardcoded workflow filename as workflow name above is just Linux again
@@ -39,15 +59,15 @@ jobs:
           ngtcp2-configure: >-
             --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-lib-only
           wolfssl-configure: >-
-            --enable-quic --enable-session-ticket --enable-earlydata --enable-psk
-            --enable-harden --enable-altcertchains
+            --enable-all --enable-quic
 
     steps:
     - run: |
         sudo apt-get update
         sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }}
-        sudo python3 -m pip install impacket
-      name: 'install prereqs and impacket'
+        sudo apt-get install apache2 apache2-dev
+        sudo python3 -m pip install impacket pytest cryptography multipart
+      name: 'install prereqs and impacket, pytest, crypto'
 
     - run: |
         git clone https://github.com/wolfSSL/wolfssl.git
@@ -58,14 +78,14 @@ jobs:
       name: 'install wolfssl'
 
     - run: |
-        git clone --depth=1 -b openssl-3.0.7+quic https://github.com/quictls/openssl
+        git clone --depth=1 -b openssl-3.0.8+quic https://github.com/quictls/openssl
         cd openssl
         ./config --prefix=$HOME/all --libdir=$HOME/all/lib
         make install_sw
       name: 'install quictls'
 
     - run: |
-        git clone --depth=1 https://github.com/ngtcp2/nghttp3
+        git clone --depth=1 -b v0.8.0 https://github.com/ngtcp2/nghttp3
         cd nghttp3
         autoreconf -fi
         ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-lib-only
@@ -73,7 +93,7 @@ jobs:
       name: 'install nghttp3'
 
     - run: |
-        git clone --depth=1 https://github.com/ngtcp2/ngtcp2
+        git clone --depth=1 -b v0.13.1 https://github.com/ngtcp2/ngtcp2
         cd ngtcp2
         autoreconf -fi
         ./configure ${{ matrix.build.ngtcp2-configure }} --with-openssl  --with-wolfssl
@@ -81,13 +101,22 @@ jobs:
       name: 'install ngtcp2'
 
     - run: |
-        git clone --depth=1 https://github.com/nghttp2/nghttp2
+        git clone --depth=1 -b v1.52.0 https://github.com/nghttp2/nghttp2
         cd nghttp2
         autoreconf -fi
         ./configure --prefix=$HOME/all PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig" --enable-http3
         make install
       name: 'install nghttp2'
 
+    - run: |
+        git clone --depth=1 -b master https://github.com/icing/mod_h2
+        cd mod_h2
+        autoreconf -fi
+        ./configure PKG_CONFIG_PATH="$HOME/all/lib/pkgconfig"
+        make
+        sudo make install
+      name: 'install mod_h2'
+
     - uses: actions/checkout@v3
 
     - run: autoreconf -fi
@@ -109,3 +138,10 @@ jobs:
       name: 'run tests'
       env:
         TFLAGS: "${{ matrix.build.tflags }}"
+
+    # Disabled for now, we see spurious SSL_connect() errors when talking
+    # http/1.1 to apache and this, so far, is not reproducable in local testing
+    #- run: pytest -v
+    #  name: 'run pytest'
+    #  env:
+    #    TFLAGS: "${{ matrix.build.tflags }}"
diff --git a/.github/workflows/proselint.yml b/.github/workflows/proselint.yml
index 7f723dec0..01a7cf5c7 100644
--- a/.github/workflows/proselint.yml
+++ b/.github/workflows/proselint.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index 13e2f0074..95ad6e929 100644
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 # SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. <https://fsfe.org>
 #
 # SPDX-License-Identifier: curl
diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
index 9c1808a77..65a7da10c 100644
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -11,7 +11,9 @@ on:
     - '**.md'
     - '**.3'
     - '**.1'
-    - '.github/**'
+    - '**/spellcheck.yml'
+    - '**/spellcheck.yaml'
+    - '**/wordlist.txt'
   pull_request:
     branches:
     - master
@@ -19,7 +21,9 @@ on:
     - '**.md'
     - '**.3'
     - '**.1'
-    - '.github/**'
+    - '**/spellcheck.yml'
+    - '**/spellcheck.yaml'
+    - '**/wordlist.txt'
 
 permissions: {}
 
@@ -44,8 +48,7 @@ jobs:
     - name: setup the custom wordlist
       run: grep -v '^#' .github/scripts/spellcheck.words >  wordlist.txt
 
-    - name: setup the spellcheck config
-      run: cp .github/scripts/spellcheck.yaml .
-
     - name: Check Spelling
-      uses: UnicornGlobal/spellcheck-github-actions@master
+      uses: rojopolis/spellcheck-github-actions@v0
+      with:
+        config_path: .github/scripts/spellcheck.yaml
diff --git a/.github/workflows/torture.yml b/.github/workflows/torture.yml
index 4c9a78919..612ad6a4a 100644
--- a/.github/workflows/torture.yml
+++ b/.github/workflows/torture.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   # Hardcoded workflow filename as workflow name above is just Linux again
@@ -31,7 +51,7 @@ jobs:
         build:
         - name: torture
           install: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev
-          configure: --with-openssl --enable-debug --enable-ares
+          configure: --with-openssl --enable-debug --enable-ares --enable-websockets
           tflags: -n -t --shallow=25 !FTP
         - name: torture-ftp
           install: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev
diff --git a/.github/workflows/wolfssl.yml b/.github/workflows/wolfssl.yml
index f91057372..86d859e6a 100644
--- a/.github/workflows/wolfssl.yml
+++ b/.github/workflows/wolfssl.yml
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
@@ -9,9 +9,29 @@ on:
     branches:
     - master
     - '*/ci'
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
   pull_request:
     branches:
     - master
+    paths-ignore:
+    - '**/*.md'
+    - '.azure-pipelines.yml'
+    - '.circleci/**'
+    - '.cirrus.yml'
+    - 'appveyor.yml'
+    - 'packages/**'
+    - 'plan9/**'
+    - 'projects/**'
+    - 'winbuild/**'
 
 concurrency:
   # Hardcoded workflow filename as workflow name above is just Linux again
@@ -46,9 +66,10 @@ jobs:
       name: 'install prereqs and impacket'
 
     - run: |
-        curl -LO https://github.com/wolfSSL/wolfssl/archive/v5.0.0-stable.tar.gz
-        tar -xzf v5.0.0-stable.tar.gz
-        cd wolfssl-5.0.0-stable
+        WOLFSSL_VER=5.5.4
+        curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v$WOLFSSL_VER-stable.tar.gz
+        tar -xzf v$WOLFSSL_VER-stable.tar.gz
+        cd wolfssl-$WOLFSSL_VER-stable
         ./autogen.sh
         ./configure --enable-tls13 ${{ matrix.build.wolfssl-configure }} --enable-harden --prefix=$HOME/wssl
         make install
diff --git a/.gitignore b/.gitignore
index 4198d13a4..7ac6cc28c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/.lift/config.toml b/.lift/config.toml
index 66bcb5ebf..e9dc0332e 100644
--- a/.lift/config.toml
+++ b/.lift/config.toml
@@ -1,7 +1,7 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
-ignoreRules = [ "DEAD_STORE" ]
+ignoreRules = [ "DEAD_STORE", "subprocess_without_shell_equals_true" ]
 build = "make"
 setup = ".lift/setup.sh"
diff --git a/.lift/setup.sh b/.lift/setup.sh
index 226d58501..aa6ff4f4d 100755
--- a/.lift/setup.sh
+++ b/.lift/setup.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 autoreconf -fi
diff --git a/.mailmap b/.mailmap
index cd11994aa..3e5b4d963 100644
--- a/.mailmap
+++ b/.mailmap
@@ -102,3 +102,4 @@ bsergean on github <bsergean@gmail.com>
 Stefan Eissing <stefan@eissing.org> <stefan.eissing@greenbytes.de>
 Michael Musset <mickamusset@gmail.com>
 Andy Alt <arch_stanton5995@protonmail.com>
+Thomas1664 on github <46387399+Thomas1664@users.noreply.github.com>
diff --git a/.reuse/dep5 b/.reuse/dep5
index 5e20df738..773de32dd 100644
--- a/.reuse/dep5
+++ b/.reuse/dep5
@@ -5,98 +5,94 @@ Source: https://curl.se
 
 # Tests
 Files: tests/data/test* tests/certs/* tests/stunnel.pem tests/valgrind.supp
-Copyright: 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 # Markdown documentation in docs/
 Files: docs/*.md
-Copyright: 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 # Docs in docs/
 Files: docs/FAQ docs/INSTALL docs/INSTALL.cmake docs/KNOWN_BUGS docs/MAIL-ETIQUETTE docs/THANKS docs/TODO docs/cmdline-opts/page-footer docs/libcurl/curl_multi_socket_all.3 docs/libcurl/curl_strnequal.3 docs/libcurl/symbols-in-versions docs/options-in-versions
-Copyright: 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 # Windows
 Files: projects/Windows/*
-Copyright: 2014 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 # Single files we do not want to edit directly
 Files: CHANGES
-Copyright: 2019 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: GIT-INFO
-Copyright: 2010 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: RELEASE-NOTES
-Copyright: 2003 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 # checksrc control files
 Files: lib/.checksrc docs/examples/.checksrc tests/libtest/.checksrc
-Copyright: 2021 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: lib/libcurl.plist.in
-Copyright: 2022 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: lib/libcurl.vers.in
-Copyright: 2011 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: mlc_config.json
-Copyright: 2022 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: packages/OS400/README.OS400
-Copyright: 2007 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
-License: curl
-
-Files: packages/README
-Copyright: 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: packages/vms/build_vms.com
-Copyright: 2004 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: packages/vms/curl_release_note_start.txt
-Copyright: 2013 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: packages/vms/curlmsg.sdl
-Copyright: 2004 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: packages/vms/macro32_exactcase.patch
-Copyright: 2013 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: packages/vms/readme
-Copyright: 2004 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: plan9/README
-Copyright: 2020 - 2020 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: projects/wolfssl_override.props
-Copyright: 2015 - 2018 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: README
-Copyright: 1999 - 2021 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: .github/ISSUE_TEMPLATE/bug_report.md
-Copyright: 2020 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
 
 Files: .mailmap
-Copyright: 2017 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright: Daniel Stenberg, <daniel@haxx.se>, et al.
 License: curl
diff --git a/CMake/CMakeConfigurableFile.in b/CMake/CMakeConfigurableFile.in
index b93e7539a..a3d2bc4a2 100644
--- a/CMake/CMakeConfigurableFile.in
+++ b/CMake/CMakeConfigurableFile.in
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/CurlSymbolHiding.cmake b/CMake/CurlSymbolHiding.cmake
index 75215a122..142e91944 100644
--- a/CMake/CurlSymbolHiding.cmake
+++ b/CMake/CurlSymbolHiding.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/CurlTests.c b/CMake/CurlTests.c
index 6a9fdea09..3dbba3cbb 100644
--- a/CMake/CurlTests.c
+++ b/CMake/CurlTests.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/CMake/FindBearSSL.cmake b/CMake/FindBearSSL.cmake
index 88d5e87ad..56a064eac 100644
--- a/CMake/FindBearSSL.cmake
+++ b/CMake/FindBearSSL.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindBrotli.cmake b/CMake/FindBrotli.cmake
index 833e1811a..11ab7f825 100644
--- a/CMake/FindBrotli.cmake
+++ b/CMake/FindBrotli.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -28,7 +28,7 @@ find_path(BROTLI_INCLUDE_DIR "brotli/decode.h")
 find_library(BROTLICOMMON_LIBRARY NAMES brotlicommon)
 find_library(BROTLIDEC_LIBRARY NAMES brotlidec)
 
-find_package_handle_standard_args(BROTLI
+find_package_handle_standard_args(Brotli
     FOUND_VAR
       BROTLI_FOUND
     REQUIRED_VARS
@@ -36,7 +36,7 @@ find_package_handle_standard_args(BROTLI
       BROTLICOMMON_LIBRARY
       BROTLI_INCLUDE_DIR
     FAIL_MESSAGE
-      "Could NOT find BROTLI"
+      "Could NOT find Brotli"
 )
 
 set(BROTLI_INCLUDE_DIRS ${BROTLI_INCLUDE_DIR})
diff --git a/CMake/FindCARES.cmake b/CMake/FindCARES.cmake
index 99cf31d91..fa7589118 100644
--- a/CMake/FindCARES.cmake
+++ b/CMake/FindCARES.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake
index ec2bd57ba..b244e610e 100644
--- a/CMake/FindGSS.cmake
+++ b/CMake/FindGSS.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -181,14 +181,14 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac
         set(GSS_FLAVOUR "MIT")
       else()
         # prevent compiling the header - just check if we can include it
-        set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__")
+        list(APPEND CMAKE_REQUIRED_DEFINITIONS -D__ROKEN_H__)
         check_include_file( "roken.h" _GSS_HAVE_ROKEN_H)
 
         check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H)
         if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H)
           set(GSS_FLAVOUR "Heimdal")
         endif()
-        set(CMAKE_REQUIRED_DEFINITIONS "")
+        list(REMOVE_ITEM CMAKE_REQUIRED_DEFINITIONS -D__ROKEN_H__)
       endif()
     else()
       # I'm not convinced if this is the right way but this is what autotools do at the moment
diff --git a/CMake/FindLibPSL.cmake b/CMake/FindLibPSL.cmake
index 66abdd79a..e3bd68d1d 100644
--- a/CMake/FindLibPSL.cmake
+++ b/CMake/FindLibPSL.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindLibSSH2.cmake b/CMake/FindLibSSH2.cmake
index 0ec7f7e3b..a0c251ae3 100644
--- a/CMake/FindLibSSH2.cmake
+++ b/CMake/FindLibSSH2.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindMSH3.cmake b/CMake/FindMSH3.cmake
index 96477e282..7d9c6b654 100644
--- a/CMake/FindMSH3.cmake
+++ b/CMake/FindMSH3.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindMbedTLS.cmake b/CMake/FindMbedTLS.cmake
index fcd6717f6..814bd97da 100644
--- a/CMake/FindMbedTLS.cmake
+++ b/CMake/FindMbedTLS.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindNGHTTP2.cmake b/CMake/FindNGHTTP2.cmake
index 6d70c4a04..3957646c4 100644
--- a/CMake/FindNGHTTP2.cmake
+++ b/CMake/FindNGHTTP2.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindNGHTTP3.cmake b/CMake/FindNGHTTP3.cmake
index 8d8ebc1b1..9b13e6c6f 100644
--- a/CMake/FindNGHTTP3.cmake
+++ b/CMake/FindNGHTTP3.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindNGTCP2.cmake b/CMake/FindNGTCP2.cmake
index 61e54c2d6..ff0d49e33 100644
--- a/CMake/FindNGTCP2.cmake
+++ b/CMake/FindNGTCP2.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -71,7 +71,7 @@ endif()
 if(NGTCP2_FIND_COMPONENTS)
   set(NGTCP2_CRYPTO_BACKEND "")
   foreach(component IN LISTS NGTCP2_FIND_COMPONENTS)
-    if(component MATCHES "^(BoringSSL|OpenSSL|GnuTLS)")
+    if(component MATCHES "^(BoringSSL|OpenSSL|wolfSSL|GnuTLS)")
       if(NGTCP2_CRYPTO_BACKEND)
         message(FATAL_ERROR "NGTCP2: Only one crypto library can be selected")
       endif()
diff --git a/CMake/FindNSS.cmake b/CMake/FindNSS.cmake
index 6742dda83..ccddf422a 100644
--- a/CMake/FindNSS.cmake
+++ b/CMake/FindNSS.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindQUICHE.cmake b/CMake/FindQUICHE.cmake
index fc47027d7..0488463d5 100644
--- a/CMake/FindQUICHE.cmake
+++ b/CMake/FindQUICHE.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindWolfSSL.cmake b/CMake/FindWolfSSL.cmake
index 986f01e00..d67c0eb24 100644
--- a/CMake/FindWolfSSL.cmake
+++ b/CMake/FindWolfSSL.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/FindZstd.cmake b/CMake/FindZstd.cmake
index 2d6540443..973e6ad4a 100644
--- a/CMake/FindZstd.cmake
+++ b/CMake/FindZstd.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/Macros.cmake b/CMake/Macros.cmake
index 4d7380eb5..e12bf303f 100644
--- a/CMake/Macros.cmake
+++ b/CMake/Macros.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/OtherTests.cmake b/CMake/OtherTests.cmake
index ed8d28a21..fa1e458e6 100644
--- a/CMake/OtherTests.cmake
+++ b/CMake/OtherTests.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/Platforms/WindowsCache.cmake b/CMake/Platforms/WindowsCache.cmake
index 3cb4ffec3..37712377e 100644
--- a/CMake/Platforms/WindowsCache.cmake
+++ b/CMake/Platforms/WindowsCache.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -29,7 +29,6 @@ if(NOT UNIX)
 
     set(HAVE_ARPA_INET_H 0)
     set(HAVE_FCNTL_H 1)
-    set(HAVE_INTTYPES_H 0)
     set(HAVE_IO_H 1)
     set(HAVE_NETDB_H 0)
     set(HAVE_NETINET_IN_H 0)
@@ -37,7 +36,6 @@ if(NOT UNIX)
     set(HAVE_PWD_H 0)
     set(HAVE_SETJMP_H 1)
     set(HAVE_SIGNAL_H 1)
-    set(HAVE_STDINT_H 0)
     set(HAVE_STDLIB_H 1)
     set(HAVE_STRINGS_H 0)
     set(HAVE_STRING_H 1)
diff --git a/CMake/Utilities.cmake b/CMake/Utilities.cmake
index 78bfd6ffe..9ff38e3a0 100644
--- a/CMake/Utilities.cmake
+++ b/CMake/Utilities.cmake
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/cmake_uninstall.cmake.in b/CMake/cmake_uninstall.cmake.in
index 55801f507..47aec8d42 100644
--- a/CMake/cmake_uninstall.cmake.in
+++ b/CMake/cmake_uninstall.cmake.in
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMake/curl-config.cmake.in b/CMake/curl-config.cmake.in
index 496a92d0e..dbe4ed210 100644
--- a/CMake/curl-config.cmake.in
+++ b/CMake/curl-config.cmake.in
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b43520751..ed60f07bc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -52,7 +52,7 @@
 #   HAVE_RAND_EGD: `RAND_egd` present in OpenSSL
 #   HAVE_BORINGSSL: OpenSSL is BoringSSL
 #   HAVE_PK11_CREATEMANAGEDGENERICOBJECTL: `PK11_CreateManagedGenericObject` present in NSS
-#   HAVE_SSL_CTX_SET_QUIC_METHOD: `SSL_CTX_set_quic_method` present in OpenSSL
+#   HAVE_SSL_CTX_SET_QUIC_METHOD: `SSL_CTX_set_quic_method` present in OpenSSL/wolfSSL
 #   HAVE_QUICHE_CONN_SET_QLOG_FD: `quiche_conn_set_qlog_fd` present in QUICHE
 #   HAVE_ZSTD_CREATEDSTREAM: `ZSTD_createDStream` present in Zstd
 #
@@ -60,7 +60,7 @@
 # to ON or OFF), the symbol detection will be skipped.  If the
 # variable is NOT DEFINED, the symbol detection will be performed.
 
-cmake_minimum_required(VERSION 3.2...3.16 FATAL_ERROR)
+cmake_minimum_required(VERSION 3.7...3.16 FATAL_ERROR)
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
 include(Utilities)
@@ -107,7 +107,7 @@ if(WIN32)
   set(CURL_TARGET_WINDOWS_VERSION "" CACHE STRING "Minimum target Windows version as hex string")
   if(CURL_TARGET_WINDOWS_VERSION)
     add_definitions(-D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION})
-    set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}")
+    list(APPEND CMAKE_REQUIRED_DEFINITIONS -D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION})
     set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}")
   endif()
   if(ENABLE_UNICODE)
@@ -333,7 +333,7 @@ include(CheckCSourceCompiles)
 
 # On windows preload settings
 if(WIN32)
-  set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_=")
+  list(APPEND CMAKE_REQUIRED_DEFINITIONS -D_WINSOCKAPI_=)
   include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake)
 endif()
 
@@ -358,24 +358,6 @@ if(WIN32)
   check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
 endif()
 
-# This check below for use of deprecated symbols is only temporary and is to
-# be removed again after a year's service. Remove after November 25, 2022.
-set(CURL_RECONFIG_REQUIRED 0)
-foreach(_LIB GSSAPI OPENLDAP LIBSSH LIBSSH2 BEARSSL MBEDTLS NSS OPENSSL
-        SCHANNEL SECTRANSP WOLFSSL)
-  if(CMAKE_USE_${_LIB})
-    set(CURL_RECONFIG_REQUIRED 1)
-    message(SEND_ERROR "The option CMAKE_USE_${_LIB} was renamed to CURL_USE_${_LIB}.")
-  endif()
-endforeach()
-if(CMAKE_USE_WINSSL)
-  set(CURL_RECONFIG_REQUIRED 1)
-  message(SEND_ERROR "The option CMAKE_USE_WINSSL was renamed to CURL_USE_SCHANNEL.")
-endif()
-if(CURL_RECONFIG_REQUIRED)
-  message(FATAL_ERROR "Reconfig required")
-endif()
-
 # check SSL libraries
 # TODO support GnuTLS
 option(CURL_ENABLE_SSL "Enable SSL support" ON)
@@ -385,7 +367,7 @@ if(APPLE)
 endif()
 if(WIN32)
   cmake_dependent_option(CURL_USE_SCHANNEL "enable Windows native SSL/TLS" OFF CURL_ENABLE_SSL OFF)
-  cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON
+  cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without OpenSSL" ON
     CURL_USE_SCHANNEL OFF)
 endif()
 cmake_dependent_option(CURL_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
@@ -420,7 +402,6 @@ if(CURL_USE_SCHANNEL)
 endif()
 if(CURL_WINDOWS_SSPI)
   set(USE_WINDOWS_SSPI ON)
-  set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DSECURITY_WIN32")
 endif()
 
 if(CURL_USE_SECTRANSP)
@@ -445,6 +426,58 @@ if(use_core_foundation)
   list(APPEND CURL_LIBS "-framework CoreFoundation")
 endif()
 
+# Keep compression lib detection before TLS detection, which
+# might depend on it.
+
+set(HAVE_LIBZ OFF)
+set(USE_ZLIB OFF)
+optional_dependency(ZLIB)
+if(ZLIB_FOUND)
+  set(HAVE_LIBZ ON)
+  set(USE_ZLIB ON)
+
+  # Depend on ZLIB via imported targets if supported by the running
+  # version of CMake.  This allows our dependents to get our dependencies
+  # transitively.
+  if(NOT CMAKE_VERSION VERSION_LESS 3.4)
+    list(APPEND CURL_LIBS ZLIB::ZLIB)
+  else()
+    list(APPEND CURL_LIBS ${ZLIB_LIBRARIES})
+    include_directories(${ZLIB_INCLUDE_DIRS})
+  endif()
+  list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS})
+endif()
+
+option(CURL_BROTLI "Set to ON to enable building curl with brotli support." OFF)
+set(HAVE_BROTLI OFF)
+if(CURL_BROTLI)
+  find_package(Brotli QUIET)
+  if(BROTLI_FOUND)
+    set(HAVE_BROTLI ON)
+    list(APPEND CURL_LIBS ${BROTLI_LIBRARIES})
+    include_directories(${BROTLI_INCLUDE_DIRS})
+    list(APPEND CMAKE_REQUIRED_INCLUDES ${BROTLI_INCLUDE_DIRS})
+  endif()
+endif()
+
+option(CURL_ZSTD "Set to ON to enable building curl with zstd support." OFF)
+set(HAVE_ZSTD OFF)
+if(CURL_ZSTD)
+  find_package(Zstd REQUIRED)
+  if (NOT DEFINED HAVE_ZSTD_CREATEDSTREAM)
+    cmake_push_check_state()
+    set(CMAKE_REQUIRED_INCLUDES ${Zstd_INCLUDE_DIRS})
+    set(CMAKE_REQUIRED_LIBRARIES ${Zstd_LIBRARIES})
+    check_symbol_exists(ZSTD_createDStream "zstd.h" HAVE_ZSTD_CREATEDSTREAM)
+    cmake_pop_check_state()
+  endif()
+  if(Zstd_FOUND AND HAVE_ZSTD_CREATEDSTREAM)
+    set(HAVE_ZSTD ON)
+    list(APPEND CURL_LIBS ${Zstd_LIBRARIES})
+    include_directories(${Zstd_INCLUDE_DIRS})
+  endif()
+endif()
+
 if(CURL_USE_OPENSSL)
   find_package(OpenSSL REQUIRED)
   set(SSL_ENABLED ON)
@@ -467,8 +500,6 @@ if(CURL_USE_OPENSSL)
   if(NOT DEFINED HAVE_BORINGSSL)
     check_symbol_exists(OPENSSL_IS_BORINGSSL "openssl/base.h" HAVE_BORINGSSL)
   endif()
-
-  add_definitions(-DOPENSSL_SUPPRESS_DEPRECATED)
 endif()
 
 if(CURL_USE_MBEDTLS)
@@ -518,23 +549,39 @@ if(USE_NGHTTP2)
 endif()
 
 function(CheckQuicSupportInOpenSSL)
-  # Be sure that the OpenSSL library actually supports QUIC.
+  # Be sure that the OpenSSL/wolfSSL library actually supports QUIC.
   if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD)
     cmake_push_check_state()
-    set(CMAKE_REQUIRED_INCLUDES   "${OPENSSL_INCLUDE_DIR}")
-    set(CMAKE_REQUIRED_LIBRARIES  "${OPENSSL_LIBRARIES}")
-    check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD)
+    if(USE_WOLFSSL)
+      set(CMAKE_REQUIRED_INCLUDES   "${WolfSSL_INCLUDE_DIRS}")
+      set(CMAKE_REQUIRED_LIBRARIES  "${WolfSSL_LIBRARIES}")
+      if(HAVE_LIBZ)
+        list(APPEND CMAKE_REQUIRED_INCLUDES  "${ZLIB_INCLUDE_DIRS}")
+        list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}")
+      endif()
+      if(WIN32)
+        list(APPEND CMAKE_REQUIRED_LIBRARIES "crypt32")
+      endif()
+      list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_UINTPTR_T)  # to pull in stdint.h (as of wolfSSL v5.5.4)
+      check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD)
+    else()
+      set(CMAKE_REQUIRED_INCLUDES   "${OPENSSL_INCLUDE_DIR}")
+      set(CMAKE_REQUIRED_LIBRARIES  "${OPENSSL_LIBRARIES}")
+      check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD)
+    endif()
     cmake_pop_check_state()
   endif()
   if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD)
-    message(FATAL_ERROR "QUIC support is missing in OpenSSL/BoringSSL. Try setting -DOPENSSL_ROOT_DIR")
+    message(FATAL_ERROR "QUIC support is missing in OpenSSL/BoringSSL/wolfSSL. Try setting -DOPENSSL_ROOT_DIR")
   endif()
 endfunction()
 
 option(USE_NGTCP2 "Use ngtcp2 and nghttp3 libraries for HTTP/3 support" OFF)
 if(USE_NGTCP2)
-  if(USE_OPENSSL)
-    if(HAVE_BORINGSSL)
+  if(USE_OPENSSL OR USE_WOLFSSL)
+    if(USE_WOLFSSL)
+      find_package(NGTCP2 REQUIRED wolfSSL)
+    elseif(HAVE_BORINGSSL)
       find_package(NGTCP2 REQUIRED BoringSSL)
     else()
       find_package(NGTCP2 REQUIRED OpenSSL)
@@ -544,7 +591,7 @@ if(USE_NGTCP2)
     # TODO add GnuTLS support as vtls library.
     find_package(NGTCP2 REQUIRED GnuTLS)
   else()
-    message(FATAL_ERROR "ngtcp2 requires OpenSSL or GnuTLS")
+    message(FATAL_ERROR "ngtcp2 requires OpenSSL, wolfSSL or GnuTLS")
   endif()
   set(USE_NGTCP2 ON)
   include_directories(${NGTCP2_INCLUDE_DIRS})
@@ -592,6 +639,8 @@ if(NOT CURL_DISABLE_LDAP)
       check_library_exists_concat("wldap32" cldap_open HAVE_WLDAP32)
       if(NOT HAVE_WLDAP32)
         set(USE_WIN32_LDAP OFF)
+      elseif(NOT CURL_DISABLE_LDAPS)
+        set(HAVE_LDAP_SSL ON)
       endif()
     endif()
   endif()
@@ -663,7 +712,7 @@ if(NOT CURL_DISABLE_LDAP)
           return 0;
         }"
       )
-      set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1")
+      list(APPEND CMAKE_REQUIRED_DEFINITIONS -DLDAP_DEPRECATED=1)
       list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB})
       if(HAVE_LIBLBER)
         list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB})
@@ -707,55 +756,6 @@ if(WIN32)
   endif()
 endif()
 
-set(HAVE_LIBZ OFF)
-set(USE_ZLIB OFF)
-optional_dependency(ZLIB)
-if(ZLIB_FOUND)
-  set(HAVE_LIBZ ON)
-  set(USE_ZLIB ON)
-
-  # Depend on ZLIB via imported targets if supported by the running
-  # version of CMake.  This allows our dependents to get our dependencies
-  # transitively.
-  if(NOT CMAKE_VERSION VERSION_LESS 3.4)
-    list(APPEND CURL_LIBS ZLIB::ZLIB)
-  else()
-    list(APPEND CURL_LIBS ${ZLIB_LIBRARIES})
-    include_directories(${ZLIB_INCLUDE_DIRS})
-  endif()
-  list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS})
-endif()
-
-option(CURL_BROTLI "Set to ON to enable building curl with brotli support." OFF)
-set(HAVE_BROTLI OFF)
-if(CURL_BROTLI)
-  find_package(Brotli QUIET)
-  if(BROTLI_FOUND)
-    set(HAVE_BROTLI ON)
-    list(APPEND CURL_LIBS ${BROTLI_LIBRARIES})
-    include_directories(${BROTLI_INCLUDE_DIRS})
-    list(APPEND CMAKE_REQUIRED_INCLUDES ${BROTLI_INCLUDE_DIRS})
-  endif()
-endif()
-
-option(CURL_ZSTD "Set to ON to enable building curl with zstd support." OFF)
-set(HAVE_ZSTD OFF)
-if(CURL_ZSTD)
-  find_package(Zstd REQUIRED)
-  if (NOT DEFINED HAVE_ZSTD_CREATEDSTREAM)
-    cmake_push_check_state()
-    set(CMAKE_REQUIRED_INCLUDES ${Zstd_INCLUDE_DIRS})
-    set(CMAKE_REQUIRED_LIBRARIES ${Zstd_LIBRARIES})
-    check_symbol_exists(ZSTD_createDStream "zstd.h" HAVE_ZSTD_CREATEDSTREAM)
-    cmake_pop_check_state()
-  endif()
-  if(Zstd_FOUND AND HAVE_ZSTD_CREATEDSTREAM)
-    set(HAVE_ZSTD ON)
-    list(APPEND CURL_LIBS ${Zstd_LIBRARIES})
-    include_directories(${Zstd_INCLUDE_DIRS})
-  endif()
-endif()
-
 #libpsl
 option(CURL_USE_LIBPSL "Use libPSL" ON)
 mark_as_advanced(CURL_USE_LIBPSL)
@@ -891,7 +891,9 @@ elseif("${CURL_CA_BUNDLE}" STREQUAL "none")
   unset(CURL_CA_BUNDLE CACHE)
 elseif("${CURL_CA_BUNDLE}" STREQUAL "auto")
   unset(CURL_CA_BUNDLE CACHE)
-  set(CURL_CA_BUNDLE_AUTODETECT TRUE)
+  if(NOT CMAKE_CROSSCOMPILING)
+    set(CURL_CA_BUNDLE_AUTODETECT TRUE)
+  endif()
 else()
   set(CURL_CA_BUNDLE_SET TRUE)
 endif()
@@ -902,7 +904,7 @@ elseif("${CURL_CA_PATH}" STREQUAL "none")
   unset(CURL_CA_PATH CACHE)
 elseif("${CURL_CA_PATH}" STREQUAL "auto")
   unset(CURL_CA_PATH CACHE)
-  if(NOT USE_NSS)
+  if(NOT CMAKE_CROSSCOMPILING AND NOT USE_NSS)
     set(CURL_CA_PATH_AUTODETECT TRUE)
   endif()
 else()
@@ -1006,7 +1008,6 @@ check_include_file_concat("unistd.h"         HAVE_UNISTD_H)
 check_include_file_concat("utime.h"          HAVE_UTIME_H)
 
 check_include_file_concat("stddef.h"         HAVE_STDDEF_H)
-check_include_file_concat("stdint.h"        HAVE_STDINT_H)
 check_include_file_concat("sys/utsname.h"   HAVE_SYS_UTSNAME_H)
 
 check_type_size(size_t  SIZEOF_SIZE_T)
@@ -1048,6 +1049,7 @@ check_symbol_exists(socket        "${CURL_INCLUDES}" HAVE_SOCKET)
 check_symbol_exists(socketpair    "${CURL_INCLUDES}" HAVE_SOCKETPAIR)
 check_symbol_exists(recv          "${CURL_INCLUDES}" HAVE_RECV)
 check_symbol_exists(send          "${CURL_INCLUDES}" HAVE_SEND)
+check_symbol_exists(sendmsg       "${CURL_INCLUDES}" HAVE_SENDMSG)
 check_symbol_exists(select        "${CURL_INCLUDES}" HAVE_SELECT)
 check_symbol_exists(strdup        "${CURL_INCLUDES}" HAVE_STRDUP)
 check_symbol_exists(strtok_r      "${CURL_INCLUDES}" HAVE_STRTOK_R)
@@ -1072,7 +1074,6 @@ check_symbol_exists(gethostbyname_r "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME_R)
 
 check_symbol_exists(signal         "${CURL_INCLUDES}" HAVE_SIGNAL)
 check_symbol_exists(strtoll        "${CURL_INCLUDES}" HAVE_STRTOLL)
-check_symbol_exists(_strtoi64      "${CURL_INCLUDES}" HAVE__STRTOI64)
 check_symbol_exists(strerror_r     "${CURL_INCLUDES}" HAVE_STRERROR_R)
 check_symbol_exists(siginterrupt   "${CURL_INCLUDES}" HAVE_SIGINTERRUPT)
 check_symbol_exists(getaddrinfo    "${CURL_INCLUDES}" HAVE_GETADDRINFO)
@@ -1092,7 +1093,7 @@ check_symbol_exists(setrlimit      "${CURL_INCLUDES}" HAVE_SETRLIMIT)
 
 if(NOT MSVC OR (MSVC_VERSION GREATER_EQUAL 1900))
   # earlier MSVC compilers had faulty snprintf implementations
-  check_symbol_exists(snprintf       "${CURL_INCLUDES}" HAVE_SNPRINTF)
+  check_symbol_exists(snprintf       "stdio.h" HAVE_SNPRINTF)
 endif()
 check_function_exists(mach_absolute_time HAVE_MACH_ABSOLUTE_TIME)
 check_symbol_exists(inet_ntop      "${CURL_INCLUDES}" HAVE_INET_NTOP)
@@ -1279,8 +1280,6 @@ else()
   set(CURL_PULL_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H})
   set(CURL_PULL_SYS_POLL_H ${HAVE_SYS_POLL_H})
 endif()
-set(CURL_PULL_STDINT_H ${HAVE_STDINT_H})
-set(CURL_PULL_INTTYPES_H ${HAVE_INTTYPES_H})
 
 include(CMake/OtherTests.cmake)
 
@@ -1295,7 +1294,7 @@ if(WIN32)
 
   # Check if crypto functions in wincrypt.h are actually available
   if(HAVE_WINCRYPT_H)
-    check_symbol_exists(CryptAcquireContext "${CURL_INCLUDES}" USE_WINCRYPT)
+    check_symbol_exists(CryptAcquireContext "windows.h;wincrypt.h" USE_WINCRYPT)
   endif()
   if(USE_WINCRYPT)
     set(USE_WIN32_CRYPTO ON)
diff --git a/COPYING b/COPYING
index 90f05adf2..d1eab3eb9 100644
--- a/COPYING
+++ b/COPYING
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE
 
-Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many
+Copyright (c) 1996 - 2023, Daniel Stenberg, <daniel@haxx.se>, and many
 contributors, see the THANKS file.
 
 All rights reserved.
diff --git a/LICENSES/curl.txt b/LICENSES/curl.txt
index 90f05adf2..3c1c19742 100644
--- a/LICENSES/curl.txt
+++ b/LICENSES/curl.txt
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE
 
-Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, and many
 contributors, see the THANKS file.
 
 All rights reserved.
diff --git a/METADATA b/METADATA
index a016adc90..d3bed6784 100644
--- a/METADATA
+++ b/METADATA
@@ -13,14 +13,14 @@ third_party {
     type: GIT
     value: "https://github.com/curl/curl/"
   }
-  version: "curl-7_87_0"
+  version: "curl-8_0_1"
   license_type: NOTICE
   security {
     tag: "NVD-CPE2.3:cpe:/a:haxx:curl:7.87.0"
   }
   last_upgrade_date {
     year: 2023
-    month: 1
-    day: 3
+    month: 3
+    day: 22
   }
 }
diff --git a/MacOSX-Framework b/MacOSX-Framework
index 240eb845e..5ac537633 100755
--- a/MacOSX-Framework
+++ b/MacOSX-Framework
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/Makefile.am b/Makefile.am
index 40771ed38..ac1ecd994 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/Makefile.dist b/Makefile.dist
index dbb396553..a5818e1da 100644
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/README.md b/README.md
index c37dc677d..9606330c8 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 1faf77e91..d9ac4e651 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,176 +1,14 @@
-curl and libcurl 7.87.0
+curl and libcurl 8.0.1
 
- Public curl releases:         212
- Command line options:         249
+ Public curl releases:         216
+ Command line options:         250
  curl_easy_setopt() options:   302
  Public functions in libcurl:  91
- Contributors:                 2771
-
-This release includes the following changes:
-
- o curl: add --url-query [52]
- o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
- o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
- o openssl: reduce CA certificate bundle reparsing by caching [11]
- o version: add a feature names array to curl_version_info_data [67]
+ Contributors:                 2841
 
 This release includes the following bugfixes:
 
- o altsvc: fix rejection of negative port numbers [144]
- o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
- o aws_sigv4: fix typos in aws_sigv4.c [101]
- o base64: better alloc size [124]
- o base64: encode without using snprintf [123]
- o base64: faster base64 decoding [120]
- o build: assume assert.h is always available [111]
- o build: assume errno.h is always available [110]
- o c-hyper: CONNECT respones are not server responses [137]
- o c-hyper: fix multi-request mechanism [115]
- o CI: Change FreeBSD image from 12.3 to 12.4 [108]
- o CI: LGTM.com will be shut down in December 2022 [112]
- o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
- o cmake: check for cross-compile, not for toolchain [54]
- o CMake: fix build with `CURL_USE_GSSAPI` [78]
- o cmake: really enable warnings with clang [25]
- o cmake: set the soname on the shared library [140]
- o cmdline-opts/gen.pl: fix the linkifier [64]
- o cmdline-opts/page-footer: remove long option nroff formatting
- o config-mac: define HAVE_SYS_IOCTL_H [107]
- o config-mac: fix typo: size_T -> size_t [125]
- o config-mac: remove HAVE_SYS_SELECT_H [116]
- o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
- o configure: require fork for NTLM-WB [36]
- o contributors.sh: actually use $CURLWWW instead of just setting it [129]
- o cookie: compare cookie prefixes case insensitively [14]
- o cookie: expire cookies at once when max-age is negative [45]
- o cookie: open cookie jar as a binary file [89]
- o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
- o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
- o curl.h: include <sys/select.h> on SerenityOS [104]
- o curl.h: name all public function parameters [118]
- o curl.h: reword comment to not use deprecated option [132]
- o curl: override the numeric locale and set "C" by force [60]
- o curl: timeout in the read callback [15]
- o curl_endian: remove Curl_write64_le from header [81]
- o curl_get_line: allow last line without newline char [88]
- o curl_path: do not add '/' if homedir ends with one [4]
- o curl_url_get.3: remove spurious backtick [127]
- o curl_url_set.3: document CURLU_DISALLOW_USER [139]
- o curl_url_set.3: fix typo [148]
- o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
- o CURLOPT_COOKIEFILE.3: advice => advise [131]
- o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
- o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
- o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
- o docs/curl_ws_send: Fixed typo in websocket docs [114]
- o docs/EARLY-RELEASE.md: how to determine an early release [37]
- o docs/examples: spell correction ('Retrieve') [119]
- o docs/INSTALL.md: expand on static builds [62]
- o docs/WEBSOCKET.md: explain the URL use [71]
- o docs: add missing parameters for --retry flag [2]
- o docs: add more "SEE ALSO" links to CA related pages [82]
- o docs: explain the noproxy CIDR notation support [17]
- o docs: extend the dump-header documentation [150]
- o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
- o examples/10-at-a-time: fix possible skipped final transfers [85]
- o examples: update descriptions [83]
- o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
- o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
- o GHA: clarify workflows permissions, set least possible privilege [79]
- o GHA: NSS use clang instead of clang-9 [103]
- o gnutls: use common gnutls init and verify code for ngtcp2 [98]
- o headers: add endif comments [51]
- o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
- o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
- o http: do not send PROXY more than once [46]
- o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
- o http: set 'this_is_a_follow' in the Location: logic [40]
- o http: use the IDN decoded name in HSTS checks [154]
- o hyper: classify headers as CONNECT and 1XX [56]
- o hyper: fix handling of hyper_task's when reusing the same address [33]
- o idn: remove Curl_win32_ascii_to_idn [153]
- o INSTALL: update operating systems and CPU archs [91]
- o KNOWN_BUGS: remove eight entries [50]
- o lib1560: add some basic IDN host name tests [151]
- o lib: connection filters (cfilter) addition to curl: [43]
- o lib: feature deprecation warnings in gcc >= 4.3 [58]
- o lib: fix some type mismatches and remove unneeded typecasts [12]
- o lib: parse numbers with fixed known base 10 [77]
- o lib: remove bad set.opt_no_body assignments [42]
- o lib: rewind BEFORE request instead of AFTER previous [65]
- o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
- o lib: use size_t or int etc instead of longs [145]
- o libcurl-errors.3: remove duplicate word [3]
- o libssh2: return error when ssh_hostkeyfunc returns error [121]
- o limit-rate.d: see also --rate
- o log2changes.pl: wrap long lines at 80 columns [59]
- o Makefile.mk: address minor issues [87]
- o Makefile.mk: improve a GNU Make hack [122]
- o Makefile.mk: portable Makefile.m32 [86]
- o maketgz: set the right version in lib/libcurl.plist [53]
- o mime: relax easy/mime structures binding [94]
- o misc: Fix incorrect spelling [113]
- o misc: remove duplicated include files [28]
- o misc: typo and grammar fixes [23]
- o negtelnetserver.py: have it call its close() method [68]
- o netrc.d: provide mutext info [63]
- o netware: remove leftover traces [80]
- o noproxy: also match with adjacent comma [19]
- o noproxy: guard against empty hostnames in noproxy check [136]
- o noproxy: tailmatch like in 7.85.0 and earlier [35]
- o nroff-scan.pl: detect double highlights
- o ntlm: improve comment for encrypt_des [55]
- o ntlm: silence ubsan warning about copying from null target_info pointer [69]
- o openssl/mbedtls: use %d for outputing port with failf (int) [72]
- o openssl: prefix errors with '[lib]/[version]: ' [105]
- o os400: use platform socklen_t in Curl_getnameinfo_a [18]
- o page-header: grammar improvement (display transfer rate) [126]
- o proxy: refactor haproxy protocol handling as connection filter [57]
- o README.md: remove badges and xmas-tree garnish [9]
- o rtsp: fix RTSP auth [49]
- o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
- o runtests: do CRLF replacements per section only [97]
- o scripts/checksrc.pl: detect duplicated include files [29]
- o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
- o sendf: remove unnecessary if condition [26]
- o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
- o smb/telnet: do not free the protocol struct in *_done() [152]
- o socks: fix username max size is 255 (0xFF) [146]
- o spellcheck.words: remove 'github' as an accepted word [22]
- o ssl-reqd.d: clarify that this is for upgrading connections only [138]
- o strcase: use curl_str(n)equal for case insensitive matches [8]
- o styled-output.d: this option does not work on Windows [93]
- o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
- o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
- o test1421: fix typo [109]
- o test3026: reduce runtime in legacy mingw builds [73]
- o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
- o tests: add authorityInfoAccess to generated certs [99]
- o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
- o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
- o tool: determine the correct fopen option for -D [95]
- o tool_cfgable: free the ssl_ec_curves on exit [142]
- o tool_cfgable: make socks5_gssapi_nec a boolean [128]
- o tool_formparse: avoid clobbering on function params [135]
- o tool_getparam: make --no-get work as the opposite of --get [39]
- o tool_operate: provide better errmsg for -G with bad URL [16]
- o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
- o tool_paramhlp: free the proto strings on exit [141]
- o url: move back the IDN conversion of proxy names [74]
- o urlapi: reject more bad letters from the host name: &+() [143]
- o urldata: change port num storage to int and unsigned short [66]
- o vms: remove SIZEOF_SHORT [134]
- o vtls: fix build without proxy support [38]
- o vtls: localization of state data in filters [84]
- o WEBSOCKET.md: fix broken link [30]
- o Websocket: fixes for partial frames and buffer updates [7]
- o websockets: fix handling of partial frames [32]
- o windows: fail early with a missing windres in autotools [5]
- o windows: fix linking .rc to shared curl with autotools [24]
- o winidn: drop WANT_IDN_PROTOTYPES [27]
- o ws: if no connection is around, return error [149]
- o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
- o x509asn1: avoid freeing unallocated pointers [147]
+ o Revert "multi: remove PENDING + MSGSENT handles" [1]
 
 This release includes the following known bugs:
 
@@ -178,190 +16,18 @@ This release includes the following known bugs:
 
 Planned upcoming removals include:
 
+ o gskit
  o NSS
- o Support for systems without 64 bit data types
+ o support for space-separated NOPROXY patterns
+ o support for the original legacy mingw version 1
 
  See https://curl.se/dev/deprecate.html for details
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Adam Averay, Alexandre Ferrieux, Alex Xu, Ali Utku Selen, Andrei Rybak,
-  Andy Alt, Andy Stamp, Anthony Hu, AtariDreams on github, Ayesh Karunaratne,
-  Baitinq on github, Boris Verkhovskiy, BratSinot on github, Casey Bodley,
-  Christian Schmitz, Christopher Sauer, Christoph Reiter, Dan Fandrich,
-  Daniel Faust, Daniel Gustafsson, Daniel Stenberg, David Benjamin,
-  Diogo Teles Sant'Anna, Egor Pugin, Emanuele Torre, Emil Engler,
-  Emil Österlund, Eric Vigeant, Erik Janssen, Fata Nugraha, Felipe Gasper,
-  Frank Gevaerts, Geeknik Labs, Gisle Vanem, godmar on github, Henning Schild,
-  Hiroki Kurosawa, Hirotaka Tagawa, Ikko Ashimine, Jakub Zakrzewski,
-  Joel Depooter, John Sherrill, Jon Rumsey, jvreelanda on github,
-  Karthikdasari0423 on github, Kenneth Myhra, Lorenzo Miniero, Luca Niccoli,
-  Marcel Raad, Marc Hörsken, Mark Gaiser, Max Dymond, Michael Drake,
-  Michael Kaufmann, Michael Musset, Mikhail Kuznetsov,
-  MonkeybreadSoftware on github, Nathan Moinvaziri, Oskar Sigvardsson,
-  Patrick Monnerat, Patrick Schlangen, Peter Piekarski, Philip Chan,
-  Philip Heiduck, Philip Sanetra, Prithvi MK, Randall S. Becker, Ray Satiro,
-  Rob de Wit, Robin Marx, Ryan Schmidt, Sean McArthur, Stefan Eissing,
-  Stephan Guilloux, Stuart Henderson, Thomas Glanzmann, Trail of Bits,
-  u20221022 on github, Viktor Szakats, xianghongai on github, Xì Gà,
-  xtonik on github, Zespre Schmidt
-  (83 contributors)
+ Daniel Stenberg, Kamil Dudka
 
 References to bug reports and discussions on issues:
 
- [1] = https://curl.se/bug/?i=9799
- [2] = https://curl.se/bug/?i=9848
- [3] = https://curl.se/bug/?i=9846
- [4] = https://curl.se/bug/?i=9844
- [5] = https://curl.se/bug/?i=9781
- [6] = https://curl.se/bug/?i=9734
- [7] = https://curl.se/bug/?i=9890
- [8] = https://curl.se/bug/?i=9837
- [9] = https://curl.se/bug/?i=9833
- [10] = https://curl.se/bug/?i=9834
- [11] = https://curl.se/bug/?i=9620
- [12] = https://curl.se/bug/?i=9835
- [13] = https://curl.se/bug/?i=9832
- [14] = https://curl.se/bug/?i=9863
- [15] = https://sourceforge.net/p/curl/bugs/846/
- [16] = https://curl.se/bug/?i=9889
- [17] = https://curl.se/bug/?i=9818
- [18] = https://curl.se/bug/?i=9811
- [19] = https://curl.se/bug/?i=9813
- [20] = https://curl.se/bug/?i=9865
- [21] = https://curl.se/bug/?i=9817
- [22] = https://curl.se/bug/?i=9810
- [23] = https://curl.se/bug/?i=9802
- [24] = https://curl.se/bug/?i=9803
- [25] = https://curl.se/bug/?i=9783
- [26] = https://curl.se/bug/?i=9801
- [27] = https://curl.se/bug/?i=9793
- [28] = https://curl.se/bug/?i=9796
- [29] = https://curl.se/bug/?i=9796
- [30] = https://curl.se/mail/lib-2022-10/0097.html
- [31] = https://curl.se/mail/lib-2022-11/0016.html
- [32] = https://curl.se/bug/?i=9861
- [33] = https://curl.se/bug/?i=9840
- [34] = https://curl.se/bug/?i=9851
- [35] = https://curl.se/bug/?i=9842
- [36] = https://curl.se/bug/?i=9847
- [37] = https://curl.se/bug/?i=9820
- [38] = https://curl.se/bug/?i=9895
- [39] = https://curl.se/bug/?i=9891
- [40] = https://curl.se/bug/?i=9885
- [41] = https://curl.se/bug/?i=9712
- [42] = https://curl.se/bug/?i=9888
- [43] = https://curl.se/bug/?i=9855
- [44] = https://curl.se/bug/?i=9883
- [45] = https://curl.se/bug/?i=9930
- [46] = https://curl.se/bug/?i=9442
- [47] = https://curl.se/bug/?i=9874
- [48] = https://curl.se/bug/?i=9431
- [49] = https://curl.se/bug/?i=4750
- [50] = https://curl.se/bug/?i=9871
- [51] = https://curl.se/bug/?i=9853
- [52] = https://curl.se/bug/?i=9691
- [53] = https://curl.se/bug/?i=9866
- [54] = https://curl.se/bug/?i=9921
- [55] = https://curl.se/bug/?i=9903
- [56] = https://curl.se/bug/?i=9947
- [57] = https://curl.se/bug/?i=9893
- [58] = https://curl.se/bug/?i=9667
- [59] = https://curl.se/bug/?i=9896
- [60] = https://curl.se/bug/?i=9969
- [61] = https://curl.se/bug/?i=9849
- [62] = https://curl.se/bug/?i=9944
- [63] = https://curl.se/bug/?i=9899
- [64] = https://curl.se/bug/?i=9899
- [65] = https://curl.se/bug/?i=9735
- [66] = https://curl.se/bug/?i=9946
- [67] = https://curl.se/bug/?i=9583
- [68] = https://curl.se/bug/?i=9894
- [69] = https://curl.se/bug/?i=9898
- [70] = https://curl.se/bug/?i=9940
- [71] = https://curl.se/bug/?i=9936
- [72] = https://curl.se/bug/?i=10001
- [73] = https://curl.se/bug/?i=9412
- [74] = https://curl.se/bug/?i=9937
- [75] = https://curl.se/bug/?i=2975
- [76] = https://curl.se/bug/?i=9938
- [77] = https://curl.se/bug/?i=9933
- [78] = https://curl.se/bug/?i=9017
- [79] = https://curl.se/bug/?i=9928
- [80] = https://curl.se/bug/?i=9966
- [81] = https://curl.se/bug/?i=9968
- [82] = https://curl.se/bug/?i=9959
- [83] = https://curl.se/bug/?i=9960
- [84] = https://curl.se/bug/?i=9919
- [85] = https://curl.se/bug/?i=9953
- [86] = https://curl.se/bug/?i=9764
- [87] = https://curl.se/bug/?i=10000
- [88] = https://curl.se/bug/?i=9973
- [89] = https://curl.se/bug/?i=10017
- [90] = https://curl.se/bug/?i=9989
- [91] = https://curl.se/bug/?i=9994
- [92] = https://curl.se/bug/?i=9962
- [93] = https://curl.se/bug/?i=10082
- [94] = https://curl.se/bug/?i=9927
- [95] = https://curl.se/bug/?i=10074
- [96] = https://curl.se/bug/?i=9772
- [97] = https://curl.se/bug/?i=10009
- [98] = https://curl.se/bug/?i=10007
- [99] = https://curl.se/bug/?i=9980
- [100] = https://curl.se/bug/?i=9950
- [101] = https://curl.se/bug/?i=10008
- [102] = https://curl.se/bug/?i=9804
- [103] = https://curl.se/bug/?i=9978
- [104] = https://curl.se/bug/?i=10006
- [105] = https://curl.se/bug/?i=10004
- [106] = https://curl.se/bug/?i=9031
- [107] = https://curl.se/bug/?i=10042
- [108] = https://curl.se/bug/?i=10051
- [109] = https://curl.se/bug/?i=10055
- [110] = https://curl.se/bug/?i=9986
- [111] = https://curl.se/bug/?i=9985
- [112] = https://curl.se/bug/?i=10052
- [113] = https://curl.se/bug/?i=10045
- [114] = https://curl.se/bug/?i=10081
- [115] = https://curl.se/bug/?i=8896
- [116] = https://curl.se/bug/?i=10039
- [117] = https://curl.se/bug/?i=10037
- [118] = https://curl.se/bug/?i=10036
- [119] = https://curl.se/bug/?i=10040
- [120] = https://curl.se/bug/?i=10032
- [121] = https://curl.se/bug/?i=10034
- [122] = https://curl.se/bug/?i=10031
- [123] = https://curl.se/bug/?i=10026
- [124] = https://curl.se/bug/?i=10024
- [125] = https://curl.se/bug/?i=10029
- [126] = https://curl.se/bug/?i=10068
- [127] = https://curl.se/bug/?i=10101
- [128] = https://curl.se/bug/?i=10078
- [129] = https://curl.se/bug/?i=10064
- [130] = https://curl.se/bug/?i=10106
- [131] = https://curl.se/bug/?i=10063
- [132] = https://curl.se/bug/?i=10062
- [133] = https://curl.se/bug/?i=10049
- [134] = https://curl.se/bug/?i=10061
- [135] = https://curl.se/bug/?i=10046
- [136] = https://curl.se/bug/?i=10057
- [137] = https://curl.se/bug/?i=8853
- [138] = https://curl.se/bug/?i=10093
- [139] = https://curl.se/bug/?i=10099
- [140] = https://curl.se/bug/?i=10023
- [141] = https://curl.se/bug/?i=10098
- [142] = https://curl.se/bug/?i=10097
- [143] = https://curl.se/bug/?i=10096
- [144] = https://curl.se/bug/?i=10095
- [145] = https://curl.se/bug/?i=10088
- [146] = https://curl.se/bug/?i=10105
- [147] = https://curl.se/bug/?i=10087
- [148] = https://curl.se/bug/?i=10089
- [149] = https://curl.se/bug/?i=10084
- [150] = https://curl.se/bug/?i=10085
- [151] = https://curl.se/bug/?i=10094
- [152] = https://curl.se/bug/?i=10112
- [153] = https://curl.se/bug/?i=10094
- [154] = https://curl.se/bug/?i=10111
- [155] = https://curl.se/bug/?i=10120
+ [1] = https://curl.se/bug/?i=10795
diff --git a/SECURITY.md b/SECURITY.md
index be37cd153..b76da78ce 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/acinclude.m4 b/acinclude.m4
index 1a0bd14d0..b3025afe7 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/aclocal.m4 b/aclocal.m4
index 09539ed10..5f0cb3db4 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -108,6 +108,43 @@ AC_DEFUN([AM_AUX_DIR_EXPAND],
 am_aux_dir=`cd "$ac_aux_dir" && pwd`
 ])
 
+# AM_COND_IF                                            -*- Autoconf -*-
+
+# Copyright (C) 2008-2021 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_COND_IF
+# _AM_COND_ELSE
+# _AM_COND_ENDIF
+# --------------
+# These macros are only used for tracing.
+m4_define([_AM_COND_IF])
+m4_define([_AM_COND_ELSE])
+m4_define([_AM_COND_ENDIF])
+
+# AM_COND_IF(COND, [IF-TRUE], [IF-FALSE])
+# ---------------------------------------
+# If the shell condition COND is true, execute IF-TRUE, otherwise execute
+# IF-FALSE.  Allow automake to learn about conditional instantiating macros
+# (the AC_CONFIG_FOOS).
+AC_DEFUN([AM_COND_IF],
+[m4_ifndef([_AM_COND_VALUE_$1],
+	   [m4_fatal([$0: no such condition "$1"])])dnl
+_AM_COND_IF([$1])dnl
+if test -z "$$1_TRUE"; then :
+  m4_n([$2])[]dnl
+m4_ifval([$3],
+[_AM_COND_ELSE([$1])dnl
+else
+  $3
+])dnl
+_AM_COND_ENDIF([$1])dnl
+fi[]dnl
+])
+
 # AM_CONDITIONAL                                            -*- Autoconf -*-
 
 # Copyright (C) 1997-2021 Free Software Foundation, Inc.
@@ -1184,7 +1221,6 @@ AC_SUBST([am__tar])
 AC_SUBST([am__untar])
 ]) # _AM_PROG_TAR
 
-m4_include([m4/ax_compile_check_sizeof.m4])
 m4_include([m4/curl-amissl.m4])
 m4_include([m4/curl-bearssl.m4])
 m4_include([m4/curl-compilers.m4])
@@ -1192,7 +1228,6 @@ m4_include([m4/curl-confopts.m4])
 m4_include([m4/curl-functions.m4])
 m4_include([m4/curl-gnutls.m4])
 m4_include([m4/curl-mbedtls.m4])
-m4_include([m4/curl-mesalink.m4])
 m4_include([m4/curl-nss.m4])
 m4_include([m4/curl-openssl.m4])
 m4_include([m4/curl-override.m4])
diff --git a/appveyor.yml b/appveyor.yml
index c43406ce4..ca8efcb9f 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,6 +21,9 @@
 # SPDX-License-Identifier: curl
 #
 ###########################################################################
+# https://ci.appveyor.com/project/curlorg/curl/history
+# Appveyor configuration
+# https://www.appveyor.com/docs/appveyor-yml/
 
 version: 7.50.0.{build}
 
diff --git a/buildconf b/buildconf
index 16fc8a75e..ee6a2800b 100755
--- a/buildconf
+++ b/buildconf
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/buildconf.bat b/buildconf.bat
index d779795dd..615366118 100644
--- a/buildconf.bat
+++ b/buildconf.bat
@@ -6,7 +6,7 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+rem * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
diff --git a/config.guess b/config.guess
index f50dcdb6d..7f76b6228 100755
--- a/config.guess
+++ b/config.guess
@@ -1,12 +1,14 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright 1992-2018 Free Software Foundation, Inc.
+#   Copyright 1992-2022 Free Software Foundation, Inc.
 
-timestamp='2018-02-24'
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
+timestamp='2022-01-09'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
+# the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful, but
@@ -27,11 +29,19 @@ timestamp='2018-02-24'
 # Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
 #
 # You can get the latest version of this script from:
-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
 #
 # Please send patches to <config-patches@gnu.org>.
 
 
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX.  However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
+
 me=`echo "$0" | sed -e 's,.*/,,'`
 
 usage="\
@@ -50,7 +60,7 @@ version="\
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright 1992-2018 Free Software Foundation, Inc.
+Copyright 1992-2022 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -84,7 +94,8 @@ if test $# != 0; then
   exit 1
 fi
 
-trap 'exit 1' 1 2 15
+# Just in case it came from the environment.
+GUESS=
 
 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a
 # compiler to aid in system detection is discouraged as it requires
@@ -96,73 +107,90 @@ trap 'exit 1' 1 2 15
 
 # Portable tmp directory creation inspired by the Autoconf team.
 
-set_cc_for_build='
-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
-: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
-dummy=$tmp/dummy ;
-tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
-case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,)    echo "int x;" > "$dummy.c" ;
-	for c in cc gcc c89 c99 ; do
-	  if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
-	     CC_FOR_BUILD="$c"; break ;
-	  fi ;
-	done ;
-	if test x"$CC_FOR_BUILD" = x ; then
-	  CC_FOR_BUILD=no_compiler_found ;
-	fi
-	;;
- ,,*)   CC_FOR_BUILD=$CC ;;
- ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
-esac ; set_cc_for_build= ;'
+tmp=
+# shellcheck disable=SC2172
+trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15
+
+set_cc_for_build() {
+    # prevent multiple calls if $tmp is already set
+    test "$tmp" && return 0
+    : "${TMPDIR=/tmp}"
+    # shellcheck disable=SC2039,SC3028
+    { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+	{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
+	{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+	{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
+    dummy=$tmp/dummy
+    case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
+	,,)    echo "int x;" > "$dummy.c"
+	       for driver in cc gcc c89 c99 ; do
+		   if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
+		       CC_FOR_BUILD=$driver
+		       break
+		   fi
+	       done
+	       if test x"$CC_FOR_BUILD" = x ; then
+		   CC_FOR_BUILD=no_compiler_found
+	       fi
+	       ;;
+	,,*)   CC_FOR_BUILD=$CC ;;
+	,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+    esac
+}
 
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
 # (ghazi@noc.rutgers.edu 1994-08-24)
-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+if test -f /.attbin/uname ; then
 	PATH=$PATH:/.attbin ; export PATH
 fi
 
 UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
 UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
 UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
 
-case "$UNAME_SYSTEM" in
+case $UNAME_SYSTEM in
 Linux|GNU|GNU/*)
-	# If the system lacks a compiler, then just pick glibc.
-	# We could probably try harder.
-	LIBC=gnu
+	LIBC=unknown
 
-	eval "$set_cc_for_build"
+	set_cc_for_build
 	cat <<-EOF > "$dummy.c"
 	#include <features.h>
 	#if defined(__UCLIBC__)
 	LIBC=uclibc
 	#elif defined(__dietlibc__)
 	LIBC=dietlibc
-	#else
+	#elif defined(__GLIBC__)
 	LIBC=gnu
+	#else
+	#include <stdarg.h>
+	/* First heuristic to detect musl libc.  */
+	#ifdef __DEFINED_va_list
+	LIBC=musl
+	#endif
 	#endif
 	EOF
-	eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`"
+	cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
+	eval "$cc_set_libc"
 
-	# If ldd exists, use it to detect musl libc.
-	if command -v ldd >/dev/null && \
-		ldd --version 2>&1 | grep -q ^musl
-	then
-	    LIBC=musl
+	# Second heuristic to detect musl libc.
+	if [ "$LIBC" = unknown ] &&
+	   command -v ldd >/dev/null &&
+	   ldd --version 2>&1 | grep -q ^musl; then
+		LIBC=musl
+	fi
+
+	# If the system lacks a compiler, then just pick glibc.
+	# We could probably try harder.
+	if [ "$LIBC" = unknown ]; then
+		LIBC=gnu
 	fi
 	;;
 esac
 
 # Note: order is significant - the case branches are not exclusive.
 
-case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
+case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
     *:NetBSD:*:*)
 	# NetBSD (nbsd) targets should (where applicable) match one or
 	# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
@@ -174,12 +202,12 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
 	#
 	# Note: NetBSD doesn't particularly care about the vendor
 	# portion of the name.  We always set it to "unknown".
-	sysctl="sysctl -n hw.machine_arch"
 	UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
-	    "/sbin/$sysctl" 2>/dev/null || \
-	    "/usr/sbin/$sysctl" 2>/dev/null || \
+	    /sbin/sysctl -n hw.machine_arch 2>/dev/null || \
+	    /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
 	    echo unknown)`
-	case "$UNAME_MACHINE_ARCH" in
+	case $UNAME_MACHINE_ARCH in
+	    aarch64eb) machine=aarch64_be-unknown ;;
 	    armeb) machine=armeb-unknown ;;
 	    arm*) machine=arm-unknown ;;
 	    sh3el) machine=shl-unknown ;;
@@ -188,18 +216,18 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
 	    earmv*)
 		arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
 		endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
-		machine="${arch}${endian}"-unknown
+		machine=${arch}${endian}-unknown
 		;;
-	    *) machine="$UNAME_MACHINE_ARCH"-unknown ;;
+	    *) machine=$UNAME_MACHINE_ARCH-unknown ;;
 	esac
 	# The Operating System including object format, if it has switched
 	# to ELF recently (or will in the future) and ABI.
-	case "$UNAME_MACHINE_ARCH" in
+	case $UNAME_MACHINE_ARCH in
 	    earm*)
 		os=netbsdelf
 		;;
 	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
-		eval "$set_cc_for_build"
+		set_cc_for_build
 		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
 			| grep -q __ELF__
 		then
@@ -215,7 +243,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
 		;;
 	esac
 	# Determine ABI tags.
-	case "$UNAME_MACHINE_ARCH" in
+	case $UNAME_MACHINE_ARCH in
 	    earm*)
 		expr='s/^earmv[0-9]/-eabi/;s/eb$//'
 		abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
@@ -226,7 +254,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
 	# thus, need a distinct triplet. However, they do not need
 	# kernel version information, so it can be replaced with a
 	# suitable tag, in the style of linux-gnu.
-	case "$UNAME_VERSION" in
+	case $UNAME_VERSION in
 	    Debian*)
 		release='-gnu'
 		;;
@@ -237,45 +265,57 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
 	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
 	# contains redundant information, the shorter form:
 	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
-	echo "$machine-${os}${release}${abi}"
-	exit ;;
+	GUESS=$machine-${os}${release}${abi-}
+	;;
     *:Bitrig:*:*)
 	UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
-	echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE
+	;;
     *:OpenBSD:*:*)
 	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
-	echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE
+	;;
+    *:SecBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'`
+	GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE
+	;;
     *:LibertyBSD:*:*)
 	UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
-	echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE
+	;;
     *:MidnightBSD:*:*)
-	echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE
+	;;
     *:ekkoBSD:*:*)
-	echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE
+	;;
     *:SolidBSD:*:*)
-	echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE
+	;;
+    *:OS108:*:*)
+	GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE
+	;;
     macppc:MirBSD:*:*)
-	echo powerpc-unknown-mirbsd"$UNAME_RELEASE"
-	exit ;;
+	GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE
+	;;
     *:MirBSD:*:*)
-	echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE
+	;;
     *:Sortix:*:*)
-	echo "$UNAME_MACHINE"-unknown-sortix
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-sortix
+	;;
+    *:Twizzler:*:*)
+	GUESS=$UNAME_MACHINE-unknown-twizzler
+	;;
     *:Redox:*:*)
-	echo "$UNAME_MACHINE"-unknown-redox
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-redox
+	;;
     mips:OSF1:*.*)
-        echo mips-dec-osf1
-        exit ;;
+	GUESS=mips-dec-osf1
+	;;
     alpha:OSF1:*:*)
+	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+	trap '' 0
 	case $UNAME_RELEASE in
 	*4.0)
 		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
@@ -289,7 +329,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
 	# covers most systems running today.  This code pipes the CPU
 	# types through head -n 1, so we only detect the type of CPU 0.
 	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
-	case "$ALPHA_CPU_TYPE" in
+	case $ALPHA_CPU_TYPE in
 	    "EV4 (21064)")
 		UNAME_MACHINE=alpha ;;
 	    "EV4.5 (21064)")
@@ -326,117 +366,121 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
 	# A Tn.n version is a released field test version.
 	# A Xn.n version is an unreleased experimental baselevel.
 	# 1.2 uses "1.2" for uname -r.
-	echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`"
-	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
-	exitcode=$?
-	trap '' 0
-	exit $exitcode ;;
+	OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+	GUESS=$UNAME_MACHINE-dec-osf$OSF_REL
+	;;
     Amiga*:UNIX_System_V:4.0:*)
-	echo m68k-unknown-sysv4
-	exit ;;
+	GUESS=m68k-unknown-sysv4
+	;;
     *:[Aa]miga[Oo][Ss]:*:*)
-	echo "$UNAME_MACHINE"-unknown-amigaos
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-amigaos
+	;;
     *:[Mm]orph[Oo][Ss]:*:*)
-	echo "$UNAME_MACHINE"-unknown-morphos
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-morphos
+	;;
     *:OS/390:*:*)
-	echo i370-ibm-openedition
-	exit ;;
+	GUESS=i370-ibm-openedition
+	;;
     *:z/VM:*:*)
-	echo s390-ibm-zvmoe
-	exit ;;
+	GUESS=s390-ibm-zvmoe
+	;;
     *:OS400:*:*)
-	echo powerpc-ibm-os400
-	exit ;;
+	GUESS=powerpc-ibm-os400
+	;;
     arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
-	echo arm-acorn-riscix"$UNAME_RELEASE"
-	exit ;;
+	GUESS=arm-acorn-riscix$UNAME_RELEASE
+	;;
     arm*:riscos:*:*|arm*:RISCOS:*:*)
-	echo arm-unknown-riscos
-	exit ;;
+	GUESS=arm-unknown-riscos
+	;;
     SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
-	echo hppa1.1-hitachi-hiuxmpp
-	exit ;;
+	GUESS=hppa1.1-hitachi-hiuxmpp
+	;;
     Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
 	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
-	if test "`(/bin/universe) 2>/dev/null`" = att ; then
-		echo pyramid-pyramid-sysv3
-	else
-		echo pyramid-pyramid-bsd
-	fi
-	exit ;;
+	case `(/bin/universe) 2>/dev/null` in
+	    att) GUESS=pyramid-pyramid-sysv3 ;;
+	    *)   GUESS=pyramid-pyramid-bsd   ;;
+	esac
+	;;
     NILE*:*:*:dcosx)
-	echo pyramid-pyramid-svr4
-	exit ;;
+	GUESS=pyramid-pyramid-svr4
+	;;
     DRS?6000:unix:4.0:6*)
-	echo sparc-icl-nx6
-	exit ;;
+	GUESS=sparc-icl-nx6
+	;;
     DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
 	case `/usr/bin/uname -p` in
-	    sparc) echo sparc-icl-nx7; exit ;;
-	esac ;;
+	    sparc) GUESS=sparc-icl-nx7 ;;
+	esac
+	;;
     s390x:SunOS:*:*)
-	echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
-	exit ;;
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL
+	;;
     sun4H:SunOS:5.*:*)
-	echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
-	exit ;;
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=sparc-hal-solaris2$SUN_REL
+	;;
     sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
-	echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
-	exit ;;
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=sparc-sun-solaris2$SUN_REL
+	;;
     i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
-	echo i386-pc-auroraux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=i386-pc-auroraux$UNAME_RELEASE
+	;;
     i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
-	eval "$set_cc_for_build"
+	set_cc_for_build
 	SUN_ARCH=i386
 	# If there is a compiler, see if it is configured for 64-bit objects.
 	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
 	# This test works for both compilers.
-	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
+	if test "$CC_FOR_BUILD" != no_compiler_found; then
 	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
-		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		(CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \
 		grep IS_64BIT_ARCH >/dev/null
 	    then
 		SUN_ARCH=x86_64
 	    fi
 	fi
-	echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
-	exit ;;
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=$SUN_ARCH-pc-solaris2$SUN_REL
+	;;
     sun4*:SunOS:6*:*)
 	# According to config.sub, this is the proper way to canonicalize
 	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
 	# it's likely to be more like Solaris than SunOS4.
-	echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
-	exit ;;
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=sparc-sun-solaris3$SUN_REL
+	;;
     sun4*:SunOS:*:*)
-	case "`/usr/bin/arch -k`" in
+	case `/usr/bin/arch -k` in
 	    Series*|S4*)
 		UNAME_RELEASE=`uname -v`
 		;;
 	esac
 	# Japanese Language versions have a version number like `4.1.3-JL'.
-	echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`"
-	exit ;;
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'`
+	GUESS=sparc-sun-sunos$SUN_REL
+	;;
     sun3*:SunOS:*:*)
-	echo m68k-sun-sunos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-sun-sunos$UNAME_RELEASE
+	;;
     sun*:*:4.2BSD:*)
 	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
 	test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
-	case "`/bin/arch`" in
+	case `/bin/arch` in
 	    sun3)
-		echo m68k-sun-sunos"$UNAME_RELEASE"
+		GUESS=m68k-sun-sunos$UNAME_RELEASE
 		;;
 	    sun4)
-		echo sparc-sun-sunos"$UNAME_RELEASE"
+		GUESS=sparc-sun-sunos$UNAME_RELEASE
 		;;
 	esac
-	exit ;;
+	;;
     aushp:SunOS:*:*)
-	echo sparc-auspex-sunos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sparc-auspex-sunos$UNAME_RELEASE
+	;;
     # The situation for MiNT is a little confusing.  The machine name
     # can be virtually everything (everything which is not
     # "atarist" or "atariste" at least should have a processor
@@ -446,43 +490,43 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
     # MiNT.  But MiNT is downward compatible to TOS, so this should
     # be no problem.
     atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
-	echo m68k-atari-mint"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-atari-mint$UNAME_RELEASE
+	;;
     atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
-	echo m68k-atari-mint"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-atari-mint$UNAME_RELEASE
+	;;
     *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
-	echo m68k-atari-mint"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-atari-mint$UNAME_RELEASE
+	;;
     milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
-	echo m68k-milan-mint"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-milan-mint$UNAME_RELEASE
+	;;
     hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
-	echo m68k-hades-mint"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-hades-mint$UNAME_RELEASE
+	;;
     *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
-	echo m68k-unknown-mint"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-unknown-mint$UNAME_RELEASE
+	;;
     m68k:machten:*:*)
-	echo m68k-apple-machten"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-apple-machten$UNAME_RELEASE
+	;;
     powerpc:machten:*:*)
-	echo powerpc-apple-machten"$UNAME_RELEASE"
-	exit ;;
+	GUESS=powerpc-apple-machten$UNAME_RELEASE
+	;;
     RISC*:Mach:*:*)
-	echo mips-dec-mach_bsd4.3
-	exit ;;
+	GUESS=mips-dec-mach_bsd4.3
+	;;
     RISC*:ULTRIX:*:*)
-	echo mips-dec-ultrix"$UNAME_RELEASE"
-	exit ;;
+	GUESS=mips-dec-ultrix$UNAME_RELEASE
+	;;
     VAX*:ULTRIX*:*:*)
-	echo vax-dec-ultrix"$UNAME_RELEASE"
-	exit ;;
+	GUESS=vax-dec-ultrix$UNAME_RELEASE
+	;;
     2020:CLIX:*:* | 2430:CLIX:*:*)
-	echo clipper-intergraph-clix"$UNAME_RELEASE"
-	exit ;;
+	GUESS=clipper-intergraph-clix$UNAME_RELEASE
+	;;
     mips:*:*:UMIPS | mips:*:*:RISCos)
-	eval "$set_cc_for_build"
+	set_cc_for_build
 	sed 's/^	//' << EOF > "$dummy.c"
 #ifdef __cplusplus
 #include <stdio.h>  /* for printf() prototype */
@@ -508,78 +552,79 @@ EOF
 	  dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
 	  SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
 	    { echo "$SYSTEM_NAME"; exit; }
-	echo mips-mips-riscos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=mips-mips-riscos$UNAME_RELEASE
+	;;
     Motorola:PowerMAX_OS:*:*)
-	echo powerpc-motorola-powermax
-	exit ;;
+	GUESS=powerpc-motorola-powermax
+	;;
     Motorola:*:4.3:PL8-*)
-	echo powerpc-harris-powermax
-	exit ;;
+	GUESS=powerpc-harris-powermax
+	;;
     Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
-	echo powerpc-harris-powermax
-	exit ;;
+	GUESS=powerpc-harris-powermax
+	;;
     Night_Hawk:Power_UNIX:*:*)
-	echo powerpc-harris-powerunix
-	exit ;;
+	GUESS=powerpc-harris-powerunix
+	;;
     m88k:CX/UX:7*:*)
-	echo m88k-harris-cxux7
-	exit ;;
+	GUESS=m88k-harris-cxux7
+	;;
     m88k:*:4*:R4*)
-	echo m88k-motorola-sysv4
-	exit ;;
+	GUESS=m88k-motorola-sysv4
+	;;
     m88k:*:3*:R3*)
-	echo m88k-motorola-sysv3
-	exit ;;
+	GUESS=m88k-motorola-sysv3
+	;;
     AViiON:dgux:*:*)
 	# DG/UX returns AViiON for all architectures
 	UNAME_PROCESSOR=`/usr/bin/uname -p`
-	if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ]
+	if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110
 	then
-	    if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \
-	       [ "$TARGET_BINARY_INTERFACE"x = x ]
+	    if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \
+	       test "$TARGET_BINARY_INTERFACE"x = x
 	    then
-		echo m88k-dg-dgux"$UNAME_RELEASE"
+		GUESS=m88k-dg-dgux$UNAME_RELEASE
 	    else
-		echo m88k-dg-dguxbcs"$UNAME_RELEASE"
+		GUESS=m88k-dg-dguxbcs$UNAME_RELEASE
 	    fi
 	else
-	    echo i586-dg-dgux"$UNAME_RELEASE"
+	    GUESS=i586-dg-dgux$UNAME_RELEASE
 	fi
-	exit ;;
+	;;
     M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
-	echo m88k-dolphin-sysv3
-	exit ;;
+	GUESS=m88k-dolphin-sysv3
+	;;
     M88*:*:R3*:*)
 	# Delta 88k system running SVR3
-	echo m88k-motorola-sysv3
-	exit ;;
+	GUESS=m88k-motorola-sysv3
+	;;
     XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
-	echo m88k-tektronix-sysv3
-	exit ;;
+	GUESS=m88k-tektronix-sysv3
+	;;
     Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
-	echo m68k-tektronix-bsd
-	exit ;;
+	GUESS=m68k-tektronix-bsd
+	;;
     *:IRIX*:*:*)
-	echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`"
-	exit ;;
+	IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'`
+	GUESS=mips-sgi-irix$IRIX_REL
+	;;
     ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
-	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
-	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+	GUESS=romp-ibm-aix    # uname -m gives an 8 hex-code CPU id
+	;;                    # Note that: echo "'`uname -s`'" gives 'AIX '
     i*86:AIX:*:*)
-	echo i386-ibm-aix
-	exit ;;
+	GUESS=i386-ibm-aix
+	;;
     ia64:AIX:*:*)
-	if [ -x /usr/bin/oslevel ] ; then
+	if test -x /usr/bin/oslevel ; then
 		IBM_REV=`/usr/bin/oslevel`
 	else
-		IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
+		IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
 	fi
-	echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV"
-	exit ;;
+	GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV
+	;;
     *:AIX:2:3)
 	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
-		eval "$set_cc_for_build"
+		set_cc_for_build
 		sed 's/^		//' << EOF > "$dummy.c"
 		#include <sys/systemcfg.h>
 
@@ -593,16 +638,16 @@ EOF
 EOF
 		if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
 		then
-			echo "$SYSTEM_NAME"
+			GUESS=$SYSTEM_NAME
 		else
-			echo rs6000-ibm-aix3.2.5
+			GUESS=rs6000-ibm-aix3.2.5
 		fi
 	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
-		echo rs6000-ibm-aix3.2.4
+		GUESS=rs6000-ibm-aix3.2.4
 	else
-		echo rs6000-ibm-aix3.2
+		GUESS=rs6000-ibm-aix3.2
 	fi
-	exit ;;
+	;;
     *:AIX:*:[4567])
 	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
 	if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
@@ -610,57 +655,57 @@ EOF
 	else
 		IBM_ARCH=powerpc
 	fi
-	if [ -x /usr/bin/lslpp ] ; then
-		IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
+	if test -x /usr/bin/lslpp ; then
+		IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \
 			   awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
 	else
-		IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
+		IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
 	fi
-	echo "$IBM_ARCH"-ibm-aix"$IBM_REV"
-	exit ;;
+	GUESS=$IBM_ARCH-ibm-aix$IBM_REV
+	;;
     *:AIX:*:*)
-	echo rs6000-ibm-aix
-	exit ;;
+	GUESS=rs6000-ibm-aix
+	;;
     ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*)
-	echo romp-ibm-bsd4.4
-	exit ;;
+	GUESS=romp-ibm-bsd4.4
+	;;
     ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
-	echo romp-ibm-bsd"$UNAME_RELEASE"   # 4.3 with uname added to
-	exit ;;                             # report: romp-ibm BSD 4.3
+	GUESS=romp-ibm-bsd$UNAME_RELEASE    # 4.3 with uname added to
+	;;                                  # report: romp-ibm BSD 4.3
     *:BOSX:*:*)
-	echo rs6000-bull-bosx
-	exit ;;
+	GUESS=rs6000-bull-bosx
+	;;
     DPX/2?00:B.O.S.:*:*)
-	echo m68k-bull-sysv3
-	exit ;;
+	GUESS=m68k-bull-sysv3
+	;;
     9000/[34]??:4.3bsd:1.*:*)
-	echo m68k-hp-bsd
-	exit ;;
+	GUESS=m68k-hp-bsd
+	;;
     hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
-	echo m68k-hp-bsd4.4
-	exit ;;
+	GUESS=m68k-hp-bsd4.4
+	;;
     9000/[34678]??:HP-UX:*:*)
-	HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
-	case "$UNAME_MACHINE" in
+	HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
+	case $UNAME_MACHINE in
 	    9000/31?)            HP_ARCH=m68000 ;;
 	    9000/[34]??)         HP_ARCH=m68k ;;
 	    9000/[678][0-9][0-9])
-		if [ -x /usr/bin/getconf ]; then
+		if test -x /usr/bin/getconf; then
 		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
 		    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
-		    case "$sc_cpu_version" in
+		    case $sc_cpu_version in
 		      523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
 		      528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
 		      532)                      # CPU_PA_RISC2_0
-			case "$sc_kernel_bits" in
+			case $sc_kernel_bits in
 			  32) HP_ARCH=hppa2.0n ;;
 			  64) HP_ARCH=hppa2.0w ;;
 			  '') HP_ARCH=hppa2.0 ;;   # HP-UX 10.20
 			esac ;;
 		    esac
 		fi
-		if [ "$HP_ARCH" = "" ]; then
-		    eval "$set_cc_for_build"
+		if test "$HP_ARCH" = ""; then
+		    set_cc_for_build
 		    sed 's/^		//' << EOF > "$dummy.c"
 
 		#define _HPUX_SOURCE
@@ -698,9 +743,9 @@ EOF
 		    test -z "$HP_ARCH" && HP_ARCH=hppa
 		fi ;;
 	esac
-	if [ "$HP_ARCH" = hppa2.0w ]
+	if test "$HP_ARCH" = hppa2.0w
 	then
-	    eval "$set_cc_for_build"
+	    set_cc_for_build
 
 	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
 	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
@@ -719,14 +764,14 @@ EOF
 		HP_ARCH=hppa64
 	    fi
 	fi
-	echo "$HP_ARCH"-hp-hpux"$HPUX_REV"
-	exit ;;
+	GUESS=$HP_ARCH-hp-hpux$HPUX_REV
+	;;
     ia64:HP-UX:*:*)
-	HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
-	echo ia64-hp-hpux"$HPUX_REV"
-	exit ;;
+	HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
+	GUESS=ia64-hp-hpux$HPUX_REV
+	;;
     3050*:HI-UX:*:*)
-	eval "$set_cc_for_build"
+	set_cc_for_build
 	sed 's/^	//' << EOF > "$dummy.c"
 	#include <unistd.h>
 	int
@@ -754,36 +799,36 @@ EOF
 EOF
 	$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
 		{ echo "$SYSTEM_NAME"; exit; }
-	echo unknown-hitachi-hiuxwe2
-	exit ;;
+	GUESS=unknown-hitachi-hiuxwe2
+	;;
     9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*)
-	echo hppa1.1-hp-bsd
-	exit ;;
+	GUESS=hppa1.1-hp-bsd
+	;;
     9000/8??:4.3bsd:*:*)
-	echo hppa1.0-hp-bsd
-	exit ;;
+	GUESS=hppa1.0-hp-bsd
+	;;
     *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
-	echo hppa1.0-hp-mpeix
-	exit ;;
+	GUESS=hppa1.0-hp-mpeix
+	;;
     hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*)
-	echo hppa1.1-hp-osf
-	exit ;;
+	GUESS=hppa1.1-hp-osf
+	;;
     hp8??:OSF1:*:*)
-	echo hppa1.0-hp-osf
-	exit ;;
+	GUESS=hppa1.0-hp-osf
+	;;
     i*86:OSF1:*:*)
-	if [ -x /usr/sbin/sysversion ] ; then
-	    echo "$UNAME_MACHINE"-unknown-osf1mk
+	if test -x /usr/sbin/sysversion ; then
+	    GUESS=$UNAME_MACHINE-unknown-osf1mk
 	else
-	    echo "$UNAME_MACHINE"-unknown-osf1
+	    GUESS=$UNAME_MACHINE-unknown-osf1
 	fi
-	exit ;;
+	;;
     parisc*:Lites*:*:*)
-	echo hppa1.1-hp-lites
-	exit ;;
+	GUESS=hppa1.1-hp-lites
+	;;
     C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
-	echo c1-convex-bsd
-	exit ;;
+	GUESS=c1-convex-bsd
+	;;
     C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
 	if getsysinfo -f scalar_acc
 	then echo c32-convex-bsd
@@ -791,17 +836,18 @@ EOF
 	fi
 	exit ;;
     C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
-	echo c34-convex-bsd
-	exit ;;
+	GUESS=c34-convex-bsd
+	;;
     C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
-	echo c38-convex-bsd
-	exit ;;
+	GUESS=c38-convex-bsd
+	;;
     C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
-	echo c4-convex-bsd
-	exit ;;
+	GUESS=c4-convex-bsd
+	;;
     CRAY*Y-MP:*:*:*)
-	echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=ymp-cray-unicos$CRAY_REL
+	;;
     CRAY*[A-Z]90:*:*:*)
 	echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \
 	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
@@ -809,103 +855,129 @@ EOF
 	      -e 's/\.[^.]*$/.X/'
 	exit ;;
     CRAY*TS:*:*:*)
-	echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=t90-cray-unicos$CRAY_REL
+	;;
     CRAY*T3E:*:*:*)
-	echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=alphaev5-cray-unicosmk$CRAY_REL
+	;;
     CRAY*SV1:*:*:*)
-	echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=sv1-cray-unicos$CRAY_REL
+	;;
     *:UNICOS/mp:*:*)
-	echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
-	exit ;;
+	CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+	GUESS=craynv-cray-unicosmp$CRAY_REL
+	;;
     F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
 	FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
 	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
 	FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
-	echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-	exit ;;
+	GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
+	;;
     5000:UNIX_System_V:4.*:*)
 	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
 	FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
-	echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-	exit ;;
+	GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
+	;;
     i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
-	echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE
+	;;
     sparc*:BSD/OS:*:*)
-	echo sparc-unknown-bsdi"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sparc-unknown-bsdi$UNAME_RELEASE
+	;;
     *:BSD/OS:*:*)
-	echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE
+	;;
+    arm:FreeBSD:*:*)
+	UNAME_PROCESSOR=`uname -p`
+	set_cc_for_build
+	if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_PCS_VFP
+	then
+	    FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	    GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi
+	else
+	    FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	    GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf
+	fi
+	;;
     *:FreeBSD:*:*)
 	UNAME_PROCESSOR=`/usr/bin/uname -p`
-	case "$UNAME_PROCESSOR" in
+	case $UNAME_PROCESSOR in
 	    amd64)
 		UNAME_PROCESSOR=x86_64 ;;
 	    i386)
 		UNAME_PROCESSOR=i586 ;;
 	esac
-	echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
-	exit ;;
+	FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL
+	;;
     i*:CYGWIN*:*)
-	echo "$UNAME_MACHINE"-pc-cygwin
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-cygwin
+	;;
     *:MINGW64*:*)
-	echo "$UNAME_MACHINE"-pc-mingw64
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-mingw64
+	;;
     *:MINGW*:*)
-	echo "$UNAME_MACHINE"-pc-mingw32
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-mingw32
+	;;
     *:MSYS*:*)
-	echo "$UNAME_MACHINE"-pc-msys
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-msys
+	;;
     i*:PW*:*)
-	echo "$UNAME_MACHINE"-pc-pw32
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-pw32
+	;;
+    *:SerenityOS:*:*)
+        GUESS=$UNAME_MACHINE-pc-serenity
+        ;;
     *:Interix*:*)
-	case "$UNAME_MACHINE" in
+	case $UNAME_MACHINE in
 	    x86)
-		echo i586-pc-interix"$UNAME_RELEASE"
-		exit ;;
+		GUESS=i586-pc-interix$UNAME_RELEASE
+		;;
 	    authenticamd | genuineintel | EM64T)
-		echo x86_64-unknown-interix"$UNAME_RELEASE"
-		exit ;;
+		GUESS=x86_64-unknown-interix$UNAME_RELEASE
+		;;
 	    IA64)
-		echo ia64-unknown-interix"$UNAME_RELEASE"
-		exit ;;
+		GUESS=ia64-unknown-interix$UNAME_RELEASE
+		;;
 	esac ;;
     i*:UWIN*:*)
-	echo "$UNAME_MACHINE"-pc-uwin
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-uwin
+	;;
     amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
-	echo x86_64-unknown-cygwin
-	exit ;;
+	GUESS=x86_64-pc-cygwin
+	;;
     prep*:SunOS:5.*:*)
-	echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
-	exit ;;
+	SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+	GUESS=powerpcle-unknown-solaris2$SUN_REL
+	;;
     *:GNU:*:*)
 	# the GNU system
-	echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`"
-	exit ;;
+	GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'`
+	GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'`
+	GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL
+	;;
     *:GNU/*:*:*)
 	# other systems with GNU libc and userland
-	echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC"
-	exit ;;
-    i*86:Minix:*:*)
-	echo "$UNAME_MACHINE"-pc-minix
-	exit ;;
+	GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"`
+	GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
+	;;
+    *:Minix:*:*)
+	GUESS=$UNAME_MACHINE-unknown-minix
+	;;
     aarch64:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     aarch64_be:Linux:*:*)
 	UNAME_MACHINE=aarch64_be
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     alpha:Linux:*:*)
-	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
 	  EV5)   UNAME_MACHINE=alphaev5 ;;
 	  EV56)  UNAME_MACHINE=alphaev56 ;;
 	  PCA56) UNAME_MACHINE=alphapca56 ;;
@@ -916,187 +988,225 @@ EOF
 	esac
 	objdump --private-headers /bin/sh | grep -q ld.so.1
 	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
-    arc:Linux:*:* | arceb:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     arm*:Linux:*:*)
-	eval "$set_cc_for_build"
+	set_cc_for_build
 	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
 	    | grep -q __ARM_EABI__
 	then
-	    echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	    GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
 	else
 	    if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
 		| grep -q __ARM_PCS_VFP
 	    then
-		echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi
+		GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi
 	    else
-		echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf
+		GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf
 	    fi
 	fi
-	exit ;;
+	;;
     avr32*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     cris:Linux:*:*)
-	echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-axis-linux-$LIBC
+	;;
     crisv32:Linux:*:*)
-	echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-axis-linux-$LIBC
+	;;
     e2k:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     frv:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     hexagon:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     i*86:Linux:*:*)
-	echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-linux-$LIBC
+	;;
     ia64:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     k1om:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
+    loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     m32r*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     m68*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     mips:Linux:*:* | mips64:Linux:*:*)
-	eval "$set_cc_for_build"
+	set_cc_for_build
+	IS_GLIBC=0
+	test x"${LIBC}" = xgnu && IS_GLIBC=1
 	sed 's/^	//' << EOF > "$dummy.c"
 	#undef CPU
-	#undef ${UNAME_MACHINE}
-	#undef ${UNAME_MACHINE}el
+	#undef mips
+	#undef mipsel
+	#undef mips64
+	#undef mips64el
+	#if ${IS_GLIBC} && defined(_ABI64)
+	LIBCABI=gnuabi64
+	#else
+	#if ${IS_GLIBC} && defined(_ABIN32)
+	LIBCABI=gnuabin32
+	#else
+	LIBCABI=${LIBC}
+	#endif
+	#endif
+
+	#if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+	CPU=mipsisa64r6
+	#else
+	#if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+	CPU=mipsisa32r6
+	#else
+	#if defined(__mips64)
+	CPU=mips64
+	#else
+	CPU=mips
+	#endif
+	#endif
+	#endif
+
 	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
-	CPU=${UNAME_MACHINE}el
+	MIPS_ENDIAN=el
 	#else
 	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
-	CPU=${UNAME_MACHINE}
+	MIPS_ENDIAN=
 	#else
-	CPU=
+	MIPS_ENDIAN=
 	#endif
 	#endif
 EOF
-	eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`"
-	test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; }
+	cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`
+	eval "$cc_set_vars"
+	test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
 	;;
     mips64el:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     openrisc*:Linux:*:*)
-	echo or1k-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=or1k-unknown-linux-$LIBC
+	;;
     or32:Linux:*:* | or1k*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     padre:Linux:*:*)
-	echo sparc-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=sparc-unknown-linux-$LIBC
+	;;
     parisc64:Linux:*:* | hppa64:Linux:*:*)
-	echo hppa64-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=hppa64-unknown-linux-$LIBC
+	;;
     parisc:Linux:*:* | hppa:Linux:*:*)
 	# Look for CPU level
 	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
-	  PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;;
-	  PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;;
-	  *)    echo hppa-unknown-linux-"$LIBC" ;;
+	  PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;;
+	  PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;;
+	  *)    GUESS=hppa-unknown-linux-$LIBC ;;
 	esac
-	exit ;;
+	;;
     ppc64:Linux:*:*)
-	echo powerpc64-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=powerpc64-unknown-linux-$LIBC
+	;;
     ppc:Linux:*:*)
-	echo powerpc-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=powerpc-unknown-linux-$LIBC
+	;;
     ppc64le:Linux:*:*)
-	echo powerpc64le-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=powerpc64le-unknown-linux-$LIBC
+	;;
     ppcle:Linux:*:*)
-	echo powerpcle-unknown-linux-"$LIBC"
-	exit ;;
-    riscv32:Linux:*:* | riscv64:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=powerpcle-unknown-linux-$LIBC
+	;;
+    riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*)
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     s390:Linux:*:* | s390x:Linux:*:*)
-	echo "$UNAME_MACHINE"-ibm-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-ibm-linux-$LIBC
+	;;
     sh64*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     sh*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     sparc:Linux:*:* | sparc64:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     tile*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     vax:Linux:*:*)
-	echo "$UNAME_MACHINE"-dec-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-dec-linux-$LIBC
+	;;
     x86_64:Linux:*:*)
-	if objdump -f /bin/sh | grep -q elf32-x86-64; then
-	    echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32
-	else
-	    echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
+	set_cc_for_build
+	LIBCABI=$LIBC
+	if test "$CC_FOR_BUILD" != no_compiler_found; then
+	    if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
+		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_X32 >/dev/null
+	    then
+		LIBCABI=${LIBC}x32
+	    fi
 	fi
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
+	;;
     xtensa*:Linux:*:*)
-	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+	;;
     i*86:DYNIX/ptx:4*:*)
 	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
 	# earlier versions are messed up and put the nodename in both
 	# sysname and nodename.
-	echo i386-sequent-sysv4
-	exit ;;
+	GUESS=i386-sequent-sysv4
+	;;
     i*86:UNIX_SV:4.2MP:2.*)
 	# Unixware is an offshoot of SVR4, but it has its own version
 	# number series starting with 2...
 	# I am not positive that other SVR4 systems won't match this,
 	# I just have to hope.  -- rms.
 	# Use sysv4.2uw... so that sysv4* matches it.
-	echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION"
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION
+	;;
     i*86:OS/2:*:*)
 	# If we were able to find `uname', then EMX Unix compatibility
 	# is probably installed.
-	echo "$UNAME_MACHINE"-pc-os2-emx
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-os2-emx
+	;;
     i*86:XTS-300:*:STOP)
-	echo "$UNAME_MACHINE"-unknown-stop
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-stop
+	;;
     i*86:atheos:*:*)
-	echo "$UNAME_MACHINE"-unknown-atheos
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-atheos
+	;;
     i*86:syllable:*:*)
-	echo "$UNAME_MACHINE"-pc-syllable
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-syllable
+	;;
     i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
-	echo i386-unknown-lynxos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=i386-unknown-lynxos$UNAME_RELEASE
+	;;
     i*86:*DOS:*:*)
-	echo "$UNAME_MACHINE"-pc-msdosdjgpp
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-msdosdjgpp
+	;;
     i*86:*:4.*:*)
 	UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
 	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-		echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL"
+		GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL
 	else
-		echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL"
+		GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL
 	fi
-	exit ;;
+	;;
     i*86:*:5:[678]*)
 	# UnixWare 7.x, OpenUNIX and OpenServer 6.
 	case `/bin/uname -X | grep "^Machine"` in
@@ -1104,12 +1214,12 @@ EOF
 	    *Pentium)	     UNAME_MACHINE=i586 ;;
 	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
 	esac
-	echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}"
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	;;
     i*86:*:3.2:*)
 	if test -f /usr/options/cb.name; then
 		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
-		echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL"
+		GUESS=$UNAME_MACHINE-pc-isc$UNAME_REL
 	elif /bin/uname -X 2>/dev/null >/dev/null ; then
 		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
 		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
@@ -1119,11 +1229,11 @@ EOF
 			&& UNAME_MACHINE=i686
 		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
 			&& UNAME_MACHINE=i686
-		echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL"
+		GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL
 	else
-		echo "$UNAME_MACHINE"-pc-sysv32
+		GUESS=$UNAME_MACHINE-pc-sysv32
 	fi
-	exit ;;
+	;;
     pc:*:*:*)
 	# Left here for compatibility:
 	# uname -m prints for DJGPP always 'pc', but it prints nothing about
@@ -1131,31 +1241,31 @@ EOF
 	# Note: whatever this is, it MUST be the same as what config.sub
 	# prints for the "djgpp" host, or else GDB configure will decide that
 	# this is a cross-build.
-	echo i586-pc-msdosdjgpp
-	exit ;;
+	GUESS=i586-pc-msdosdjgpp
+	;;
     Intel:Mach:3*:*)
-	echo i386-pc-mach3
-	exit ;;
+	GUESS=i386-pc-mach3
+	;;
     paragon:*:*:*)
-	echo i860-intel-osf1
-	exit ;;
+	GUESS=i860-intel-osf1
+	;;
     i860:*:4.*:*) # i860-SVR4
 	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
-	  echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4
+	  GUESS=i860-stardent-sysv$UNAME_RELEASE    # Stardent Vistra i860-SVR4
 	else # Add other i860-SVR4 vendors below as they are discovered.
-	  echo i860-unknown-sysv"$UNAME_RELEASE"  # Unknown i860-SVR4
+	  GUESS=i860-unknown-sysv$UNAME_RELEASE     # Unknown i860-SVR4
 	fi
-	exit ;;
+	;;
     mini*:CTIX:SYS*5:*)
 	# "miniframe"
-	echo m68010-convergent-sysv
-	exit ;;
+	GUESS=m68010-convergent-sysv
+	;;
     mc68k:UNIX:SYSTEM5:3.51m)
-	echo m68k-convergent-sysv
-	exit ;;
+	GUESS=m68k-convergent-sysv
+	;;
     M680?0:D-NIX:5.3:*)
-	echo m68k-diab-dnix
-	exit ;;
+	GUESS=m68k-diab-dnix
+	;;
     M68*:*:R3V[5678]*:*)
 	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
     3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
@@ -1180,249 +1290,404 @@ EOF
 	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
 	    && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
     m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
-	echo m68k-unknown-lynxos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-unknown-lynxos$UNAME_RELEASE
+	;;
     mc68030:UNIX_System_V:4.*:*)
-	echo m68k-atari-sysv4
-	exit ;;
+	GUESS=m68k-atari-sysv4
+	;;
     TSUNAMI:LynxOS:2.*:*)
-	echo sparc-unknown-lynxos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sparc-unknown-lynxos$UNAME_RELEASE
+	;;
     rs6000:LynxOS:2.*:*)
-	echo rs6000-unknown-lynxos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=rs6000-unknown-lynxos$UNAME_RELEASE
+	;;
     PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
-	echo powerpc-unknown-lynxos"$UNAME_RELEASE"
-	exit ;;
+	GUESS=powerpc-unknown-lynxos$UNAME_RELEASE
+	;;
     SM[BE]S:UNIX_SV:*:*)
-	echo mips-dde-sysv"$UNAME_RELEASE"
-	exit ;;
+	GUESS=mips-dde-sysv$UNAME_RELEASE
+	;;
     RM*:ReliantUNIX-*:*:*)
-	echo mips-sni-sysv4
-	exit ;;
+	GUESS=mips-sni-sysv4
+	;;
     RM*:SINIX-*:*:*)
-	echo mips-sni-sysv4
-	exit ;;
+	GUESS=mips-sni-sysv4
+	;;
     *:SINIX-*:*:*)
 	if uname -p 2>/dev/null >/dev/null ; then
 		UNAME_MACHINE=`(uname -p) 2>/dev/null`
-		echo "$UNAME_MACHINE"-sni-sysv4
+		GUESS=$UNAME_MACHINE-sni-sysv4
 	else
-		echo ns32k-sni-sysv
+		GUESS=ns32k-sni-sysv
 	fi
-	exit ;;
+	;;
     PENTIUM:*:4.0*:*)	# Unisys `ClearPath HMP IX 4000' SVR4/MP effort
 			# says <Richard.M.Bartel@ccMail.Census.GOV>
-	echo i586-unisys-sysv4
-	exit ;;
+	GUESS=i586-unisys-sysv4
+	;;
     *:UNIX_System_V:4*:FTX*)
 	# From Gerald Hewes <hewes@openmarket.com>.
 	# How about differentiating between stratus architectures? -djm
-	echo hppa1.1-stratus-sysv4
-	exit ;;
+	GUESS=hppa1.1-stratus-sysv4
+	;;
     *:*:*:FTX*)
 	# From seanf@swdc.stratus.com.
-	echo i860-stratus-sysv4
-	exit ;;
+	GUESS=i860-stratus-sysv4
+	;;
     i*86:VOS:*:*)
 	# From Paul.Green@stratus.com.
-	echo "$UNAME_MACHINE"-stratus-vos
-	exit ;;
+	GUESS=$UNAME_MACHINE-stratus-vos
+	;;
     *:VOS:*:*)
 	# From Paul.Green@stratus.com.
-	echo hppa1.1-stratus-vos
-	exit ;;
+	GUESS=hppa1.1-stratus-vos
+	;;
     mc68*:A/UX:*:*)
-	echo m68k-apple-aux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=m68k-apple-aux$UNAME_RELEASE
+	;;
     news*:NEWS-OS:6*:*)
-	echo mips-sony-newsos6
-	exit ;;
+	GUESS=mips-sony-newsos6
+	;;
     R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
-	if [ -d /usr/nec ]; then
-		echo mips-nec-sysv"$UNAME_RELEASE"
+	if test -d /usr/nec; then
+		GUESS=mips-nec-sysv$UNAME_RELEASE
 	else
-		echo mips-unknown-sysv"$UNAME_RELEASE"
+		GUESS=mips-unknown-sysv$UNAME_RELEASE
 	fi
-	exit ;;
+	;;
     BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
-	echo powerpc-be-beos
-	exit ;;
+	GUESS=powerpc-be-beos
+	;;
     BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
-	echo powerpc-apple-beos
-	exit ;;
+	GUESS=powerpc-apple-beos
+	;;
     BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
-	echo i586-pc-beos
-	exit ;;
+	GUESS=i586-pc-beos
+	;;
     BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
-	echo i586-pc-haiku
-	exit ;;
+	GUESS=i586-pc-haiku
+	;;
     x86_64:Haiku:*:*)
-	echo x86_64-unknown-haiku
-	exit ;;
+	GUESS=x86_64-unknown-haiku
+	;;
     SX-4:SUPER-UX:*:*)
-	echo sx4-nec-superux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sx4-nec-superux$UNAME_RELEASE
+	;;
     SX-5:SUPER-UX:*:*)
-	echo sx5-nec-superux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sx5-nec-superux$UNAME_RELEASE
+	;;
     SX-6:SUPER-UX:*:*)
-	echo sx6-nec-superux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sx6-nec-superux$UNAME_RELEASE
+	;;
     SX-7:SUPER-UX:*:*)
-	echo sx7-nec-superux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sx7-nec-superux$UNAME_RELEASE
+	;;
     SX-8:SUPER-UX:*:*)
-	echo sx8-nec-superux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sx8-nec-superux$UNAME_RELEASE
+	;;
     SX-8R:SUPER-UX:*:*)
-	echo sx8r-nec-superux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sx8r-nec-superux$UNAME_RELEASE
+	;;
     SX-ACE:SUPER-UX:*:*)
-	echo sxace-nec-superux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=sxace-nec-superux$UNAME_RELEASE
+	;;
     Power*:Rhapsody:*:*)
-	echo powerpc-apple-rhapsody"$UNAME_RELEASE"
-	exit ;;
+	GUESS=powerpc-apple-rhapsody$UNAME_RELEASE
+	;;
     *:Rhapsody:*:*)
-	echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE
+	;;
+    arm64:Darwin:*:*)
+	GUESS=aarch64-apple-darwin$UNAME_RELEASE
+	;;
     *:Darwin:*:*)
-	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
-	eval "$set_cc_for_build"
-	if test "$UNAME_PROCESSOR" = unknown ; then
-	    UNAME_PROCESSOR=powerpc
+	UNAME_PROCESSOR=`uname -p`
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	if command -v xcode-select > /dev/null 2> /dev/null && \
+		! xcode-select --print-path > /dev/null 2> /dev/null ; then
+	    # Avoid executing cc if there is no toolchain installed as
+	    # cc will be a stub that puts up a graphical alert
+	    # prompting the user to install developer tools.
+	    CC_FOR_BUILD=no_compiler_found
+	else
+	    set_cc_for_build
 	fi
-	if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then
-	    if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
-		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
-		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
-		       grep IS_64BIT_ARCH >/dev/null
-		then
-		    case $UNAME_PROCESSOR in
-			i386) UNAME_PROCESSOR=x86_64 ;;
-			powerpc) UNAME_PROCESSOR=powerpc64 ;;
-		    esac
-		fi
-		# On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
-		if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
-		       (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
-		       grep IS_PPC >/dev/null
-		then
-		    UNAME_PROCESSOR=powerpc
-		fi
+	if test "$CC_FOR_BUILD" != no_compiler_found; then
+	    if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+		   (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		   grep IS_64BIT_ARCH >/dev/null
+	    then
+		case $UNAME_PROCESSOR in
+		    i386) UNAME_PROCESSOR=x86_64 ;;
+		    powerpc) UNAME_PROCESSOR=powerpc64 ;;
+		esac
+	    fi
+	    # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
+	    if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
+		   (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		   grep IS_PPC >/dev/null
+	    then
+		UNAME_PROCESSOR=powerpc
 	    fi
 	elif test "$UNAME_PROCESSOR" = i386 ; then
-	    # Avoid executing cc on OS X 10.9, as it ships with a stub
-	    # that puts up a graphical alert prompting to install
-	    # developer tools.  Any system running Mac OS X 10.7 or
-	    # later (Darwin 11 and later) is required to have a 64-bit
-	    # processor. This is not true of the ARM version of Darwin
-	    # that Apple uses in portable devices.
-	    UNAME_PROCESSOR=x86_64
+	    # uname -m returns i386 or x86_64
+	    UNAME_PROCESSOR=$UNAME_MACHINE
 	fi
-	echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE
+	;;
     *:procnto*:*:* | *:QNX:[0123456789]*:*)
 	UNAME_PROCESSOR=`uname -p`
 	if test "$UNAME_PROCESSOR" = x86; then
 		UNAME_PROCESSOR=i386
 		UNAME_MACHINE=pc
 	fi
-	echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE
+	;;
     *:QNX:*:4*)
-	echo i386-pc-qnx
-	exit ;;
+	GUESS=i386-pc-qnx
+	;;
     NEO-*:NONSTOP_KERNEL:*:*)
-	echo neo-tandem-nsk"$UNAME_RELEASE"
-	exit ;;
+	GUESS=neo-tandem-nsk$UNAME_RELEASE
+	;;
     NSE-*:NONSTOP_KERNEL:*:*)
-	echo nse-tandem-nsk"$UNAME_RELEASE"
-	exit ;;
+	GUESS=nse-tandem-nsk$UNAME_RELEASE
+	;;
     NSR-*:NONSTOP_KERNEL:*:*)
-	echo nsr-tandem-nsk"$UNAME_RELEASE"
-	exit ;;
+	GUESS=nsr-tandem-nsk$UNAME_RELEASE
+	;;
     NSV-*:NONSTOP_KERNEL:*:*)
-	echo nsv-tandem-nsk"$UNAME_RELEASE"
-	exit ;;
+	GUESS=nsv-tandem-nsk$UNAME_RELEASE
+	;;
     NSX-*:NONSTOP_KERNEL:*:*)
-	echo nsx-tandem-nsk"$UNAME_RELEASE"
-	exit ;;
+	GUESS=nsx-tandem-nsk$UNAME_RELEASE
+	;;
     *:NonStop-UX:*:*)
-	echo mips-compaq-nonstopux
-	exit ;;
+	GUESS=mips-compaq-nonstopux
+	;;
     BS2000:POSIX*:*:*)
-	echo bs2000-siemens-sysv
-	exit ;;
+	GUESS=bs2000-siemens-sysv
+	;;
     DS/*:UNIX_System_V:*:*)
-	echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE"
-	exit ;;
+	GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE
+	;;
     *:Plan9:*:*)
 	# "uname -m" is not consistent, so use $cputype instead. 386
 	# is converted to i386 for consistency with other x86
 	# operating systems.
-	if test "$cputype" = 386; then
+	if test "${cputype-}" = 386; then
 	    UNAME_MACHINE=i386
-	else
-	    UNAME_MACHINE="$cputype"
+	elif test "x${cputype-}" != x; then
+	    UNAME_MACHINE=$cputype
 	fi
-	echo "$UNAME_MACHINE"-unknown-plan9
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-plan9
+	;;
     *:TOPS-10:*:*)
-	echo pdp10-unknown-tops10
-	exit ;;
+	GUESS=pdp10-unknown-tops10
+	;;
     *:TENEX:*:*)
-	echo pdp10-unknown-tenex
-	exit ;;
+	GUESS=pdp10-unknown-tenex
+	;;
     KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
-	echo pdp10-dec-tops20
-	exit ;;
+	GUESS=pdp10-dec-tops20
+	;;
     XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
-	echo pdp10-xkl-tops20
-	exit ;;
+	GUESS=pdp10-xkl-tops20
+	;;
     *:TOPS-20:*:*)
-	echo pdp10-unknown-tops20
-	exit ;;
+	GUESS=pdp10-unknown-tops20
+	;;
     *:ITS:*:*)
-	echo pdp10-unknown-its
-	exit ;;
+	GUESS=pdp10-unknown-its
+	;;
     SEI:*:*:SEIUX)
-	echo mips-sei-seiux"$UNAME_RELEASE"
-	exit ;;
+	GUESS=mips-sei-seiux$UNAME_RELEASE
+	;;
     *:DragonFly:*:*)
-	echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
-	exit ;;
+	DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+	GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL
+	;;
     *:*VMS:*:*)
 	UNAME_MACHINE=`(uname -p) 2>/dev/null`
-	case "$UNAME_MACHINE" in
-	    A*) echo alpha-dec-vms ; exit ;;
-	    I*) echo ia64-dec-vms ; exit ;;
-	    V*) echo vax-dec-vms ; exit ;;
+	case $UNAME_MACHINE in
+	    A*) GUESS=alpha-dec-vms ;;
+	    I*) GUESS=ia64-dec-vms ;;
+	    V*) GUESS=vax-dec-vms ;;
 	esac ;;
     *:XENIX:*:SysV)
-	echo i386-pc-xenix
-	exit ;;
+	GUESS=i386-pc-xenix
+	;;
     i*86:skyos:*:*)
-	echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`"
-	exit ;;
+	SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`
+	GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL
+	;;
     i*86:rdos:*:*)
-	echo "$UNAME_MACHINE"-pc-rdos
-	exit ;;
-    i*86:AROS:*:*)
-	echo "$UNAME_MACHINE"-pc-aros
-	exit ;;
+	GUESS=$UNAME_MACHINE-pc-rdos
+	;;
+    i*86:Fiwix:*:*)
+	GUESS=$UNAME_MACHINE-pc-fiwix
+	;;
+    *:AROS:*:*)
+	GUESS=$UNAME_MACHINE-unknown-aros
+	;;
     x86_64:VMkernel:*:*)
-	echo "$UNAME_MACHINE"-unknown-esx
-	exit ;;
+	GUESS=$UNAME_MACHINE-unknown-esx
+	;;
     amd64:Isilon\ OneFS:*:*)
-	echo x86_64-unknown-onefs
-	exit ;;
+	GUESS=x86_64-unknown-onefs
+	;;
+    *:Unleashed:*:*)
+	GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE
+	;;
 esac
 
+# Do we have a guess based on uname results?
+if test "x$GUESS" != x; then
+    echo "$GUESS"
+    exit
+fi
+
+# No uname command or uname output not recognized.
+set_cc_for_build
+cat > "$dummy.c" <<EOF
+#ifdef _SEQUENT_
+#include <sys/types.h>
+#include <sys/utsname.h>
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#include <signal.h>
+#if defined(_SIZE_T_) || defined(SIGLOST)
+#include <sys/utsname.h>
+#endif
+#endif
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+  "4"
+#else
+  ""
+#endif
+  ); exit (0);
+#endif
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+  struct utsname un;
+
+  uname(&un);
+  if (strncmp(un.version, "V2", 2) == 0) {
+    printf ("i386-sequent-ptx2\n"); exit (0);
+  }
+  if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+    printf ("i386-sequent-ptx1\n"); exit (0);
+  }
+  printf ("i386-sequent-ptx\n"); exit (0);
+#endif
+
+#if defined (vax)
+#if !defined (ultrix)
+#include <sys/param.h>
+#if defined (BSD)
+#if BSD == 43
+  printf ("vax-dec-bsd4.3\n"); exit (0);
+#else
+#if BSD == 199006
+  printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#else
+  printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#endif
+#else
+  printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#else
+#if defined(_SIZE_T_) || defined(SIGLOST)
+  struct utsname un;
+  uname (&un);
+  printf ("vax-dec-ultrix%s\n", un.release); exit (0);
+#else
+  printf ("vax-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#if defined(_SIZE_T_) || defined(SIGLOST)
+  struct utsname *un;
+  uname (&un);
+  printf ("mips-dec-ultrix%s\n", un.release); exit (0);
+#else
+  printf ("mips-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; }
+
 echo "$0: unable to guess system type" >&2
 
-case "$UNAME_MACHINE:$UNAME_SYSTEM" in
+case $UNAME_MACHINE:$UNAME_SYSTEM in
     mips:Linux | mips64:Linux)
 	# If we got here on MIPS GNU/Linux, output extra information.
 	cat >&2 <<EOF
@@ -1439,9 +1704,17 @@ This script (version $timestamp), has failed to recognize the
 operating system you are using. If your script is old, overwrite *all*
 copies of config.guess and config.sub with the latest versions from:
 
-  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+  https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
 and
-  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+  https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
+EOF
+
+our_year=`echo $timestamp | sed 's,-.*,,'`
+thisyear=`date +%Y`
+# shellcheck disable=SC2003
+script_age=`expr "$thisyear" - "$our_year"`
+if test "$script_age" -lt 3 ; then
+   cat >&2 <<EOF
 
 If $0 has already been updated, send the following data and any
 information you think might be pertinent to config-patches@gnu.org to
@@ -1469,11 +1742,12 @@ UNAME_RELEASE = "$UNAME_RELEASE"
 UNAME_SYSTEM  = "$UNAME_SYSTEM"
 UNAME_VERSION = "$UNAME_VERSION"
 EOF
+fi
 
 exit 1
 
 # Local variables:
-# eval: (add-hook 'write-file-functions 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
 # time-stamp-start: "timestamp='"
 # time-stamp-format: "%:y-%02m-%02d"
 # time-stamp-end: "'"
diff --git a/config.sub b/config.sub
index 1d8e98bce..dba16e84c 100755
--- a/config.sub
+++ b/config.sub
@@ -1,12 +1,14 @@
 #! /bin/sh
 # Configuration validation subroutine script.
-#   Copyright 1992-2018 Free Software Foundation, Inc.
+#   Copyright 1992-2022 Free Software Foundation, Inc.
 
-timestamp='2018-02-22'
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
+timestamp='2022-01-03'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
+# the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful, but
@@ -33,7 +35,7 @@ timestamp='2018-02-22'
 # Otherwise, we print the canonical config type on stdout and succeed.
 
 # You can get the latest version of this script from:
-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
 
 # This file is supposed to be the same for all GNU packages
 # and recognize all the CPU types, system types and aliases
@@ -50,6 +52,13 @@ timestamp='2018-02-22'
 #	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
 # It is wrong to echo any other type of specification.
 
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX.  However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
 me=`echo "$0" | sed -e 's,.*/,,'`
 
 usage="\
@@ -67,7 +76,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)
 
-Copyright 1992-2018 Free Software Foundation, Inc.
+Copyright 1992-2022 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -89,7 +98,7 @@ while test $# -gt 0 ; do
     - )	# Use stdin as input.
        break ;;
     -* )
-       echo "$me: invalid option $1$help"
+       echo "$me: invalid option $1$help" >&2
        exit 1 ;;
 
     *local*)
@@ -110,1223 +119,1186 @@ case $# in
     exit 1;;
 esac
 
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
-  nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
-  linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
-  knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
-  kopensolaris*-gnu* | cloudabi*-eabi* | \
-  storm-chaos* | os2-emx* | rtmk-nova*)
-    os=-$maybe_os
-    basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
-    ;;
-  android-linux)
-    os=-linux-android
-    basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
-    ;;
-  *)
-    basic_machine=`echo "$1" | sed 's/-[^-]*$//'`
-    if [ "$basic_machine" != "$1" ]
-    then os=`echo "$1" | sed 's/.*-/-/'`
-    else os=; fi
-    ;;
-esac
+# Split fields of configuration type
+# shellcheck disable=SC2162
+saved_IFS=$IFS
+IFS="-" read field1 field2 field3 field4 <<EOF
+$1
+EOF
+IFS=$saved_IFS
 
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work.  We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
-	-sun*os*)
-		# Prevent following clause from handling this invalid input.
-		;;
-	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
-	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
-	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
-	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple | -axis | -knuth | -cray | -microblaze*)
-		os=
-		basic_machine=$1
-		;;
-	-bluegene*)
-		os=-cnk
-		;;
-	-sim | -cisco | -oki | -wec | -winbond)
-		os=
-		basic_machine=$1
-		;;
-	-scout)
-		;;
-	-wrs)
-		os=-vxworks
-		basic_machine=$1
-		;;
-	-chorusos*)
-		os=-chorusos
-		basic_machine=$1
-		;;
-	-chorusrdb)
-		os=-chorusrdb
-		basic_machine=$1
-		;;
-	-hiux*)
-		os=-hiuxwe2
-		;;
-	-sco6)
-		os=-sco5v6
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco5)
-		os=-sco3.2v5
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco4)
-		os=-sco3.2v4
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2.[4-9]*)
-		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco3.2v[4-9]*)
-		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco5v6*)
-		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-sco*)
-		os=-sco3.2v2
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-udk*)
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-isc)
-		os=-isc2.2
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-clix*)
-		basic_machine=clipper-intergraph
-		;;
-	-isc*)
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
-		;;
-	-lynx*178)
-		os=-lynxos178
-		;;
-	-lynx*5)
-		os=-lynxos5
+# Separate into logical components for further validation
+case $1 in
+	*-*-*-*-*)
+		echo Invalid configuration \`"$1"\': more than four components >&2
+		exit 1
 		;;
-	-lynx*)
-		os=-lynxos
+	*-*-*-*)
+		basic_machine=$field1-$field2
+		basic_os=$field3-$field4
 		;;
-	-ptx*)
-		basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'`
+	*-*-*)
+		# Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two
+		# parts
+		maybe_os=$field2-$field3
+		case $maybe_os in
+			nto-qnx* | linux-* | uclinux-uclibc* \
+			| uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
+			| netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
+			| storm-chaos* | os2-emx* | rtmk-nova*)
+				basic_machine=$field1
+				basic_os=$maybe_os
+				;;
+			android-linux)
+				basic_machine=$field1-unknown
+				basic_os=linux-android
+				;;
+			*)
+				basic_machine=$field1-$field2
+				basic_os=$field3
+				;;
+		esac
 		;;
-	-psos*)
-		os=-psos
+	*-*)
+		# A lone config we happen to match not fitting any pattern
+		case $field1-$field2 in
+			decstation-3100)
+				basic_machine=mips-dec
+				basic_os=
+				;;
+			*-*)
+				# Second component is usually, but not always the OS
+				case $field2 in
+					# Prevent following clause from handling this valid os
+					sun*os*)
+						basic_machine=$field1
+						basic_os=$field2
+						;;
+					zephyr*)
+						basic_machine=$field1-unknown
+						basic_os=$field2
+						;;
+					# Manufacturers
+					dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \
+					| att* | 7300* | 3300* | delta* | motorola* | sun[234]* \
+					| unicom* | ibm* | next | hp | isi* | apollo | altos* \
+					| convergent* | ncr* | news | 32* | 3600* | 3100* \
+					| hitachi* | c[123]* | convex* | sun | crds | omron* | dg \
+					| ultra | tti* | harris | dolphin | highlevel | gould \
+					| cbm | ns | masscomp | apple | axis | knuth | cray \
+					| microblaze* | sim | cisco \
+					| oki | wec | wrs | winbond)
+						basic_machine=$field1-$field2
+						basic_os=
+						;;
+					*)
+						basic_machine=$field1
+						basic_os=$field2
+						;;
+				esac
+			;;
+		esac
 		;;
-	-mint | -mint[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
+	*)
+		# Convert single-component short-hands not valid as part of
+		# multi-component configurations.
+		case $field1 in
+			386bsd)
+				basic_machine=i386-pc
+				basic_os=bsd
+				;;
+			a29khif)
+				basic_machine=a29k-amd
+				basic_os=udi
+				;;
+			adobe68k)
+				basic_machine=m68010-adobe
+				basic_os=scout
+				;;
+			alliant)
+				basic_machine=fx80-alliant
+				basic_os=
+				;;
+			altos | altos3068)
+				basic_machine=m68k-altos
+				basic_os=
+				;;
+			am29k)
+				basic_machine=a29k-none
+				basic_os=bsd
+				;;
+			amdahl)
+				basic_machine=580-amdahl
+				basic_os=sysv
+				;;
+			amiga)
+				basic_machine=m68k-unknown
+				basic_os=
+				;;
+			amigaos | amigados)
+				basic_machine=m68k-unknown
+				basic_os=amigaos
+				;;
+			amigaunix | amix)
+				basic_machine=m68k-unknown
+				basic_os=sysv4
+				;;
+			apollo68)
+				basic_machine=m68k-apollo
+				basic_os=sysv
+				;;
+			apollo68bsd)
+				basic_machine=m68k-apollo
+				basic_os=bsd
+				;;
+			aros)
+				basic_machine=i386-pc
+				basic_os=aros
+				;;
+			aux)
+				basic_machine=m68k-apple
+				basic_os=aux
+				;;
+			balance)
+				basic_machine=ns32k-sequent
+				basic_os=dynix
+				;;
+			blackfin)
+				basic_machine=bfin-unknown
+				basic_os=linux
+				;;
+			cegcc)
+				basic_machine=arm-unknown
+				basic_os=cegcc
+				;;
+			convex-c1)
+				basic_machine=c1-convex
+				basic_os=bsd
+				;;
+			convex-c2)
+				basic_machine=c2-convex
+				basic_os=bsd
+				;;
+			convex-c32)
+				basic_machine=c32-convex
+				basic_os=bsd
+				;;
+			convex-c34)
+				basic_machine=c34-convex
+				basic_os=bsd
+				;;
+			convex-c38)
+				basic_machine=c38-convex
+				basic_os=bsd
+				;;
+			cray)
+				basic_machine=j90-cray
+				basic_os=unicos
+				;;
+			crds | unos)
+				basic_machine=m68k-crds
+				basic_os=
+				;;
+			da30)
+				basic_machine=m68k-da30
+				basic_os=
+				;;
+			decstation | pmax | pmin | dec3100 | decstatn)
+				basic_machine=mips-dec
+				basic_os=
+				;;
+			delta88)
+				basic_machine=m88k-motorola
+				basic_os=sysv3
+				;;
+			dicos)
+				basic_machine=i686-pc
+				basic_os=dicos
+				;;
+			djgpp)
+				basic_machine=i586-pc
+				basic_os=msdosdjgpp
+				;;
+			ebmon29k)
+				basic_machine=a29k-amd
+				basic_os=ebmon
+				;;
+			es1800 | OSE68k | ose68k | ose | OSE)
+				basic_machine=m68k-ericsson
+				basic_os=ose
+				;;
+			gmicro)
+				basic_machine=tron-gmicro
+				basic_os=sysv
+				;;
+			go32)
+				basic_machine=i386-pc
+				basic_os=go32
+				;;
+			h8300hms)
+				basic_machine=h8300-hitachi
+				basic_os=hms
+				;;
+			h8300xray)
+				basic_machine=h8300-hitachi
+				basic_os=xray
+				;;
+			h8500hms)
+				basic_machine=h8500-hitachi
+				basic_os=hms
+				;;
+			harris)
+				basic_machine=m88k-harris
+				basic_os=sysv3
+				;;
+			hp300 | hp300hpux)
+				basic_machine=m68k-hp
+				basic_os=hpux
+				;;
+			hp300bsd)
+				basic_machine=m68k-hp
+				basic_os=bsd
+				;;
+			hppaosf)
+				basic_machine=hppa1.1-hp
+				basic_os=osf
+				;;
+			hppro)
+				basic_machine=hppa1.1-hp
+				basic_os=proelf
+				;;
+			i386mach)
+				basic_machine=i386-mach
+				basic_os=mach
+				;;
+			isi68 | isi)
+				basic_machine=m68k-isi
+				basic_os=sysv
+				;;
+			m68knommu)
+				basic_machine=m68k-unknown
+				basic_os=linux
+				;;
+			magnum | m3230)
+				basic_machine=mips-mips
+				basic_os=sysv
+				;;
+			merlin)
+				basic_machine=ns32k-utek
+				basic_os=sysv
+				;;
+			mingw64)
+				basic_machine=x86_64-pc
+				basic_os=mingw64
+				;;
+			mingw32)
+				basic_machine=i686-pc
+				basic_os=mingw32
+				;;
+			mingw32ce)
+				basic_machine=arm-unknown
+				basic_os=mingw32ce
+				;;
+			monitor)
+				basic_machine=m68k-rom68k
+				basic_os=coff
+				;;
+			morphos)
+				basic_machine=powerpc-unknown
+				basic_os=morphos
+				;;
+			moxiebox)
+				basic_machine=moxie-unknown
+				basic_os=moxiebox
+				;;
+			msdos)
+				basic_machine=i386-pc
+				basic_os=msdos
+				;;
+			msys)
+				basic_machine=i686-pc
+				basic_os=msys
+				;;
+			mvs)
+				basic_machine=i370-ibm
+				basic_os=mvs
+				;;
+			nacl)
+				basic_machine=le32-unknown
+				basic_os=nacl
+				;;
+			ncr3000)
+				basic_machine=i486-ncr
+				basic_os=sysv4
+				;;
+			netbsd386)
+				basic_machine=i386-pc
+				basic_os=netbsd
+				;;
+			netwinder)
+				basic_machine=armv4l-rebel
+				basic_os=linux
+				;;
+			news | news700 | news800 | news900)
+				basic_machine=m68k-sony
+				basic_os=newsos
+				;;
+			news1000)
+				basic_machine=m68030-sony
+				basic_os=newsos
+				;;
+			necv70)
+				basic_machine=v70-nec
+				basic_os=sysv
+				;;
+			nh3000)
+				basic_machine=m68k-harris
+				basic_os=cxux
+				;;
+			nh[45]000)
+				basic_machine=m88k-harris
+				basic_os=cxux
+				;;
+			nindy960)
+				basic_machine=i960-intel
+				basic_os=nindy
+				;;
+			mon960)
+				basic_machine=i960-intel
+				basic_os=mon960
+				;;
+			nonstopux)
+				basic_machine=mips-compaq
+				basic_os=nonstopux
+				;;
+			os400)
+				basic_machine=powerpc-ibm
+				basic_os=os400
+				;;
+			OSE68000 | ose68000)
+				basic_machine=m68000-ericsson
+				basic_os=ose
+				;;
+			os68k)
+				basic_machine=m68k-none
+				basic_os=os68k
+				;;
+			paragon)
+				basic_machine=i860-intel
+				basic_os=osf
+				;;
+			parisc)
+				basic_machine=hppa-unknown
+				basic_os=linux
+				;;
+			psp)
+				basic_machine=mipsallegrexel-sony
+				basic_os=psp
+				;;
+			pw32)
+				basic_machine=i586-unknown
+				basic_os=pw32
+				;;
+			rdos | rdos64)
+				basic_machine=x86_64-pc
+				basic_os=rdos
+				;;
+			rdos32)
+				basic_machine=i386-pc
+				basic_os=rdos
+				;;
+			rom68k)
+				basic_machine=m68k-rom68k
+				basic_os=coff
+				;;
+			sa29200)
+				basic_machine=a29k-amd
+				basic_os=udi
+				;;
+			sei)
+				basic_machine=mips-sei
+				basic_os=seiux
+				;;
+			sequent)
+				basic_machine=i386-sequent
+				basic_os=
+				;;
+			sps7)
+				basic_machine=m68k-bull
+				basic_os=sysv2
+				;;
+			st2000)
+				basic_machine=m68k-tandem
+				basic_os=
+				;;
+			stratus)
+				basic_machine=i860-stratus
+				basic_os=sysv4
+				;;
+			sun2)
+				basic_machine=m68000-sun
+				basic_os=
+				;;
+			sun2os3)
+				basic_machine=m68000-sun
+				basic_os=sunos3
+				;;
+			sun2os4)
+				basic_machine=m68000-sun
+				basic_os=sunos4
+				;;
+			sun3)
+				basic_machine=m68k-sun
+				basic_os=
+				;;
+			sun3os3)
+				basic_machine=m68k-sun
+				basic_os=sunos3
+				;;
+			sun3os4)
+				basic_machine=m68k-sun
+				basic_os=sunos4
+				;;
+			sun4)
+				basic_machine=sparc-sun
+				basic_os=
+				;;
+			sun4os3)
+				basic_machine=sparc-sun
+				basic_os=sunos3
+				;;
+			sun4os4)
+				basic_machine=sparc-sun
+				basic_os=sunos4
+				;;
+			sun4sol2)
+				basic_machine=sparc-sun
+				basic_os=solaris2
+				;;
+			sun386 | sun386i | roadrunner)
+				basic_machine=i386-sun
+				basic_os=
+				;;
+			sv1)
+				basic_machine=sv1-cray
+				basic_os=unicos
+				;;
+			symmetry)
+				basic_machine=i386-sequent
+				basic_os=dynix
+				;;
+			t3e)
+				basic_machine=alphaev5-cray
+				basic_os=unicos
+				;;
+			t90)
+				basic_machine=t90-cray
+				basic_os=unicos
+				;;
+			toad1)
+				basic_machine=pdp10-xkl
+				basic_os=tops20
+				;;
+			tpf)
+				basic_machine=s390x-ibm
+				basic_os=tpf
+				;;
+			udi29k)
+				basic_machine=a29k-amd
+				basic_os=udi
+				;;
+			ultra3)
+				basic_machine=a29k-nyu
+				basic_os=sym1
+				;;
+			v810 | necv810)
+				basic_machine=v810-nec
+				basic_os=none
+				;;
+			vaxv)
+				basic_machine=vax-dec
+				basic_os=sysv
+				;;
+			vms)
+				basic_machine=vax-dec
+				basic_os=vms
+				;;
+			vsta)
+				basic_machine=i386-pc
+				basic_os=vsta
+				;;
+			vxworks960)
+				basic_machine=i960-wrs
+				basic_os=vxworks
+				;;
+			vxworks68)
+				basic_machine=m68k-wrs
+				basic_os=vxworks
+				;;
+			vxworks29k)
+				basic_machine=a29k-wrs
+				basic_os=vxworks
+				;;
+			xbox)
+				basic_machine=i686-pc
+				basic_os=mingw32
+				;;
+			ymp)
+				basic_machine=ymp-cray
+				basic_os=unicos
+				;;
+			*)
+				basic_machine=$1
+				basic_os=
+				;;
+		esac
 		;;
 esac
 
-# Decode aliases for certain CPU-COMPANY combinations.
+# Decode 1-component or ad-hoc basic machines
 case $basic_machine in
-	# Recognize the basic CPU types without company name.
-	# Some are omitted here because they have special meanings below.
-	1750a | 580 \
-	| a29k \
-	| aarch64 | aarch64_be \
-	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
-	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
-	| am33_2.0 \
-	| arc | arceb \
-	| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
-	| avr | avr32 \
-	| ba \
-	| be32 | be64 \
-	| bfin \
-	| c4x | c8051 | clipper \
-	| d10v | d30v | dlx | dsp16xx \
-	| e2k | epiphany \
-	| fido | fr30 | frv | ft32 \
-	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
-	| hexagon \
-	| i370 | i860 | i960 | ia16 | ia64 \
-	| ip2k | iq2000 \
-	| k1om \
-	| le32 | le64 \
-	| lm32 \
-	| m32c | m32r | m32rle | m68000 | m68k | m88k \
-	| maxq | mb | microblaze | microblazeel | mcore | mep | metag \
-	| mips | mipsbe | mipseb | mipsel | mipsle \
-	| mips16 \
-	| mips64 | mips64el \
-	| mips64octeon | mips64octeonel \
-	| mips64orion | mips64orionel \
-	| mips64r5900 | mips64r5900el \
-	| mips64vr | mips64vrel \
-	| mips64vr4100 | mips64vr4100el \
-	| mips64vr4300 | mips64vr4300el \
-	| mips64vr5000 | mips64vr5000el \
-	| mips64vr5900 | mips64vr5900el \
-	| mipsisa32 | mipsisa32el \
-	| mipsisa32r2 | mipsisa32r2el \
-	| mipsisa32r6 | mipsisa32r6el \
-	| mipsisa64 | mipsisa64el \
-	| mipsisa64r2 | mipsisa64r2el \
-	| mipsisa64r6 | mipsisa64r6el \
-	| mipsisa64sb1 | mipsisa64sb1el \
-	| mipsisa64sr71k | mipsisa64sr71kel \
-	| mipsr5900 | mipsr5900el \
-	| mipstx39 | mipstx39el \
-	| mn10200 | mn10300 \
-	| moxie \
-	| mt \
-	| msp430 \
-	| nds32 | nds32le | nds32be \
-	| nios | nios2 | nios2eb | nios2el \
-	| ns16k | ns32k \
-	| open8 | or1k | or1knd | or32 \
-	| pdp10 | pj | pjl \
-	| powerpc | powerpc64 | powerpc64le | powerpcle \
-	| pru \
-	| pyramid \
-	| riscv32 | riscv64 \
-	| rl78 | rx \
-	| score \
-	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
-	| sh64 | sh64le \
-	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
-	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
-	| spu \
-	| tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
-	| ubicom32 \
-	| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
-	| visium \
-	| wasm32 \
-	| x86 | xc16x | xstormy16 | xtensa \
-	| z8k | z80)
-		basic_machine=$basic_machine-unknown
-		;;
-	c54x)
-		basic_machine=tic54x-unknown
-		;;
-	c55x)
-		basic_machine=tic55x-unknown
-		;;
-	c6x)
-		basic_machine=tic6x-unknown
-		;;
-	leon|leon[3-9])
-		basic_machine=sparc-$basic_machine
-		;;
-	m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
-		basic_machine=$basic_machine-unknown
-		os=-none
+	# Here we handle the default manufacturer of certain CPU types.  It is in
+	# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		cpu=hppa1.1
+		vendor=winbond
 		;;
-	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65)
+	op50n)
+		cpu=hppa1.1
+		vendor=oki
 		;;
-	ms1)
-		basic_machine=mt-unknown
+	op60c)
+		cpu=hppa1.1
+		vendor=oki
 		;;
-
-	strongarm | thumb | xscale)
-		basic_machine=arm-unknown
+	ibm*)
+		cpu=i370
+		vendor=ibm
 		;;
-	xgate)
-		basic_machine=$basic_machine-unknown
-		os=-none
+	orion105)
+		cpu=clipper
+		vendor=highlevel
 		;;
-	xscaleeb)
-		basic_machine=armeb-unknown
+	mac | mpw | mac-mpw)
+		cpu=m68k
+		vendor=apple
 		;;
-
-	xscaleel)
-		basic_machine=armel-unknown
+	pmac | pmac-mpw)
+		cpu=powerpc
+		vendor=apple
 		;;
 
-	# We use `pc' rather than `unknown'
-	# because (1) that's what they normally are, and
-	# (2) the word "unknown" tends to confuse beginning users.
-	i*86 | x86_64)
-	  basic_machine=$basic_machine-pc
-	  ;;
-	# Object if more than one company name word.
-	*-*-*)
-		echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
-		exit 1
-		;;
-	# Recognize the basic CPU types with company name.
-	580-* \
-	| a29k-* \
-	| aarch64-* | aarch64_be-* \
-	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
-	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
-	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
-	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
-	| avr-* | avr32-* \
-	| ba-* \
-	| be32-* | be64-* \
-	| bfin-* | bs2000-* \
-	| c[123]* | c30-* | [cjt]90-* | c4x-* \
-	| c8051-* | clipper-* | craynv-* | cydra-* \
-	| d10v-* | d30v-* | dlx-* \
-	| e2k-* | elxsi-* \
-	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
-	| h8300-* | h8500-* \
-	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
-	| hexagon-* \
-	| i*86-* | i860-* | i960-* | ia16-* | ia64-* \
-	| ip2k-* | iq2000-* \
-	| k1om-* \
-	| le32-* | le64-* \
-	| lm32-* \
-	| m32c-* | m32r-* | m32rle-* \
-	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
-	| microblaze-* | microblazeel-* \
-	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
-	| mips16-* \
-	| mips64-* | mips64el-* \
-	| mips64octeon-* | mips64octeonel-* \
-	| mips64orion-* | mips64orionel-* \
-	| mips64r5900-* | mips64r5900el-* \
-	| mips64vr-* | mips64vrel-* \
-	| mips64vr4100-* | mips64vr4100el-* \
-	| mips64vr4300-* | mips64vr4300el-* \
-	| mips64vr5000-* | mips64vr5000el-* \
-	| mips64vr5900-* | mips64vr5900el-* \
-	| mipsisa32-* | mipsisa32el-* \
-	| mipsisa32r2-* | mipsisa32r2el-* \
-	| mipsisa32r6-* | mipsisa32r6el-* \
-	| mipsisa64-* | mipsisa64el-* \
-	| mipsisa64r2-* | mipsisa64r2el-* \
-	| mipsisa64r6-* | mipsisa64r6el-* \
-	| mipsisa64sb1-* | mipsisa64sb1el-* \
-	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
-	| mipsr5900-* | mipsr5900el-* \
-	| mipstx39-* | mipstx39el-* \
-	| mmix-* \
-	| mt-* \
-	| msp430-* \
-	| nds32-* | nds32le-* | nds32be-* \
-	| nios-* | nios2-* | nios2eb-* | nios2el-* \
-	| none-* | np1-* | ns16k-* | ns32k-* \
-	| open8-* \
-	| or1k*-* \
-	| orion-* \
-	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
-	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
-	| pru-* \
-	| pyramid-* \
-	| riscv32-* | riscv64-* \
-	| rl78-* | romp-* | rs6000-* | rx-* \
-	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
-	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
-	| sparclite-* \
-	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
-	| tahoe-* \
-	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
-	| tile*-* \
-	| tron-* \
-	| ubicom32-* \
-	| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
-	| vax-* \
-	| visium-* \
-	| wasm32-* \
-	| we32k-* \
-	| x86-* | x86_64-* | xc16x-* | xps100-* \
-	| xstormy16-* | xtensa*-* \
-	| ymp-* \
-	| z8k-* | z80-*)
-		;;
-	# Recognize the basic CPU types without company name, with glob match.
-	xtensa*)
-		basic_machine=$basic_machine-unknown
-		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
-	386bsd)
-		basic_machine=i386-pc
-		os=-bsd
-		;;
 	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
-		basic_machine=m68000-att
+		cpu=m68000
+		vendor=att
 		;;
 	3b*)
-		basic_machine=we32k-att
-		;;
-	a29khif)
-		basic_machine=a29k-amd
-		os=-udi
-		;;
-	abacus)
-		basic_machine=abacus-unknown
-		;;
-	adobe68k)
-		basic_machine=m68010-adobe
-		os=-scout
-		;;
-	alliant | fx80)
-		basic_machine=fx80-alliant
-		;;
-	altos | altos3068)
-		basic_machine=m68k-altos
-		;;
-	am29k)
-		basic_machine=a29k-none
-		os=-bsd
-		;;
-	amd64)
-		basic_machine=x86_64-pc
-		;;
-	amd64-*)
-		basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	amdahl)
-		basic_machine=580-amdahl
-		os=-sysv
-		;;
-	amiga | amiga-*)
-		basic_machine=m68k-unknown
-		;;
-	amigaos | amigados)
-		basic_machine=m68k-unknown
-		os=-amigaos
-		;;
-	amigaunix | amix)
-		basic_machine=m68k-unknown
-		os=-sysv4
-		;;
-	apollo68)
-		basic_machine=m68k-apollo
-		os=-sysv
-		;;
-	apollo68bsd)
-		basic_machine=m68k-apollo
-		os=-bsd
-		;;
-	aros)
-		basic_machine=i386-pc
-		os=-aros
-		;;
-	asmjs)
-		basic_machine=asmjs-unknown
-		;;
-	aux)
-		basic_machine=m68k-apple
-		os=-aux
-		;;
-	balance)
-		basic_machine=ns32k-sequent
-		os=-dynix
-		;;
-	blackfin)
-		basic_machine=bfin-unknown
-		os=-linux
-		;;
-	blackfin-*)
-		basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		os=-linux
+		cpu=we32k
+		vendor=att
 		;;
 	bluegene*)
-		basic_machine=powerpc-ibm
-		os=-cnk
-		;;
-	c54x-*)
-		basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	c55x-*)
-		basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	c6x-*)
-		basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	c90)
-		basic_machine=c90-cray
-		os=-unicos
-		;;
-	cegcc)
-		basic_machine=arm-unknown
-		os=-cegcc
-		;;
-	convex-c1)
-		basic_machine=c1-convex
-		os=-bsd
-		;;
-	convex-c2)
-		basic_machine=c2-convex
-		os=-bsd
-		;;
-	convex-c32)
-		basic_machine=c32-convex
-		os=-bsd
-		;;
-	convex-c34)
-		basic_machine=c34-convex
-		os=-bsd
-		;;
-	convex-c38)
-		basic_machine=c38-convex
-		os=-bsd
-		;;
-	cray | j90)
-		basic_machine=j90-cray
-		os=-unicos
-		;;
-	craynv)
-		basic_machine=craynv-cray
-		os=-unicosmp
-		;;
-	cr16 | cr16-*)
-		basic_machine=cr16-unknown
-		os=-elf
-		;;
-	crds | unos)
-		basic_machine=m68k-crds
-		;;
-	crisv32 | crisv32-* | etraxfs*)
-		basic_machine=crisv32-axis
-		;;
-	cris | cris-* | etrax*)
-		basic_machine=cris-axis
-		;;
-	crx)
-		basic_machine=crx-unknown
-		os=-elf
-		;;
-	da30 | da30-*)
-		basic_machine=m68k-da30
-		;;
-	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
-		basic_machine=mips-dec
+		cpu=powerpc
+		vendor=ibm
+		basic_os=cnk
 		;;
 	decsystem10* | dec10*)
-		basic_machine=pdp10-dec
-		os=-tops10
+		cpu=pdp10
+		vendor=dec
+		basic_os=tops10
 		;;
 	decsystem20* | dec20*)
-		basic_machine=pdp10-dec
-		os=-tops20
+		cpu=pdp10
+		vendor=dec
+		basic_os=tops20
 		;;
 	delta | 3300 | motorola-3300 | motorola-delta \
 	      | 3300-motorola | delta-motorola)
-		basic_machine=m68k-motorola
-		;;
-	delta88)
-		basic_machine=m88k-motorola
-		os=-sysv3
-		;;
-	dicos)
-		basic_machine=i686-pc
-		os=-dicos
-		;;
-	djgpp)
-		basic_machine=i586-pc
-		os=-msdosdjgpp
-		;;
-	dpx20 | dpx20-*)
-		basic_machine=rs6000-bull
-		os=-bosx
+		cpu=m68k
+		vendor=motorola
 		;;
 	dpx2*)
-		basic_machine=m68k-bull
-		os=-sysv3
-		;;
-	e500v[12])
-		basic_machine=powerpc-unknown
-		os=$os"spe"
-		;;
-	e500v[12]-*)
-		basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		os=$os"spe"
-		;;
-	ebmon29k)
-		basic_machine=a29k-amd
-		os=-ebmon
-		;;
-	elxsi)
-		basic_machine=elxsi-elxsi
-		os=-bsd
+		cpu=m68k
+		vendor=bull
+		basic_os=sysv3
 		;;
 	encore | umax | mmax)
-		basic_machine=ns32k-encore
+		cpu=ns32k
+		vendor=encore
 		;;
-	es1800 | OSE68k | ose68k | ose | OSE)
-		basic_machine=m68k-ericsson
-		os=-ose
+	elxsi)
+		cpu=elxsi
+		vendor=elxsi
+		basic_os=${basic_os:-bsd}
 		;;
 	fx2800)
-		basic_machine=i860-alliant
+		cpu=i860
+		vendor=alliant
 		;;
 	genix)
-		basic_machine=ns32k-ns
-		;;
-	gmicro)
-		basic_machine=tron-gmicro
-		os=-sysv
-		;;
-	go32)
-		basic_machine=i386-pc
-		os=-go32
+		cpu=ns32k
+		vendor=ns
 		;;
 	h3050r* | hiux*)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	h8300hms)
-		basic_machine=h8300-hitachi
-		os=-hms
-		;;
-	h8300xray)
-		basic_machine=h8300-hitachi
-		os=-xray
-		;;
-	h8500hms)
-		basic_machine=h8500-hitachi
-		os=-hms
-		;;
-	harris)
-		basic_machine=m88k-harris
-		os=-sysv3
-		;;
-	hp300-*)
-		basic_machine=m68k-hp
-		;;
-	hp300bsd)
-		basic_machine=m68k-hp
-		os=-bsd
-		;;
-	hp300hpux)
-		basic_machine=m68k-hp
-		os=-hpux
+		cpu=hppa1.1
+		vendor=hitachi
+		basic_os=hiuxwe2
 		;;
 	hp3k9[0-9][0-9] | hp9[0-9][0-9])
-		basic_machine=hppa1.0-hp
+		cpu=hppa1.0
+		vendor=hp
 		;;
 	hp9k2[0-9][0-9] | hp9k31[0-9])
-		basic_machine=m68000-hp
+		cpu=m68000
+		vendor=hp
 		;;
 	hp9k3[2-9][0-9])
-		basic_machine=m68k-hp
+		cpu=m68k
+		vendor=hp
 		;;
 	hp9k6[0-9][0-9] | hp6[0-9][0-9])
-		basic_machine=hppa1.0-hp
+		cpu=hppa1.0
+		vendor=hp
 		;;
 	hp9k7[0-79][0-9] | hp7[0-79][0-9])
-		basic_machine=hppa1.1-hp
+		cpu=hppa1.1
+		vendor=hp
 		;;
 	hp9k78[0-9] | hp78[0-9])
 		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
+		cpu=hppa1.1
+		vendor=hp
 		;;
 	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
 		# FIXME: really hppa2.0-hp
-		basic_machine=hppa1.1-hp
+		cpu=hppa1.1
+		vendor=hp
 		;;
 	hp9k8[0-9][13679] | hp8[0-9][13679])
-		basic_machine=hppa1.1-hp
+		cpu=hppa1.1
+		vendor=hp
 		;;
 	hp9k8[0-9][0-9] | hp8[0-9][0-9])
-		basic_machine=hppa1.0-hp
-		;;
-	hppaosf)
-		basic_machine=hppa1.1-hp
-		os=-osf
-		;;
-	hppro)
-		basic_machine=hppa1.1-hp
-		os=-proelf
-		;;
-	i370-ibm* | ibm*)
-		basic_machine=i370-ibm
+		cpu=hppa1.0
+		vendor=hp
 		;;
 	i*86v32)
-		basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
-		os=-sysv32
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=sysv32
 		;;
 	i*86v4*)
-		basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
-		os=-sysv4
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=sysv4
 		;;
 	i*86v)
-		basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
-		os=-sysv
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=sysv
 		;;
 	i*86sol2)
-		basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
-		os=-solaris2
-		;;
-	i386mach)
-		basic_machine=i386-mach
-		os=-mach
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		basic_os=solaris2
 		;;
-	vsta)
-		basic_machine=i386-unknown
-		os=-vsta
+	j90 | j90-cray)
+		cpu=j90
+		vendor=cray
+		basic_os=${basic_os:-unicos}
 		;;
 	iris | iris4d)
-		basic_machine=mips-sgi
-		case $os in
-		    -irix*)
+		cpu=mips
+		vendor=sgi
+		case $basic_os in
+		    irix*)
 			;;
 		    *)
-			os=-irix4
+			basic_os=irix4
 			;;
 		esac
 		;;
-	isi68 | isi)
-		basic_machine=m68k-isi
-		os=-sysv
-		;;
-	leon-*|leon[3-9]-*)
-		basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'`
-		;;
-	m68knommu)
-		basic_machine=m68k-unknown
-		os=-linux
-		;;
-	m68knommu-*)
-		basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		os=-linux
-		;;
-	magnum | m3230)
-		basic_machine=mips-mips
-		os=-sysv
-		;;
-	merlin)
-		basic_machine=ns32k-utek
-		os=-sysv
-		;;
-	microblaze*)
-		basic_machine=microblaze-xilinx
-		;;
-	mingw64)
-		basic_machine=x86_64-pc
-		os=-mingw64
-		;;
-	mingw32)
-		basic_machine=i686-pc
-		os=-mingw32
-		;;
-	mingw32ce)
-		basic_machine=arm-unknown
-		os=-mingw32ce
-		;;
 	miniframe)
-		basic_machine=m68000-convergent
-		;;
-	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
-		basic_machine=m68k-atari
-		os=-mint
-		;;
-	mips3*-*)
-		basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`
-		;;
-	mips3*)
-		basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown
-		;;
-	monitor)
-		basic_machine=m68k-rom68k
-		os=-coff
-		;;
-	morphos)
-		basic_machine=powerpc-unknown
-		os=-morphos
-		;;
-	moxiebox)
-		basic_machine=moxie-unknown
-		os=-moxiebox
+		cpu=m68000
+		vendor=convergent
 		;;
-	msdos)
-		basic_machine=i386-pc
-		os=-msdos
-		;;
-	ms1-*)
-		basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'`
-		;;
-	msys)
-		basic_machine=i686-pc
-		os=-msys
-		;;
-	mvs)
-		basic_machine=i370-ibm
-		os=-mvs
-		;;
-	nacl)
-		basic_machine=le32-unknown
-		os=-nacl
-		;;
-	ncr3000)
-		basic_machine=i486-ncr
-		os=-sysv4
-		;;
-	netbsd386)
-		basic_machine=i386-unknown
-		os=-netbsd
-		;;
-	netwinder)
-		basic_machine=armv4l-rebel
-		os=-linux
-		;;
-	news | news700 | news800 | news900)
-		basic_machine=m68k-sony
-		os=-newsos
-		;;
-	news1000)
-		basic_machine=m68030-sony
-		os=-newsos
+	*mint | mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		cpu=m68k
+		vendor=atari
+		basic_os=mint
 		;;
 	news-3600 | risc-news)
-		basic_machine=mips-sony
-		os=-newsos
-		;;
-	necv70)
-		basic_machine=v70-nec
-		os=-sysv
+		cpu=mips
+		vendor=sony
+		basic_os=newsos
 		;;
 	next | m*-next)
-		basic_machine=m68k-next
-		case $os in
-		    -nextstep* )
+		cpu=m68k
+		vendor=next
+		case $basic_os in
+		    openstep*)
+		        ;;
+		    nextstep*)
 			;;
-		    -ns2*)
-		      os=-nextstep2
+		    ns2*)
+		      basic_os=nextstep2
 			;;
 		    *)
-		      os=-nextstep3
+		      basic_os=nextstep3
 			;;
 		esac
 		;;
-	nh3000)
-		basic_machine=m68k-harris
-		os=-cxux
-		;;
-	nh[45]000)
-		basic_machine=m88k-harris
-		os=-cxux
-		;;
-	nindy960)
-		basic_machine=i960-intel
-		os=-nindy
-		;;
-	mon960)
-		basic_machine=i960-intel
-		os=-mon960
-		;;
-	nonstopux)
-		basic_machine=mips-compaq
-		os=-nonstopux
-		;;
 	np1)
-		basic_machine=np1-gould
-		;;
-	neo-tandem)
-		basic_machine=neo-tandem
-		;;
-	nse-tandem)
-		basic_machine=nse-tandem
-		;;
-	nsr-tandem)
-		basic_machine=nsr-tandem
-		;;
-	nsv-tandem)
-		basic_machine=nsv-tandem
-		;;
-	nsx-tandem)
-		basic_machine=nsx-tandem
+		cpu=np1
+		vendor=gould
 		;;
 	op50n-* | op60c-*)
-		basic_machine=hppa1.1-oki
-		os=-proelf
-		;;
-	openrisc | openrisc-*)
-		basic_machine=or32-unknown
-		;;
-	os400)
-		basic_machine=powerpc-ibm
-		os=-os400
-		;;
-	OSE68000 | ose68000)
-		basic_machine=m68000-ericsson
-		os=-ose
-		;;
-	os68k)
-		basic_machine=m68k-none
-		os=-os68k
+		cpu=hppa1.1
+		vendor=oki
+		basic_os=proelf
 		;;
 	pa-hitachi)
-		basic_machine=hppa1.1-hitachi
-		os=-hiuxwe2
-		;;
-	paragon)
-		basic_machine=i860-intel
-		os=-osf
-		;;
-	parisc)
-		basic_machine=hppa-unknown
-		os=-linux
-		;;
-	parisc-*)
-		basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		os=-linux
+		cpu=hppa1.1
+		vendor=hitachi
+		basic_os=hiuxwe2
 		;;
 	pbd)
-		basic_machine=sparc-tti
+		cpu=sparc
+		vendor=tti
 		;;
 	pbb)
-		basic_machine=m68k-tti
-		;;
-	pc532 | pc532-*)
-		basic_machine=ns32k-pc532
-		;;
-	pc98)
-		basic_machine=i386-pc
+		cpu=m68k
+		vendor=tti
 		;;
-	pc98-*)
-		basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	pentium | p5 | k5 | k6 | nexgen | viac3)
-		basic_machine=i586-pc
-		;;
-	pentiumpro | p6 | 6x86 | athlon | athlon_*)
-		basic_machine=i686-pc
-		;;
-	pentiumii | pentium2 | pentiumiii | pentium3)
-		basic_machine=i686-pc
-		;;
-	pentium4)
-		basic_machine=i786-pc
-		;;
-	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
-		basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	pentiumpro-* | p6-* | 6x86-* | athlon-*)
-		basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
-		basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	pentium4-*)
-		basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+	pc532)
+		cpu=ns32k
+		vendor=pc532
 		;;
 	pn)
-		basic_machine=pn-gould
-		;;
-	power)	basic_machine=power-ibm
-		;;
-	ppc | ppcbe)	basic_machine=powerpc-unknown
+		cpu=pn
+		vendor=gould
 		;;
-	ppc-* | ppcbe-*)
-		basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
-		;;
-	ppcle | powerpclittle)
-		basic_machine=powerpcle-unknown
+	power)
+		cpu=power
+		vendor=ibm
 		;;
-	ppcle-* | powerpclittle-*)
-		basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+	ps2)
+		cpu=i386
+		vendor=ibm
 		;;
-	ppc64)	basic_machine=powerpc64-unknown
+	rm[46]00)
+		cpu=mips
+		vendor=siemens
 		;;
-	ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+	rtpc | rtpc-*)
+		cpu=romp
+		vendor=ibm
 		;;
-	ppc64le | powerpc64little)
-		basic_machine=powerpc64le-unknown
+	sde)
+		cpu=mipsisa32
+		vendor=sde
+		basic_os=${basic_os:-elf}
 		;;
-	ppc64le-* | powerpc64little-*)
-		basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+	simso-wrs)
+		cpu=sparclite
+		vendor=wrs
+		basic_os=vxworks
 		;;
-	ps2)
-		basic_machine=i386-ibm
+	tower | tower-32)
+		cpu=m68k
+		vendor=ncr
 		;;
-	pw32)
-		basic_machine=i586-unknown
-		os=-pw32
+	vpp*|vx|vx-*)
+		cpu=f301
+		vendor=fujitsu
 		;;
-	rdos | rdos64)
-		basic_machine=x86_64-pc
-		os=-rdos
+	w65)
+		cpu=w65
+		vendor=wdc
 		;;
-	rdos32)
-		basic_machine=i386-pc
-		os=-rdos
+	w89k-*)
+		cpu=hppa1.1
+		vendor=winbond
+		basic_os=proelf
 		;;
-	rom68k)
-		basic_machine=m68k-rom68k
-		os=-coff
+	none)
+		cpu=none
+		vendor=none
 		;;
-	rm[46]00)
-		basic_machine=mips-siemens
+	leon|leon[3-9])
+		cpu=sparc
+		vendor=$basic_machine
 		;;
-	rtpc | rtpc-*)
-		basic_machine=romp-ibm
+	leon-*|leon[3-9]-*)
+		cpu=sparc
+		vendor=`echo "$basic_machine" | sed 's/-.*//'`
 		;;
-	s390 | s390-*)
-		basic_machine=s390-ibm
+
+	*-*)
+		# shellcheck disable=SC2162
+		saved_IFS=$IFS
+		IFS="-" read cpu vendor <<EOF
+$basic_machine
+EOF
+		IFS=$saved_IFS
 		;;
-	s390x | s390x-*)
-		basic_machine=s390x-ibm
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+		cpu=$basic_machine
+		vendor=pc
 		;;
-	sa29200)
-		basic_machine=a29k-amd
-		os=-udi
+	# These rules are duplicated from below for sake of the special case above;
+	# i.e. things that normalized to x86 arches should also default to "pc"
+	pc98)
+		cpu=i386
+		vendor=pc
 		;;
-	sb1)
-		basic_machine=mipsisa64sb1-unknown
+	x64 | amd64)
+		cpu=x86_64
+		vendor=pc
 		;;
-	sb1el)
-		basic_machine=mipsisa64sb1el-unknown
+	# Recognize the basic CPU types without company name.
+	*)
+		cpu=$basic_machine
+		vendor=unknown
 		;;
-	sde)
-		basic_machine=mipsisa32-sde
-		os=-elf
+esac
+
+unset -v basic_machine
+
+# Decode basic machines in the full and proper CPU-Company form.
+case $cpu-$vendor in
+	# Here we handle the default manufacturer of certain CPU types in canonical form. It is in
+	# some cases the only manufacturer, in others, it is the most popular.
+	craynv-unknown)
+		vendor=cray
+		basic_os=${basic_os:-unicosmp}
 		;;
-	sei)
-		basic_machine=mips-sei
-		os=-seiux
+	c90-unknown | c90-cray)
+		vendor=cray
+		basic_os=${Basic_os:-unicos}
 		;;
-	sequent)
-		basic_machine=i386-sequent
+	fx80-unknown)
+		vendor=alliant
 		;;
-	sh5el)
-		basic_machine=sh5le-unknown
+	romp-unknown)
+		vendor=ibm
 		;;
-	simso-wrs)
-		basic_machine=sparclite-wrs
-		os=-vxworks
+	mmix-unknown)
+		vendor=knuth
 		;;
-	sps7)
-		basic_machine=m68k-bull
-		os=-sysv2
+	microblaze-unknown | microblazeel-unknown)
+		vendor=xilinx
 		;;
-	spur)
-		basic_machine=spur-unknown
+	rs6000-unknown)
+		vendor=ibm
 		;;
-	st2000)
-		basic_machine=m68k-tandem
+	vax-unknown)
+		vendor=dec
 		;;
-	stratus)
-		basic_machine=i860-stratus
-		os=-sysv4
+	pdp11-unknown)
+		vendor=dec
 		;;
-	strongarm-* | thumb-*)
-		basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+	we32k-unknown)
+		vendor=att
 		;;
-	sun2)
-		basic_machine=m68000-sun
+	cydra-unknown)
+		vendor=cydrome
 		;;
-	sun2os3)
-		basic_machine=m68000-sun
-		os=-sunos3
+	i370-ibm*)
+		vendor=ibm
 		;;
-	sun2os4)
-		basic_machine=m68000-sun
-		os=-sunos4
+	orion-unknown)
+		vendor=highlevel
 		;;
-	sun3os3)
-		basic_machine=m68k-sun
-		os=-sunos3
+	xps-unknown | xps100-unknown)
+		cpu=xps100
+		vendor=honeywell
 		;;
-	sun3os4)
-		basic_machine=m68k-sun
-		os=-sunos4
+
+	# Here we normalize CPU types with a missing or matching vendor
+	armh-unknown | armh-alt)
+		cpu=armv7l
+		vendor=alt
+		basic_os=${basic_os:-linux-gnueabihf}
 		;;
-	sun4os3)
-		basic_machine=sparc-sun
-		os=-sunos3
+	dpx20-unknown | dpx20-bull)
+		cpu=rs6000
+		vendor=bull
+		basic_os=${basic_os:-bosx}
 		;;
-	sun4os4)
-		basic_machine=sparc-sun
-		os=-sunos4
+
+	# Here we normalize CPU types irrespective of the vendor
+	amd64-*)
+		cpu=x86_64
 		;;
-	sun4sol2)
-		basic_machine=sparc-sun
-		os=-solaris2
+	blackfin-*)
+		cpu=bfin
+		basic_os=linux
 		;;
-	sun3 | sun3-*)
-		basic_machine=m68k-sun
+	c54x-*)
+		cpu=tic54x
 		;;
-	sun4)
-		basic_machine=sparc-sun
+	c55x-*)
+		cpu=tic55x
 		;;
-	sun386 | sun386i | roadrunner)
-		basic_machine=i386-sun
+	c6x-*)
+		cpu=tic6x
 		;;
-	sv1)
-		basic_machine=sv1-cray
-		os=-unicos
+	e500v[12]-*)
+		cpu=powerpc
+		basic_os=${basic_os}"spe"
 		;;
-	symmetry)
-		basic_machine=i386-sequent
-		os=-dynix
+	mips3*-*)
+		cpu=mips64
 		;;
-	t3e)
-		basic_machine=alphaev5-cray
-		os=-unicos
+	ms1-*)
+		cpu=mt
 		;;
-	t90)
-		basic_machine=t90-cray
-		os=-unicos
+	m68knommu-*)
+		cpu=m68k
+		basic_os=linux
 		;;
-	tile*)
-		basic_machine=$basic_machine-unknown
-		os=-linux-gnu
+	m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*)
+		cpu=s12z
 		;;
-	tx39)
-		basic_machine=mipstx39-unknown
+	openrisc-*)
+		cpu=or32
 		;;
-	tx39el)
-		basic_machine=mipstx39el-unknown
+	parisc-*)
+		cpu=hppa
+		basic_os=linux
 		;;
-	toad1)
-		basic_machine=pdp10-xkl
-		os=-tops20
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		cpu=i586
 		;;
-	tower | tower-32)
-		basic_machine=m68k-ncr
+	pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*)
+		cpu=i686
 		;;
-	tpf)
-		basic_machine=s390x-ibm
-		os=-tpf
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		cpu=i686
 		;;
-	udi29k)
-		basic_machine=a29k-amd
-		os=-udi
+	pentium4-*)
+		cpu=i786
 		;;
-	ultra3)
-		basic_machine=a29k-nyu
-		os=-sym1
+	pc98-*)
+		cpu=i386
 		;;
-	v810 | necv810)
-		basic_machine=v810-nec
-		os=-none
+	ppc-* | ppcbe-*)
+		cpu=powerpc
 		;;
-	vaxv)
-		basic_machine=vax-dec
-		os=-sysv
+	ppcle-* | powerpclittle-*)
+		cpu=powerpcle
 		;;
-	vms)
-		basic_machine=vax-dec
-		os=-vms
+	ppc64-*)
+		cpu=powerpc64
 		;;
-	vpp*|vx|vx-*)
-		basic_machine=f301-fujitsu
+	ppc64le-* | powerpc64little-*)
+		cpu=powerpc64le
 		;;
-	vxworks960)
-		basic_machine=i960-wrs
-		os=-vxworks
+	sb1-*)
+		cpu=mipsisa64sb1
 		;;
-	vxworks68)
-		basic_machine=m68k-wrs
-		os=-vxworks
+	sb1el-*)
+		cpu=mipsisa64sb1el
 		;;
-	vxworks29k)
-		basic_machine=a29k-wrs
-		os=-vxworks
+	sh5e[lb]-*)
+		cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
 		;;
-	w65*)
-		basic_machine=w65-wdc
-		os=-none
+	spur-*)
+		cpu=spur
 		;;
-	w89k-*)
-		basic_machine=hppa1.1-winbond
-		os=-proelf
+	strongarm-* | thumb-*)
+		cpu=arm
 		;;
-	x64)
-		basic_machine=x86_64-pc
+	tx39-*)
+		cpu=mipstx39
 		;;
-	xbox)
-		basic_machine=i686-pc
-		os=-mingw32
+	tx39el-*)
+		cpu=mipstx39el
 		;;
-	xps | xps100)
-		basic_machine=xps100-honeywell
+	x64-*)
+		cpu=x86_64
 		;;
 	xscale-* | xscalee[bl]-*)
-		basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'`
-		;;
-	ymp)
-		basic_machine=ymp-cray
-		os=-unicos
+		cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
 		;;
-	none)
-		basic_machine=none-none
-		os=-none
+	arm64-* | aarch64le-*)
+		cpu=aarch64
 		;;
 
-# Here we handle the default manufacturer of certain CPU types.  It is in
-# some cases the only manufacturer, in others, it is the most popular.
-	w89k)
-		basic_machine=hppa1.1-winbond
-		;;
-	op50n)
-		basic_machine=hppa1.1-oki
-		;;
-	op60c)
-		basic_machine=hppa1.1-oki
-		;;
-	romp)
-		basic_machine=romp-ibm
-		;;
-	mmix)
-		basic_machine=mmix-knuth
+	# Recognize the canonical CPU Types that limit and/or modify the
+	# company names they are paired with.
+	cr16-*)
+		basic_os=${basic_os:-elf}
 		;;
-	rs6000)
-		basic_machine=rs6000-ibm
+	crisv32-* | etraxfs*-*)
+		cpu=crisv32
+		vendor=axis
 		;;
-	vax)
-		basic_machine=vax-dec
+	cris-* | etrax*-*)
+		cpu=cris
+		vendor=axis
 		;;
-	pdp11)
-		basic_machine=pdp11-dec
+	crx-*)
+		basic_os=${basic_os:-elf}
 		;;
-	we32k)
-		basic_machine=we32k-att
+	neo-tandem)
+		cpu=neo
+		vendor=tandem
 		;;
-	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
-		basic_machine=sh-unknown
+	nse-tandem)
+		cpu=nse
+		vendor=tandem
 		;;
-	cydra)
-		basic_machine=cydra-cydrome
+	nsr-tandem)
+		cpu=nsr
+		vendor=tandem
 		;;
-	orion)
-		basic_machine=orion-highlevel
+	nsv-tandem)
+		cpu=nsv
+		vendor=tandem
 		;;
-	orion105)
-		basic_machine=clipper-highlevel
+	nsx-tandem)
+		cpu=nsx
+		vendor=tandem
 		;;
-	mac | mpw | mac-mpw)
-		basic_machine=m68k-apple
+	mipsallegrexel-sony)
+		cpu=mipsallegrexel
+		vendor=sony
 		;;
-	pmac | pmac-mpw)
-		basic_machine=powerpc-apple
-		;;
-	*-unknown)
-		# Make sure to match an already-canonicalized machine name.
+	tile*-*)
+		basic_os=${basic_os:-linux-gnu}
 		;;
+
 	*)
-		echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
-		exit 1
+		# Recognize the canonical CPU types that are allowed with any
+		# company name.
+		case $cpu in
+			1750a | 580 \
+			| a29k \
+			| aarch64 | aarch64_be \
+			| abacus \
+			| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
+			| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \
+			| alphapca5[67] | alpha64pca5[67] \
+			| am33_2.0 \
+			| amdgcn \
+			| arc | arceb | arc32 | arc64 \
+			| arm | arm[lb]e | arme[lb] | armv* \
+			| avr | avr32 \
+			| asmjs \
+			| ba \
+			| be32 | be64 \
+			| bfin | bpf | bs2000 \
+			| c[123]* | c30 | [cjt]90 | c4x \
+			| c8051 | clipper | craynv | csky | cydra \
+			| d10v | d30v | dlx | dsp16xx \
+			| e2k | elxsi | epiphany \
+			| f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
+			| h8300 | h8500 \
+			| hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+			| hexagon \
+			| i370 | i*86 | i860 | i960 | ia16 | ia64 \
+			| ip2k | iq2000 \
+			| k1om \
+			| le32 | le64 \
+			| lm32 \
+			| loongarch32 | loongarch64 | loongarchx32 \
+			| m32c | m32r | m32rle \
+			| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
+			| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
+			| m88110 | m88k | maxq | mb | mcore | mep | metag \
+			| microblaze | microblazeel \
+			| mips | mipsbe | mipseb | mipsel | mipsle \
+			| mips16 \
+			| mips64 | mips64eb | mips64el \
+			| mips64octeon | mips64octeonel \
+			| mips64orion | mips64orionel \
+			| mips64r5900 | mips64r5900el \
+			| mips64vr | mips64vrel \
+			| mips64vr4100 | mips64vr4100el \
+			| mips64vr4300 | mips64vr4300el \
+			| mips64vr5000 | mips64vr5000el \
+			| mips64vr5900 | mips64vr5900el \
+			| mipsisa32 | mipsisa32el \
+			| mipsisa32r2 | mipsisa32r2el \
+			| mipsisa32r3 | mipsisa32r3el \
+			| mipsisa32r5 | mipsisa32r5el \
+			| mipsisa32r6 | mipsisa32r6el \
+			| mipsisa64 | mipsisa64el \
+			| mipsisa64r2 | mipsisa64r2el \
+			| mipsisa64r3 | mipsisa64r3el \
+			| mipsisa64r5 | mipsisa64r5el \
+			| mipsisa64r6 | mipsisa64r6el \
+			| mipsisa64sb1 | mipsisa64sb1el \
+			| mipsisa64sr71k | mipsisa64sr71kel \
+			| mipsr5900 | mipsr5900el \
+			| mipstx39 | mipstx39el \
+			| mmix \
+			| mn10200 | mn10300 \
+			| moxie \
+			| mt \
+			| msp430 \
+			| nds32 | nds32le | nds32be \
+			| nfp \
+			| nios | nios2 | nios2eb | nios2el \
+			| none | np1 | ns16k | ns32k | nvptx \
+			| open8 \
+			| or1k* \
+			| or32 \
+			| orion \
+			| picochip \
+			| pdp10 | pdp11 | pj | pjl | pn | power \
+			| powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
+			| pru \
+			| pyramid \
+			| riscv | riscv32 | riscv32be | riscv64 | riscv64be \
+			| rl78 | romp | rs6000 | rx \
+			| s390 | s390x \
+			| score \
+			| sh | shl \
+			| sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \
+			| sh[1234]e[lb] |  sh[12345][lb]e | sh[23]ele | sh64 | sh64le \
+			| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \
+			| sparclite \
+			| sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
+			| spu \
+			| tahoe \
+			| thumbv7* \
+			| tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
+			| tron \
+			| ubicom32 \
+			| v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \
+			| vax \
+			| visium \
+			| w65 \
+			| wasm32 | wasm64 \
+			| we32k \
+			| x86 | x86_64 | xc16x | xgate | xps100 \
+			| xstormy16 | xtensa* \
+			| ymp \
+			| z8k | z80)
+				;;
+
+			*)
+				echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2
+				exit 1
+				;;
+		esac
 		;;
 esac
 
 # Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
-	*-digital*)
-		basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'`
+case $vendor in
+	digital*)
+		vendor=dec
 		;;
-	*-commodore*)
-		basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'`
+	commodore*)
+		vendor=cbm
 		;;
 	*)
 		;;
@@ -1334,203 +1306,215 @@ esac
 
 # Decode manufacturer-specific aliases for certain operating systems.
 
-if [ x"$os" != x"" ]
+if test x$basic_os != x
 then
+
+# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just
+# set os.
+case $basic_os in
+	gnu/linux*)
+		kernel=linux
+		os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'`
+		;;
+	os2-emx)
+		kernel=os2
+		os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'`
+		;;
+	nto-qnx*)
+		kernel=nto
+		os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'`
+		;;
+	*-*)
+		# shellcheck disable=SC2162
+		saved_IFS=$IFS
+		IFS="-" read kernel os <<EOF
+$basic_os
+EOF
+		IFS=$saved_IFS
+		;;
+	# Default OS when just kernel was specified
+	nto*)
+		kernel=nto
+		os=`echo "$basic_os" | sed -e 's|nto|qnx|'`
+		;;
+	linux*)
+		kernel=linux
+		os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
+		;;
+	*)
+		kernel=
+		os=$basic_os
+		;;
+esac
+
+# Now, normalize the OS (knowing we just have one component, it's not a kernel,
+# etc.)
 case $os in
 	# First match some system type aliases that might get confused
 	# with valid system types.
-	# -solaris* is a basic system type, with this one exception.
-	-auroraux)
-		os=-auroraux
+	# solaris* is a basic system type, with this one exception.
+	auroraux)
+		os=auroraux
 		;;
-	-solaris1 | -solaris1.*)
-		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+	bluegene*)
+		os=cnk
 		;;
-	-solaris)
-		os=-solaris2
+	solaris1 | solaris1.*)
+		os=`echo "$os" | sed -e 's|solaris1|sunos4|'`
 		;;
-	-unixware*)
-		os=-sysv4.2uw
+	solaris)
+		os=solaris2
 		;;
-	-gnu/linux*)
-		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+	unixware*)
+		os=sysv4.2uw
 		;;
 	# es1800 is here to avoid being matched by es* (a different OS)
-	-es1800*)
-		os=-ose
+	es1800*)
+		os=ose
 		;;
-	# Now accept the basic system types.
-	# The portable systems comes first.
-	# Each alternative MUST end in a * to match a version number.
-	# -sysv* is not here because it comes later, after sysvr4.
-	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
-	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
-	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
-	      | -sym* | -kopensolaris* | -plan9* \
-	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* | -aros* | -cloudabi* | -sortix* \
-	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
-	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \
-	      | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
-	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
-	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
-	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
-	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
-	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
-	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
-	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
-	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \
-	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
-	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
-	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
-	      | -morphos* | -superux* | -rtmk* | -windiss* \
-	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
-	      | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \
-	      | -midnightbsd*)
-	# Remember, each alternative MUST END IN *, to match a version number.
-		;;
-	-qnx*)
-		case $basic_machine in
-		    x86-* | i*86-*)
-			;;
-		    *)
-			os=-nto$os
-			;;
-		esac
+	# Some version numbers need modification
+	chorusos*)
+		os=chorusos
 		;;
-	-nto-qnx*)
+	isc)
+		os=isc2.2
 		;;
-	-nto*)
-		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+	sco6)
+		os=sco5v6
 		;;
-	-sim | -xray | -os68k* | -v88r* \
-	      | -windows* | -osx | -abug | -netware* | -os9* \
-	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+	sco5)
+		os=sco3.2v5
 		;;
-	-mac*)
-		os=`echo "$os" | sed -e 's|mac|macos|'`
+	sco4)
+		os=sco3.2v4
 		;;
-	-linux-dietlibc)
-		os=-linux-dietlibc
+	sco3.2.[4-9]*)
+		os=`echo "$os" | sed -e 's/sco3.2./sco3.2v/'`
 		;;
-	-linux*)
-		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+	sco*v* | scout)
+		# Don't match below
 		;;
-	-sunos5*)
-		os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
+	sco*)
+		os=sco3.2v2
 		;;
-	-sunos6*)
-		os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
+	psos*)
+		os=psos
 		;;
-	-opened*)
-		os=-openedition
+	qnx*)
+		os=qnx
 		;;
-	-os400*)
-		os=-os400
+	hiux*)
+		os=hiuxwe2
 		;;
-	-wince*)
-		os=-wince
+	lynx*178)
+		os=lynxos178
 		;;
-	-utek*)
-		os=-bsd
+	lynx*5)
+		os=lynxos5
 		;;
-	-dynix*)
-		os=-bsd
+	lynxos*)
+		# don't get caught up in next wildcard
 		;;
-	-acis*)
-		os=-aos
+	lynx*)
+		os=lynxos
 		;;
-	-atheos*)
-		os=-atheos
+	mac[0-9]*)
+		os=`echo "$os" | sed -e 's|mac|macos|'`
 		;;
-	-syllable*)
-		os=-syllable
+	opened*)
+		os=openedition
 		;;
-	-386bsd)
-		os=-bsd
+	os400*)
+		os=os400
 		;;
-	-ctix* | -uts*)
-		os=-sysv
+	sunos5*)
+		os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
 		;;
-	-nova*)
-		os=-rtmk-nova
+	sunos6*)
+		os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
 		;;
-	-ns2)
-		os=-nextstep2
+	wince*)
+		os=wince
 		;;
-	-nsk*)
-		os=-nsk
+	utek*)
+		os=bsd
 		;;
-	# Preserve the version number of sinix5.
-	-sinix5.*)
-		os=`echo $os | sed -e 's|sinix|sysv|'`
+	dynix*)
+		os=bsd
 		;;
-	-sinix*)
-		os=-sysv4
+	acis*)
+		os=aos
 		;;
-	-tpf*)
-		os=-tpf
+	atheos*)
+		os=atheos
 		;;
-	-triton*)
-		os=-sysv3
+	syllable*)
+		os=syllable
+		;;
+	386bsd)
+		os=bsd
+		;;
+	ctix* | uts*)
+		os=sysv
+		;;
+	nova*)
+		os=rtmk-nova
+		;;
+	ns2)
+		os=nextstep2
+		;;
+	# Preserve the version number of sinix5.
+	sinix5.*)
+		os=`echo "$os" | sed -e 's|sinix|sysv|'`
 		;;
-	-oss*)
-		os=-sysv3
+	sinix*)
+		os=sysv4
 		;;
-	-svr4*)
-		os=-sysv4
+	tpf*)
+		os=tpf
 		;;
-	-svr3)
-		os=-sysv3
+	triton*)
+		os=sysv3
 		;;
-	-sysvr4)
-		os=-sysv4
+	oss*)
+		os=sysv3
 		;;
-	# This must come after -sysvr4.
-	-sysv*)
+	svr4*)
+		os=sysv4
 		;;
-	-ose*)
-		os=-ose
+	svr3)
+		os=sysv3
 		;;
-	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
-		os=-mint
+	sysvr4)
+		os=sysv4
 		;;
-	-zvmoe)
-		os=-zvmoe
+	ose*)
+		os=ose
 		;;
-	-dicos*)
-		os=-dicos
+	*mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
+		os=mint
 		;;
-	-pikeos*)
+	dicos*)
+		os=dicos
+		;;
+	pikeos*)
 		# Until real need of OS specific support for
 		# particular features comes up, bare metal
 		# configurations are quite functional.
-		case $basic_machine in
+		case $cpu in
 		    arm*)
-			os=-eabi
+			os=eabi
 			;;
 		    *)
-			os=-elf
+			os=elf
 			;;
 		esac
 		;;
-	-nacl*)
-		;;
-	-ios)
-		;;
-	-none)
-		;;
 	*)
-		# Get rid of the `-' at the beginning of $os.
-		os=`echo $os | sed 's/[^-]*-//'`
-		echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2
-		exit 1
+		# No normalization, but not necessarily accepted, that comes below.
 		;;
 esac
+
 else
 
 # Here we handle the default operating systems that come with various machines.
@@ -1543,258 +1527,363 @@ else
 # will signal an error saying that MANUFACTURER isn't an operating
 # system, and we'll never get to this point.
 
-case $basic_machine in
+kernel=
+case $cpu-$vendor in
 	score-*)
-		os=-elf
+		os=elf
 		;;
 	spu-*)
-		os=-elf
+		os=elf
 		;;
 	*-acorn)
-		os=-riscix1.2
+		os=riscix1.2
 		;;
 	arm*-rebel)
-		os=-linux
+		kernel=linux
+		os=gnu
 		;;
 	arm*-semi)
-		os=-aout
+		os=aout
 		;;
 	c4x-* | tic4x-*)
-		os=-coff
+		os=coff
 		;;
 	c8051-*)
-		os=-elf
+		os=elf
+		;;
+	clipper-intergraph)
+		os=clix
 		;;
 	hexagon-*)
-		os=-elf
+		os=elf
 		;;
 	tic54x-*)
-		os=-coff
+		os=coff
 		;;
 	tic55x-*)
-		os=-coff
+		os=coff
 		;;
 	tic6x-*)
-		os=-coff
+		os=coff
 		;;
 	# This must come before the *-dec entry.
 	pdp10-*)
-		os=-tops20
+		os=tops20
 		;;
 	pdp11-*)
-		os=-none
+		os=none
 		;;
 	*-dec | vax-*)
-		os=-ultrix4.2
+		os=ultrix4.2
 		;;
 	m68*-apollo)
-		os=-domain
+		os=domain
 		;;
 	i386-sun)
-		os=-sunos4.0.2
+		os=sunos4.0.2
 		;;
 	m68000-sun)
-		os=-sunos3
+		os=sunos3
 		;;
 	m68*-cisco)
-		os=-aout
+		os=aout
 		;;
 	mep-*)
-		os=-elf
+		os=elf
 		;;
 	mips*-cisco)
-		os=-elf
+		os=elf
 		;;
 	mips*-*)
-		os=-elf
+		os=elf
 		;;
 	or32-*)
-		os=-coff
+		os=coff
 		;;
 	*-tti)	# must be before sparc entry or we get the wrong os.
-		os=-sysv3
+		os=sysv3
 		;;
 	sparc-* | *-sun)
-		os=-sunos4.1.1
+		os=sunos4.1.1
 		;;
 	pru-*)
-		os=-elf
+		os=elf
 		;;
 	*-be)
-		os=-beos
+		os=beos
 		;;
 	*-ibm)
-		os=-aix
+		os=aix
 		;;
 	*-knuth)
-		os=-mmixware
+		os=mmixware
 		;;
 	*-wec)
-		os=-proelf
+		os=proelf
 		;;
 	*-winbond)
-		os=-proelf
+		os=proelf
 		;;
 	*-oki)
-		os=-proelf
+		os=proelf
 		;;
 	*-hp)
-		os=-hpux
+		os=hpux
 		;;
 	*-hitachi)
-		os=-hiux
+		os=hiux
 		;;
 	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
-		os=-sysv
+		os=sysv
 		;;
 	*-cbm)
-		os=-amigaos
+		os=amigaos
 		;;
 	*-dg)
-		os=-dgux
+		os=dgux
 		;;
 	*-dolphin)
-		os=-sysv3
+		os=sysv3
 		;;
 	m68k-ccur)
-		os=-rtu
+		os=rtu
 		;;
 	m88k-omron*)
-		os=-luna
+		os=luna
 		;;
 	*-next)
-		os=-nextstep
+		os=nextstep
 		;;
 	*-sequent)
-		os=-ptx
+		os=ptx
 		;;
 	*-crds)
-		os=-unos
+		os=unos
 		;;
 	*-ns)
-		os=-genix
+		os=genix
 		;;
 	i370-*)
-		os=-mvs
+		os=mvs
 		;;
 	*-gould)
-		os=-sysv
+		os=sysv
 		;;
 	*-highlevel)
-		os=-bsd
+		os=bsd
 		;;
 	*-encore)
-		os=-bsd
+		os=bsd
 		;;
 	*-sgi)
-		os=-irix
+		os=irix
 		;;
 	*-siemens)
-		os=-sysv4
+		os=sysv4
 		;;
 	*-masscomp)
-		os=-rtu
+		os=rtu
 		;;
 	f30[01]-fujitsu | f700-fujitsu)
-		os=-uxpv
+		os=uxpv
 		;;
 	*-rom68k)
-		os=-coff
+		os=coff
 		;;
 	*-*bug)
-		os=-coff
+		os=coff
 		;;
 	*-apple)
-		os=-macos
+		os=macos
 		;;
 	*-atari*)
-		os=-mint
+		os=mint
+		;;
+	*-wrs)
+		os=vxworks
 		;;
 	*)
-		os=-none
+		os=none
 		;;
 esac
+
 fi
 
+# Now, validate our (potentially fixed-up) OS.
+case $os in
+	# Sometimes we do "kernel-libc", so those need to count as OSes.
+	musl* | newlib* | relibc* | uclibc*)
+		;;
+	# Likewise for "kernel-abi"
+	eabi* | gnueabi*)
+		;;
+	# VxWorks passes extra cpu info in the 4th filed.
+	simlinux | simwindows | spe)
+		;;
+	# Now accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST end in a * to match a version number.
+	gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \
+	     | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \
+	     | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \
+	     | sym* |  plan9* | psp* | sim* | xray* | os68k* | v88r* \
+	     | hiux* | abug | nacl* | netware* | windows* \
+	     | os9* | macos* | osx* | ios* \
+	     | mpw* | magic* | mmixware* | mon960* | lnews* \
+	     | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \
+	     | aos* | aros* | cloudabi* | sortix* | twizzler* \
+	     | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
+	     | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
+	     | mirbsd* | netbsd* | dicos* | openedition* | ose* \
+	     | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \
+	     | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \
+	     | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
+	     | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
+	     | udi* | lites* | ieee* | go32* | aux* | hcos* \
+	     | chorusrdb* | cegcc* | glidix* | serenity* \
+	     | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
+	     | midipix* | mingw32* | mingw64* | mint* \
+	     | uxpv* | beos* | mpeix* | udk* | moxiebox* \
+	     | interix* | uwin* | mks* | rhapsody* | darwin* \
+	     | openstep* | oskit* | conix* | pw32* | nonstopux* \
+	     | storm-chaos* | tops10* | tenex* | tops20* | its* \
+	     | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \
+	     | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \
+	     | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \
+	     | skyos* | haiku* | rdos* | toppers* | drops* | es* \
+	     | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
+	     | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
+	     | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
+	     | fiwix* )
+		;;
+	# This one is extra strict with allowed versions
+	sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		;;
+	none)
+		;;
+	*)
+		echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# As a final step for OS-related things, validate the OS-kernel combination
+# (given a valid OS), if there is a kernel.
+case $kernel-$os in
+	linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
+		   | linux-musl* | linux-relibc* | linux-uclibc* )
+		;;
+	uclinux-uclibc* )
+		;;
+	-dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* )
+		# These are just libc implementations, not actual OSes, and thus
+		# require a kernel.
+		echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
+		exit 1
+		;;
+	kfreebsd*-gnu* | kopensolaris*-gnu*)
+		;;
+	vxworks-simlinux | vxworks-simwindows | vxworks-spe)
+		;;
+	nto-qnx*)
+		;;
+	os2-emx)
+		;;
+	*-eabi* | *-gnueabi*)
+		;;
+	-*)
+		# Blank kernel with real OS is always fine.
+		;;
+	*-*)
+		echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2
+		exit 1
+		;;
+esac
+
 # Here we handle the case where we know the os, and the CPU type, but not the
 # manufacturer.  We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
-	*-unknown)
-		case $os in
-			-riscix*)
+case $vendor in
+	unknown)
+		case $cpu-$os in
+			*-riscix*)
 				vendor=acorn
 				;;
-			-sunos*)
+			*-sunos*)
 				vendor=sun
 				;;
-			-cnk*|-aix*)
+			*-cnk* | *-aix*)
 				vendor=ibm
 				;;
-			-beos*)
+			*-beos*)
 				vendor=be
 				;;
-			-hpux*)
+			*-hpux*)
 				vendor=hp
 				;;
-			-mpeix*)
+			*-mpeix*)
 				vendor=hp
 				;;
-			-hiux*)
+			*-hiux*)
 				vendor=hitachi
 				;;
-			-unos*)
+			*-unos*)
 				vendor=crds
 				;;
-			-dgux*)
+			*-dgux*)
 				vendor=dg
 				;;
-			-luna*)
+			*-luna*)
 				vendor=omron
 				;;
-			-genix*)
+			*-genix*)
 				vendor=ns
 				;;
-			-mvs* | -opened*)
+			*-clix*)
+				vendor=intergraph
+				;;
+			*-mvs* | *-opened*)
+				vendor=ibm
+				;;
+			*-os400*)
 				vendor=ibm
 				;;
-			-os400*)
+			s390-* | s390x-*)
 				vendor=ibm
 				;;
-			-ptx*)
+			*-ptx*)
 				vendor=sequent
 				;;
-			-tpf*)
+			*-tpf*)
 				vendor=ibm
 				;;
-			-vxsim* | -vxworks* | -windiss*)
+			*-vxsim* | *-vxworks* | *-windiss*)
 				vendor=wrs
 				;;
-			-aux*)
+			*-aux*)
 				vendor=apple
 				;;
-			-hms*)
+			*-hms*)
 				vendor=hitachi
 				;;
-			-mpw* | -macos*)
+			*-mpw* | *-macos*)
 				vendor=apple
 				;;
-			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+			*-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*)
 				vendor=atari
 				;;
-			-vos*)
+			*-vos*)
 				vendor=stratus
 				;;
 		esac
-		basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"`
 		;;
 esac
 
-echo "$basic_machine$os"
+echo "$cpu-$vendor-${kernel:+$kernel-}$os"
 exit
 
 # Local variables:
-# eval: (add-hook 'write-file-functions 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
 # time-stamp-start: "timestamp='"
 # time-stamp-format: "%:y-%02m-%02d"
 # time-stamp-end: "'"
diff --git a/configure b/configure
index 2d73516be..79e18182e 100755
--- a/configure
+++ b/configure
@@ -12,7 +12,7 @@
 # This configure script is free software; the Free Software Foundation
 # gives unlimited permission to copy, distribute and modify it.
 #
-# Copyright (c) 1998 - 2021 Daniel Stenberg, <daniel@haxx.se>
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>
 # This configure script may be copied, distributed and modified under the
 # terms of the curl license; see COPYING for more details
 
@@ -898,7 +898,6 @@ ac_includes_default="\
 #endif"
 
 ac_header_c_list=
-enable_option_checking=no
 ac_subst_vars='am__EXEEXT_FALSE
 am__EXEEXT_TRUE
 LTLIBOBJS
@@ -921,10 +920,7 @@ DOING_CURL_SYMBOL_HIDING_TRUE
 USE_UNIX_SOCKETS
 BUILD_LIBHOSTNAME_FALSE
 BUILD_LIBHOSTNAME_TRUE
-USE_EMBEDDED_ARES_FALSE
-USE_EMBEDDED_ARES_TRUE
 USE_ARES
-subdirs
 USE_MANUAL_FALSE
 USE_MANUAL_TRUE
 MANOPT
@@ -932,13 +928,16 @@ NROFF
 PERL
 FISH_FUNCTIONS_DIR
 ZSH_FUNCTIONS_DIR
+USE_MSH3
 USE_QUICHE
 USE_NGHTTP3
+USE_NGTCP2_CRYPTO_WOLFSSL
 USE_NGTCP2_CRYPTO_GNUTLS
 USE_NGTCP2_CRYPTO_OPENSSL
 USE_NGTCP2
 USE_NGHTTP2
 IDN_ENABLED
+CURL_PLIST_VERSION
 CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_FALSE
 CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_TRUE
 CURL_LT_SHLIB_VERSIONED_FLAVOUR
@@ -957,7 +956,6 @@ NSS_LIBS
 USE_NSS
 USE_RUSTLS
 USE_BEARSSL
-USE_MESALINK
 USE_WOLFSSL
 USE_MBEDTLS
 HAVE_GNUTLS_SRP
@@ -999,6 +997,8 @@ CURL_DISABLE_FILE
 CURL_DISABLE_FTP
 CURL_DISABLE_RTSP
 CURL_DISABLE_HTTP
+HAVE_WINDRES_FALSE
+HAVE_WINDRES_TRUE
 USE_WIN32_CRYPTO
 USE_WIN32_SMALL_FILES
 USE_WIN32_LARGE_FILES
@@ -1021,6 +1021,7 @@ CURL_LT_SHLIB_USE_NO_UNDEFINED_FALSE
 CURL_LT_SHLIB_USE_NO_UNDEFINED_TRUE
 CURL_LT_SHLIB_USE_VERSION_INFO_FALSE
 CURL_LT_SHLIB_USE_VERSION_INFO_TRUE
+RC
 LT_SYS_LIBRARY_PATH
 OTOOL64
 OTOOL
@@ -1030,6 +1031,7 @@ DSYMUTIL
 MANIFEST_TOOL
 RANLIB
 ac_ct_AR
+FILECMD
 LN_S
 NM
 ac_ct_DUMPBIN
@@ -1049,6 +1051,12 @@ build_os
 build_vendor
 build_cpu
 build
+HTTPD_NGHTTPX
+APACHECTL
+HTTPD
+APXS
+CADDY
+TEST_NGHTTPX
 PKGADD_VENDOR
 PKGADD_NAME
 PKGADD_PKG
@@ -1176,10 +1184,13 @@ with_openssl
 with_gnutls
 with_mbedtls
 with_wolfssl
-with_mesalink
 with_bearssl
 with_rustls
+with_nss_deprecated
 with_nss
+with_test_nghttpx
+with_test_caddy
+with_test_httpd
 with_darwinssl
 enable_largefile
 enable_shared
@@ -1190,6 +1201,7 @@ with_aix_soname
 with_gnu_ld
 with_sysroot
 enable_libtool_lock
+with_mingw1_deprecated
 enable_http
 enable_ftp
 enable_file
@@ -1240,6 +1252,7 @@ with_nghttp2
 with_ngtcp2
 with_nghttp3
 with_quiche
+with_msh3
 with_zsh_functions_dir
 with_fish_functions_dir
 enable_threaded_resolver
@@ -1262,7 +1275,9 @@ enable_progress_meter
 enable_dnsshuffle
 enable_get_easy_options
 enable_alt_svc
+enable_headers_api
 enable_hsts
+enable_websockets
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1274,7 +1289,7 @@ LIBS
 CPPFLAGS
 CPP
 LT_SYS_LIBRARY_PATH'
-ac_subdirs_all='ares'
+
 
 # Initialize some variables set by options.
 ac_init_help=
@@ -2030,8 +2045,12 @@ Optional Features:
                           Disable curl_easy_options
   --enable-alt-svc        Enable alt-svc support
   --disable-alt-svc       Disable alt-svc support
+  --enable-headers-api    Enable headers-api support
+  --disable-headers-api   Disable headers-api support
   --enable-hsts           Enable HSTS support
     --disable-hsts          Disable HSTS support
+  --enable-websockets     Enable WebSockets support
+  --disable-websockets    Disable WebSockets support
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -2051,14 +2070,17 @@ Optional Packages:
                           installation root
   --with-wolfssl=PATH     where to look for WolfSSL, PATH points to the
                           installation root (default: system lib default)
-  --with-mesalink=PATH    where to look for MesaLink, PATH points to the
-                          installation root
   --with-bearssl=PATH     where to look for BearSSL, PATH points to the
                           installation root
   --with-rustls=PATH      where to look for rustls, PATH points to the
                           installation root
+  --with-nss-deprecated   confirm you realize NSS is going away
   --with-nss=PATH         where to look for NSS, PATH points to the
                           installation root
+  --with-test-nghttpx=PATH
+                          where to find nghttpx for testing
+  --with-test-caddy=PATH  where to find caddy for testing
+  --with-test-httpd=PATH  where to find httpd/apache2 for testing
 
   --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
                           both]
@@ -2068,6 +2090,8 @@ Optional Packages:
   --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
   --with-sysroot[=DIR]    Search for dependent libraries within DIR (or the
                           compiler's sysroot if not specified).
+  --with-mingw1-deprecated
+                          confirm you realize support for mingw v1 is dying
   --with-hyper=PATH       Enable hyper usage
   --without-hyper         Disable hyper usage
   --with-zlib=PATH        search for zlib in PATH
@@ -2138,6 +2162,8 @@ Optional Packages:
   --without-nghttp3       Disable nghttp3 usage
   --with-quiche=PATH      Enable quiche usage
   --without-quiche        Disable quiche usage
+  --with-msh3=PATH        Enable msh3 usage
+  --without-msh3          Disable msh3 usage
   --with-zsh-functions-dir=PATH
                           Install zsh completions to PATH
   --without-zsh-functions-dir
@@ -2233,7 +2259,7 @@ Copyright (C) 2021 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 
-Copyright (c) 1998 - 2021 Daniel Stenberg, <daniel@haxx.se>
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details
 _ACEOF
@@ -2321,6 +2347,39 @@ fi
 
 } # ac_fn_c_try_cpp
 
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  eval "$3=yes"
+else $as_nop
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
 # ac_fn_c_try_link LINENO
 # -----------------------
 # Try to link conftest.$ac_ext, and return whether this succeeded.
@@ -2368,39 +2427,6 @@ fi
 
 } # ac_fn_c_try_link
 
-# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists and can be compiled using the include files in
-# INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
-  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-  eval "$3=yes"
-else $as_nop
-  eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$3
-	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
-  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_compile
-
 # ac_fn_c_check_func LINENO FUNC VAR
 # ----------------------------------
 # Tests whether FUNC exists, setting the cache variable VAR accordingly
@@ -2497,8 +2523,8 @@ fi
 
 } # ac_fn_c_try_run
 
-# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
-# -------------------------------------------
+# ac_fn_c_check_type LINENO SIZEOF_LONG_LONG VAR INCLUDES
+# -------------------------------------------------------
 # Tests whether TYPE exists after having included INCLUDES, setting cache
 # variable VAR accordingly.
 ac_fn_c_check_type ()
@@ -3930,13 +3956,15 @@ fi
 
 
 if test -z "$EGREP"; then
-    if echo a | ($GREP -E '(a|b)') >/dev/null 2>&1; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-printf %s "checking for egrep... " >&6; }
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that grep -E works" >&5
+printf %s "checking that grep -E works... " >&6; }
+  if echo a | ($GREP -E '(a|b)') >/dev/null 2>&1; then
     EGREP="$GREP -E"
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $EGREP" >&5
-printf "%s\n" "$EGREP" >&6; }
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
   else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
     # Extract the first word of "egrep", so it can be a program name with args.
 set dummy egrep; ac_word=$2
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -3987,7 +4015,7 @@ fi
   fi
 fi
 if test -z "$EGREP" || test "$EGREP" = "not_found"; then
-  as_fn_error $? "egrep not found in PATH. Cannot continue without egrep." "$LINENO" 5
+  as_fn_error $? "grep -E is not working and egrep is not found in PATH. Cannot continue." "$LINENO" 5
 fi
 
 
@@ -5582,6 +5610,87 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 
+ac_header= ac_cache=
+for ac_item in $ac_header_c_list
+do
+  if test $ac_cache; then
+    ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
+    if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
+      printf "%s\n" "#define $ac_item 1" >> confdefs.h
+    fi
+    ac_header= ac_cache=
+  elif test $ac_header; then
+    ac_cache=$ac_item
+  else
+    ac_header=$ac_item
+  fi
+done
+
+
+
+
+
+
+
+
+if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
+then :
+
+printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+         for ac_header in stdatomic.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "stdatomic.h" "ac_cv_header_stdatomic_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdatomic_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_STDATOMIC_H 1" >>confdefs.h
+
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if _Atomic is available" >&5
+printf %s "checking if _Atomic is available... " >&6; }
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        $curl_includes_unistd
+
+int main (void)
+{
+
+        _Atomic int i = 0;
+        i = 4;  // Force an atomic-write operation.
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+printf "%s\n" "#define HAVE_ATOMIC 1" >>confdefs.h
+
+      tst_atomic="yes"
+
+else $as_nop
+
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      tst_atomic="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+
+fi
+
+done
+
+
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
 printf %s "checking for a sed that does not truncate output... " >&6; }
 if test ${ac_cv_path_SED+y}
@@ -5834,7 +5943,7 @@ fi
     fi
 
     CPPFLAGS="$CPPFLAGS -DNDEBUG"
-    CFLAGS="$CLAGS -O0 -g -fprofile-arcs -ftest-coverage"
+    CFLAGS="$CFLAGS -O0 -g -fprofile-arcs -ftest-coverage"
     LIBS="$LIBS -lgcov"
   fi
 
@@ -6530,7 +6639,7 @@ PKGADD_VENDOR="curl.se"
 
 
 
-    curl_ssl_msg="no      (--with-{openssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl,rustls} )"
+    curl_ssl_msg="no      (--with-{openssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,amissl,bearssl,rustls} )"
     curl_ssh_msg="no      (--with-{libssh,libssh2})"
    curl_zlib_msg="no      (--with-zlib)"
  curl_brotli_msg="no      (--with-brotli)"
@@ -6552,11 +6661,13 @@ curl_verbose_msg="enabled (--disable-verbose)"
    curl_rtmp_msg="no      (--with-librtmp)"
     curl_psl_msg="no      (--with-libpsl)"
  curl_altsvc_msg="enabled (--disable-alt-svc)"
+curl_headers_msg="enabled (--disable-headers-api)"
    curl_hsts_msg="enabled (--disable-hsts)"
+     curl_ws_msg="no      (--enable-websockets)"
     ssl_backends=
      curl_h1_msg="enabled (internal)"
      curl_h2_msg="no      (--with-nghttp2, --with-hyper)"
-     curl_h3_msg="no      (--with-ngtcp2, --with-quiche)"
+     curl_h3_msg="no      (--with-ngtcp2, --with-quiche --with-msh3)"
 
 enable_altsvc="yes"
 hsts="yes"
@@ -6579,10 +6690,9 @@ OPT_SECURETRANSPORT=no
 # Check whether --with-secure-transport was given.
 if test ${with_secure_transport+y}
 then :
-  withval=$with_secure_transport; OPT_SECURETRANSPORT=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }Secure-Transport"
+  withval=$with_secure_transport;
+  OPT_SECURETRANSPORT=$withval
+  TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }Secure-Transport"
 
 fi
 
@@ -6592,10 +6702,10 @@ OPT_AMISSL=no
 # Check whether --with-amissl was given.
 if test ${with_amissl+y}
 then :
-  withval=$with_amissl; OPT_AMISSL=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }AmiSSL"
+  withval=$with_amissl;
+  OPT_AMISSL=$withval
+  TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }AmiSSL"
+
 fi
 
 
@@ -6605,11 +6715,15 @@ ca="no"
 # Check whether --with-ssl was given.
 if test ${with_ssl+y}
 then :
-  withval=$with_ssl; OPT_SSL=$withval
+  withval=$with_ssl;
+  OPT_SSL=$withval
   OPT_OPENSSL=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }OpenSSL"
+  if test X"$withval" != Xno; then
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL"
+  else
+    SSL_DISABLED="D"
+  fi
+
 fi
 
 
@@ -6617,10 +6731,12 @@ fi
 # Check whether --with-openssl was given.
 if test ${with_openssl+y}
 then :
-  withval=$with_openssl; OPT_OPENSSL=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }OpenSSL"
+  withval=$with_openssl;
+  OPT_OPENSSL=$withval
+  if test X"$withval" != Xno; then
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL"
+  fi
+
 fi
 
 
@@ -6629,10 +6745,12 @@ OPT_GNUTLS=no
 # Check whether --with-gnutls was given.
 if test ${with_gnutls+y}
 then :
-  withval=$with_gnutls; OPT_GNUTLS=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }GnuTLS"
+  withval=$with_gnutls;
+  OPT_GNUTLS=$withval
+  if test X"$withval" != Xno; then
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }GnuTLS"
+  fi
+
 fi
 
 
@@ -6641,10 +6759,12 @@ OPT_MBEDTLS=no
 # Check whether --with-mbedtls was given.
 if test ${with_mbedtls+y}
 then :
-  withval=$with_mbedtls; OPT_MBEDTLS=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }mbedTLS"
+  withval=$with_mbedtls;
+  OPT_MBEDTLS=$withval
+  if test X"$withval" != Xno; then
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }mbedTLS"
+  fi
+
 fi
 
 
@@ -6653,22 +6773,12 @@ OPT_WOLFSSL=no
 # Check whether --with-wolfssl was given.
 if test ${with_wolfssl+y}
 then :
-  withval=$with_wolfssl; OPT_WOLFSSL=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }wolfSSL"
-fi
-
-
-OPT_MESALINK=no
+  withval=$with_wolfssl;
+  OPT_WOLFSSL=$withval
+  if test X"$withval" != Xno; then
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }wolfSSL"
+  fi
 
-# Check whether --with-mesalink was given.
-if test ${with_mesalink+y}
-then :
-  withval=$with_mesalink; OPT_MESALINK=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }MesaLink"
 fi
 
 
@@ -6677,10 +6787,12 @@ OPT_BEARSSL=no
 # Check whether --with-bearssl was given.
 if test ${with_bearssl+y}
 then :
-  withval=$with_bearssl; OPT_BEARSSL=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }BearSSL"
+  withval=$with_bearssl;
+  OPT_BEARSSL=$withval
+  if test X"$withval" != Xno; then
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }BearSSL"
+  fi
+
 fi
 
 
@@ -6689,10 +6801,25 @@ OPT_RUSTLS=no
 # Check whether --with-rustls was given.
 if test ${with_rustls+y}
 then :
-  withval=$with_rustls; OPT_RUSTLS=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
-else $as_nop
-  }rustls"
+  withval=$with_rustls;
+  OPT_RUSTLS=$withval
+  if test X"$withval" != Xno; then
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }rustls"
+    experimental="$experimental rustls"
+  fi
+
+fi
+
+
+OPT_NSS_AWARE=no
+
+# Check whether --with-nss-deprecated was given.
+if test ${with_nss_deprecated+y}
+then :
+  withval=$with_nss_deprecated; if test X"$withval" != Xno; then
+    OPT_NSS_AWARE=$withval
+  fi
+
 fi
 
 
@@ -6702,9 +6829,423 @@ OPT_NSS=no
 if test ${with_nss+y}
 then :
   withval=$with_nss; OPT_NSS=$withval
-  test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE
+  if test X"$withval" != Xno; then
+
+    if test X"$OPT_NSS_AWARE" = "Xno" ; then
+      as_fn_error $? "NSS use must be confirmed using --with-nss-deprecated. NSS support will be dropped from curl in August 2022. See docs/DEPRECATE.md" "$LINENO" 5
+    fi
+
+    TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }NSS"
+  fi
+
+fi
+
+
+TEST_NGHTTPX=nghttpx
+
+# Check whether --with-test-nghttpx was given.
+if test ${with_test_nghttpx+y}
+then :
+  withval=$with_test_nghttpx; TEST_NGHTTPX=$withval
+  if test X"$OPT_TEST_NGHTTPX" = "Xno" ; then
+      TEST_NGHTTPX=""
+  fi
+
+fi
+
+
+
+CADDY=caddy
+
+# Check whether --with-test-caddy was given.
+if test ${with_test_caddy+y}
+then :
+  withval=$with_test_caddy; CADDY=$withval
+  if test X"$OPT_CADDY" = "Xno" ; then
+      CADDY=""
+  fi
+
+fi
+
+
+
+
+# Check whether --with-test-httpd was given.
+if test ${with_test_httpd+y}
+then :
+  withval=$with_test_httpd; request_httpd=$withval
+else $as_nop
+  request_httpd=check
+fi
+
+if test x"$request_httpd" = "xcheck"; then
+  if test -x "/usr/sbin/apache2" -a -x "/usr/sbin/apache2ctl"; then
+    # common location on distros (debian/ubuntu)
+    HTTPD="/usr/sbin/apache2"
+    APACHECTL="/usr/sbin/apache2ctl"
+    # Extract the first word of "apxs", so it can be a program name with args.
+set dummy apxs; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_APXS+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $APXS in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_APXS="$APXS" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_APXS="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+APXS=$ac_cv_path_APXS
+if test -n "$APXS"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $APXS" >&5
+printf "%s\n" "$APXS" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+    if test "x$APXS" != "x"; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: apache2-dev not installed, httpd tests disabled" >&5
+printf "%s\n" "$as_me: apache2-dev not installed, httpd tests disabled" >&6;}
+    fi
+  else
+    # Extract the first word of "httpd", so it can be a program name with args.
+set dummy httpd; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_HTTPD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $HTTPD in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_HTTPD="$HTTPD" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_HTTPD="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+HTTPD=$ac_cv_path_HTTPD
+if test -n "$HTTPD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $HTTPD" >&5
+printf "%s\n" "$HTTPD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+    if test "x$HTTPD" = "x"; then
+      # Extract the first word of "apache2", so it can be a program name with args.
+set dummy apache2; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_HTTPD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $HTTPD in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_HTTPD="$HTTPD" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_HTTPD="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+HTTPD=$ac_cv_path_HTTPD
+if test -n "$HTTPD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $HTTPD" >&5
+printf "%s\n" "$HTTPD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+    fi
+    # Extract the first word of "apachectl", so it can be a program name with args.
+set dummy apachectl; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_APACHECTL+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $APACHECTL in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_APACHECTL="$APACHECTL" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_APACHECTL="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+APACHECTL=$ac_cv_path_APACHECTL
+if test -n "$APACHECTL"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $APACHECTL" >&5
+printf "%s\n" "$APACHECTL" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+    # Extract the first word of "apxs", so it can be a program name with args.
+set dummy apxs; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_APXS+y}
+then :
+  printf %s "(cached) " >&6
 else $as_nop
-  }NSS"
+  case $APXS in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_APXS="$APXS" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_APXS="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+APXS=$ac_cv_path_APXS
+if test -n "$APXS"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $APXS" >&5
+printf "%s\n" "$APXS" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+    if test "x$HTTPD" = "x" -o "x$APACHECTL" = "x"; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: httpd/apache2 not in PATH, httpd tests disabled" >&5
+printf "%s\n" "$as_me: httpd/apache2 not in PATH, httpd tests disabled" >&6;}
+    fi
+    if test "x$APXS" = "x"; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: apxs not in PATH, httpd tests disabled" >&5
+printf "%s\n" "$as_me: apxs not in PATH, httpd tests disabled" >&6;}
+    fi
+  fi
+else
+  HTTPD="${request_httpd}/bin/httpd"
+  APACHECTL="${request_httpd}/bin/apachectl"
+  APXS="${request_httpd}/bin/apxs"
+  if test ! -x "${HTTPD}"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: httpd not found as ${HTTPD}, httpd tests disabled" >&5
+printf "%s\n" "$as_me: httpd not found as ${HTTPD}, httpd tests disabled" >&6;}
+  elif test ! -x "${APACHECTL}"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: apachectl not found as ${APACHECTL}, httpd tests disabled" >&5
+printf "%s\n" "$as_me: apachectl not found as ${APACHECTL}, httpd tests disabled" >&6;}
+  elif test ! -x "${APXS}"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: apxs not found as ${APXS}, httpd tests disabled" >&5
+printf "%s\n" "$as_me: apxs not found as ${APXS}, httpd tests disabled" >&6;}
+  else
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: using HTTPD=$HTTPD for tests" >&5
+printf "%s\n" "$as_me: using HTTPD=$HTTPD for tests" >&6;}
+  fi
+fi
+
+
+
+
+if test "x$TEST_NGHTTPX" != "x" -a "x$TEST_NGHTTPX" != "xnghttpx"; then
+  HTTPD_NGHTTPX="$TEST_NGHTTPX"
+else
+  # Extract the first word of "nghttpx", so it can be a program name with args.
+set dummy nghttpx; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_HTTPD_NGHTTPX+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $HTTPD_NGHTTPX in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_HTTPD_NGHTTPX="$HTTPD_NGHTTPX" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_HTTPD_NGHTTPX="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+HTTPD_NGHTTPX=$ac_cv_path_HTTPD_NGHTTPX
+if test -n "$HTTPD_NGHTTPX"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $HTTPD_NGHTTPX" >&5
+printf "%s\n" "$HTTPD_NGHTTPX" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+
+
+if test "x$TEST_CADDY" != "x"; then
+  CADDY="$TEST_CADDY"
+else
+  # Extract the first word of "caddy", so it can be a program name with args.
+set dummy caddy; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_CADDY+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $CADDY in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_CADDY="$CADDY" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_CADDY="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+CADDY=$ac_cv_path_CADDY
+if test -n "$CADDY"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CADDY" >&5
+printf "%s\n" "$CADDY" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
 fi
 
 
@@ -6718,7 +7259,6 @@ Select from these:
   --with-bearssl
   --with-gnutls
   --with-mbedtls
-  --with-mesalink
   --with-nss
   --with-openssl (also works for BoringSSL and libressl)
   --with-rustls
@@ -6822,7 +7362,6 @@ AR_FLAGS=cr
 
 
 
-
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
 printf %s "checking for grep that handles long lines and -e... " >&6; }
 if test ${ac_cv_path_GREP+y}
@@ -7963,8 +8502,8 @@ esac
 
 
 
-macro_version='2.4.6'
-macro_revision='2.4.6'
+macro_version='2.4.7'
+macro_revision='2.4.7'
 
 
 
@@ -8375,13 +8914,13 @@ else
 	mingw*) lt_bad_file=conftest.nm/nofile ;;
 	*) lt_bad_file=/dev/null ;;
 	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
 	*$lt_bad_file* | *'Invalid file or object type'*)
 	  lt_cv_path_NM="$tmp_nm -B"
 	  break 2
 	  ;;
 	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
 	  */dev/null*)
 	    lt_cv_path_NM="$tmp_nm -p"
 	    break 2
@@ -8519,7 +9058,7 @@ esac
   fi
 fi
 
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
     *COFF*)
       DUMPBIN="$DUMPBIN -symbols -headers"
       ;;
@@ -8623,7 +9162,7 @@ else $as_nop
     lt_cv_sys_max_cmd_len=8192;
     ;;
 
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+  bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
     # This has been around since 386BSD, at least.  Likely further.
     if test -x /sbin/sysctl; then
       lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -8666,7 +9205,7 @@ else $as_nop
   sysv5* | sco5v6* | sysv4.2uw2*)
     kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
     if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[	 ]//'`
+      lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[	 ]//'`
     else
       lt_cv_sys_max_cmd_len=32768
     fi
@@ -8872,6 +9411,114 @@ esac
 
 
 if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}file", so it can be a program name with args.
+set dummy ${ac_tool_prefix}file; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_FILECMD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$FILECMD"; then
+  ac_cv_prog_FILECMD="$FILECMD" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_FILECMD="${ac_tool_prefix}file"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+FILECMD=$ac_cv_prog_FILECMD
+if test -n "$FILECMD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $FILECMD" >&5
+printf "%s\n" "$FILECMD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_FILECMD"; then
+  ac_ct_FILECMD=$FILECMD
+  # Extract the first word of "file", so it can be a program name with args.
+set dummy file; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_FILECMD+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_FILECMD"; then
+  ac_cv_prog_ac_ct_FILECMD="$ac_ct_FILECMD" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_FILECMD="file"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_FILECMD=$ac_cv_prog_ac_ct_FILECMD
+if test -n "$ac_ct_FILECMD"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_FILECMD" >&5
+printf "%s\n" "$ac_ct_FILECMD" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_FILECMD" = x; then
+    FILECMD=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    FILECMD=$ac_ct_FILECMD
+  fi
+else
+  FILECMD="$ac_cv_prog_FILECMD"
+fi
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
 set dummy ${ac_tool_prefix}objdump; ac_word=$2
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -9011,7 +9658,7 @@ beos*)
 
 bsdi[45]*)
   lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_cmd='$FILECMD -L'
   lt_cv_file_magic_test_file=/shlib/libc.so
   ;;
 
@@ -9045,14 +9692,14 @@ darwin* | rhapsody*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     case $host_cpu in
     i*86 )
       # Not sure whether the presence of OpenBSD here was a mistake.
       # Let's accept both of them until this is cleared up.
       lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_cmd=$FILECMD
       lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
       ;;
     esac
@@ -9066,7 +9713,7 @@ haiku*)
   ;;
 
 hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   case $host_cpu in
   ia64*)
     lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
@@ -9113,7 +9760,7 @@ netbsd* | netbsdelf*-gnu)
 
 newos6*)
   lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   lt_cv_file_magic_test_file=/usr/lib/libnls.so
   ;;
 
@@ -9483,13 +10130,29 @@ esac
 fi
 
 : ${AR=ar}
-: ${AR_FLAGS=cr}
 
 
 
 
 
 
+# Use ARFLAGS variable as AR's operation code to sync the variable naming with
+# Automake.  If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
+# higher priority because thats what people were doing historically (setting
+# ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
+# variable obsoleted/removed.
+
+test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+lt_ar_flags=$AR_FLAGS
+
+
+
+
+
+
+# Make AR_FLAGS overridable by 'make ARFLAGS='.  Don't try to run-time override
+# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
+
 
 
 
@@ -9905,7 +10568,7 @@ esac
 
 if test "$lt_cv_nm_interface" = "MS dumpbin"; then
   # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
   # Adjust the below global symbol transforms to fixup imported variables.
   lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
   lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
@@ -9923,20 +10586,20 @@ fi
 # Transform an extracted symbol line into a proper C declaration.
 # Some systems (esp. on ia64) link data and code symbols differently,
 # so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
 $lt_cdecl_hook\
 " -e 's/^T .* \(.*\)$/extern int \1();/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
 
 # Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
 $lt_c_name_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
 
 # Transform an extracted symbol line into symbol name with lib prefix and
 # symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
 $lt_c_name_lib_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
@@ -9960,7 +10623,7 @@ for ac_symprfx in "" "_"; do
   if test "$lt_cv_nm_interface" = "MS dumpbin"; then
     # Fake it for dumpbin and say T for any non-static function,
     # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
+    # Also find C++ and __fastcall symbols from MSVC++ or ICC,
     # which start with @ or ?.
     lt_cv_sys_global_symbol_pipe="$AWK '"\
 "     {last_section=section; section=\$ 3};"\
@@ -9978,9 +10641,9 @@ for ac_symprfx in "" "_"; do
 "     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
 "     ' prfx=^$ac_symprfx"
   else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+    lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
   fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
 
   # Check to see that the pipe works correctly.
   pipe_works=no
@@ -10180,7 +10843,7 @@ case $with_sysroot in #(
    fi
    ;; #(
  /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
    ;; #(
  no|'')
    ;; #(
@@ -10305,7 +10968,7 @@ ia64-*-hpux*)
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *ELF-32*)
 	HPUX_IA64_MODE=32
 	;;
@@ -10326,7 +10989,7 @@ ia64-*-hpux*)
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
     if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -melf32bsmip"
 	  ;;
@@ -10338,7 +11001,7 @@ ia64-*-hpux*)
 	;;
       esac
     else
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -32"
 	  ;;
@@ -10364,7 +11027,7 @@ mips64*-*linux*)
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
     emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *32-bit*)
 	emul="${emul}32"
 	;;
@@ -10372,7 +11035,7 @@ mips64*-*linux*)
 	emul="${emul}64"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *MSB*)
 	emul="${emul}btsmip"
 	;;
@@ -10380,7 +11043,7 @@ mips64*-*linux*)
 	emul="${emul}ltsmip"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *N32*)
 	emul="${emul}n32"
 	;;
@@ -10404,14 +11067,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
       *32-bit*)
 	case $host in
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_i386_fbsd"
 	    ;;
 	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
+	    case `$FILECMD conftest.o` in
 	      *x86-64*)
 		LD="${LD-ld} -m elf32_x86_64"
 		;;
@@ -10518,7 +11181,7 @@ printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
   ac_status=$?
   printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
     *64-bit*)
       case $lt_cv_prog_gnu_ld in
       yes*)
@@ -11300,8 +11963,8 @@ int forced_loaded() { return 2;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
       $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
-      echo "$AR cr libconftest.a conftest.o" >&5
-      $AR cr libconftest.a conftest.o 2>&5
+      echo "$AR $AR_FLAGS libconftest.a conftest.o" >&5
+      $AR $AR_FLAGS libconftest.a conftest.o 2>&5
       echo "$RANLIB libconftest.a" >&5
       $RANLIB libconftest.a 2>&5
       cat > conftest.c << _LT_EOF
@@ -11328,17 +11991,12 @@ printf "%s\n" "$lt_cv_ld_force_load" >&6; }
       _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
     darwin1.*)
       _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[912]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[012][,.]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*|11.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+    darwin*)
+      case $MACOSX_DEPLOYMENT_TARGET,$host in
+        10.[012],*|,*powerpc*-darwin[5-8]*)
+          _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+        *)
+          _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
       esac
     ;;
   esac
@@ -11393,35 +12051,6 @@ func_munge_path_list ()
     esac
 }
 
-ac_header= ac_cache=
-for ac_item in $ac_header_c_list
-do
-  if test $ac_cache; then
-    ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
-    if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
-      printf "%s\n" "#define $ac_item 1" >> confdefs.h
-    fi
-    ac_header= ac_cache=
-  elif test $ac_header; then
-    ac_cache=$ac_item
-  else
-    ac_header=$ac_item
-  fi
-done
-
-
-
-
-
-
-
-
-if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
-then :
-
-printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
 "
 if test "x$ac_cv_header_dlfcn_h" = xyes
@@ -12161,8 +12790,8 @@ esac
 ofile=libtool
 can_build_shared=yes
 
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
+# All known linkers require a '.a' archive for static linking (except MSVC and
+# ICC, which need '.lib').
 libext=a
 
 with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -12680,7 +13309,7 @@ lt_prog_compiler_static=
 	lt_prog_compiler_static='-qstaticlink'
 	;;
       *)
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
 	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
 	  lt_prog_compiler_pic='-KPIC'
@@ -13103,15 +13732,15 @@ printf %s "checking whether the $compiler linker ($LD) supports shared libraries
 
   case $host_os in
   cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
     # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
+    # Microsoft Visual C++ or Intel C++ Compiler.
     if test yes != "$GCC"; then
       with_gnu_ld=no
     fi
     ;;
   interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
     with_gnu_ld=yes
     ;;
   openbsd* | bitrig*)
@@ -13166,7 +13795,7 @@ printf %s "checking whether the $compiler linker ($LD) supports shared libraries
       whole_archive_flag_spec=
     fi
     supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
+    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
       *GNU\ gold*) supports_anon_versioning=yes ;;
       *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
       *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -13278,6 +13907,7 @@ _LT_EOF
 	emximp -o $lib $output_objdir/$libname.def'
       old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       enable_shared_with_static_runtimes=yes
+      file_list_spec='@'
       ;;
 
     interix[3-9]*)
@@ -13292,7 +13922,7 @@ _LT_EOF
       # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
       # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
       archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
       ;;
 
     gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
@@ -13335,7 +13965,7 @@ _LT_EOF
 	  compiler_needs_object=yes
 	  ;;
 	esac
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ C*)			# Sun C 5.9
 	  whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
 	  compiler_needs_object=yes
@@ -13347,13 +13977,14 @@ _LT_EOF
 
         if test yes = "$supports_anon_versioning"; then
           archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
             echo "local: *; };" >> $output_objdir/$libname.ver~
             $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
         fi
 
 	case $cc_basename in
 	tcc*)
+	  hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
 	  export_dynamic_flag_spec='-rdynamic'
 	  ;;
 	xlf* | bgf* | bgxlf* | mpixlf*)
@@ -13363,7 +13994,7 @@ _LT_EOF
 	  archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
 	  if test yes = "$supports_anon_versioning"; then
 	    archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
               echo "local: *; };" >> $output_objdir/$libname.ver~
               $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
 	  fi
@@ -13495,7 +14126,7 @@ _LT_EOF
 	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
 	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
 	else
-	  export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	  export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
 	fi
 	aix_use_runtimelinking=no
 
@@ -13764,12 +14395,12 @@ fi
 
     cygwin* | mingw* | pw32* | cegcc*)
       # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
+      # Microsoft Visual C++ or Intel C++ Compiler.
       # hardcode_libdir_flag_spec is actually meaningless, as there is
       # no search path for DLLs.
       case $cc_basename in
-      cl*)
-	# Native MSVC
+      cl* | icl*)
+	# Native MSVC or ICC
 	hardcode_libdir_flag_spec=' '
 	allow_undefined_flag=unsupported
 	always_export_symbols=yes
@@ -13810,7 +14441,7 @@ fi
           fi'
 	;;
       *)
-	# Assume MSVC wrapper
+	# Assume MSVC and ICC wrapper
 	hardcode_libdir_flag_spec=' '
 	allow_undefined_flag=unsupported
 	# Tell ltmain to make .lib files, not .a files.
@@ -13851,8 +14482,8 @@ fi
     output_verbose_link_cmd=func_echo_all
     archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
     module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+    archive_expsym_cmds="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    module_expsym_cmds="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
 
   else
   ld_shlibs=no
@@ -13886,7 +14517,7 @@ fi
       ;;
 
     # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
+    freebsd* | dragonfly* | midnightbsd*)
       archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
       hardcode_libdir_flag_spec='-R$libdir'
       hardcode_direct=yes
@@ -14067,6 +14698,7 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
 	# Fabrice Bellard et al's Tiny C Compiler
 	ld_shlibs=yes
 	archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
 	;;
       esac
       ;;
@@ -14138,6 +14770,7 @@ printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
 	emximp -o $lib $output_objdir/$libname.def'
       old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       enable_shared_with_static_runtimes=yes
+      file_list_spec='@'
       ;;
 
     osf3*)
@@ -14830,7 +15463,7 @@ cygwin* | mingw* | pw32* | cegcc*)
     case $host_os in
     cygwin*)
       # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
 
       sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
       ;;
@@ -14840,14 +15473,14 @@ cygwin* | mingw* | pw32* | cegcc*)
       ;;
     pw32*)
       # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
       ;;
     esac
     dynamic_linker='Win32 ld.exe'
     ;;
 
-  *,cl*)
-    # Native MSVC
+  *,cl* | *,icl*)
+    # Native MSVC or ICC
     libname_spec='$name'
     soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
     library_names_spec='$libname.dll.lib'
@@ -14866,7 +15499,7 @@ cygwin* | mingw* | pw32* | cegcc*)
       done
       IFS=$lt_save_ifs
       # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
       ;;
     cygwin*)
       # Convert to unix form, then to dos form, then back to unix form
@@ -14903,7 +15536,7 @@ cygwin* | mingw* | pw32* | cegcc*)
     ;;
 
   *)
-    # Assume MSVC wrapper
+    # Assume MSVC and ICC wrapper
     library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
     dynamic_linker='Win32 ld.exe'
     ;;
@@ -14936,7 +15569,7 @@ dgux*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   # DragonFly does not have aout.  When/if they implement a new
   # versioning mechanism, adjust this.
   if test -x /usr/bin/objformat; then
@@ -16100,30 +16733,41 @@ striplib=
 old_striplib=
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
 printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
+if test -z "$STRIP"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
+  if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+    old_striplib="$STRIP --strip-debug"
+    striplib="$STRIP --strip-unneeded"
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+  else
+    case $host_os in
+    darwin*)
+      # FIXME - insert some real tests, host_os isn't really good enough
       striplib="$STRIP -x"
       old_striplib="$STRIP -S"
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+      ;;
+    freebsd*)
+      if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
+        old_striplib="$STRIP --strip-debug"
+        striplib="$STRIP --strip-unneeded"
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      else
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    fi
-    ;;
-  *)
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+      fi
+      ;;
+    *)
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    ;;
-  esac
+      ;;
+    esac
+  fi
 fi
 
 
@@ -16298,7 +16942,7 @@ esac
 printf "%s\n" "$xc_lt_shlib_use_mimpure_text" >&6; }
 
 #
-# Find out whether libtool libraries would be built wit PIC
+# Find out whether libtool libraries would be built with PIC
 #
 
 case "x$pic_mode" in # ((((
@@ -16363,6 +17007,187 @@ printf "%s\n" "$xc_lt_build_static_only" >&6; }
 
 
 
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}windres", so it can be a program name with args.
+set dummy ${ac_tool_prefix}windres; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_RC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$RC"; then
+  ac_cv_prog_RC="$RC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_RC="${ac_tool_prefix}windres"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RC=$ac_cv_prog_RC
+if test -n "$RC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RC" >&5
+printf "%s\n" "$RC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RC"; then
+  ac_ct_RC=$RC
+  # Extract the first word of "windres", so it can be a program name with args.
+set dummy windres; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_RC+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  if test -n "$ac_ct_RC"; then
+  ac_cv_prog_ac_ct_RC="$ac_ct_RC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_RC="windres"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RC=$ac_cv_prog_ac_ct_RC
+if test -n "$ac_ct_RC"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RC" >&5
+printf "%s\n" "$ac_ct_RC" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_ct_RC" = x; then
+    RC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RC=$ac_ct_RC
+  fi
+else
+  RC="$ac_cv_prog_RC"
+fi
+
+
+
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+objext_RC=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code=$lt_simple_compile_test_code
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
+lt_save_GCC=$GCC
+GCC=
+CC=${RC-"windres"}
+CFLAGS=
+compiler=$CC
+compiler_RC=$CC
+func_cc_basename $compiler
+cc_basename=$func_cc_basename_result
+
+lt_cv_prog_compiler_c_o_RC=yes
+
+if test -n "$compiler"; then
+  :
+
+
+
+fi
+
+GCC=$lt_save_GCC
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
+
+
 #
 # Automake conditionals based on libtool related checks
 #
@@ -17039,7 +17864,7 @@ printf "%s\n" "no" >&6; }
     compiler_num=`(expr $clangvhi "*" 100 + $clangvlo) 2>/dev/null`
     flags_dbg_yes="-g"
     flags_opt_all="-O -O0 -O1 -O2 -Os -O3 -O4"
-    flags_opt_yes="-Os"
+    flags_opt_yes="-O2"
     flags_opt_off="-O0"
   else
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
@@ -17601,120 +18426,6 @@ printf "%s\n" "yes" >&6; }
 printf "%s\n" "no" >&6; }
   fi
 
-
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler is Watcom C" >&5
-printf %s "checking if compiler is Watcom C... " >&6; }
-
-    OLDCPPFLAGS=$CPPFLAGS
-  # CPPPFLAG comes from CURL_CPP_P
-  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
-      if test -z "$SED"; then
-    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
-  fi
-  if test -z "$GREP"; then
-    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
-  fi
-
-  tmp_exp=""
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#ifdef __WATCOMC__
-CURL_DEF_TOKEN __WATCOMC__
-#endif
-
-
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-    tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \
-      "$GREP" CURL_DEF_TOKEN 2>/dev/null | \
-      "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \
-      "$SED" 's/["][ ]*["]//g' 2>/dev/null`
-    if test -z "$tmp_exp" || test "$tmp_exp" = "__WATCOMC__"; then
-      tmp_exp=""
-    fi
-
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-  if test -z "$tmp_exp"; then
-    curl_cv_have_def___WATCOMC__=no
-
-  else
-    curl_cv_have_def___WATCOMC__=yes
-    curl_cv_def___WATCOMC__=$tmp_exp
-
-  fi
-      CPPFLAGS=$OLDCPPFLAGS
-
-  if test "$curl_cv_have_def___WATCOMC__" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-    OLDCPPFLAGS=$CPPFLAGS
-  # CPPPFLAG comes from CURL_CPP_P
-  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
-      if test -z "$SED"; then
-    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
-  fi
-  if test -z "$GREP"; then
-    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
-  fi
-
-  tmp_exp=""
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#ifdef __UNIX__
-CURL_DEF_TOKEN __UNIX__
-#endif
-
-
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-    tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \
-      "$GREP" CURL_DEF_TOKEN 2>/dev/null | \
-      "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \
-      "$SED" 's/["][ ]*["]//g' 2>/dev/null`
-    if test -z "$tmp_exp" || test "$tmp_exp" = "__UNIX__"; then
-      tmp_exp=""
-    fi
-
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-  if test -z "$tmp_exp"; then
-    curl_cv_have_def___UNIX__=no
-
-  else
-    curl_cv_have_def___UNIX__=yes
-    curl_cv_def___UNIX__=$tmp_exp
-
-  fi
-      CPPFLAGS=$OLDCPPFLAGS
-
-    if test "$curl_cv_have_def___UNIX__" = "yes"; then
-      compiler_id="WATCOM_UNIX_C"
-      flags_dbg_yes="-g2"
-      flags_opt_all="-O0 -O1 -O2 -O3"
-      flags_opt_yes="-O2"
-      flags_opt_off="-O0"
-    else
-      compiler_id="WATCOM_WINDOWS_C"
-      flags_dbg_yes=""
-      flags_opt_all=""
-      flags_opt_yes=""
-      flags_opt_off=""
-    fi
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-  fi
-
   #
   if test "$compiler_id" = "unknown"; then
   cat <<_EOF 1>&2
@@ -17761,6 +18472,7 @@ squeeze() {
       CLANG)
         #
                                 tmp_CFLAGS="$tmp_CFLAGS -Qunused-arguments"
+                        tmp_CFLAGS="$tmp_CFLAGS -Wno-pointer-bool-conversion"
         ;;
         #
       DEC_C)
@@ -17794,8 +18506,8 @@ squeeze() {
       INTEL_UNIX_C)
         #
                         tmp_CFLAGS="$tmp_CFLAGS -std=gnu89"
-                                                tmp_CPPFLAGS="$tmp_CPPFLAGS -we140,147,165,266"
-                                        tmp_CPPFLAGS="$tmp_CPPFLAGS -wd279,981,1469"
+                                                tmp_CPPFLAGS="$tmp_CPPFLAGS -diag-error 140,147,165,266"
+                                                        tmp_CPPFLAGS="$tmp_CPPFLAGS -diag-disable 279,981,1025,1469,2259"
         ;;
         #
       INTEL_WINDOWS_C)
@@ -17828,16 +18540,6 @@ squeeze() {
                 tmp_CFLAGS="$tmp_CFLAGS"
         ;;
         #
-      WATCOM_UNIX_C)
-        #
-                tmp_CFLAGS="$tmp_CFLAGS"
-        ;;
-        #
-      WATCOM_WINDOWS_C)
-        #
-                tmp_CFLAGS="$tmp_CFLAGS"
-        ;;
-        #
     esac
     #
     squeeze tmp_CPPFLAGS
@@ -17918,10 +18620,55 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     if test "x$cross_compiling" != "xyes" &&
     test "$tmp_compiler_works" = "yes"; then
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#       ifdef __STDC__
+#         include <stdlib.h>
+#       endif
+
+int main (void)
+{
+
+        int i = 0;
+        exit(i);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  tmp_compiler_works="yes"
+
+else $as_nop
+  tmp_compiler_works="no"
+      echo " " >&6
+      echo "run-fail: test program exited with status $ac_status" >&6
+      echo " " >&6
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -17962,7 +18709,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
     if test "$tmp_compiler_works" = "yes"; then
@@ -18200,10 +18949,55 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     if test "x$cross_compiling" != "xyes" &&
     test "$tmp_compiler_works" = "yes"; then
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#       ifdef __STDC__
+#         include <stdlib.h>
+#       endif
+
+int main (void)
+{
+
+        int i = 0;
+        exit(i);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  tmp_compiler_works="yes"
+
+else $as_nop
+  tmp_compiler_works="no"
+      echo " " >&6
+      echo "run-fail: test program exited with status $ac_status" >&6
+      echo " " >&6
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -18244,7 +19038,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
     if test "$tmp_compiler_works" = "yes"; then
@@ -18751,6 +19547,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;}
       GNU_C)
         #
         if test "$want_warnings" = "yes"; then
+          tmp_CFLAGS="$tmp_CFLAGS -std=gnu89"
           #
                               if test "x$cross_compiling" != "xyes" ||
             test "$compiler_num" -ge "300"; then
@@ -19375,22 +20172,27 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;}
             fi
           fi
           #
-        fi
-        #
-                if test "$compiler_num" -ge "300"; then
-          tmp_CFLAGS="$tmp_CFLAGS -Wno-system-headers"
-        else
-                              if test "x$cross_compiling" = "xyes"; then
-            if test "$compiler_num" -ge "104"; then
-                            tmp_CFLAGS="$tmp_CFLAGS -Wno-unused -Wno-shadow"
-            fi
-            if test "$compiler_num" -ge "207"; then
-                            tmp_CFLAGS="$tmp_CFLAGS -Wno-missing-declarations"
-              tmp_CFLAGS="$tmp_CFLAGS -Wno-missing-prototypes"
-            fi
-          fi
-        fi
-                if test "$compiler_num" -ge "1000"; then
+                    if test "$compiler_num" -ge "1000"; then
+
+    ac_var_added_warnings=""
+  for warning in arith-conversion; do
+
+  ac_var_match_word="no"
+  for word1 in $CFLAGS; do
+    for word2 in -Wno-$warning -W$warning; do
+      if test "$word1" = "$word2"; then
+        ac_var_match_word="yes"
+      fi
+    done
+  done
+
+    if test "$ac_var_match_word" = "no"; then
+      ac_var_added_warnings="$ac_var_added_warnings -W$warning"
+    fi
+  done
+    tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings"
+  squeeze tmp_CFLAGS
+
 
     ac_var_added_warnings=""
   for warning in enum-conversion; do
@@ -19411,6 +20213,22 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;}
     tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings"
   squeeze tmp_CFLAGS
 
+          fi
+          #
+        fi
+        #
+                if test "$compiler_num" -ge "300"; then
+          tmp_CFLAGS="$tmp_CFLAGS -Wno-system-headers"
+        else
+                              if test "x$cross_compiling" = "xyes"; then
+            if test "$compiler_num" -ge "104"; then
+                            tmp_CFLAGS="$tmp_CFLAGS -Wno-unused -Wno-shadow"
+            fi
+            if test "$compiler_num" -ge "207"; then
+                            tmp_CFLAGS="$tmp_CFLAGS -Wno-missing-declarations"
+              tmp_CFLAGS="$tmp_CFLAGS -Wno-missing-prototypes"
+            fi
+          fi
         fi
         ;;
         #
@@ -19548,18 +20366,6 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;}
         fi
         ;;
         #
-      WATCOM_UNIX_C)
-        #
-        if test "$want_warnings" = "yes"; then
-                    tmp_CFLAGS="$tmp_CFLAGS -Wall -Wextra"
-        fi
-        ;;
-        #
-      WATCOM_WINDOWS_C)
-        #
-                tmp_CFLAGS="$tmp_CFLAGS"
-        ;;
-        #
     esac
     #
     squeeze tmp_CPPFLAGS
@@ -19640,10 +20446,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     if test "x$cross_compiling" != "xyes" &&
     test "$tmp_compiler_works" = "yes"; then
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -19684,7 +20489,55 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#       ifdef __STDC__
+#         include <stdlib.h>
+#       endif
+
+int main (void)
+{
+
+        int i = 0;
+        exit(i);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  tmp_compiler_works="yes"
+
+else $as_nop
+  tmp_compiler_works="no"
+      echo " " >&6
+      echo "run-fail: test program exited with status $ac_status" >&6
+      echo " " >&6
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
     if test "$tmp_compiler_works" = "yes"; then
@@ -20109,6 +20962,64 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     ;;
 esac
 
+# Detect original MinGW (not MinGW-w64)
+curl_mingw_original=no
+case $host in
+  *-*-mingw32*)
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking using original MinGW (not MinGW-w64)" >&5
+printf %s "checking using original MinGW (not MinGW-w64)... " >&6; }
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#include <_mingw.h>
+
+int main (void)
+{
+
+#if defined(__MINGW64_VERSION_MAJOR)
+#error
+#endif
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
+      curl_mingw_original=yes
+      curl_mingw_die=yes
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+else $as_nop
+
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+    ;;
+esac
+
+
+
+# Check whether --with-mingw1-deprecated was given.
+if test ${with_mingw1_deprecated+y}
+then :
+  withval=$with_mingw1_deprecated; if test X"$withval" != Xno; then
+    curl_mingw_die=
+  fi
+
+fi
+
+
+if test -n "$curl_mingw_die"; then
+  as_fn_error $? "support for mingw v1 is going away, enable temporarily with --with-mingw1-deprecated" "$LINENO" 5
+fi
+
 
 
 
@@ -20448,74 +21359,12 @@ printf "%s\n" "#define HAVE_WINLDAP_H 1" >>confdefs.h
       ;;
   esac
 
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for winber.h" >&5
-printf %s "checking for winber.h... " >&6; }
-if test ${curl_cv_header_winber_h+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#undef inline
-#ifdef HAVE_WINDOWS_H
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-#include <windows.h>
-#endif
-#include <winldap.h>
-#include <winber.h>
-
-int main (void)
-{
-
-#if defined(__CYGWIN__) || defined(__CEGCC__)
-        HAVE_WINBER_H shall not be defined.
-#else
-        BERVAL *bvp = NULL;
-        BerElement *bep = ber_init(bvp);
-        ber_free(bep, 1);
-#endif
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      curl_cv_header_winber_h="yes"
-
-else $as_nop
-
-      curl_cv_header_winber_h="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winber_h" >&5
-printf "%s\n" "$curl_cv_header_winber_h" >&6; }
-  case "$curl_cv_header_winber_h" in
-    yes)
-
-printf "%s\n" "#define HAVE_WINBER_H 1" >>confdefs.h
-
-      ;;
-  esac
-
     ;;
   *)
     curl_cv_header_winsock2_h="no"
     curl_cv_header_ws2tcpip_h="no"
     curl_cv_header_wincrypt_h="no"
     curl_cv_header_winldap_h="no"
-    curl_cv_header_winber_h="no"
     ;;
 esac
 
@@ -20791,6 +21640,21 @@ fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 
 
+ if test "$curl_cv_native_windows" = "yes" && test -n "${RC}"; then
+  HAVE_WINDRES_TRUE=
+  HAVE_WINDRES_FALSE='#'
+else
+  HAVE_WINDRES_TRUE='#'
+  HAVE_WINDRES_FALSE=
+fi
+
+
+if test "$curl_cv_native_windows" = "yes"; then
+  if test -z "$HAVE_WINDRES_TRUE"; then :
+  else
+  as_fn_error $? "windres not found in PATH. Windows builds require windres. Cannot continue." "$LINENO" 5
+fi
+fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to support http" >&5
 printf %s "checking whether to support http... " >&6; }
@@ -21170,7 +22034,7 @@ printf "%s\n" "found" >&6; }
         LIB_HYPER="-lhyper -ldl -lpthread -lm"
     if test X"$want_hyper" != Xdefault; then
       CPP_HYPER=-I"$want_hyper_path/capi/include"
-      LD_HYPER="-L$want_hyper_path/target/debug"
+      LD_HYPER="-L$want_hyper_path/target/release -L$want_hyper_path/target/debug"
     fi
   fi
   if test -n "$LIB_HYPER"; then
@@ -21186,7 +22050,7 @@ printf "%s\n" "$as_me: -L is $LD_HYPER" >&6;}
     LIBS="$LIB_HYPER $LIBS"
 
     if test "x$cross_compiling" != "xyes"; then
-      DIR_HYPER=`echo $LD_HYPER | $SED -e 's/^-L//'`
+            DIR_HYPER=`echo $LD_HYPER | $SED -e 's/^-L//' -e 's/ -L/:/g'`
     fi
 
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for hyper_io_new in -lhyper" >&5
@@ -21253,7 +22117,12 @@ fi
 done
 
 else $as_nop
-  as_fn_error $? "--with-hyper but hyper was not found. See docs/HYPER.md." "$LINENO" 5
+  for d in `echo $DIR_HYPER | $SED -e 's/:/ /'`; do
+        if test -f "$d/libhyper.a"; then
+          as_fn_error $? "hyper was found in $d but was probably built with wrong flags. See docs/HYPER.md." "$LINENO" 5
+        fi
+      done
+      as_fn_error $? "--with-hyper but hyper was not found. See docs/HYPER.md." "$LINENO" 5
 
 fi
 
@@ -22001,8 +22870,13 @@ printf %s "checking for gethostbyname for AmigaOS bsdsocket.library... " >&6; }
 /* end confdefs.h.  */
 
 
+  #define __USE_INLINE__
   #include <proto/bsdsocket.h>
+  #ifdef __amigaos4__
+  struct SocketIFace *ISocket = NULL;
+  #else
   struct Library *SocketBase = NULL;
+  #endif
 
 int main (void)
 {
@@ -22083,53 +22957,6 @@ fi
 
 fi
 
-if test "$HAVE_GETHOSTBYNAME" != "1"
-then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnet" >&5
-printf %s "checking for gethostbyname in -lnet... " >&6; }
-if test ${ac_cv_lib_net_gethostbyname+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnet  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#ifdef __cplusplus
-extern "C"
-#endif
-char gethostbyname ();
-int main (void)
-{
-return gethostbyname ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_lib_net_gethostbyname=yes
-else $as_nop
-  ac_cv_lib_net_gethostbyname=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_net_gethostbyname" >&5
-printf "%s\n" "$ac_cv_lib_net_gethostbyname" >&6; }
-if test "x$ac_cv_lib_net_gethostbyname" = xyes
-then :
-  HAVE_GETHOSTBYNAME="1"
-               LIBS="-lnet $LIBS"
-
-fi
-
-fi
-
-
 if test "$HAVE_GETHOSTBYNAME" != "1"; then
   as_fn_error $? "couldn't find libraries for gethostbyname()" "$LINENO" 5
 fi
@@ -22262,12 +23089,22 @@ printf "%s\n" "#define HAVE_WINSOCK2_H 1" >>confdefs.h
 
 curl_includes_bsdsocket="\
 /* includes start */
-#ifdef HAVE_PROTO_BSDSOCKET_H
+#if defined(HAVE_PROTO_BSDSOCKET_H)
+#  define __NO_NET_API
+#  define __USE_INLINE__
 #  include <proto/bsdsocket.h>
-  struct Library *SocketBase = NULL;
+#  ifdef HAVE_SYS_IOCTL_H
+#    include <sys/ioctl.h>
+#  endif
+#  ifdef __amigaos4__
+struct SocketIFace *ISocket = NULL;
+#  else
+struct Library *SocketBase = NULL;
+#  endif
+#  define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0)
 #endif
 /* includes end */"
-  ac_fn_c_check_header_compile "$LINENO" "proto/bsdsocket.h" "ac_cv_header_proto_bsdsocket_h" "      $curl_includes_bsdsocket
+  ac_fn_c_check_header_compile "$LINENO" "proto/bsdsocket.h" "ac_cv_header_proto_bsdsocket_h" "$curl_includes_bsdsocket
 "
 if test "x$ac_cv_header_proto_bsdsocket_h" = xyes
 then :
@@ -22478,10 +23315,68 @@ printf "%s\n" "$curl_cv_gclk_LIBS" >&6; }
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if monotonic clock_gettime works" >&5
 printf %s "checking if monotonic clock_gettime works... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#include <time.h>
+
+int main (void)
+{
+
+          struct timespec ts;
+          if (0 == clock_gettime(CLOCK_MONOTONIC, &ts))
+            exit(0);
+          else
+            exit(1);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: HAVE_CLOCK_GETTIME_MONOTONIC will not be defined" >&5
+printf "%s\n" "$as_me: WARNING: HAVE_CLOCK_GETTIME_MONOTONIC will not be defined" >&2;}
+        curl_func_clock_gettime="no"
+        LIBS="$curl_cv_save_LIBS"
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -22535,7 +23430,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
     fi
     #
@@ -22856,9 +23753,6 @@ printf "%s\n" "$as_me: WARNING: configure found only the libz header file, not t
   then
 
 
-printf "%s\n" "#define HAVE_ZLIB_H 1" >>confdefs.h
-
-
 printf "%s\n" "#define HAVE_LIBZ 1" >>confdefs.h
 
 
@@ -23616,77 +24510,6 @@ printf "%s\n" "#define HAVE_LDAP_H 1" >>confdefs.h
   esac
 
 
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ldapssl.h" >&5
-printf %s "checking for ldapssl.h... " >&6; }
-if test ${curl_cv_header_ldapssl_h+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#undef inline
-#ifdef HAVE_WINDOWS_H
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-#include <windows.h>
-#else
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#endif
-#ifndef NULL
-#define NULL (void *)0
-#endif
-#ifndef LDAP_DEPRECATED
-#define LDAP_DEPRECATED 1
-#endif
-#ifdef NEED_LBER_H
-#include <lber.h>
-#endif
-#ifdef HAVE_LDAP_H
-#include <ldap.h>
-#endif
-#include <ldapssl.h>
-
-int main (void)
-{
-
-        char *cert_label = NULL;
-        LDAP *ldp = ldap_ssl_init("dummy", LDAPS_PORT, cert_label);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      curl_cv_header_ldapssl_h="yes"
-
-else $as_nop
-
-      curl_cv_header_ldapssl_h="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ldapssl_h" >&5
-printf "%s\n" "$curl_cv_header_ldapssl_h" >&6; }
-  case "$curl_cv_header_ldapssl_h" in
-    yes)
-
-printf "%s\n" "#define HAVE_LDAPSSL_H 1" >>confdefs.h
-
-      ;;
-  esac
-
-
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ldap_ssl.h" >&5
 printf %s "checking for ldap_ssl.h... " >&6; }
 if test ${curl_cv_header_ldap_ssl_h+y}
@@ -24027,12 +24850,6 @@ then :
   printf "%s\n" "#define HAVE_LDAP_URL_PARSE 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "ldap_init_fd" "ac_cv_func_ldap_init_fd"
-if test "x$ac_cv_func_ldap_init_fd" = xyes
-then :
-  printf "%s\n" "#define HAVE_LDAP_INIT_FD 1" >>confdefs.h
-
-fi
 
 
   if test "$LDAPLIBNAME" = "wldap32"; then
@@ -24182,10 +24999,9 @@ fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if argv can be written to" >&5
 printf %s "checking if argv can be written to... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
 then :
   curl_cv_writable_argv=cross
 
@@ -24213,7 +25029,42 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
+then :
+  curl_cv_writable_argv=cross
+
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int main(int argc, char **argv)
+{
+  (void)argc;
+  argv[0][0] = ' ';
+  return (argv[0][0] == ' ')?0:1;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  curl_cv_writable_argv=yes
+
+else $as_nop
+  curl_cv_writable_argv=no
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
 case $curl_cv_writable_argv in
 yes)
@@ -24274,6 +25125,8 @@ then :
 fi
 
 
+: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"}
+
 save_CPPFLAGS="$CPPFLAGS"
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if GSS-API support is requested" >&5
 printf %s "checking if GSS-API support is requested... " >&6; }
@@ -24281,6 +25134,144 @@ if test x"$want_gss" = xyes; then
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
+  if test $GSSAPI_ROOT != "/usr"; then
+
+    if test -n "$PKG_CONFIG"; then
+      PKGCONFIG="$PKG_CONFIG"
+    else
+      if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKGCONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKGCONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKGCONFIG=$ac_cv_path_PKGCONFIG
+if test -n "$PKGCONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
+printf "%s\n" "$PKGCONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKGCONFIG"; then
+  ac_pt_PKGCONFIG=$PKGCONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKGCONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $ac_pt_PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKGCONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
+if test -n "$ac_pt_PKGCONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
+printf "%s\n" "$ac_pt_PKGCONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKGCONFIG" = x; then
+    PKGCONFIG="no"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKGCONFIG=$ac_pt_PKGCONFIG
+  fi
+else
+  PKGCONFIG="$ac_cv_path_PKGCONFIG"
+fi
+
+    fi
+
+    if test "x$PKGCONFIG" != "xno"; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for mit-krb5-gssapi options with pkg-config" >&5
+printf %s "checking for mit-krb5-gssapi options with pkg-config... " >&6; }
+            itexists=`
+    if test -n "$GSSAPI_ROOT/lib/pkgconfig"; then
+      PKG_CONFIG_LIBDIR="$GSSAPI_ROOT/lib/pkgconfig"
+      export PKG_CONFIG_LIBDIR
+    fi
+         $PKGCONFIG --exists mit-krb5-gssapi >/dev/null 2>&1 && echo 1`
+
+      if test -z "$itexists"; then
+                        PKGCONFIG="no"
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      else
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: found" >&5
+printf "%s\n" "found" >&6; }
+      fi
+    fi
+
+  else
 
     if test -n "$PKG_CONFIG"; then
       PKGCONFIG="$PKG_CONFIG"
@@ -24417,11 +25408,14 @@ printf "%s\n" "found" >&6; }
       fi
     fi
 
+  fi
   if test -z "$GSSAPI_INCS"; then
      if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
         GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
      elif test "$PKGCONFIG" != "no" ; then
         GSSAPI_INCS=`$PKGCONFIG --cflags mit-krb5-gssapi`
+     elif test -f "$KRB5CONFIG"; then
+        GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi`
      elif test "$GSSAPI_ROOT" != "yes"; then
         GSSAPI_INCS="-I$GSSAPI_ROOT/include"
      fi
@@ -24561,6 +25555,144 @@ printf "%s\n" "#define HAVE_GSSAPI 1" >>confdefs.h
         LIBS="-lgssapi_krb5 -lresolv $LIBS"
         ;;
      *)
+        if test $GSSAPI_ROOT != "/usr"; then
+
+    if test -n "$PKG_CONFIG"; then
+      PKGCONFIG="$PKG_CONFIG"
+    else
+      if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKGCONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKGCONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKGCONFIG=$ac_cv_path_PKGCONFIG
+if test -n "$PKGCONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
+printf "%s\n" "$PKGCONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKGCONFIG"; then
+  ac_pt_PKGCONFIG=$PKGCONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKGCONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $ac_pt_PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKGCONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
+if test -n "$ac_pt_PKGCONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
+printf "%s\n" "$ac_pt_PKGCONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKGCONFIG" = x; then
+    PKGCONFIG="no"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKGCONFIG=$ac_pt_PKGCONFIG
+  fi
+else
+  PKGCONFIG="$ac_cv_path_PKGCONFIG"
+fi
+
+    fi
+
+    if test "x$PKGCONFIG" != "xno"; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for mit-krb5-gssapi options with pkg-config" >&5
+printf %s "checking for mit-krb5-gssapi options with pkg-config... " >&6; }
+            itexists=`
+    if test -n "$GSSAPI_ROOT/lib/pkgconfig"; then
+      PKG_CONFIG_LIBDIR="$GSSAPI_ROOT/lib/pkgconfig"
+      export PKG_CONFIG_LIBDIR
+    fi
+         $PKGCONFIG --exists mit-krb5-gssapi >/dev/null 2>&1 && echo 1`
+
+      if test -z "$itexists"; then
+                        PKGCONFIG="no"
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      else
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: found" >&5
+printf "%s\n" "found" >&6; }
+      fi
+    fi
+
+        else
 
     if test -n "$PKG_CONFIG"; then
       PKGCONFIG="$PKG_CONFIG"
@@ -24697,12 +25829,16 @@ printf "%s\n" "found" >&6; }
       fi
     fi
 
+        fi
         if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
                                  gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi`
            LIBS="$gss_libs $LIBS"
         elif test "$PKGCONFIG" != "no" ; then
            gss_libs=`$PKGCONFIG --libs mit-krb5-gssapi`
            LIBS="$gss_libs $LIBS"
+        elif test -f "$KRB5CONFIG"; then
+                                 gss_libs=`$KRB5CONFIG --libs gssapi`
+           LIBS="$gss_libs $LIBS"
         else
            case $host in
            *-hp-hpux*)
@@ -24737,6 +25873,53 @@ else
   CPPFLAGS="$save_CPPFLAGS"
 fi
 
+if test x"$want_gss" = xyes; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can link against GSS-API library" >&5
+printf %s "checking if we can link against GSS-API library... " >&6; }
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#define gss_init_sec_context innocuous_gss_init_sec_context
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+#undef gss_init_sec_context
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_init_sec_context ();
+#if defined __stub_gss_init_sec_context || defined __stub___gss_init_sec_context
+choke me
+#endif
+
+int main (void)
+{
+return gss_init_sec_context ();
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+else $as_nop
+
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+    as_fn_error $? "--with-gssapi was specified, but a GSS-API library was not found." "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
 build_libstubgss=no
 if test x"$want_gss" = "xyes"; then
   build_libstubgss=yes
@@ -24836,28 +26019,101 @@ fi
 
 
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable Amiga native SSL/TLS (AmiSSL)" >&5
-printf %s "checking whether to enable Amiga native SSL/TLS (AmiSSL)... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable Amiga native SSL/TLS (AmiSSL v5)" >&5
+printf %s "checking whether to enable Amiga native SSL/TLS (AmiSSL v5)... " >&6; }
 if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then
   if test "x$OPT_AMISSL" != xno; then
     ssl_msg=
-    if test "x$OPT_AMISSL" != "xno"; then
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        #include <libraries/amisslmaster.h>
+        #include <openssl/opensslv.h>
+
+int main (void)
+{
+
+        #if defined(AMISSL_CURRENT_VERSION) && (AMISSL_CURRENT_VERSION >= AMISSL_V303) && \
+            defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) && \
+            defined(PROTO_AMISSL_H)
+        return 0;
+        #else
+        #error not AmiSSL v5 / OpenSSL 3
+        #endif
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
       ssl_msg="AmiSSL"
       test amissl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
       AMISSL_ENABLED=1
-      LIBS="-lamisslauto $LIBS"
+      OPENSSL_ENABLED=1
+      # Use AmiSSL's built-in ca bundle
+      check_for_ca_bundle=1
+      with_ca_fallback=yes
+      LIBS="-lamisslstubs -lamisslauto $LIBS"
 
 printf "%s\n" "#define USE_AMISSL 1" >>confdefs.h
 
 
 printf "%s\n" "#define USE_OPENSSL 1" >>confdefs.h
 
-    else
+
+printf "%s\n" "#define HAVE_OPENSSL3 1" >>confdefs.h
+
+      ac_fn_c_check_header_compile "$LINENO" "openssl/x509.h" "ac_cv_header_openssl_x509_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_x509_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_OPENSSL_X509_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "openssl/rsa.h" "ac_cv_header_openssl_rsa_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_rsa_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_OPENSSL_RSA_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "openssl/crypto.h" "ac_cv_header_openssl_crypto_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_crypto_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_OPENSSL_CRYPTO_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "openssl/pem.h" "ac_cv_header_openssl_pem_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_pem_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_OPENSSL_PEM_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_ssl_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_OPENSSL_SSL_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "openssl/err.h" "ac_cv_header_openssl_err_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_err_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_OPENSSL_ERR_H 1" >>confdefs.h
+
+fi
+
+
+else $as_nop
+
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    fi
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
   else
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
@@ -24950,7 +26206,6 @@ printf "%s\n" "$as_me: PKG_CONFIG_LIBDIR will be set to \"$OPENSSL_PCDIR\"" >&6;
       SSL_LDFLAGS="-L$LIB_OPENSSL"
       SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
     fi
-    SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl"
     ;;
   esac
 
@@ -25180,7 +26435,7 @@ else $as_nop
      fi
      if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
        # only set this if pkg-config wasn't used
-       CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
+       CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include"
      fi
      # Linking previously failed, try extra paths from --with-openssl or
      # pkg-config.  Use a different function name to avoid reusing the earlier
@@ -25497,18 +26752,6 @@ then :
   printf "%s\n" "#define HAVE_RAND_EGD 1" >>confdefs.h
 
 fi
-ac_fn_c_check_func "$LINENO" "SSLv2_client_method" "ac_cv_func_SSLv2_client_method"
-if test "x$ac_cv_func_SSLv2_client_method" = xyes
-then :
-  printf "%s\n" "#define HAVE_SSLV2_CLIENT_METHOD 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "OpenSSL_version" "ac_cv_func_OpenSSL_version"
-if test "x$ac_cv_func_OpenSSL_version" = xyes
-then :
-  printf "%s\n" "#define HAVE_OPENSSL_VERSION 1" >>confdefs.h
-
-fi
 
 
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BoringSSL" >&5
@@ -25615,7 +26858,6 @@ printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_OPENSSL3 1" >>confdefs.h
 
-                              CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED"
       ssl_msg="OpenSSL v3+"
 
 else $as_nop
@@ -25636,778 +26878,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
 printf "%s\n" "$as_me: Added $LIB_OPENSSL to CURL_LIBRARY_PATH" >&6;}
        fi
     fi
-
-  #
-
-  #
-  tst_api="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL headers version" >&5
-printf %s "checking for OpenSSL headers version... " >&6; }
-
-    OLDCPPFLAGS=$CPPFLAGS
-  # CPPPFLAG comes from CURL_CPP_P
-  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
-      if test -z "$SED"; then
-    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
-  fi
-  if test -z "$GREP"; then
-    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
-  fi
-
-  tmp_exp=""
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#   ifdef USE_OPENSSL
-#     include <openssl/crypto.h>
-#   else
-#     include <crypto.h>
-#   endif
-
-#ifdef OPENSSL_VERSION_NUMBER
-CURL_DEF_TOKEN OPENSSL_VERSION_NUMBER
-#endif
-
-
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-    tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \
-      "$GREP" CURL_DEF_TOKEN 2>/dev/null | \
-      "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \
-      "$SED" 's/["][ ]*["]//g' 2>/dev/null`
-    if test -z "$tmp_exp" || test "$tmp_exp" = "OPENSSL_VERSION_NUMBER"; then
-      tmp_exp=""
-    fi
-
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-  if test -z "$tmp_exp"; then
-    curl_cv_have_def_OPENSSL_VERSION_NUMBER=no
-
-  else
-    curl_cv_have_def_OPENSSL_VERSION_NUMBER=yes
-    curl_cv_def_OPENSSL_VERSION_NUMBER=$tmp_exp
-
-  fi
-      CPPFLAGS=$OLDCPPFLAGS
-
-
-    OLDCPPFLAGS=$CPPFLAGS
-  # CPPPFLAG comes from CURL_CPP_P
-  CPPFLAGS="$CPPFLAGS $CPPPFLAG"
-      if test -z "$SED"; then
-    as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5
-  fi
-  if test -z "$GREP"; then
-    as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5
-  fi
-
-  tmp_exp=""
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#     include <openssl/crypto.h>
-
-#ifdef OPENSSL_VERSION_STR
-CURL_DEF_TOKEN OPENSSL_VERSION_STR
-#endif
-
-
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-    tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \
-      "$GREP" CURL_DEF_TOKEN 2>/dev/null | \
-      "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \
-      "$SED" 's/["][ ]*["]//g' 2>/dev/null`
-    if test -z "$tmp_exp" || test "$tmp_exp" = "OPENSSL_VERSION_STR"; then
-      tmp_exp=""
-    fi
-
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-  if test -z "$tmp_exp"; then
-    curl_cv_have_def_OPENSSL_VERSION_STR=no
-
-  else
-    curl_cv_have_def_OPENSSL_VERSION_STR=yes
-    curl_cv_def_OPENSSL_VERSION_STR=$tmp_exp
-
-  fi
-      CPPFLAGS=$OLDCPPFLAGS
-
-  if test "$curl_cv_have_def_OPENSSL_VERSION_NUMBER" = "yes"; then
-    tst_verlen=`expr "$curl_cv_def_OPENSSL_VERSION_NUMBER" : '.*'`
-    case "x$tst_verlen" in
-      x6)
-        tst_vermaj=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 3`
-        tst_vermin=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 4`
-        tst_verfix=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 5`
-        tst_api=0x$tst_vermaj$tst_vermin$tst_verfix
-        ;;
-      x11|x10)
-        tst_vermaj=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 3`
-        tst_vermin=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 5`
-        tst_verfix=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 7`
-        tst_api=0x$tst_vermaj$tst_vermin$tst_verfix
-        ;;
-      *)
-        if test "$curl_cv_have_def_OPENSSL_VERSION_STR" = "yes"; then
-          ver=`echo $curl_cv_def_OPENSSL_VERSION_STR | sed 's/"//g'`;
-          tst_vermaj=`echo $ver | cut -d. -f1`
-          tst_vermin=`echo $ver | cut -d. -f2`
-          tst_verfix=`echo $ver | cut -d. -f3`
-          tst_show="$ver"
-          tst_api=0x$tst_vermaj$tst_vermin$tst_verfix
-        else
-          tst_api="unknown"
-        fi
-        ;;
-    esac
-    case $tst_api in
-      0x111) tst_show="1.1.1" ;;
-      0x110) tst_show="1.1.0" ;;
-      0x102) tst_show="1.0.2" ;;
-      0x101) tst_show="1.0.1" ;;
-      0x100) tst_show="1.0.0" ;;
-      0x099) tst_show="0.9.9" ;;
-      0x098) tst_show="0.9.8" ;;
-      0x097) tst_show="0.9.7" ;;
-      0x096) tst_show="0.9.6" ;;
-      0x095) tst_show="0.9.5" ;;
-      0x094) tst_show="0.9.4" ;;
-      0x093) tst_show="0.9.3" ;;
-      0x092) tst_show="0.9.2" ;;
-      0x091) tst_show="0.9.1" ;;
-      *)
-      if test -z "$tst_show"; then
-        tst_show="unknown"
-      fi
-      ;;
-    esac
-    tst_show="$tst_show - $tst_api"
-  else
-    tst_show="unknown"
-  fi
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tst_show" >&5
-printf "%s\n" "$tst_show" >&6; }
-  #
-  curl_openssl_api_headers=$tst_api
-
-
-  #
-  tst_api="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL library version" >&5
-printf %s "checking for OpenSSL library version... " >&6; }
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_CTX_load_verify_dir innocuous_SSL_CTX_load_verify_dir
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_CTX_load_verify_dir
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_load_verify_dir ();
-#if defined __stub_SSL_CTX_load_verify_dir || defined __stub___SSL_CTX_load_verify_dir
-choke me
-#endif
-
-int main (void)
-{
-return SSL_CTX_load_verify_dir ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x300"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define ERR_clear_last_mark innocuous_ERR_clear_last_mark
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef ERR_clear_last_mark
-#ifdef __cplusplus
-extern "C"
-#endif
-char ERR_clear_last_mark ();
-#if defined __stub_ERR_clear_last_mark || defined __stub___ERR_clear_last_mark
-choke me
-#endif
-
-int main (void)
-{
-return ERR_clear_last_mark ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x111"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    case $host in
-      *-*-vms*)
-        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_CTX_set_not_resumbl_sess_cb innocuous_SSL_CTX_set_not_resumbl_sess_cb
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_CTX_set_not_resumbl_sess_cb
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_set_not_resumbl_sess_cb ();
-#if defined __stub_SSL_CTX_set_not_resumbl_sess_cb || defined __stub___SSL_CTX_set_not_resumbl_sess_cb
-choke me
-#endif
-
-int main (void)
-{
-return SSL_CTX_set_not_resumbl_sess_cb ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-          tst_api="0x110"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-        ;;
-      *)
-        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_CTX_set_not_resumable_session_callback innocuous_SSL_CTX_set_not_resumable_session_callback
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_CTX_set_not_resumable_session_callback
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_set_not_resumable_session_callback ();
-#if defined __stub_SSL_CTX_set_not_resumable_session_callback || defined __stub___SSL_CTX_set_not_resumable_session_callback
-choke me
-#endif
-
-int main (void)
-{
-return SSL_CTX_set_not_resumable_session_callback ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-          tst_api="0x110"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-        ;;
-    esac
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_CONF_CTX_new innocuous_SSL_CONF_CTX_new
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_CONF_CTX_new
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CONF_CTX_new ();
-#if defined __stub_SSL_CONF_CTX_new || defined __stub___SSL_CONF_CTX_new
-choke me
-#endif
-
-int main (void)
-{
-return SSL_CONF_CTX_new ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x102"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_renegotiate_abbreviated innocuous_SSL_renegotiate_abbreviated
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_renegotiate_abbreviated
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_renegotiate_abbreviated ();
-#if defined __stub_SSL_renegotiate_abbreviated || defined __stub___SSL_renegotiate_abbreviated
-choke me
-#endif
-
-int main (void)
-{
-return SSL_renegotiate_abbreviated ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x101"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define OBJ_add_sigid innocuous_OBJ_add_sigid
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef OBJ_add_sigid
-#ifdef __cplusplus
-extern "C"
-#endif
-char OBJ_add_sigid ();
-#if defined __stub_OBJ_add_sigid || defined __stub___OBJ_add_sigid
-choke me
-#endif
-
-int main (void)
-{
-return OBJ_add_sigid ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x100"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define ERR_set_mark innocuous_ERR_set_mark
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef ERR_set_mark
-#ifdef __cplusplus
-extern "C"
-#endif
-char ERR_set_mark ();
-#if defined __stub_ERR_set_mark || defined __stub___ERR_set_mark
-choke me
-#endif
-
-int main (void)
-{
-return ERR_set_mark ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x098"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define ERR_peek_last_error innocuous_ERR_peek_last_error
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef ERR_peek_last_error
-#ifdef __cplusplus
-extern "C"
-#endif
-char ERR_peek_last_error ();
-#if defined __stub_ERR_peek_last_error || defined __stub___ERR_peek_last_error
-choke me
-#endif
-
-int main (void)
-{
-return ERR_peek_last_error ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x097"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define c2i_ASN1_OBJECT innocuous_c2i_ASN1_OBJECT
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef c2i_ASN1_OBJECT
-#ifdef __cplusplus
-extern "C"
-#endif
-char c2i_ASN1_OBJECT ();
-#if defined __stub_c2i_ASN1_OBJECT || defined __stub___c2i_ASN1_OBJECT
-choke me
-#endif
-
-int main (void)
-{
-return c2i_ASN1_OBJECT ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x096"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_CTX_set_purpose innocuous_SSL_CTX_set_purpose
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_CTX_set_purpose
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_set_purpose ();
-#if defined __stub_SSL_CTX_set_purpose || defined __stub___SSL_CTX_set_purpose
-choke me
-#endif
-
-int main (void)
-{
-return SSL_CTX_set_purpose ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x095"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define OBJ_obj2txt innocuous_OBJ_obj2txt
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef OBJ_obj2txt
-#ifdef __cplusplus
-extern "C"
-#endif
-char OBJ_obj2txt ();
-#if defined __stub_OBJ_obj2txt || defined __stub___OBJ_obj2txt
-choke me
-#endif
-
-int main (void)
-{
-return OBJ_obj2txt ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x094"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_get_verify_depth innocuous_SSL_get_verify_depth
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_get_verify_depth
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_get_verify_depth ();
-#if defined __stub_SSL_get_verify_depth || defined __stub___SSL_get_verify_depth
-choke me
-#endif
-
-int main (void)
-{
-return SSL_get_verify_depth ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x093"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_library_init innocuous_SSL_library_init
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_library_init
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_library_init ();
-#if defined __stub_SSL_library_init || defined __stub___SSL_library_init
-choke me
-#endif
-
-int main (void)
-{
-return SSL_library_init ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x092"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  if test "$tst_api" = "unknown"; then
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define SSL_CTX_set_cipher_list innocuous_SSL_CTX_set_cipher_list
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef SSL_CTX_set_cipher_list
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_set_cipher_list ();
-#if defined __stub_SSL_CTX_set_cipher_list || defined __stub___SSL_CTX_set_cipher_list
-choke me
-#endif
-
-int main (void)
-{
-return SSL_CTX_set_cipher_list ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-      tst_api="0x091"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  fi
-  case $tst_api in
-    0x300) tst_show="3.0.0" ;;
-    0x111) tst_show="1.1.1" ;;
-    0x110) tst_show="1.1.0" ;;
-    0x102) tst_show="1.0.2" ;;
-    0x101) tst_show="1.0.1" ;;
-    0x100) tst_show="1.0.0" ;;
-    0x099) tst_show="0.9.9" ;;
-    0x098) tst_show="0.9.8" ;;
-    0x097) tst_show="0.9.7" ;;
-    0x096) tst_show="0.9.6" ;;
-    0x095) tst_show="0.9.5" ;;
-    0x094) tst_show="0.9.4" ;;
-    0x093) tst_show="0.9.3" ;;
-    0x092) tst_show="0.9.2" ;;
-    0x091) tst_show="0.9.1" ;;
-    *)     tst_show="unknown" ;;
-  esac
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tst_show" >&5
-printf "%s\n" "$tst_show" >&6; }
-  #
-  curl_openssl_api_library=$tst_api
-
-  #
-  tst_match="yes"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL headers and library versions matching" >&5
-printf %s "checking for OpenSSL headers and library versions matching... " >&6; }
-  if test "$curl_openssl_api_headers" = "unknown" ||
-    test "$curl_openssl_api_library" = "unknown"; then
-    tst_match="fail"
-    tst_warns="Can not compare OpenSSL headers and library versions."
-  elif test "$curl_openssl_api_headers" != "$curl_openssl_api_library"; then
-    tst_match="no"
-    tst_warns="OpenSSL headers and library versions do not match."
-  fi
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tst_match" >&5
-printf "%s\n" "$tst_match" >&6; }
-  if test "$tst_match" != "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $tst_warns" >&5
-printf "%s\n" "$as_me: WARNING: $tst_warns" >&2;}
-  fi
-
     check_for_ca_bundle=1
   fi
 
@@ -26487,53 +26957,45 @@ printf "%s\n" "#define RANDOM_FILE \"$RANDOM_FILE\"" >>confdefs.h
 fi
 
 if test "$OPENSSL_ENABLED" = "1"; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SRP_Calc_client_key in -lcrypto" >&5
-printf %s "checking for SRP_Calc_client_key in -lcrypto... " >&6; }
-if test ${ac_cv_lib_crypto_SRP_Calc_client_key+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypto  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SRP support in OpenSSL" >&5
+printf %s "checking for SRP support in OpenSSL... " >&6; }
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 
-#ifdef __cplusplus
-extern "C"
-#endif
-char SRP_Calc_client_key ();
+#include <openssl/ssl.h>
+
 int main (void)
 {
-return SRP_Calc_client_key ();
+
+      SSL_CTX_set_srp_username(NULL, "");
+      SSL_CTX_set_srp_password(NULL, "");
+
  ;
  return 0;
 }
+
 _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_lib_crypto_SRP_Calc_client_key=yes
-else $as_nop
-  ac_cv_lib_crypto_SRP_Calc_client_key=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_SRP_Calc_client_key" >&5
-printf "%s\n" "$ac_cv_lib_crypto_SRP_Calc_client_key" >&6; }
-if test "x$ac_cv_lib_crypto_SRP_Calc_client_key" = xyes
-then :
 
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
 
 printf "%s\n" "#define HAVE_OPENSSL_SRP 1" >>confdefs.h
 
-     HAVE_OPENSSL_SRP=1
+    HAVE_OPENSSL_SRP=1
 
 
-fi
+else $as_nop
+
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
 
 fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+fi
 
 if test X"$OPENSSL_ENABLED" = X"1"; then
 # Check whether --enable-openssl-auto-load-config was given.
@@ -27361,6 +27823,7 @@ printf %s "checking for wolfSSL_Init in -lwolfssl... " >&6; }
    They are set up properly later if it is detected.  */
 #undef SIZEOF_LONG
 #undef SIZEOF_LONG_LONG
+#include <wolfssl/options.h>
 #include <wolfssl/ssl.h>
 
 int main (void)
@@ -27407,14 +27870,13 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
 printf "%s\n" "$as_me: detected wolfSSL" >&6;}
       check_for_ca_bundle=1
 
-            { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long long" >&5
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long long" >&5
 printf %s "checking size of long long... " >&6; }
-if test ${ac_cv_sizeof_long_long+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  r=0
+    for typesize in 8 4 2 16 1; do
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <sys/types.h>
@@ -27422,28 +27884,39 @@ else $as_nop
 
 int main (void)
 {
-switch (0) case 0: case (sizeof (long long) == $ac_size):;
+switch(0) {
+       case 0:
+       case (sizeof(long long) == $typesize):;
+     }
+
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sizeof_long_long=$ac_size
+
+       r=$typesize
+else $as_nop
+
+       r=0
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_long_long != x ; then break; fi
-done
+        if test $r -gt 0; then
+      break;
+    fi
+  done
+  if test $r -eq 0; then
+    as_fn_error $? "Failed to find size of long long" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $r" >&5
+printf "%s\n" "$r" >&6; }
+    tname=$(echo "ac_cv_sizeof_long long" | tr A-Z a-z | tr " " "_")
+  eval "$tname=$r"
 
-fi
 
-if test x$ac_cv_sizeof_long_long = x ; then
-  as_fn_error $? "cannot determine a size for long long" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long" >&5
-printf "%s\n" "$ac_cv_sizeof_long_long" >&6; }
+printf "%s\n" "#define SIZEOF_LONG_LONG $r" >>confdefs.h
 
-printf "%s\n" "#define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long" >>confdefs.h
 
 
 
@@ -27470,193 +27943,35 @@ then :
 
 printf "%s\n" "#define HAVE_WOLFSSL_DES_ECB_ENCRYPT 1" >>confdefs.h
 
-            if test -n "$addcflags"; then
-                            for f in $addcflags; do
-                CPPFLAGS="$f/wolfssl $CPPFLAGS"
-                { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Add $f/wolfssl to CPPFLAGS" >&5
-printf "%s\n" "$as_me: Add $f/wolfssl to CPPFLAGS" >&6;}
-                break
-              done
-            else
-                                          CPPFLAGS="-I/usr/include/wolfssl $CPPFLAGS"
-              { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Add /usr/include/wolfssl to CPPFLAGS" >&5
-printf "%s\n" "$as_me: Add /usr/include/wolfssl to CPPFLAGS" >&6;}
-            fi
             WOLFSSL_NTLM=1
 
 
 fi
 
 
-      if test -n "$wolfssllibpath"; then
-                                        if test "x$cross_compiling" != "xyes"; then
-          CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath"
-          export CURL_LIBRARY_PATH
-          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $wolfssllibpath to CURL_LIBRARY_PATH" >&5
-printf "%s\n" "$as_me: Added $wolfssllibpath to CURL_LIBRARY_PATH" >&6;}
-        fi
-      fi
-
-    fi
-
-  fi
-  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
-fi
-
-
-
-
-if test "x$OPT_MESALINK" != xno; then
-  _cppflags=$CPPFLAGS
-  _ldflags=$LDFLAGS
-  ssl_msg=
-
-  if test X"$OPT_MESALINK" != Xno; then
-
-    if test "$OPT_MESALINK" = "yes"; then
-      OPT_MESALINK=""
-    fi
-
-    if test -z "$OPT_MESALINK" ; then
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for mesalink_library_init in -lmesalink" >&5
-printf %s "checking for mesalink_library_init in -lmesalink... " >&6; }
-if test ${ac_cv_lib_mesalink_mesalink_library_init+y}
+            ac_fn_c_check_func "$LINENO" "wolfSSL_BIO_set_shutdown" "ac_cv_func_wolfSSL_BIO_set_shutdown"
+if test "x$ac_cv_func_wolfSSL_BIO_set_shutdown" = xyes
 then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lmesalink  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#ifdef __cplusplus
-extern "C"
-#endif
-char mesalink_library_init ();
-int main (void)
-{
-return mesalink_library_init ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_lib_mesalink_mesalink_library_init=yes
-else $as_nop
-  ac_cv_lib_mesalink_mesalink_library_init=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_mesalink_mesalink_library_init" >&5
-printf "%s\n" "$ac_cv_lib_mesalink_mesalink_library_init" >&6; }
-if test "x$ac_cv_lib_mesalink_mesalink_library_init" = xyes
-then :
-
-
-printf "%s\n" "#define USE_MESALINK 1" >>confdefs.h
-
-         USE_MESALINK=1
-
-         MESALINK_ENABLED=1
-         USE_MESALINK="yes"
-         ssl_msg="MesaLink"
-	 test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-
-fi
-
-    fi
-
-    addld=""
-    addlib=""
-    addcflags=""
-    mesalinklib=""
-
-    if test "x$USE_MESALINK" != "xyes"; then
-            addld=-L$OPT_MESALINK/lib$libsuff
-      addcflags=-I$OPT_MESALINK/include
-      mesalinklib=$OPT_MESALINK/lib$libsuff
-
-      LDFLAGS="$LDFLAGS $addld"
-      if test "$addcflags" != "-I/usr/include"; then
-         CPPFLAGS="$CPPFLAGS $addcflags"
-      fi
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for mesalink_library_init in -lmesalink" >&5
-printf %s "checking for mesalink_library_init in -lmesalink... " >&6; }
-if test ${ac_cv_lib_mesalink_mesalink_library_init+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lmesalink  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#ifdef __cplusplus
-extern "C"
-#endif
-char mesalink_library_init ();
-int main (void)
-{
-return mesalink_library_init ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-  ac_cv_lib_mesalink_mesalink_library_init=yes
-else $as_nop
-  ac_cv_lib_mesalink_mesalink_library_init=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_mesalink_mesalink_library_init" >&5
-printf "%s\n" "$ac_cv_lib_mesalink_mesalink_library_init" >&6; }
-if test "x$ac_cv_lib_mesalink_mesalink_library_init" = xyes
-then :
-
 
-printf "%s\n" "#define USE_MESALINK 1" >>confdefs.h
 
-       USE_MESALINK=1
+printf "%s\n" "#define HAVE_WOLFSSL_FULL_BIO 1" >>confdefs.h
 
-       MESALINK_ENABLED=1
-       USE_MESALINK="yes"
-       ssl_msg="MesaLink"
-       test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
+            WOLFSSL_FULL_BIO=1
 
-else $as_nop
-
-         CPPFLAGS=$_cppflags
-         LDFLAGS=$_ldflags
 
 fi
 
-    fi
-
-    if test "x$USE_MESALINK" = "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: detected MesaLink" >&5
-printf "%s\n" "$as_me: detected MesaLink" >&6;}
 
-      LIBS="-lmesalink $LIBS"
-
-      if test -n "$mesalinklib"; then
+      if test -n "$wolfssllibpath"; then
                                         if test "x$cross_compiling" != "xyes"; then
-          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mesalinklib"
-          export LD_LIBRARY_PATH
-          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $mesalinklib to LD_LIBRARY_PATH" >&5
-printf "%s\n" "$as_me: Added $mesalinklib to LD_LIBRARY_PATH" >&6;}
+          CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath"
+          export CURL_LIBRARY_PATH
+          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $wolfssllibpath to CURL_LIBRARY_PATH" >&5
+printf "%s\n" "$as_me: Added $wolfssllibpath to CURL_LIBRARY_PATH" >&6;}
         fi
       fi
+    else
+        as_fn_error $? "--with-wolfssl but wolfSSL was not found or doesn't work" "$LINENO" 5
     fi
 
   fi
@@ -27665,6 +27980,7 @@ fi
 
 
 
+
 if test "x$OPT_BEARSSL" != xno; then
   _cppflags=$CPPFLAGS
   _ldflags=$LDFLAGS
@@ -27836,16 +28152,24 @@ if test "x$OPT_RUSTLS" != xno; then
       OPT_RUSTLS=""
     fi
 
+    case $host_os in
+      darwin*)
+        LDFLAGS="$LDFLAGS -framework Security"
+        ;;
+      *)
+        ;;
+    esac
+
     if test -z "$OPT_RUSTLS" ; then
 
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for rustls_client_session_read in -lcrustls" >&5
-printf %s "checking for rustls_client_session_read in -lcrustls... " >&6; }
-if test ${ac_cv_lib_crustls_rustls_client_session_read+y}
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for rustls_client_session_read in -lrustls" >&5
+printf %s "checking for rustls_client_session_read in -lrustls... " >&6; }
+if test ${ac_cv_lib_rustls_rustls_client_session_read+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrustls -lpthread -ldl $LIBS"
+LIBS="-lrustls -lpthread -ldl -lm $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -27863,17 +28187,17 @@ return rustls_client_session_read ();
 _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_lib_crustls_rustls_client_session_read=yes
+  ac_cv_lib_rustls_rustls_client_session_read=yes
 else $as_nop
-  ac_cv_lib_crustls_rustls_client_session_read=no
+  ac_cv_lib_rustls_rustls_client_session_read=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crustls_rustls_client_session_read" >&5
-printf "%s\n" "$ac_cv_lib_crustls_rustls_client_session_read" >&6; }
-if test "x$ac_cv_lib_crustls_rustls_client_session_read" = xyes
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rustls_rustls_client_session_read" >&5
+printf "%s\n" "$ac_cv_lib_rustls_rustls_client_session_read" >&6; }
+if test "x$ac_cv_lib_rustls_rustls_client_session_read" = xyes
 then :
 
 
@@ -27890,11 +28214,6 @@ fi
 
     fi
 
-    addld=""
-    addlib="-lpthread"
-    addcflags=""
-    bearssllib=""
-
     if test "x$USE_RUSTLS" != "xyes"; then
             addld=-L$OPT_RUSTLS/lib$libsuff
       addcflags=-I$OPT_RUSTLS/include
@@ -27905,14 +28224,14 @@ fi
          CPPFLAGS="$CPPFLAGS $addcflags"
       fi
 
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for rustls_connection_read in -lcrustls" >&5
-printf %s "checking for rustls_connection_read in -lcrustls... " >&6; }
-if test ${ac_cv_lib_crustls_rustls_connection_read+y}
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for rustls_connection_read in -lrustls" >&5
+printf %s "checking for rustls_connection_read in -lrustls... " >&6; }
+if test ${ac_cv_lib_rustls_rustls_connection_read+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrustls -lpthread -ldl $LIBS"
+LIBS="-lrustls -lpthread -ldl -lm $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -27930,17 +28249,17 @@ return rustls_connection_read ();
 _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_lib_crustls_rustls_connection_read=yes
+  ac_cv_lib_rustls_rustls_connection_read=yes
 else $as_nop
-  ac_cv_lib_crustls_rustls_connection_read=no
+  ac_cv_lib_rustls_rustls_connection_read=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crustls_rustls_connection_read" >&5
-printf "%s\n" "$ac_cv_lib_crustls_rustls_connection_read" >&6; }
-if test "x$ac_cv_lib_crustls_rustls_connection_read" = xyes
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rustls_rustls_connection_read" >&5
+printf "%s\n" "$ac_cv_lib_rustls_rustls_connection_read" >&6; }
+if test "x$ac_cv_lib_rustls_rustls_connection_read" = xyes
 then :
 
 
@@ -27964,7 +28283,7 @@ fi
 printf "%s\n" "$as_me: detected rustls" >&6;}
       check_for_ca_bundle=1
 
-      LIBS="-lcrustls -lpthread -ldl $LIBS"
+      LIBS="-lrustls -lpthread -ldl -lm $LIBS"
 
       if test -n "$rustlslib"; then
                                         if test "x$cross_compiling" != "xyes"; then
@@ -28438,13 +28757,16 @@ if test "x$USE_WIN32_CRYPTO" = "x1" -o "x$USE_SCHANNEL" = "x1"; then
   LIBS="-ladvapi32 -lcrypt32 $LIBS"
 fi
 
-case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED$RUSTLS_ENABLED"
+if test "x$curl_cv_native_windows" = "xyes" &&
+   test "x$curl_mingw_original" = "xno"; then
+  LIBS="-lbcrypt $LIBS"
+fi
+
+case "x$SSL_DISABLED$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$BEARSSL_ENABLED$RUSTLS_ENABLED"
 in
 x)
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&5
-printf "%s\n" "$as_me: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&2;}
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl, --with-bearssl or --with-rustls to address this." >&5
-printf "%s\n" "$as_me: WARNING: Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl, --with-bearssl or --with-rustls to address this." >&2;}
+  as_fn_error $? "TLS not detected, you will not be able to use HTTPS, FTPS, NTLM and more.
+Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl or --with-rustls to address this." "$LINENO" 5
   ;;
 x1)
   # one SSL backend is enabled
@@ -28453,6 +28775,14 @@ x1)
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: built with one SSL backend" >&5
 printf "%s\n" "$as_me: built with one SSL backend" >&6;}
   ;;
+xD)
+  # explicitly built without TLS
+  ;;
+xD*)
+  as_fn_error $? "--without-ssl has been set together with an explicit option to use an ssl library
+(e.g. --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl, --with-rustls).
+Since these are conflicting parameters, verify which is the desired one and drop the other." "$LINENO" 5
+  ;;
 *)
   # more than one SSL backend is enabled
 
@@ -29085,13 +29415,10 @@ then :
 fi
 
 
-         for ac_header in libssh2.h
-do :
   ac_fn_c_check_header_compile "$LINENO" "libssh2.h" "ac_cv_header_libssh2_h" "$ac_includes_default"
 if test "x$ac_cv_header_libssh2_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_LIBSSH2_H 1" >>confdefs.h
- curl_ssh_msg="enabled (libSSH2)"
+  curl_ssh_msg="enabled (libSSH2)"
     LIBSSH2_ENABLED=1
 
 printf "%s\n" "#define USE_LIBSSH2 1" >>confdefs.h
@@ -29101,7 +29428,6 @@ printf "%s\n" "#define USE_LIBSSH2 1" >>confdefs.h
 
 fi
 
-done
 
   if test X"$OPT_LIBSSH2" != Xoff &&
      test "$LIBSSH2_ENABLED" != "1"; then
@@ -29338,13 +29664,10 @@ then :
 fi
 
 
-         for ac_header in libssh/libssh.h
-do :
   ac_fn_c_check_header_compile "$LINENO" "libssh/libssh.h" "ac_cv_header_libssh_libssh_h" "$ac_includes_default"
 if test "x$ac_cv_header_libssh_libssh_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_LIBSSH_LIBSSH_H 1" >>confdefs.h
- curl_ssh_msg="enabled (libSSH)"
+  curl_ssh_msg="enabled (libSSH)"
     LIBSSH_ENABLED=1
 
 printf "%s\n" "#define USE_LIBSSH 1" >>confdefs.h
@@ -29354,7 +29677,6 @@ printf "%s\n" "#define USE_LIBSSH 1" >>confdefs.h
 
 fi
 
-done
 
   if test X"$OPT_LIBSSH" != Xoff &&
      test "$LIBSSH_ENABLED" != "1"; then
@@ -29774,6 +30096,9 @@ else
 fi
 
 
+CURL_PLIST_VERSION="$CURLVERSION"
+
+
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable Windows native IDN (Windows native builds only)" >&5
 printf %s "checking whether to enable Windows native IDN (Windows native builds only)... " >&6; }
@@ -29895,9 +30220,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
 
 printf "%s\n" "#define USE_WIN32_IDN 1" >>confdefs.h
 
-
-printf "%s\n" "#define WANT_IDN_PROTOTYPES 1" >>confdefs.h
-
     IDN_ENABLED=1
 
     curl_idn_msg="enabled (Windows-native)"
@@ -29922,31 +30244,37 @@ then :
   withval=$with_libidn2; OPT_IDN=$withval
 fi
 
-case "$OPT_IDN" in
-  no)
-        want_idn="no"
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+if test "x$tst_links_winidn" = "xyes"; then
+  want_idn="no"
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no (using winidn instead)" >&5
+printf "%s\n" "no (using winidn instead)" >&6; }
+else
+  case "$OPT_IDN" in
+    no)
+            want_idn="no"
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    ;;
-  default)
-        want_idn="yes"
-    want_idn_path="default"
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: (assumed) yes" >&5
+      ;;
+    default)
+            want_idn="yes"
+      want_idn_path="default"
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: (assumed) yes" >&5
 printf "%s\n" "(assumed) yes" >&6; }
-    ;;
-  yes)
-        want_idn="yes"
-    want_idn_path="default"
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+      ;;
+    yes)
+            want_idn="yes"
+      want_idn_path="default"
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-    ;;
-  *)
-        want_idn="yes"
-    want_idn_path="$withval"
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes ($withval)" >&5
+      ;;
+    *)
+            want_idn="yes"
+      want_idn_path="$withval"
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes ($withval)" >&5
 printf "%s\n" "yes ($withval)" >&6; }
-    ;;
-esac
+      ;;
+  esac
+fi
 
 if test "$want_idn" = "yes"; then
     clean_CPPFLAGS="$CPPFLAGS"
@@ -30388,10 +30716,12 @@ case "$OPT_H2" in
   yes)
         want_nghttp2="default"
     want_nghttp2_path=""
+    want_nghttp2_pkg_config_path=""
     ;;
   *)
         want_nghttp2="yes"
-    want_nghttp2_path="$withval/lib/pkgconfig"
+    want_nghttp2_path="$withval"
+    want_nghttp2_pkg_config_path="$withval/lib/pkgconfig"
     ;;
 esac
 
@@ -30520,8 +30850,8 @@ fi
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libnghttp2 options with pkg-config" >&5
 printf %s "checking for libnghttp2 options with pkg-config... " >&6; }
             itexists=`
-    if test -n "$want_nghttp2_path"; then
-      PKG_CONFIG_LIBDIR="$want_nghttp2_path"
+    if test -n "$want_nghttp2_pkg_config_path"; then
+      PKG_CONFIG_LIBDIR="$want_nghttp2_pkg_config_path"
       export PKG_CONFIG_LIBDIR
     fi
          $PKGCONFIG --exists libnghttp2 >/dev/null 2>&1 && echo 1`
@@ -30539,8 +30869,8 @@ printf "%s\n" "found" >&6; }
 
   if test "$PKGCONFIG" != "no" ; then
     LIB_H2=`
-    if test -n "$want_nghttp2_path"; then
-      PKG_CONFIG_LIBDIR="$want_nghttp2_path"
+    if test -n "$want_nghttp2_pkg_config_path"; then
+      PKG_CONFIG_LIBDIR="$want_nghttp2_pkg_config_path"
       export PKG_CONFIG_LIBDIR
     fi
 
@@ -30549,8 +30879,8 @@ printf "%s\n" "found" >&6; }
 printf "%s\n" "$as_me: -l is $LIB_H2" >&6;}
 
     CPP_H2=`
-    if test -n "$want_nghttp2_path"; then
-      PKG_CONFIG_LIBDIR="$want_nghttp2_path"
+    if test -n "$want_nghttp2_pkg_config_path"; then
+      PKG_CONFIG_LIBDIR="$want_nghttp2_pkg_config_path"
       export PKG_CONFIG_LIBDIR
     fi
        $PKGCONFIG --cflags-only-I libnghttp2`
@@ -30558,8 +30888,8 @@ printf "%s\n" "$as_me: -l is $LIB_H2" >&6;}
 printf "%s\n" "$as_me: -I is $CPP_H2" >&6;}
 
     LD_H2=`
-    if test -n "$want_nghttp2_path"; then
-      PKG_CONFIG_LIBDIR="$want_nghttp2_path"
+    if test -n "$want_nghttp2_pkg_config_path"; then
+      PKG_CONFIG_LIBDIR="$want_nghttp2_pkg_config_path"
       export PKG_CONFIG_LIBDIR
     fi
 
@@ -30567,13 +30897,23 @@ printf "%s\n" "$as_me: -I is $CPP_H2" >&6;}
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: -L is $LD_H2" >&5
 printf "%s\n" "$as_me: -L is $LD_H2" >&6;}
 
-    LDFLAGS="$LDFLAGS $LD_H2"
-    CPPFLAGS="$CPPFLAGS $CPP_H2"
-    LIBS="$LIB_H2 $LIBS"
+    DIR_H2=`echo $LD_H2 | $SED -e 's/^-L//'`
+  elif test x"$want_nghttp2_path" != x; then
+    LIB_H2="-lnghttp2"
+    LD_H2=-L${want_nghttp2_path}/lib$libsuff
+    CPP_H2=-I${want_nghttp2_path}/include
+    DIR_H2=${want_nghttp2_path}/lib$libsuff
+  elif test X"$want_nghttp2" != Xdefault; then
+            as_fn_error $? "--with-nghttp2 was specified but could not find libnghttp2 pkg-config file." "$LINENO" 5
+  fi
+
+  LDFLAGS="$LDFLAGS $LD_H2"
+  CPPFLAGS="$CPPFLAGS $CPP_H2"
+  LIBS="$LIB_H2 $LIBS"
 
-    # use nghttp2_session_set_local_window_size to require nghttp2
-    # >= 1.12.0
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for nghttp2_session_set_local_window_size in -lnghttp2" >&5
+  # use nghttp2_session_set_local_window_size to require nghttp2
+  # >= 1.12.0
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for nghttp2_session_set_local_window_size in -lnghttp2" >&5
 printf %s "checking for nghttp2_session_set_local_window_size in -lnghttp2... " >&6; }
 if test ${ac_cv_lib_nghttp2_nghttp2_session_set_local_window_size+y}
 then :
@@ -30611,42 +30951,40 @@ printf "%s\n" "$ac_cv_lib_nghttp2_nghttp2_session_set_local_window_size" >&6; }
 if test "x$ac_cv_lib_nghttp2_nghttp2_session_set_local_window_size" = xyes
 then :
 
-              for ac_header in nghttp2/nghttp2.h
+            for ac_header in nghttp2/nghttp2.h
 do :
   ac_fn_c_check_header_compile "$LINENO" "nghttp2/nghttp2.h" "ac_cv_header_nghttp2_nghttp2_h" "$ac_includes_default"
 if test "x$ac_cv_header_nghttp2_nghttp2_h" = xyes
 then :
   printf "%s\n" "#define HAVE_NGHTTP2_NGHTTP2_H 1" >>confdefs.h
  curl_h2_msg="enabled (nghttp2)"
-          NGHTTP2_ENABLED=1
+        NGHTTP2_ENABLED=1
 
 printf "%s\n" "#define USE_NGHTTP2 1" >>confdefs.h
 
-          USE_NGHTTP2=1
+        USE_NGHTTP2=1
 
 
 fi
 
 done
 
+     CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_H2"
+     export CURL_LIBRARY_PATH
+     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $DIR_H2 to CURL_LIBRARY_PATH" >&5
+printf "%s\n" "$as_me: Added $DIR_H2 to CURL_LIBRARY_PATH" >&6;}
+
 else $as_nop
-          LDFLAGS=$CLEANLDFLAGS
-        CPPFLAGS=$CLEANCPPFLAGS
-        LIBS=$CLEANLIBS
+        LDFLAGS=$CLEANLDFLAGS
+      CPPFLAGS=$CLEANCPPFLAGS
+      LIBS=$CLEANLIBS
 
 fi
 
-
-  else
-        if test X"$want_nghttp2" != Xdefault; then
-                  as_fn_error $? "--with-nghttp2 was specified but could not find libnghttp2 pkg-config file." "$LINENO" 5
-    fi
-  fi
-
 fi
 
 
-OPT_TCP2="yes"
+OPT_TCP2="no"
 
 if test "x$disable_http" = "xyes"; then
   # without HTTP, ngtcp2 is no use
@@ -31108,9 +31446,9 @@ printf "%s\n" "$as_me: -L is $LD_NGTCP2_CRYPTO_OPENSSL" >&6;}
     if test "x$cross_compiling" != "xyes"; then
       DIR_NGTCP2_CRYPTO_OPENSSL=`echo $LD_NGTCP2_CRYPTO_OPENSSL | $SED -e 's/^-L//'`
     fi
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_ctx_initial in -lngtcp2_crypto_openssl" >&5
-printf %s "checking for ngtcp2_crypto_ctx_initial in -lngtcp2_crypto_openssl... " >&6; }
-if test ${ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_ctx_initial+y}
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_openssl" >&5
+printf %s "checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_openssl... " >&6; }
+if test ${ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_recv_client_initial_cb+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
@@ -31123,27 +31461,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 #ifdef __cplusplus
 extern "C"
 #endif
-char ngtcp2_crypto_ctx_initial ();
+char ngtcp2_crypto_recv_client_initial_cb ();
 int main (void)
 {
-return ngtcp2_crypto_ctx_initial ();
+return ngtcp2_crypto_recv_client_initial_cb ();
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_ctx_initial=yes
+  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_recv_client_initial_cb=yes
 else $as_nop
-  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_ctx_initial=no
+  ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_recv_client_initial_cb=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_ctx_initial" >&5
-printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_ctx_initial" >&6; }
-if test "x$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_ctx_initial" = xyes
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_recv_client_initial_cb" >&5
+printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_recv_client_initial_cb" >&6; }
+if test "x$ac_cv_lib_ngtcp2_crypto_openssl_ngtcp2_crypto_recv_client_initial_cb" = xyes
 then :
 
               for ac_header in ngtcp2/ngtcp2_crypto.h
@@ -31361,9 +31699,9 @@ printf "%s\n" "$as_me: -L is $LD_NGTCP2_CRYPTO_GNUTLS" >&6;}
     if test "x$cross_compiling" != "xyes"; then
       DIR_NGTCP2_CRYPTO_GNUTLS=`echo $LD_NGTCP2_CRYPTO_GNUTLS | $SED -e 's/^-L//'`
     fi
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_ctx_initial in -lngtcp2_crypto_gnutls" >&5
-printf %s "checking for ngtcp2_crypto_ctx_initial in -lngtcp2_crypto_gnutls... " >&6; }
-if test ${ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_ctx_initial+y}
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_gnutls" >&5
+printf %s "checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_gnutls... " >&6; }
+if test ${ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_recv_client_initial_cb+y}
 then :
   printf %s "(cached) " >&6
 else $as_nop
@@ -31376,27 +31714,27 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 #ifdef __cplusplus
 extern "C"
 #endif
-char ngtcp2_crypto_ctx_initial ();
+char ngtcp2_crypto_recv_client_initial_cb ();
 int main (void)
 {
-return ngtcp2_crypto_ctx_initial ();
+return ngtcp2_crypto_recv_client_initial_cb ();
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
-  ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_ctx_initial=yes
+  ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_recv_client_initial_cb=yes
 else $as_nop
-  ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_ctx_initial=no
+  ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_recv_client_initial_cb=no
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_ctx_initial" >&5
-printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_ctx_initial" >&6; }
-if test "x$ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_ctx_initial" = xyes
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_recv_client_initial_cb" >&5
+printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_recv_client_initial_cb" >&6; }
+if test "x$ac_cv_lib_ngtcp2_crypto_gnutls_ngtcp2_crypto_recv_client_initial_cb" = xyes
 then :
 
               for ac_header in ngtcp2/ngtcp2_crypto.h
@@ -31435,6 +31773,259 @@ fi
   fi
 fi
 
+if test "x$NGTCP2_ENABLED" = "x1" -a "x$WOLFSSL_ENABLED" = "x1"; then
+    CLEANLDFLAGS="$LDFLAGS"
+  CLEANCPPFLAGS="$CPPFLAGS"
+  CLEANLIBS="$LIBS"
+
+
+    if test -n "$PKG_CONFIG"; then
+      PKGCONFIG="$PKG_CONFIG"
+    else
+      if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKGCONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_PKGCONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKGCONFIG=$ac_cv_path_PKGCONFIG
+if test -n "$PKGCONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
+printf "%s\n" "$PKGCONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKGCONFIG"; then
+  ac_pt_PKGCONFIG=$PKGCONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKGCONFIG+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  case $ac_pt_PKGCONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$PATH:/usr/bin:/usr/local/bin"
+for as_dir in $as_dummy
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_path_ac_pt_PKGCONFIG="$as_dir$ac_word$ac_exec_ext"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
+if test -n "$ac_pt_PKGCONFIG"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
+printf "%s\n" "$ac_pt_PKGCONFIG" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKGCONFIG" = x; then
+    PKGCONFIG="no"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKGCONFIG=$ac_pt_PKGCONFIG
+  fi
+else
+  PKGCONFIG="$ac_cv_path_PKGCONFIG"
+fi
+
+    fi
+
+    if test "x$PKGCONFIG" != "xno"; then
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libngtcp2_crypto_wolfssl options with pkg-config" >&5
+printf %s "checking for libngtcp2_crypto_wolfssl options with pkg-config... " >&6; }
+            itexists=`
+    if test -n "$want_tcp2_path"; then
+      PKG_CONFIG_LIBDIR="$want_tcp2_path"
+      export PKG_CONFIG_LIBDIR
+    fi
+         $PKGCONFIG --exists libngtcp2_crypto_wolfssl >/dev/null 2>&1 && echo 1`
+
+      if test -z "$itexists"; then
+                        PKGCONFIG="no"
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      else
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: found" >&5
+printf "%s\n" "found" >&6; }
+      fi
+    fi
+
+
+  if test "$PKGCONFIG" != "no" ; then
+    LIB_NGTCP2_CRYPTO_WOLFSSL=`
+    if test -n "$want_tcp2_path"; then
+      PKG_CONFIG_LIBDIR="$want_tcp2_path"
+      export PKG_CONFIG_LIBDIR
+    fi
+
+      $PKGCONFIG --libs-only-l libngtcp2_crypto_wolfssl`
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: -l is $LIB_NGTCP2_CRYPTO_WOLFSSL" >&5
+printf "%s\n" "$as_me: -l is $LIB_NGTCP2_CRYPTO_WOLFSSL" >&6;}
+
+    CPP_NGTCP2_CRYPTO_WOLFSSL=`
+    if test -n "$want_tcp2_path"; then
+      PKG_CONFIG_LIBDIR="$want_tcp2_path"
+      export PKG_CONFIG_LIBDIR
+    fi
+       $PKGCONFIG --cflags-only-I libngtcp2_crypto_wolfssl`
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: -I is $CPP_NGTCP2_CRYPTO_WOLFSSL" >&5
+printf "%s\n" "$as_me: -I is $CPP_NGTCP2_CRYPTO_WOLFSSL" >&6;}
+
+    LD_NGTCP2_CRYPTO_WOLFSSL=`
+    if test -n "$want_tcp2_path"; then
+      PKG_CONFIG_LIBDIR="$want_tcp2_path"
+      export PKG_CONFIG_LIBDIR
+    fi
+
+      $PKGCONFIG --libs-only-L libngtcp2_crypto_wolfssl`
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: -L is $LD_NGTCP2_CRYPTO_WOLFSSL" >&5
+printf "%s\n" "$as_me: -L is $LD_NGTCP2_CRYPTO_WOLFSSL" >&6;}
+
+    LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_WOLFSSL"
+    CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_WOLFSSL"
+    LIBS="$LIB_NGTCP2_CRYPTO_WOLFSSL $LIBS"
+
+    if test "x$cross_compiling" != "xyes"; then
+      DIR_NGTCP2_CRYPTO_WOLFSSL=`echo $LD_NGTCP2_CRYPTO_WOLFSSL | $SED -e 's/^-L//'`
+    fi
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_wolfssl" >&5
+printf %s "checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_wolfssl... " >&6; }
+if test ${ac_cv_lib_ngtcp2_crypto_wolfssl_ngtcp2_crypto_recv_client_initial_cb+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lngtcp2_crypto_wolfssl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#ifdef __cplusplus
+extern "C"
+#endif
+char ngtcp2_crypto_recv_client_initial_cb ();
+int main (void)
+{
+return ngtcp2_crypto_recv_client_initial_cb ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_ngtcp2_crypto_wolfssl_ngtcp2_crypto_recv_client_initial_cb=yes
+else $as_nop
+  ac_cv_lib_ngtcp2_crypto_wolfssl_ngtcp2_crypto_recv_client_initial_cb=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_wolfssl_ngtcp2_crypto_recv_client_initial_cb" >&5
+printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_wolfssl_ngtcp2_crypto_recv_client_initial_cb" >&6; }
+if test "x$ac_cv_lib_ngtcp2_crypto_wolfssl_ngtcp2_crypto_recv_client_initial_cb" = xyes
+then :
+
+              for ac_header in ngtcp2/ngtcp2_crypto.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "ngtcp2/ngtcp2_crypto.h" "ac_cv_header_ngtcp2_ngtcp2_crypto_h" "$ac_includes_default"
+if test "x$ac_cv_header_ngtcp2_ngtcp2_crypto_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_NGTCP2_NGTCP2_CRYPTO_H 1" >>confdefs.h
+ NGTCP2_ENABLED=1
+
+printf "%s\n" "#define USE_NGTCP2_CRYPTO_WOLFSSL 1" >>confdefs.h
+
+          USE_NGTCP2_CRYPTO_WOLFSSL=1
+
+          CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_WOLFSSL"
+          export CURL_LIBRARY_PATH
+          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $DIR_NGTCP2_CRYPTO_WOLFSSL to CURL_LIBRARY_PATH" >&5
+printf "%s\n" "$as_me: Added $DIR_NGTCP2_CRYPTO_WOLFSSL to CURL_LIBRARY_PATH" >&6;}
+
+fi
+
+done
+
+else $as_nop
+          LDFLAGS=$CLEANLDFLAGS
+        CPPFLAGS=$CLEANCPPFLAGS
+        LIBS=$CLEANLIBS
+
+fi
+
+
+  else
+        if test X"$want_tcp2" != Xdefault; then
+                  as_fn_error $? "--with-ngtcp2 was specified but could not find ngtcp2_crypto_wolfssl pkg-config file." "$LINENO" 5
+    fi
+  fi
+fi
+
 
 OPT_NGHTTP3="yes"
 
@@ -32021,6 +32612,125 @@ fi
 fi
 
 
+OPT_MSH3="no"
+
+if test "x$disable_http" = "xyes" -o "x$USE_NGTCP" = "x1"; then
+  # without HTTP or with ngtcp2, msh3 is no use
+  OPT_MSH3="no"
+fi
+
+
+# Check whether --with-msh3 was given.
+if test ${with_msh3+y}
+then :
+  withval=$with_msh3; OPT_MSH3=$withval
+fi
+
+case "$OPT_MSH3" in
+  no)
+        want_msh3="no"
+    ;;
+  yes)
+        want_msh3="default"
+    want_msh3_path=""
+    ;;
+  *)
+        want_msh3="yes"
+    want_msh3_path="$withval"
+    ;;
+esac
+
+if test X"$want_msh3" != Xno; then
+
+  if test "$NGHTTP3_ENABLED" = 1; then
+    as_fn_error $? "--with-msh3 and --with-ngtcp2 are mutually exclusive" "$LINENO" 5
+  fi
+
+    CLEANLDFLAGS="$LDFLAGS"
+  CLEANCPPFLAGS="$CPPFLAGS"
+  CLEANLIBS="$LIBS"
+
+  if test -n "$want_msh3_path"; then
+    LD_MSH3="-L$want_msh3_path/lib"
+    CPP_MSH3="-I$want_msh3_path/include"
+    DIR_MSH3="$want_msh3_path/lib"
+    LDFLAGS="$LDFLAGS $LD_MSH3"
+    CPPFLAGS="$CPPFLAGS $CPP_MSH3"
+  fi
+  LIBS="-lmsh3 $LIBS"
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for MsH3ApiOpen in -lmsh3" >&5
+printf %s "checking for MsH3ApiOpen in -lmsh3... " >&6; }
+if test ${ac_cv_lib_msh3_MsH3ApiOpen+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lmsh3  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+#ifdef __cplusplus
+extern "C"
+#endif
+char MsH3ApiOpen ();
+int main (void)
+{
+return MsH3ApiOpen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_msh3_MsH3ApiOpen=yes
+else $as_nop
+  ac_cv_lib_msh3_MsH3ApiOpen=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_msh3_MsH3ApiOpen" >&5
+printf "%s\n" "$ac_cv_lib_msh3_MsH3ApiOpen" >&6; }
+if test "x$ac_cv_lib_msh3_MsH3ApiOpen" = xyes
+then :
+
+           for ac_header in msh3.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "msh3.h" "ac_cv_header_msh3_h" "$ac_includes_default"
+if test "x$ac_cv_header_msh3_h" = xyes
+then :
+  printf "%s\n" "#define HAVE_MSH3_H 1" >>confdefs.h
+ curl_h3_msg="enabled (msh3)"
+        MSH3_ENABLED=1
+
+printf "%s\n" "#define USE_MSH3 1" >>confdefs.h
+
+        USE_MSH3=1
+
+        CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_MSH3"
+        export CURL_LIBRARY_PATH
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $DIR_MSH3 to CURL_LIBRARY_PATH" >&5
+printf "%s\n" "$as_me: Added $DIR_MSH3 to CURL_LIBRARY_PATH" >&6;}
+else $as_nop
+  experimental="$experimental HTTP3"
+
+fi
+
+done
+
+else $as_nop
+        LDFLAGS=$CLEANLDFLAGS
+      CPPFLAGS=$CLEANCPPFLAGS
+      LIBS=$CLEANLIBS
+
+fi
+
+fi
+
+
 OPT_ZSH_FPATH=default
 
 # Check whether --with-zsh-functions-dir was given.
@@ -32204,181 +32914,6 @@ printf "%s\n" "found" >&6; }
     ;;
 esac
 
-
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for malloc.h" >&5
-printf %s "checking for malloc.h... " >&6; }
-if test ${curl_cv_header_malloc_h+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#include <malloc.h>
-
-int main (void)
-{
-
-        void *p = malloc(10);
-        void *q = calloc(10,10);
-        free(p);
-        free(q);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      curl_cv_header_malloc_h="yes"
-
-else $as_nop
-
-      curl_cv_header_malloc_h="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_malloc_h" >&5
-printf "%s\n" "$curl_cv_header_malloc_h" >&6; }
-  if test "$curl_cv_header_malloc_h" = "yes"; then
-
-printf "%s\n" "#define HAVE_MALLOC_H 1" >>confdefs.h
-
-    #
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#include <stdlib.h>
-
-int main (void)
-{
-
-        void *p = malloc(10);
-        void *q = calloc(10,10);
-        free(p);
-        free(q);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      curl_cv_need_header_malloc_h="no"
-
-else $as_nop
-
-      curl_cv_need_header_malloc_h="yes"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-    #
-    case "$curl_cv_need_header_malloc_h" in
-      yes)
-
-printf "%s\n" "#define NEED_MALLOC_H 1" >>confdefs.h
-
-        ;;
-    esac
-  fi
-
-
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for memory.h" >&5
-printf %s "checking for memory.h... " >&6; }
-if test ${curl_cv_header_memory_h+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#include <memory.h>
-
-int main (void)
-{
-
-        void *p = malloc(10);
-        void *q = calloc(10,10);
-        free(p);
-        free(q);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      curl_cv_header_memory_h="yes"
-
-else $as_nop
-
-      curl_cv_header_memory_h="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_memory_h" >&5
-printf "%s\n" "$curl_cv_header_memory_h" >&6; }
-  if test "$curl_cv_header_memory_h" = "yes"; then
-
-printf "%s\n" "#define HAVE_MEMORY_H 1" >>confdefs.h
-
-    #
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#include <stdlib.h>
-
-int main (void)
-{
-
-        void *p = malloc(10);
-        void *q = calloc(10,10);
-        free(p);
-        free(q);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      curl_cv_need_header_memory_h="no"
-
-else $as_nop
-
-      curl_cv_need_header_memory_h="yes"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-    #
-    case "$curl_cv_need_header_memory_h" in
-      yes)
-
-printf "%s\n" "#define NEED_MEMORY_H 1" >>confdefs.h
-
-        ;;
-    esac
-  fi
-
-
 ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -32571,38 +33106,6 @@ then :
   printf "%s\n" "#define HAVE_SYS_UIO_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "assert.h" "ac_cv_header_assert_h" "
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#elif defined(HAVE_UNISTD_H)
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-
-
-"
-if test "x$ac_cv_header_assert_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_ASSERT_H 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -32891,7 +33394,7 @@ then :
   printf "%s\n" "#define HAVE_NETINET_TCP_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "
+ac_fn_c_check_header_compile "$LINENO" "netinet/udp.h" "ac_cv_header_netinet_udp_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -32918,12 +33421,12 @@ ac_fn_c_check_header_compile "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "
 
 
 "
-if test "x$ac_cv_header_netdb_h" = xyes
+if test "x$ac_cv_header_netinet_udp_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_NETDB_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_NETINET_UDP_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "sys/sockio.h" "ac_cv_header_sys_sockio_h" "
+ac_fn_c_check_header_compile "$LINENO" "netdb.h" "ac_cv_header_netdb_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -32950,12 +33453,12 @@ ac_fn_c_check_header_compile "$LINENO" "sys/sockio.h" "ac_cv_header_sys_sockio_h
 
 
 "
-if test "x$ac_cv_header_sys_sockio_h" = xyes
+if test "x$ac_cv_header_netdb_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_SYS_SOCKIO_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_NETDB_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "
+ac_fn_c_check_header_compile "$LINENO" "sys/sockio.h" "ac_cv_header_sys_sockio_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -32982,12 +33485,12 @@ ac_fn_c_check_header_compile "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "
 
 
 "
-if test "x$ac_cv_header_sys_stat_h" = xyes
+if test "x$ac_cv_header_sys_sockio_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_SYS_STAT_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_SYS_SOCKIO_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h" "
+ac_fn_c_check_header_compile "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -33014,12 +33517,12 @@ ac_fn_c_check_header_compile "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h"
 
 
 "
-if test "x$ac_cv_header_sys_param_h" = xyes
+if test "x$ac_cv_header_sys_stat_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_SYS_PARAM_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_SYS_STAT_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "termios.h" "ac_cv_header_termios_h" "
+ac_fn_c_check_header_compile "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -33046,12 +33549,12 @@ ac_fn_c_check_header_compile "$LINENO" "termios.h" "ac_cv_header_termios_h" "
 
 
 "
-if test "x$ac_cv_header_termios_h" = xyes
+if test "x$ac_cv_header_sys_param_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_TERMIOS_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_SYS_PARAM_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "termio.h" "ac_cv_header_termio_h" "
+ac_fn_c_check_header_compile "$LINENO" "termios.h" "ac_cv_header_termios_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -33078,12 +33581,12 @@ ac_fn_c_check_header_compile "$LINENO" "termio.h" "ac_cv_header_termio_h" "
 
 
 "
-if test "x$ac_cv_header_termio_h" = xyes
+if test "x$ac_cv_header_termios_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_TERMIO_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_TERMIOS_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "
+ac_fn_c_check_header_compile "$LINENO" "termio.h" "ac_cv_header_termio_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -33110,12 +33613,12 @@ ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "
 
 
 "
-if test "x$ac_cv_header_fcntl_h" = xyes
+if test "x$ac_cv_header_termio_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_FCNTL_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_TERMIO_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "alloca.h" "ac_cv_header_alloca_h" "
+ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -33142,9 +33645,9 @@ ac_fn_c_check_header_compile "$LINENO" "alloca.h" "ac_cv_header_alloca_h" "
 
 
 "
-if test "x$ac_cv_header_alloca_h" = xyes
+if test "x$ac_cv_header_fcntl_h" = xyes
 then :
-  printf "%s\n" "#define HAVE_ALLOCA_H 1" >>confdefs.h
+  printf "%s\n" "#define HAVE_FCNTL_H 1" >>confdefs.h
 
 fi
 ac_fn_c_check_header_compile "$LINENO" "io.h" "ac_cv_header_io_h" "
@@ -33467,38 +33970,6 @@ then :
   printf "%s\n" "#define HAVE_LOCALE_H 1" >>confdefs.h
 
 fi
-ac_fn_c_check_header_compile "$LINENO" "errno.h" "ac_cv_header_errno_h" "
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#elif defined(HAVE_UNISTD_H)
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_NETINET_IN6_H
-#include <netinet/in6.h>
-#endif
-#ifdef HAVE_SYS_UN_H
-#include <sys/un.h>
-#endif
-
-
-"
-if test "x$ac_cv_header_errno_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_ERRNO_H 1" >>confdefs.h
-
-fi
 ac_fn_c_check_header_compile "$LINENO" "stdbool.h" "ac_cv_header_stdbool_h" "
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -33957,10 +34428,9 @@ printf "%s\n" "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h
             { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking run-time libs availability" >&5
 printf %s "checking run-time libs availability... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -33990,59 +34460,56 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
-
-
-      fi
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5
-printf %s "checking size of size_t... " >&6; }
-if test ${ac_cv_sizeof_size_t+y}
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
-  printf %s "(cached) " >&6
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
 else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
-#include <sys/types.h>
-
-
-int main (void)
+int main()
 {
-switch (0) case 0: case (sizeof (size_t) == $ac_size):;
- ;
- return 0;
+  return 0;
 }
+
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"
+if ac_fn_c_try_run "$LINENO"
 then :
-  ac_cv_sizeof_size_t=$ac_size
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_size_t != x ; then break; fi
-done
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: fine" >&5
+printf "%s\n" "fine" >&6; }
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+printf "%s\n" "failed" >&6; }
+    as_fn_error $? "one or more libs available at link-time are not available run-time. Libs used at link-time: $LIBS" "$LINENO" 5
 
 fi
-
-if test x$ac_cv_sizeof_size_t = x ; then
-  as_fn_error $? "cannot determine a size for size_t" "$LINENO" 5
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5
-printf "%s\n" "$ac_cv_sizeof_size_t" >&6; }
 
-printf "%s\n" "#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t" >>confdefs.h
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
-printf %s "checking size of long... " >&6; }
-if test ${ac_cv_sizeof_long+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+      fi
+
+
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5
+printf %s "checking size of size_t... " >&6; }
+  r=0
+    for typesize in 8 4 2 16 1; do
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <sys/types.h>
@@ -34050,38 +34517,48 @@ else $as_nop
 
 int main (void)
 {
-switch (0) case 0: case (sizeof (long) == $ac_size):;
+switch(0) {
+       case 0:
+       case (sizeof(size_t) == $typesize):;
+     }
+
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sizeof_long=$ac_size
+
+       r=$typesize
+else $as_nop
+
+       r=0
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_long != x ; then break; fi
-done
+        if test $r -gt 0; then
+      break;
+    fi
+  done
+  if test $r -eq 0; then
+    as_fn_error $? "Failed to find size of size_t" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $r" >&5
+printf "%s\n" "$r" >&6; }
+    tname=$(echo "ac_cv_sizeof_size_t" | tr A-Z a-z | tr " " "_")
+  eval "$tname=$r"
 
-fi
 
-if test x$ac_cv_sizeof_long = x ; then
-  as_fn_error $? "cannot determine a size for long" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
-printf "%s\n" "$ac_cv_sizeof_long" >&6; }
+printf "%s\n" "#define SIZEOF_SIZE_T $r" >>confdefs.h
 
-printf "%s\n" "#define SIZEOF_LONG $ac_cv_sizeof_long" >>confdefs.h
 
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
-printf %s "checking size of int... " >&6; }
-if test ${ac_cv_sizeof_int+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
+printf %s "checking size of long... " >&6; }
+  r=0
+    for typesize in 8 4 2 16 1; do
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <sys/types.h>
@@ -34089,38 +34566,48 @@ else $as_nop
 
 int main (void)
 {
-switch (0) case 0: case (sizeof (int) == $ac_size):;
+switch(0) {
+       case 0:
+       case (sizeof(long) == $typesize):;
+     }
+
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sizeof_int=$ac_size
+
+       r=$typesize
+else $as_nop
+
+       r=0
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_int != x ; then break; fi
-done
+        if test $r -gt 0; then
+      break;
+    fi
+  done
+  if test $r -eq 0; then
+    as_fn_error $? "Failed to find size of long" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $r" >&5
+printf "%s\n" "$r" >&6; }
+    tname=$(echo "ac_cv_sizeof_long" | tr A-Z a-z | tr " " "_")
+  eval "$tname=$r"
 
-fi
 
-if test x$ac_cv_sizeof_int = x ; then
-  as_fn_error $? "cannot determine a size for int" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
-printf "%s\n" "$ac_cv_sizeof_int" >&6; }
+printf "%s\n" "#define SIZEOF_LONG $r" >>confdefs.h
 
-printf "%s\n" "#define SIZEOF_INT $ac_cv_sizeof_int" >>confdefs.h
 
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of short" >&5
-printf %s "checking size of short... " >&6; }
-if test ${ac_cv_sizeof_short+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
+printf %s "checking size of int... " >&6; }
+  r=0
+    for typesize in 8 4 2 16 1; do
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <sys/types.h>
@@ -34128,38 +34615,48 @@ else $as_nop
 
 int main (void)
 {
-switch (0) case 0: case (sizeof (short) == $ac_size):;
+switch(0) {
+       case 0:
+       case (sizeof(int) == $typesize):;
+     }
+
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sizeof_short=$ac_size
+
+       r=$typesize
+else $as_nop
+
+       r=0
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_short != x ; then break; fi
-done
+        if test $r -gt 0; then
+      break;
+    fi
+  done
+  if test $r -eq 0; then
+    as_fn_error $? "Failed to find size of int" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $r" >&5
+printf "%s\n" "$r" >&6; }
+    tname=$(echo "ac_cv_sizeof_int" | tr A-Z a-z | tr " " "_")
+  eval "$tname=$r"
+
+
+printf "%s\n" "#define SIZEOF_INT $r" >>confdefs.h
 
-fi
 
-if test x$ac_cv_sizeof_short = x ; then
-  as_fn_error $? "cannot determine a size for short" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short" >&5
-printf "%s\n" "$ac_cv_sizeof_short" >&6; }
 
-printf "%s\n" "#define SIZEOF_SHORT $ac_cv_sizeof_short" >>confdefs.h
 
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5
 printf %s "checking size of time_t... " >&6; }
-if test ${ac_cv_sizeof_time_t+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  r=0
+    for typesize in 8 4 2 16 1; do
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <sys/types.h>
@@ -34167,38 +34664,48 @@ else $as_nop
 
 int main (void)
 {
-switch (0) case 0: case (sizeof (time_t) == $ac_size):;
+switch(0) {
+       case 0:
+       case (sizeof(time_t) == $typesize):;
+     }
+
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sizeof_time_t=$ac_size
+
+       r=$typesize
+else $as_nop
+
+       r=0
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_time_t != x ; then break; fi
-done
+        if test $r -gt 0; then
+      break;
+    fi
+  done
+  if test $r -eq 0; then
+    as_fn_error $? "Failed to find size of time_t" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $r" >&5
+printf "%s\n" "$r" >&6; }
+    tname=$(echo "ac_cv_sizeof_time_t" | tr A-Z a-z | tr " " "_")
+  eval "$tname=$r"
 
-fi
 
-if test x$ac_cv_sizeof_time_t = x ; then
-  as_fn_error $? "cannot determine a size for time_t" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5
-printf "%s\n" "$ac_cv_sizeof_time_t" >&6; }
+printf "%s\n" "#define SIZEOF_TIME_T $r" >>confdefs.h
 
-printf "%s\n" "#define SIZEOF_TIME_T $ac_cv_sizeof_time_t" >>confdefs.h
 
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of off_t" >&5
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of off_t" >&5
 printf %s "checking size of off_t... " >&6; }
-if test ${ac_cv_sizeof_off_t+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  r=0
+    for typesize in 8 4 2 16 1; do
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <sys/types.h>
@@ -34206,41 +34713,51 @@ else $as_nop
 
 int main (void)
 {
-switch (0) case 0: case (sizeof (off_t) == $ac_size):;
+switch(0) {
+       case 0:
+       case (sizeof(off_t) == $typesize):;
+     }
+
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sizeof_off_t=$ac_size
+
+       r=$typesize
+else $as_nop
+
+       r=0
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_off_t != x ; then break; fi
-done
+        if test $r -gt 0; then
+      break;
+    fi
+  done
+  if test $r -eq 0; then
+    as_fn_error $? "Failed to find size of off_t" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $r" >&5
+printf "%s\n" "$r" >&6; }
+    tname=$(echo "ac_cv_sizeof_off_t" | tr A-Z a-z | tr " " "_")
+  eval "$tname=$r"
 
-fi
 
-if test x$ac_cv_sizeof_off_t = x ; then
-  as_fn_error $? "cannot determine a size for off_t" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_off_t" >&5
-printf "%s\n" "$ac_cv_sizeof_off_t" >&6; }
+printf "%s\n" "#define SIZEOF_OFF_T $r" >>confdefs.h
 
-printf "%s\n" "#define SIZEOF_OFF_T $ac_cv_sizeof_off_t" >>confdefs.h
 
 
 
 o=$CPPFLAGS
 CPPFLAGS="-I$srcdir/include $CPPFLAGS"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of curl_off_t" >&5
+
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of curl_off_t" >&5
 printf %s "checking size of curl_off_t... " >&6; }
-if test ${ac_cv_sizeof_curl_off_t+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-  for ac_size in 4 8 1 2 16  ; do # List sizes in rough order of prevalence.
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  r=0
+    for typesize in 8 4 2 16 1; do
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 #include <sys/types.h>
@@ -34250,28 +34767,39 @@ else $as_nop
 
 int main (void)
 {
-switch (0) case 0: case (sizeof (curl_off_t) == $ac_size):;
+switch(0) {
+       case 0:
+       case (sizeof(curl_off_t) == $typesize):;
+     }
+
  ;
  return 0;
 }
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sizeof_curl_off_t=$ac_size
+
+       r=$typesize
+else $as_nop
+
+       r=0
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  if test x$ac_cv_sizeof_curl_off_t != x ; then break; fi
-done
+        if test $r -gt 0; then
+      break;
+    fi
+  done
+  if test $r -eq 0; then
+    as_fn_error $? "Failed to find size of curl_off_t" "$LINENO" 5
+  fi
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $r" >&5
+printf "%s\n" "$r" >&6; }
+    tname=$(echo "ac_cv_sizeof_curl_off_t" | tr A-Z a-z | tr " " "_")
+  eval "$tname=$r"
 
-fi
 
-if test x$ac_cv_sizeof_curl_off_t = x ; then
-  as_fn_error $? "cannot determine a size for curl_off_t" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_curl_off_t" >&5
-printf "%s\n" "$ac_cv_sizeof_curl_off_t" >&6; }
+printf "%s\n" "#define SIZEOF_CURL_OFF_T $r" >>confdefs.h
 
-printf "%s\n" "#define SIZEOF_CURL_OFF_T $ac_cv_sizeof_curl_off_t" >>confdefs.h
 
 
 CPPFLAGS=$o
@@ -34287,43 +34815,10 @@ printf "%s\n" "#define HAVE_LONGLONG 1" >>confdefs.h
 fi
 
 
-if test "xyes" = "x$longlong"; then
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if numberLL works" >&5
-printf %s "checking if numberLL works... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-
-int main (void)
-{
-
-      long long val = 1000LL;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_LL 1" >>confdefs.h
-
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+if test ${ac_cv_sizeof_curl_off_t} -lt 8; then
+  as_fn_error $? "64 bit curl_off_t is required" "$LINENO" 5
 fi
 
-
 # check for ssize_t
 ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default"
 if test "x$ac_cv_type_ssize_t" = xyes
@@ -34415,10 +34910,46 @@ fi
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if time_t is unsigned" >&5
 printf %s "checking if time_t is unsigned... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+  #include <time.h>
+  #include <limits.h>
+  time_t t = -1;
+  return (t > 0);
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+printf "%s\n" "#define HAVE_TIME_T_UNSIGNED 1" >>confdefs.h
+
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
@@ -34450,7 +34981,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
 
 
@@ -34683,7 +35216,7 @@ fi
 
 
 
-    ac_fn_c_check_header_compile "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "$ac_includes_default"
+      ac_fn_c_check_header_compile "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "$ac_includes_default"
 if test "x$ac_cv_header_sys_select_h" = xyes
 then :
   printf "%s\n" "#define HAVE_SYS_SELECT_H 1" >>confdefs.h
@@ -34729,11 +35262,7 @@ printf %s "checking for select... " >&6; }
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
-#ifdef HAVE_PROTO_BSDSOCKET_H
-#include <proto/bsdsocket.h>
-struct Library *SocketBase = NULL;
-#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0)
-#endif
+$curl_includes_bsdsocket
 #endif
 
 int main (void)
@@ -34764,171 +35293,15 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
   #
   if test "$curl_cv_select" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking types of args and return type for select" >&5
-printf %s "checking types of args and return type for select... " >&6; }
-if test ${curl_cv_func_select_args+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-
-      curl_cv_func_select_args="unknown"
-      for sel_retv in 'int' 'ssize_t'; do
-        for sel_arg1 in 'int' 'ssize_t' 'size_t' 'unsigned long int' 'unsigned int'; do
-          for sel_arg234 in 'fd_set *' 'int *' 'void *'; do
-            for sel_arg5 in 'struct timeval *' 'const struct timeval *'; do
-              if test "$curl_cv_func_select_args" = "unknown"; then
-                cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#undef inline
-#ifdef HAVE_WINDOWS_H
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-#include <windows.h>
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#endif
-#define SELECTCALLCONV PASCAL
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#include <time.h>
-#ifndef HAVE_WINDOWS_H
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#elif defined(HAVE_UNISTD_H)
-#include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_PROTO_BSDSOCKET_H
-#include <proto/bsdsocket.h>
-struct Library *SocketBase = NULL;
-#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0)
-#endif
-#define SELECTCALLCONV
-#endif
-#ifndef HAVE_STRUCT_TIMEVAL
-                    struct timeval {
-                      long tv_sec;
-                      long tv_usec;
-                    };
-#endif
-#ifndef HAVE_PROTO_BSDSOCKET_H
-                    extern $sel_retv SELECTCALLCONV
-				select($sel_arg1,
-					$sel_arg234,
-					$sel_arg234,
-					$sel_arg234,
-					$sel_arg5);
-#endif
-
-int main (void)
-{
-
-                    $sel_arg1   nfds=0;
-                    $sel_arg234 rfds=0;
-                    $sel_arg234 wfds=0;
-                    $sel_arg234 efds=0;
-                    $sel_retv res = select(nfds, rfds, wfds, efds, 0);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-                  curl_cv_func_select_args="$sel_arg1,$sel_arg234,$sel_arg5,$sel_retv"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-              fi
-            done
-          done
-        done
-      done
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_func_select_args" >&5
-printf "%s\n" "$curl_cv_func_select_args" >&6; } # AC-CACHE-CHECK
-    if test "$curl_cv_func_select_args" = "unknown"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find proper types to use for select args" >&5
-printf "%s\n" "$as_me: WARNING: Cannot find proper types to use for select args" >&2;}
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: HAVE_SELECT will not be defined" >&5
-printf "%s\n" "$as_me: WARNING: HAVE_SELECT will not be defined" >&2;}
-    else
-      select_prev_IFS=$IFS; IFS=','
-      set dummy `echo "$curl_cv_func_select_args" | sed 's/\*/\*/g'`
-      IFS=$select_prev_IFS
-      shift
-      #
-      sel_qual_type_arg5=$3
-      #
-
-printf "%s\n" "#define SELECT_TYPE_ARG1 $1" >>confdefs.h
-
-
-printf "%s\n" "#define SELECT_TYPE_ARG234 $2" >>confdefs.h
-
-
-printf "%s\n" "#define SELECT_TYPE_RETV $4" >>confdefs.h
-
-      #
-      prev_sh_opts=$-
-      #
-      case $prev_sh_opts in
-        *f*)
-          ;;
-        *)
-          set -f
-          ;;
-      esac
-      #
-      case "$sel_qual_type_arg5" in
-        const*)
-          sel_qual_arg5=const
-          sel_type_arg5=`echo $sel_qual_type_arg5 | sed 's/^const //'`
-        ;;
-        *)
-          sel_qual_arg5=
-          sel_type_arg5=$sel_qual_type_arg5
-        ;;
-      esac
-      #
-
-printf "%s\n" "#define SELECT_QUAL_ARG5 $sel_qual_arg5" >>confdefs.h
-
-
-printf "%s\n" "#define SELECT_TYPE_ARG5 $sel_type_arg5" >>confdefs.h
-
-      #
-      case $prev_sh_opts in
-        *f*)
-          ;;
-        *)
-          set +f
-          ;;
-      esac
-      #
 
 printf "%s\n" "#define HAVE_SELECT 1" >>confdefs.h
 
-      curl_cv_func_select="yes"
-    fi
+    curl_cv_func_select="yes"
   fi
 
 
 
-    ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default"
+      ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default"
 if test "x$ac_cv_header_sys_types_h" = xyes
 then :
   printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h
@@ -34958,10 +35331,7 @@ printf %s "checking for recv... " >&6; }
 #include <winsock2.h>
 #endif
 #else
-#ifdef HAVE_PROTO_BSDSOCKET_H
-#include <proto/bsdsocket.h>
-struct Library *SocketBase = NULL;
-#endif
+$curl_includes_bsdsocket
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -34998,118 +35368,16 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
   #
   if test "$curl_cv_recv" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking types of args and return type for recv" >&5
-printf %s "checking types of args and return type for recv... " >&6; }
-if test ${curl_cv_func_recv_args+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-
-      curl_cv_func_recv_args="unknown"
-      for recv_retv in 'int' 'ssize_t'; do
-        for recv_arg1 in 'int' 'ssize_t' 'SOCKET'; do
-          for recv_arg2 in 'char *' 'void *'; do
-            for recv_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do
-              for recv_arg4 in 'int' 'unsigned int'; do
-                if test "$curl_cv_func_recv_args" = "unknown"; then
-                  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#undef inline
-#ifdef HAVE_WINDOWS_H
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-#include <windows.h>
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#endif
-#define RECVCALLCONV PASCAL
-#else
-#ifdef HAVE_PROTO_BSDSOCKET_H
-#include <proto/bsdsocket.h>
-struct Library *SocketBase = NULL;
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#define RECVCALLCONV
-#endif
-#ifndef HAVE_PROTO_BSDSOCKET_H
-                      extern $recv_retv RECVCALLCONV
-                      recv($recv_arg1, $recv_arg2, $recv_arg3, $recv_arg4);
-#endif
-
-int main (void)
-{
-
-                      $recv_arg1 s=0;
-                      $recv_arg2 buf=0;
-                      $recv_arg3 len=0;
-                      $recv_arg4 flags=0;
-                      $recv_retv res = recv(s, buf, len, flags);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-                    curl_cv_func_recv_args="$recv_arg1,$recv_arg2,$recv_arg3,$recv_arg4,$recv_retv"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-                fi
-              done
-            done
-          done
-        done
-      done
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_func_recv_args" >&5
-printf "%s\n" "$curl_cv_func_recv_args" >&6; } # AC-CACHE-CHECK
-    if test "$curl_cv_func_recv_args" = "unknown"; then
-      as_fn_error $? "Cannot find proper types to use for recv args" "$LINENO" 5
-    else
-      recv_prev_IFS=$IFS; IFS=','
-      set dummy `echo "$curl_cv_func_recv_args" | sed 's/\*/\*/g'`
-      IFS=$recv_prev_IFS
-      shift
-      #
-
-printf "%s\n" "#define RECV_TYPE_ARG1 $1" >>confdefs.h
-
-
-printf "%s\n" "#define RECV_TYPE_ARG2 $2" >>confdefs.h
-
-
-printf "%s\n" "#define RECV_TYPE_ARG3 $3" >>confdefs.h
-
-
-printf "%s\n" "#define RECV_TYPE_ARG4 $4" >>confdefs.h
-
-
-printf "%s\n" "#define RECV_TYPE_RETV $5" >>confdefs.h
-
-      #
 
 printf "%s\n" "#define HAVE_RECV 1" >>confdefs.h
 
       curl_cv_func_recv="yes"
-    fi
   else
     as_fn_error $? "Unable to link function recv" "$LINENO" 5
   fi
 
 
-    ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default"
+      ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default"
 if test "x$ac_cv_header_sys_types_h" = xyes
 then :
   printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h
@@ -35139,10 +35407,7 @@ printf %s "checking for send... " >&6; }
 #include <winsock2.h>
 #endif
 #else
-#ifdef HAVE_PROTO_BSDSOCKET_H
-#include <proto/bsdsocket.h>
-struct Library *SocketBase = NULL;
-#endif
+$curl_includes_bsdsocket
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -35179,146 +35444,10 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
   #
   if test "$curl_cv_send" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking types of args and return type for send" >&5
-printf %s "checking types of args and return type for send... " >&6; }
-if test ${curl_cv_func_send_args+y}
-then :
-  printf %s "(cached) " >&6
-else $as_nop
-
-      curl_cv_func_send_args="unknown"
-      for send_retv in 'int' 'ssize_t'; do
-        for send_arg1 in 'int' 'ssize_t' 'SOCKET'; do
-          for send_arg2 in 'char *' 'void *' 'const char *' 'const void *'; do
-            for send_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do
-              for send_arg4 in 'int' 'unsigned int'; do
-                if test "$curl_cv_func_send_args" = "unknown"; then
-                  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#undef inline
-#ifdef HAVE_WINDOWS_H
-#ifndef WIN32_LEAN_AND_MEAN
-#define WIN32_LEAN_AND_MEAN
-#endif
-#include <windows.h>
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#endif
-#define SENDCALLCONV PASCAL
-#else
-#ifdef HAVE_PROTO_BSDSOCKET_H
-#include <proto/bsdsocket.h>
-struct Library *SocketBase = NULL;
-#endif
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#define SENDCALLCONV
-#endif
-#ifndef HAVE_PROTO_BSDSOCKET_H
-                      extern $send_retv SENDCALLCONV
-                      send($send_arg1, $send_arg2, $send_arg3, $send_arg4);
-#endif
-
-int main (void)
-{
-
-                      $send_arg1 s=0;
-                      $send_arg3 len=0;
-                      $send_arg4 flags=0;
-                      $send_retv res = send(s, 0, len, flags);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-                    curl_cv_func_send_args="$send_arg1,$send_arg2,$send_arg3,$send_arg4,$send_retv"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-                fi
-              done
-            done
-          done
-        done
-      done
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_func_send_args" >&5
-printf "%s\n" "$curl_cv_func_send_args" >&6; } # AC-CACHE-CHECK
-    if test "$curl_cv_func_send_args" = "unknown"; then
-      as_fn_error $? "Cannot find proper types to use for send args" "$LINENO" 5
-    else
-      send_prev_IFS=$IFS; IFS=','
-      set dummy `echo "$curl_cv_func_send_args" | sed 's/\*/\*/g'`
-      IFS=$send_prev_IFS
-      shift
-      #
-      send_qual_type_arg2=$2
-      #
-
-printf "%s\n" "#define SEND_TYPE_ARG1 $1" >>confdefs.h
-
-
-printf "%s\n" "#define SEND_TYPE_ARG3 $3" >>confdefs.h
-
-
-printf "%s\n" "#define SEND_TYPE_ARG4 $4" >>confdefs.h
-
-
-printf "%s\n" "#define SEND_TYPE_RETV $5" >>confdefs.h
-
-      #
-      prev_sh_opts=$-
-      #
-      case $prev_sh_opts in
-        *f*)
-          ;;
-        *)
-          set -f
-          ;;
-      esac
-      #
-      case "$send_qual_type_arg2" in
-        const*)
-          send_qual_arg2=const
-          send_type_arg2=`echo $send_qual_type_arg2 | sed 's/^const //'`
-        ;;
-        *)
-          send_qual_arg2=
-          send_type_arg2=$send_qual_type_arg2
-        ;;
-      esac
-      #
-
-printf "%s\n" "#define SEND_QUAL_ARG2 $send_qual_arg2" >>confdefs.h
-
-
-printf "%s\n" "#define SEND_TYPE_ARG2 $send_type_arg2" >>confdefs.h
-
-      #
-      case $prev_sh_opts in
-        *f*)
-          ;;
-        *)
-          set +f
-          ;;
-      esac
-      #
 
 printf "%s\n" "#define HAVE_SEND 1" >>confdefs.h
 
-      curl_cv_func_send="yes"
-    fi
+    curl_cv_func_send="yes"
   else
     as_fn_error $? "Unable to link function send" "$LINENO" 5
   fi
@@ -35358,10 +35487,6 @@ else $as_nop
 #include <winsock2.h>
 #endif
 #else
-#ifdef HAVE_PROTO_BSDSOCKET_H
-#include <proto/bsdsocket.h>
-struct Library *SocketBase = NULL;
-#endif
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -35836,7 +35961,6 @@ printf %s "checking if closesocket can be linked... " >&6; }
 
 
       $curl_includes_winsock2
-      $curl_includes_bsdsocket
       $curl_includes_socket
 
 int main (void)
@@ -35874,7 +35998,6 @@ printf %s "checking if closesocket is prototyped... " >&6; }
 /* end confdefs.h.  */
 
       $curl_includes_winsock2
-      $curl_includes_bsdsocket
       $curl_includes_socket
 
 _ACEOF
@@ -35905,7 +36028,6 @@ printf %s "checking if closesocket is compilable... " >&6; }
 
 
         $curl_includes_winsock2
-      $curl_includes_bsdsocket
         $curl_includes_socket
 
 int main (void)
@@ -35995,7 +36117,7 @@ fi
 
 
 
-    #
+      #
   tst_links_closesocket_camel="unknown"
   tst_proto_closesocket_camel="unknown"
   tst_compi_closesocket_camel="unknown"
@@ -36007,6 +36129,7 @@ printf %s "checking if CloseSocket can be linked... " >&6; }
 /* end confdefs.h.  */
 
 
+      $curl_includes_bsdsocket
       $curl_includes_sys_socket
 
 int main (void)
@@ -36043,6 +36166,7 @@ printf %s "checking if CloseSocket is prototyped... " >&6; }
     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
+      $curl_includes_bsdsocket
       $curl_includes_sys_socket
 
 _ACEOF
@@ -36072,6 +36196,7 @@ printf %s "checking if CloseSocket is compilable... " >&6; }
 /* end confdefs.h.  */
 
 
+        $curl_includes_bsdsocket
         $curl_includes_sys_socket
 
 int main (void)
@@ -36135,7 +36260,7 @@ printf "%s\n" "no" >&6; }
   fi
 
 
-        #
+          #
   tst_links_connect="unknown"
   tst_proto_connect="unknown"
   tst_compi_connect="unknown"
@@ -36219,7 +36344,7 @@ printf %s "checking if connect is compilable... " >&6; }
 
 
         $curl_includes_winsock2
-      $curl_includes_bsdsocket
+        $curl_includes_bsdsocket
         $curl_includes_sys_socket
         $curl_includes_socket
 
@@ -36469,7 +36594,7 @@ printf "%s\n" "#define HAVE_FCNTL 1" >>confdefs.h
   tst_allow_fcntl_o_nonblock="unknown"
   #
   case $host_os in
-    sunos4* | aix3* | beos*)
+    sunos4* | aix3*)
             curl_disallow_fcntl_o_nonblock="yes"
       ;;
   esac
@@ -37437,10 +37562,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
 printf %s "checking if getaddrinfo seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -37501,7 +37625,75 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        $curl_includes_ws2tcpip
+        $curl_includes_stdlib
+        $curl_includes_string
+        $curl_includes_sys_socket
+        $curl_includes_netdb
+
+int main (void)
+{
+
+        struct addrinfo hints;
+        struct addrinfo *ai = 0;
+        int error;
+
+        #ifdef HAVE_WINSOCK2_H
+        WSADATA wsa;
+        if (WSAStartup(MAKEWORD(2,2), &wsa))
+                exit(2);
+        #endif
+
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_flags = AI_NUMERICHOST;
+        hints.ai_family = AF_UNSPEC;
+        hints.ai_socktype = SOCK_STREAM;
+        error = getaddrinfo("127.0.0.1", 0, &hints, &ai);
+        if(error || !ai)
+          exit(1); /* fail */
+        else
+          exit(0);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      tst_works_getaddrinfo="yes"
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      tst_works_getaddrinfo="no"
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
   #
@@ -37798,7 +37990,7 @@ printf %s "checking if gethostbyname is compilable... " >&6; }
 
 
         $curl_includes_winsock2
-      $curl_includes_bsdsocket
+        $curl_includes_bsdsocket
         $curl_includes_netdb
 
 int main (void)
@@ -37952,6 +38144,7 @@ printf %s "checking if gethostbyname_r takes 3 args.... " >&6; }
 
 
           $curl_includes_netdb
+          $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -37989,6 +38182,7 @@ printf %s "checking if gethostbyname_r takes 5 args.... " >&6; }
 
 
           $curl_includes_netdb
+          $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -38026,6 +38220,7 @@ printf %s "checking if gethostbyname_r takes 6 args.... " >&6; }
 
 
           $curl_includes_netdb
+          $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -38137,8 +38332,8 @@ printf %s "checking if gethostname can be linked... " >&6; }
 
 
       $curl_includes_winsock2
-      $curl_includes_bsdsocket
       $curl_includes_unistd
+      $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -38175,8 +38370,8 @@ printf %s "checking if gethostname is prototyped... " >&6; }
 /* end confdefs.h.  */
 
       $curl_includes_winsock2
-      $curl_includes_bsdsocket
       $curl_includes_unistd
+      $curl_includes_bsdsocket
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
@@ -38206,8 +38401,8 @@ printf %s "checking if gethostname is compilable... " >&6; }
 
 
         $curl_includes_winsock2
-      $curl_includes_bsdsocket
         $curl_includes_unistd
+        $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -38249,8 +38444,8 @@ printf %s "checking for gethostname arg 2 data type... " >&6; }
 
 
               $curl_includes_winsock2
-      $curl_includes_bsdsocket
               $curl_includes_unistd
+              $curl_includes_bsdsocket
               $curl_preprocess_callconv
               extern int FUNCALLCONV gethostname($tst_arg1, $tst_arg2);
 
@@ -38938,10 +39133,61 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if getifaddrs seems to work" >&5
 printf %s "checking if getifaddrs seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        $curl_includes_stdlib
+        $curl_includes_ifaddrs
+
+int main (void)
+{
+
+        struct ifaddrs *ifa = 0;
+        int error;
+
+        error = getifaddrs(&ifa);
+        if(error || !ifa)
+          exit(1); /* fail */
+        else
+          exit(0);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      tst_works_getifaddrs="yes"
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      tst_works_getifaddrs="no"
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -38988,7 +39234,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
   #
@@ -39177,10 +39425,61 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if gmtime_r seems to work" >&5
 printf %s "checking if gmtime_r seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        $curl_includes_stdlib
+        $curl_includes_time
+
+int main (void)
+{
+
+        time_t local = 1170352587;
+        struct tm *gmt = 0;
+        struct tm result;
+        gmt = gmtime_r(&local, &result);
+        if(gmt)
+          exit(0);
+        else
+          exit(1);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      tst_works_gmtime_r="yes"
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      tst_works_gmtime_r="no"
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -39227,7 +39526,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
   #
@@ -39439,10 +39740,103 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if inet_ntop seems to work" >&5
 printf %s "checking if inet_ntop seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        $curl_includes_stdlib
+        $curl_includes_arpa_inet
+        $curl_includes_string
+
+int main (void)
+{
+
+        char ipv6res[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+        char ipv4res[sizeof "255.255.255.255"];
+        unsigned char ipv6a[26];
+        unsigned char ipv4a[5];
+        char *ipv6ptr = 0;
+        char *ipv4ptr = 0;
+        /* - */
+        ipv4res[0] = '\0';
+        ipv4a[0] = 0xc0;
+        ipv4a[1] = 0xa8;
+        ipv4a[2] = 0x64;
+        ipv4a[3] = 0x01;
+        ipv4a[4] = 0x01;
+        /* - */
+        ipv4ptr = inet_ntop(AF_INET, ipv4a, ipv4res, sizeof(ipv4res));
+        if(!ipv4ptr)
+          exit(1); /* fail */
+        if(ipv4ptr != ipv4res)
+          exit(1); /* fail */
+        if(!ipv4ptr[0])
+          exit(1); /* fail */
+        if(memcmp(ipv4res, "192.168.100.1", 13) != 0)
+          exit(1); /* fail */
+        /* - */
+        ipv6res[0] = '\0';
+        memset(ipv6a, 0, sizeof(ipv6a));
+        ipv6a[0] = 0xfe;
+        ipv6a[1] = 0x80;
+        ipv6a[8] = 0x02;
+        ipv6a[9] = 0x14;
+        ipv6a[10] = 0x4f;
+        ipv6a[11] = 0xff;
+        ipv6a[12] = 0xfe;
+        ipv6a[13] = 0x0b;
+        ipv6a[14] = 0x76;
+        ipv6a[15] = 0xc8;
+        ipv6a[25] = 0x01;
+        /* - */
+        ipv6ptr = inet_ntop(AF_INET6, ipv6a, ipv6res, sizeof(ipv6res));
+        if(!ipv6ptr)
+          exit(1); /* fail */
+        if(ipv6ptr != ipv6res)
+          exit(1); /* fail */
+        if(!ipv6ptr[0])
+          exit(1); /* fail */
+        if(memcmp(ipv6res, "fe80::214:4fff:fe0b:76c8", 24) != 0)
+          exit(1); /* fail */
+        /* - */
+        exit(0);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      tst_works_inet_ntop="yes"
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      tst_works_inet_ntop="no"
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -39531,7 +39925,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
   #
@@ -39693,10 +40089,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if inet_pton seems to work" >&5
 printf %s "checking if inet_pton seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -39778,395 +40173,131 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
-
-  fi
-  #
-  if test "$tst_compi_inet_pton" = "yes" &&
-    test "$tst_works_inet_pton" != "no"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if inet_pton usage allowed" >&5
-printf %s "checking if inet_pton usage allowed... " >&6; }
-    if test "x$curl_disallow_inet_pton" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_inet_pton="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_inet_pton="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if inet_pton might be used" >&5
-printf %s "checking if inet_pton might be used... " >&6; }
-  if test "$tst_links_inet_pton" = "yes" &&
-     test "$tst_proto_inet_pton" = "yes" &&
-     test "$tst_compi_inet_pton" = "yes" &&
-     test "$tst_allow_inet_pton" = "yes" &&
-     test "$tst_works_inet_pton" != "no"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_INET_PTON 1" >>confdefs.h
-
-    curl_cv_func_inet_pton="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_inet_pton="no"
-  fi
-
-
-curl_includes_stropts="\
-/* includes start */
-#ifdef HAVE_SYS_TYPES_H
-#  include <sys/types.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#  include <unistd.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#  include <sys/socket.h>
-#endif
-#ifdef HAVE_SYS_IOCTL_H
-#  include <sys/ioctl.h>
-#endif
-#ifdef HAVE_STROPTS_H
-#  include <stropts.h>
-#endif
-/* includes end */"
-  ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$curl_includes_stropts
-"
-if test "x$ac_cv_header_sys_types_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$curl_includes_stropts
-"
-if test "x$ac_cv_header_unistd_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "$curl_includes_stropts
-"
-if test "x$ac_cv_header_sys_socket_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_SYS_SOCKET_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "sys/ioctl.h" "ac_cv_header_sys_ioctl_h" "$curl_includes_stropts
-"
-if test "x$ac_cv_header_sys_ioctl_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_SYS_IOCTL_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "stropts.h" "ac_cv_header_stropts_h" "$curl_includes_stropts
-"
-if test "x$ac_cv_header_stropts_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_STROPTS_H 1" >>confdefs.h
-
-fi
-
-
-
-    #
-  tst_links_ioctl="unknown"
-  tst_proto_ioctl="unknown"
-  tst_compi_ioctl="unknown"
-  tst_allow_ioctl="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl can be linked" >&5
-printf %s "checking if ioctl can be linked... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define ioctl innocuous_ioctl
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef ioctl
-#ifdef __cplusplus
-extern "C"
-#endif
-char ioctl ();
-#if defined __stub_ioctl || defined __stub___ioctl
-choke me
-#endif
-
-int main (void)
-{
-return ioctl ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-    tst_links_ioctl="yes"
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    tst_links_ioctl="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  #
-  if test "$tst_links_ioctl" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl is prototyped" >&5
-printf %s "checking if ioctl is prototyped... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-      $curl_includes_stropts
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "ioctl" >/dev/null 2>&1
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_proto_ioctl="yes"
-
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
 else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_proto_ioctl="no"
-
-fi
-rm -rf conftest*
-
-  fi
-  #
-  if test "$tst_proto_ioctl" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl is compilable" >&5
-printf %s "checking if ioctl is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 
-        $curl_includes_stropts
+        $curl_includes_stdlib
+        $curl_includes_arpa_inet
+        $curl_includes_string
 
 int main (void)
 {
 
-        if(0 != ioctl(0, 0, 0))
-          return 1;
+        unsigned char ipv6a[16+1];
+        unsigned char ipv4a[4+1];
+        const char *ipv6src = "fe80::214:4fff:fe0b:76c8";
+        const char *ipv4src = "192.168.100.1";
+        /* - */
+        memset(ipv4a, 1, sizeof(ipv4a));
+        if(1 != inet_pton(AF_INET, ipv4src, ipv4a))
+          exit(1); /* fail */
+        /* - */
+        if( (ipv4a[0] != 0xc0) ||
+            (ipv4a[1] != 0xa8) ||
+            (ipv4a[2] != 0x64) ||
+            (ipv4a[3] != 0x01) ||
+            (ipv4a[4] != 0x01) )
+          exit(1); /* fail */
+        /* - */
+        memset(ipv6a, 1, sizeof(ipv6a));
+        if(1 != inet_pton(AF_INET6, ipv6src, ipv6a))
+          exit(1); /* fail */
+        /* - */
+        if( (ipv6a[0]  != 0xfe) ||
+            (ipv6a[1]  != 0x80) ||
+            (ipv6a[8]  != 0x02) ||
+            (ipv6a[9]  != 0x14) ||
+            (ipv6a[10] != 0x4f) ||
+            (ipv6a[11] != 0xff) ||
+            (ipv6a[12] != 0xfe) ||
+            (ipv6a[13] != 0x0b) ||
+            (ipv6a[14] != 0x76) ||
+            (ipv6a[15] != 0xc8) ||
+            (ipv6a[16] != 0x01) )
+          exit(1); /* fail */
+        /* - */
+        if( (ipv6a[2]  != 0x0) ||
+            (ipv6a[3]  != 0x0) ||
+            (ipv6a[4]  != 0x0) ||
+            (ipv6a[5]  != 0x0) ||
+            (ipv6a[6]  != 0x0) ||
+            (ipv6a[7]  != 0x0) )
+          exit(1); /* fail */
+        /* - */
+        exit(0);
 
  ;
  return 0;
 }
 
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"
+if ac_fn_c_try_run "$LINENO"
 then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-      tst_compi_ioctl="yes"
+      tst_works_inet_pton="yes"
 
 else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-      tst_compi_ioctl="no"
+      tst_works_inet_pton="no"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-  if test "$tst_compi_ioctl" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl usage allowed" >&5
-printf %s "checking if ioctl usage allowed... " >&6; }
-    if test "x$curl_disallow_ioctl" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_ioctl="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_ioctl="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl might be used" >&5
-printf %s "checking if ioctl might be used... " >&6; }
-  if test "$tst_links_ioctl" = "yes" &&
-     test "$tst_proto_ioctl" = "yes" &&
-     test "$tst_compi_ioctl" = "yes" &&
-     test "$tst_allow_ioctl" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_IOCTL 1" >>confdefs.h
-
-    curl_cv_func_ioctl="yes"
-
-  #
-  tst_compi_ioctl_fionbio="unknown"
-  tst_allow_ioctl_fionbio="unknown"
-  #
-  if test "$curl_cv_func_ioctl" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl FIONBIO is compilable" >&5
-printf %s "checking if ioctl FIONBIO is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_stropts
-
-int main (void)
-{
-
-        int flags = 0;
-        if(0 != ioctl(0, FIONBIO, &flags))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_ioctl_fionbio="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_ioctl_fionbio="no"
-
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-  if test "$tst_compi_ioctl_fionbio" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl FIONBIO usage allowed" >&5
-printf %s "checking if ioctl FIONBIO usage allowed... " >&6; }
-    if test "x$curl_disallow_ioctl_fionbio" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_ioctl_fionbio="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_ioctl_fionbio="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl FIONBIO might be used" >&5
-printf %s "checking if ioctl FIONBIO might be used... " >&6; }
-  if test "$tst_compi_ioctl_fionbio" = "yes" &&
-     test "$tst_allow_ioctl_fionbio" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_IOCTL_FIONBIO 1" >>confdefs.h
-
-    curl_cv_func_ioctl_fionbio="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_ioctl_fionbio="no"
-  fi
-
-
-  #
-  tst_compi_ioctl_siocgifaddr="unknown"
-  tst_allow_ioctl_siocgifaddr="unknown"
-  #
-  if test "$curl_cv_func_ioctl" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl SIOCGIFADDR is compilable" >&5
-printf %s "checking if ioctl SIOCGIFADDR is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_stropts
-        #include <net/if.h>
-
-int main (void)
-{
 
-        struct ifreq ifr;
-        if(0 != ioctl(0, SIOCGIFADDR, &ifr))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_ioctl_siocgifaddr="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_ioctl_siocgifaddr="no"
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   fi
   #
-  if test "$tst_compi_ioctl_siocgifaddr" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl SIOCGIFADDR usage allowed" >&5
-printf %s "checking if ioctl SIOCGIFADDR usage allowed... " >&6; }
-    if test "x$curl_disallow_ioctl_siocgifaddr" != "xyes"; then
+  if test "$tst_compi_inet_pton" = "yes" &&
+    test "$tst_works_inet_pton" != "no"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if inet_pton usage allowed" >&5
+printf %s "checking if inet_pton usage allowed... " >&6; }
+    if test "x$curl_disallow_inet_pton" != "xyes"; then
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-      tst_allow_ioctl_siocgifaddr="yes"
+      tst_allow_inet_pton="yes"
     else
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-      tst_allow_ioctl_siocgifaddr="no"
+      tst_allow_inet_pton="no"
     fi
   fi
   #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ioctl SIOCGIFADDR might be used" >&5
-printf %s "checking if ioctl SIOCGIFADDR might be used... " >&6; }
-  if test "$tst_compi_ioctl_siocgifaddr" = "yes" &&
-     test "$tst_allow_ioctl_siocgifaddr" = "yes"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if inet_pton might be used" >&5
+printf %s "checking if inet_pton might be used... " >&6; }
+  if test "$tst_links_inet_pton" = "yes" &&
+     test "$tst_proto_inet_pton" = "yes" &&
+     test "$tst_compi_inet_pton" = "yes" &&
+     test "$tst_allow_inet_pton" = "yes" &&
+     test "$tst_works_inet_pton" != "no"; then
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-printf "%s\n" "#define HAVE_IOCTL_SIOCGIFADDR 1" >>confdefs.h
-
-    curl_cv_func_ioctl_siocgifaddr="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_ioctl_siocgifaddr="no"
-  fi
+printf "%s\n" "#define HAVE_INET_PTON 1" >>confdefs.h
 
+    curl_cv_func_inet_pton="yes"
   else
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    curl_cv_func_ioctl="no"
+    curl_cv_func_inet_pton="no"
   fi
 
 
@@ -40183,7 +40314,6 @@ printf %s "checking if ioctlsocket can be linked... " >&6; }
 
 
       $curl_includes_winsock2
-      $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -40220,7 +40350,6 @@ printf %s "checking if ioctlsocket is prototyped... " >&6; }
 /* end confdefs.h.  */
 
       $curl_includes_winsock2
-      $curl_includes_bsdsocket
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
@@ -40250,7 +40379,6 @@ printf %s "checking if ioctlsocket is compilable... " >&6; }
 
 
         $curl_includes_winsock2
-      $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -40319,7 +40447,6 @@ printf %s "checking if ioctlsocket FIONBIO is compilable... " >&6; }
 
 
         $curl_includes_winsock2
-      $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -40399,24 +40526,13 @@ printf %s "checking if IoctlSocket can be linked... " >&6; }
 /* end confdefs.h.  */
 
 
-#define IoctlSocket innocuous_IoctlSocket
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef IoctlSocket
-#ifdef __cplusplus
-extern "C"
-#endif
-char IoctlSocket ();
-#if defined __stub_IoctlSocket || defined __stub___IoctlSocket
-choke me
-#endif
+      $curl_includes_bsdsocket
 
 int main (void)
 {
-return IoctlSocket ();
+
+      IoctlSocket(0, 0, 0);
+
  ;
  return 0;
 }
@@ -40445,7 +40561,7 @@ printf %s "checking if IoctlSocket is prototyped... " >&6; }
     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
-      $curl_includes_stropts
+      $curl_includes_bsdsocket
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
@@ -40474,7 +40590,7 @@ printf %s "checking if IoctlSocket is compilable... " >&6; }
 /* end confdefs.h.  */
 
 
-        $curl_includes_stropts
+        $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -40531,7 +40647,7 @@ printf "%s\n" "#define HAVE_IOCTLSOCKET_CAMEL 1" >>confdefs.h
 
     curl_cv_func_ioctlsocket_camel="yes"
 
-  #
+    #
   tst_compi_ioctlsocket_camel_fionbio="unknown"
   tst_allow_ioctlsocket_camel_fionbio="unknown"
   #
@@ -40542,7 +40658,7 @@ printf %s "checking if IoctlSocket FIONBIO is compilable... " >&6; }
 /* end confdefs.h.  */
 
 
-        $curl_includes_stropts
+        $curl_includes_bsdsocket
 
 int main (void)
 {
@@ -40610,218 +40726,6 @@ printf "%s\n" "no" >&6; }
   fi
 
 
-      #
-  tst_links_localtime_r="unknown"
-  tst_proto_localtime_r="unknown"
-  tst_compi_localtime_r="unknown"
-  tst_works_localtime_r="unknown"
-  tst_allow_localtime_r="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if localtime_r can be linked" >&5
-printf %s "checking if localtime_r can be linked... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define localtime_r innocuous_localtime_r
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef localtime_r
-#ifdef __cplusplus
-extern "C"
-#endif
-char localtime_r ();
-#if defined __stub_localtime_r || defined __stub___localtime_r
-choke me
-#endif
-
-int main (void)
-{
-return localtime_r ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-    tst_links_localtime_r="yes"
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    tst_links_localtime_r="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  #
-  if test "$tst_links_localtime_r" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if localtime_r is prototyped" >&5
-printf %s "checking if localtime_r is prototyped... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-      $curl_includes_time
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "localtime_r" >/dev/null 2>&1
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_proto_localtime_r="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_proto_localtime_r="no"
-
-fi
-rm -rf conftest*
-
-  fi
-  #
-  if test "$tst_proto_localtime_r" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if localtime_r is compilable" >&5
-printf %s "checking if localtime_r is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_time
-
-int main (void)
-{
-
-        if(0 != localtime_r(0, 0))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_localtime_r="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_localtime_r="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-    if test "x$cross_compiling" != "xyes" &&
-    test "$tst_compi_localtime_r" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if localtime_r seems to work" >&5
-printf %s "checking if localtime_r seems to work... " >&6; }
-
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
-then :
-  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run test program while cross compiling
-See \`config.log' for more details" "$LINENO" 5; }
-else $as_nop
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_stdlib
-        $curl_includes_time
-
-int main (void)
-{
-
-        time_t clock = 1170352587;
-        struct tm *tmp = 0;
-        struct tm result;
-        tmp = localtime_r(&clock, &result);
-        if(tmp)
-          exit(0);
-        else
-          exit(1);
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_run "$LINENO"
-then :
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_works_localtime_r="yes"
-
-else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_works_localtime_r="no"
-
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-   LD_LIBRARY_PATH=$old # restore
-
-  fi
-  #
-  if test "$tst_compi_localtime_r" = "yes" &&
-    test "$tst_works_localtime_r" != "no"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if localtime_r usage allowed" >&5
-printf %s "checking if localtime_r usage allowed... " >&6; }
-    if test "x$curl_disallow_localtime_r" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_localtime_r="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_localtime_r="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if localtime_r might be used" >&5
-printf %s "checking if localtime_r might be used... " >&6; }
-  if test "$tst_links_localtime_r" = "yes" &&
-     test "$tst_proto_localtime_r" = "yes" &&
-     test "$tst_compi_localtime_r" = "yes" &&
-     test "$tst_allow_localtime_r" = "yes" &&
-     test "$tst_works_localtime_r" != "no"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_LOCALTIME_R 1" >>confdefs.h
-
-    curl_cv_func_localtime_r="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_localtime_r="no"
-  fi
-
-
     #
   tst_links_memrchr="unknown"
   tst_macro_memrchr="unknown"
@@ -41132,10 +41036,9 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if poll seems to work" >&5
 printf %s "checking if poll seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -41194,265 +41097,108 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
-
-  fi
-  #
-  if test "$tst_compi_poll" = "yes" &&
-    test "$tst_works_poll" != "no"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if poll usage allowed" >&5
-printf %s "checking if poll usage allowed... " >&6; }
-    if test "x$curl_disallow_poll" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_poll="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_poll="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if poll might be used" >&5
-printf %s "checking if poll might be used... " >&6; }
-  if test "$tst_links_poll" = "yes" &&
-     test "$tst_proto_poll" = "yes" &&
-     test "$tst_compi_poll" = "yes" &&
-     test "$tst_allow_poll" = "yes" &&
-     test "$tst_works_poll" != "no"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_POLL 1" >>confdefs.h
-
-
-printf "%s\n" "#define HAVE_POLL_FINE 1" >>confdefs.h
-
-    curl_cv_func_poll="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_poll="no"
-  fi
-
-
-      #
-  tst_links_setsockopt="unknown"
-  tst_proto_setsockopt="unknown"
-  tst_compi_setsockopt="unknown"
-  tst_allow_setsockopt="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt can be linked" >&5
-printf %s "checking if setsockopt can be linked... " >&6; }
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 
-      $curl_includes_winsock2
-      $curl_includes_bsdsocket
-      $curl_includes_sys_socket
+        $curl_includes_stdlib
+        $curl_includes_poll
+        $curl_includes_time
 
 int main (void)
 {
 
-      if(0 != setsockopt(0, 0, 0, 0, 0))
-        return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-    tst_links_setsockopt="yes"
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    tst_links_setsockopt="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  #
-  if test "$tst_links_setsockopt" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt is prototyped" >&5
-printf %s "checking if setsockopt is prototyped... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-      $curl_includes_winsock2
-      $curl_includes_bsdsocket
-      $curl_includes_sys_socket
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "setsockopt" >/dev/null 2>&1
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_proto_setsockopt="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_proto_setsockopt="no"
-
-fi
-rm -rf conftest*
-
-  fi
-  #
-  if test "$tst_proto_setsockopt" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt is compilable" >&5
-printf %s "checking if setsockopt is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
+        /* detect the original poll() breakage */
+        if(0 != poll(0, 0, 10))
+          exit(1); /* fail */
+        else {
+          /* detect the 10.12 poll() breakage */
+          struct timeval before, after;
+          int rc;
+          size_t us;
 
-        $curl_includes_winsock2
-      $curl_includes_bsdsocket
-        $curl_includes_sys_socket
+          gettimeofday(&before, NULL);
+          rc = poll(NULL, 0, 500);
+          gettimeofday(&after, NULL);
 
-int main (void)
-{
+          us = (after.tv_sec - before.tv_sec) * 1000000 +
+            (after.tv_usec - before.tv_usec);
 
-        if(0 != setsockopt(0, 0, 0, 0, 0))
-          return 1;
+          if(us < 400000)
+            exit(1);
+        }
 
  ;
  return 0;
 }
 
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"
+if ac_fn_c_try_run "$LINENO"
 then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-      tst_compi_setsockopt="yes"
+      tst_works_poll="yes"
 
 else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-      tst_compi_setsockopt="no"
+      tst_works_poll="no"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-  if test "$tst_compi_setsockopt" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt usage allowed" >&5
-printf %s "checking if setsockopt usage allowed... " >&6; }
-    if test "x$curl_disallow_setsockopt" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_setsockopt="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_setsockopt="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt might be used" >&5
-printf %s "checking if setsockopt might be used... " >&6; }
-  if test "$tst_links_setsockopt" = "yes" &&
-     test "$tst_proto_setsockopt" = "yes" &&
-     test "$tst_compi_setsockopt" = "yes" &&
-     test "$tst_allow_setsockopt" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_SETSOCKOPT 1" >>confdefs.h
-
-    curl_cv_func_setsockopt="yes"
-
-  #
-  tst_compi_setsockopt_so_nonblock="unknown"
-  tst_allow_setsockopt_so_nonblock="unknown"
-  #
-  if test "$curl_cv_func_setsockopt" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt SO_NONBLOCK is compilable" >&5
-printf %s "checking if setsockopt SO_NONBLOCK is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_winsock2
-      $curl_includes_bsdsocket
-        $curl_includes_sys_socket
-
-int main (void)
-{
-
-        if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_setsockopt_so_nonblock="yes"
-
-else $as_nop
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
 
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_setsockopt_so_nonblock="no"
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
   fi
   #
-  if test "$tst_compi_setsockopt_so_nonblock" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt SO_NONBLOCK usage allowed" >&5
-printf %s "checking if setsockopt SO_NONBLOCK usage allowed... " >&6; }
-    if test "x$curl_disallow_setsockopt_so_nonblock" != "xyes"; then
+  if test "$tst_compi_poll" = "yes" &&
+    test "$tst_works_poll" != "no"; then
+    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if poll usage allowed" >&5
+printf %s "checking if poll usage allowed... " >&6; }
+    if test "x$curl_disallow_poll" != "xyes"; then
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
-      tst_allow_setsockopt_so_nonblock="yes"
+      tst_allow_poll="yes"
     else
       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-      tst_allow_setsockopt_so_nonblock="no"
+      tst_allow_poll="no"
     fi
   fi
   #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if setsockopt SO_NONBLOCK might be used" >&5
-printf %s "checking if setsockopt SO_NONBLOCK might be used... " >&6; }
-  if test "$tst_compi_setsockopt_so_nonblock" = "yes" &&
-     test "$tst_allow_setsockopt_so_nonblock" = "yes"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if poll might be used" >&5
+printf %s "checking if poll might be used... " >&6; }
+  if test "$tst_links_poll" = "yes" &&
+     test "$tst_proto_poll" = "yes" &&
+     test "$tst_compi_poll" = "yes" &&
+     test "$tst_allow_poll" = "yes" &&
+     test "$tst_works_poll" != "no"; then
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
-printf "%s\n" "#define HAVE_SETSOCKOPT_SO_NONBLOCK 1" >>confdefs.h
-
-    curl_cv_func_setsockopt_so_nonblock="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_setsockopt_so_nonblock="no"
-  fi
+printf "%s\n" "#define HAVE_POLL_FINE 1" >>confdefs.h
 
+    curl_cv_func_poll="yes"
   else
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-    curl_cv_func_setsockopt="no"
+    curl_cv_func_poll="no"
   fi
 
 
@@ -42234,7 +41980,7 @@ printf %s "checking if socket is compilable... " >&6; }
 
 
         $curl_includes_winsock2
-      $curl_includes_bsdsocket
+        $curl_includes_bsdsocket
         $curl_includes_sys_socket
         $curl_includes_socket
 
@@ -43077,10 +42823,64 @@ printf "%s\n" "yes" >&6; }
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strerror_r seems to work" >&5
 printf %s "checking if strerror_r seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        $curl_includes_stdlib
+        $curl_includes_string
+#       include <errno.h>
+
+int main (void)
+{
+
+        char buffer[1024];
+        char *string = 0;
+        buffer[0] = '\0';
+        string = strerror_r(EACCES, buffer, sizeof(buffer));
+        if(!string)
+          exit(1); /* fail */
+        if(!string[0])
+          exit(1); /* fail */
+        else
+          exit(0);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      tst_works_glibc_strerror_r="yes"
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      tst_works_glibc_strerror_r="no"
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -43130,7 +42930,9 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
   #
@@ -43187,10 +42989,9 @@ printf "%s\n" "yes" >&6; }
     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strerror_r seems to work" >&5
 printf %s "checking if strerror_r seems to work... " >&6; }
 
-   old=$LD_LIBRARY_PATH
-   LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
-   export LD_LIBRARY_PATH
-   if test "$cross_compiling" = yes
+   case $host_os in
+     darwin*)
+      if test "$cross_compiling" = yes
 then :
   { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -43240,7 +43041,64 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-   LD_LIBRARY_PATH=$old # restore
+     ;;
+     *)
+      old=$LD_LIBRARY_PATH
+      LD_LIBRARY_PATH=$CURL_LIBRARY_PATH:$old
+      export LD_LIBRARY_PATH
+      if test "$cross_compiling" = yes
+then :
+  { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+        $curl_includes_stdlib
+        $curl_includes_string
+#       include <errno.h>
+
+int main (void)
+{
+
+        char buffer[1024];
+        int error = 1;
+        buffer[0] = '\0';
+        error = strerror_r(EACCES, buffer, sizeof(buffer));
+        if(error)
+          exit(1); /* fail */
+        if(buffer[0] == '\0')
+          exit(1); /* fail */
+        else
+          exit(0);
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"
+then :
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+      tst_works_posix_strerror_r="yes"
+
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+      tst_works_posix_strerror_r="no"
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+      LD_LIBRARY_PATH=$old # restore
+     ;;
+   esac
 
   fi
   #
@@ -43289,9 +43147,6 @@ printf "%s\n" "#define HAVE_STRERROR_R 1" >>confdefs.h
 
 printf "%s\n" "#define HAVE_GLIBC_STRERROR_R 1" >>confdefs.h
 
-
-printf "%s\n" "#define STRERROR_R_TYPE_ARG3 $tst_glibc_strerror_r_type_arg3" >>confdefs.h
-
     fi
     if test "$tst_posix_strerror_r" = "yes"; then
 
@@ -43300,9 +43155,6 @@ printf "%s\n" "#define HAVE_STRERROR_R 1" >>confdefs.h
 
 printf "%s\n" "#define HAVE_POSIX_STRERROR_R 1" >>confdefs.h
 
-
-printf "%s\n" "#define STRERROR_R_TYPE_ARG3 $tst_posix_strerror_r_type_arg3" >>confdefs.h
-
     fi
     curl_cv_func_strerror_r="yes"
   else
@@ -43470,456 +43322,6 @@ printf "%s\n" "no" >&6; }
 
 
     #
-  tst_links_strncmpi="unknown"
-  tst_proto_strncmpi="unknown"
-  tst_compi_strncmpi="unknown"
-  tst_allow_strncmpi="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strncmpi can be linked" >&5
-printf %s "checking if strncmpi can be linked... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define strncmpi innocuous_strncmpi
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef strncmpi
-#ifdef __cplusplus
-extern "C"
-#endif
-char strncmpi ();
-#if defined __stub_strncmpi || defined __stub___strncmpi
-choke me
-#endif
-
-int main (void)
-{
-return strncmpi ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-    tst_links_strncmpi="yes"
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    tst_links_strncmpi="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  #
-  if test "$tst_links_strncmpi" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strncmpi is prototyped" >&5
-printf %s "checking if strncmpi is prototyped... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-      $curl_includes_string
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "strncmpi" >/dev/null 2>&1
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_proto_strncmpi="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_proto_strncmpi="no"
-
-fi
-rm -rf conftest*
-
-  fi
-  #
-  if test "$tst_proto_strncmpi" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strncmpi is compilable" >&5
-printf %s "checking if strncmpi is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_string
-
-int main (void)
-{
-
-        if(0 != strncmpi(0, 0))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_strncmpi="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_strncmpi="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-  if test "$tst_compi_strncmpi" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strncmpi usage allowed" >&5
-printf %s "checking if strncmpi usage allowed... " >&6; }
-    if test "x$curl_disallow_strncmpi" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_strncmpi="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_strncmpi="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strncmpi might be used" >&5
-printf %s "checking if strncmpi might be used... " >&6; }
-  if test "$tst_links_strncmpi" = "yes" &&
-     test "$tst_proto_strncmpi" = "yes" &&
-     test "$tst_compi_strncmpi" = "yes" &&
-     test "$tst_allow_strncmpi" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_STRNCMPI 1" >>confdefs.h
-
-    curl_cv_func_strncmpi="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_strncmpi="no"
-  fi
-
-
-    #
-  tst_links_strnicmp="unknown"
-  tst_proto_strnicmp="unknown"
-  tst_compi_strnicmp="unknown"
-  tst_allow_strnicmp="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strnicmp can be linked" >&5
-printf %s "checking if strnicmp can be linked... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define strnicmp innocuous_strnicmp
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef strnicmp
-#ifdef __cplusplus
-extern "C"
-#endif
-char strnicmp ();
-#if defined __stub_strnicmp || defined __stub___strnicmp
-choke me
-#endif
-
-int main (void)
-{
-return strnicmp ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-    tst_links_strnicmp="yes"
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    tst_links_strnicmp="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  #
-  if test "$tst_links_strnicmp" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strnicmp is prototyped" >&5
-printf %s "checking if strnicmp is prototyped... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-      $curl_includes_string
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "strnicmp" >/dev/null 2>&1
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_proto_strnicmp="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_proto_strnicmp="no"
-
-fi
-rm -rf conftest*
-
-  fi
-  #
-  if test "$tst_proto_strnicmp" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strnicmp is compilable" >&5
-printf %s "checking if strnicmp is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_string
-
-int main (void)
-{
-
-        if(0 != strnicmp(0, 0))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_strnicmp="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_strnicmp="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-  if test "$tst_compi_strnicmp" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strnicmp usage allowed" >&5
-printf %s "checking if strnicmp usage allowed... " >&6; }
-    if test "x$curl_disallow_strnicmp" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_strnicmp="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_strnicmp="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strnicmp might be used" >&5
-printf %s "checking if strnicmp might be used... " >&6; }
-  if test "$tst_links_strnicmp" = "yes" &&
-     test "$tst_proto_strnicmp" = "yes" &&
-     test "$tst_compi_strnicmp" = "yes" &&
-     test "$tst_allow_strnicmp" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_STRNICMP 1" >>confdefs.h
-
-    curl_cv_func_strnicmp="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_strnicmp="no"
-  fi
-
-
-    #
-  tst_links_strstr="unknown"
-  tst_proto_strstr="unknown"
-  tst_compi_strstr="unknown"
-  tst_allow_strstr="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strstr can be linked" >&5
-printf %s "checking if strstr can be linked... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define strstr innocuous_strstr
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef strstr
-#ifdef __cplusplus
-extern "C"
-#endif
-char strstr ();
-#if defined __stub_strstr || defined __stub___strstr
-choke me
-#endif
-
-int main (void)
-{
-return strstr ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-    tst_links_strstr="yes"
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    tst_links_strstr="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  #
-  if test "$tst_links_strstr" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strstr is prototyped" >&5
-printf %s "checking if strstr is prototyped... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-      $curl_includes_string
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "strstr" >/dev/null 2>&1
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_proto_strstr="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_proto_strstr="no"
-
-fi
-rm -rf conftest*
-
-  fi
-  #
-  if test "$tst_proto_strstr" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strstr is compilable" >&5
-printf %s "checking if strstr is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_string
-
-int main (void)
-{
-
-        if(0 != strstr(0, 0))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_strstr="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_strstr="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-  if test "$tst_compi_strstr" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strstr usage allowed" >&5
-printf %s "checking if strstr usage allowed... " >&6; }
-    if test "x$curl_disallow_strstr" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_strstr="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_strstr="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if strstr might be used" >&5
-printf %s "checking if strstr might be used... " >&6; }
-  if test "$tst_links_strstr" = "yes" &&
-     test "$tst_proto_strstr" = "yes" &&
-     test "$tst_compi_strstr" = "yes" &&
-     test "$tst_allow_strstr" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_STRSTR 1" >>confdefs.h
-
-    curl_cv_func_strstr="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_strstr="no"
-  fi
-
-
-    #
   tst_links_strtok_r="unknown"
   tst_proto_strtok_r="unknown"
   tst_compi_strtok_r="unknown"
@@ -44219,182 +43621,6 @@ printf "%s\n" "no" >&6; }
   fi
 
 
-curl_includes_sys_uio="\
-/* includes start */
-#ifdef HAVE_SYS_TYPES_H
-#  include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_UIO_H
-#  include <sys/uio.h>
-#endif
-/* includes end */"
-  ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$curl_includes_sys_uio
-"
-if test "x$ac_cv_header_sys_types_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "sys/uio.h" "ac_cv_header_sys_uio_h" "$curl_includes_sys_uio
-"
-if test "x$ac_cv_header_sys_uio_h" = xyes
-then :
-  printf "%s\n" "#define HAVE_SYS_UIO_H 1" >>confdefs.h
-
-fi
-
-
-
-    #
-  tst_links_writev="unknown"
-  tst_proto_writev="unknown"
-  tst_compi_writev="unknown"
-  tst_allow_writev="unknown"
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if writev can be linked" >&5
-printf %s "checking if writev can be linked... " >&6; }
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-#define writev innocuous_writev
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef writev
-#ifdef __cplusplus
-extern "C"
-#endif
-char writev ();
-#if defined __stub_writev || defined __stub___writev
-choke me
-#endif
-
-int main (void)
-{
-return writev ();
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-    tst_links_writev="yes"
-
-else $as_nop
-
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    tst_links_writev="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
-    conftest$ac_exeext conftest.$ac_ext
-  #
-  if test "$tst_links_writev" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if writev is prototyped" >&5
-printf %s "checking if writev is prototyped... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-      $curl_includes_sys_uio
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
-  $EGREP "writev" >/dev/null 2>&1
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_proto_writev="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_proto_writev="no"
-
-fi
-rm -rf conftest*
-
-  fi
-  #
-  if test "$tst_proto_writev" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if writev is compilable" >&5
-printf %s "checking if writev is compilable... " >&6; }
-    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-
-        $curl_includes_sys_uio
-
-int main (void)
-{
-
-        if(0 != writev(0, 0, 0))
-          return 1;
-
- ;
- return 0;
-}
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_compi_writev="yes"
-
-else $as_nop
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_compi_writev="no"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-  fi
-  #
-  if test "$tst_compi_writev" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if writev usage allowed" >&5
-printf %s "checking if writev usage allowed... " >&6; }
-    if test "x$curl_disallow_writev" != "xyes"; then
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-      tst_allow_writev="yes"
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-      tst_allow_writev="no"
-    fi
-  fi
-  #
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if writev might be used" >&5
-printf %s "checking if writev might be used... " >&6; }
-  if test "$tst_links_writev" = "yes" &&
-     test "$tst_proto_writev" = "yes" &&
-     test "$tst_compi_writev" = "yes" &&
-     test "$tst_allow_writev" = "yes"; then
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_WRITEV 1" >>confdefs.h
-
-    curl_cv_func_writev="yes"
-  else
-    { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-    curl_cv_func_writev="no"
-  fi
-
-
 case $host in
   *msdosdjgpp)
      ac_cv_func_pipe=no
@@ -44504,7 +43730,7 @@ fi
 
 
 
-  for ac_func in fnmatch geteuid getpass_r getppid getpwuid getpwuid_r getrlimit gettimeofday if_nametoindex mach_absolute_time pipe setlocale setmode setrlimit usleep utime utimes
+  for ac_func in fnmatch fchmod fork geteuid getpass_r getppid getpwuid getpwuid_r getrlimit gettimeofday if_nametoindex mach_absolute_time pipe sched_yield sendmsg setlocale setmode setrlimit snprintf utime utimes arc4random
 do :
   as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -44564,7 +43790,7 @@ fi
 done
 
 
-            #
+        #
   tst_method="unknown"
 
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to set a socket into non-blocking mode" >&5
@@ -44741,16 +43967,12 @@ fi
 
 
 
-
-
   #
   if test "$want_ares" = "yes"; then
         clean_CPPFLAGS="$CPPFLAGS"
     clean_LDFLAGS="$LDFLAGS"
     clean_LIBS="$LIBS"
-    embedded_ares="unknown"
     configure_runpath=`pwd`
-    embedded_ares_builddir="$configure_runpath/ares"
     if test -n "$want_ares_path"; then
             ARES_PCDIR="$want_ares_path/lib/pkgconfig"
 
@@ -44923,14 +44145,6 @@ printf "%s\n" "$as_me: pkg-config: ares CPPFLAGS: \"$ares_CPPFLAGS\"" >&6;}
         ares_LIBS="-lcares"
       fi
     else
-            if test -d "$srcdir/ares"; then
-                embedded_ares="yes"
-        subdirs="$subdirs ares"
-
-                        ares_CPPFLAGS=""
-        ares_LDFLAGS="-L$embedded_ares_builddir"
-        ares_LIBS="-lcares"
-      else
 
     if test -n "$PKG_CONFIG"; then
       PKGCONFIG="$PKG_CONFIG"
@@ -45067,21 +44281,20 @@ printf "%s\n" "found" >&6; }
       fi
     fi
 
-        if test "$PKGCONFIG" != "no" ; then
-          ares_LIBS=`$PKGCONFIG --libs-only-l libcares`
-          ares_LDFLAGS=`$PKGCONFIG --libs-only-L libcares`
-          ares_CPPFLAGS=`$PKGCONFIG --cflags-only-I libcares`
-          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: pkg-config: ares_LIBS: \"$ares_LIBS\"" >&5
+      if test "$PKGCONFIG" != "no" ; then
+        ares_LIBS=`$PKGCONFIG --libs-only-l libcares`
+        ares_LDFLAGS=`$PKGCONFIG --libs-only-L libcares`
+        ares_CPPFLAGS=`$PKGCONFIG --cflags-only-I libcares`
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: pkg-config: ares_LIBS: \"$ares_LIBS\"" >&5
 printf "%s\n" "$as_me: pkg-config: ares_LIBS: \"$ares_LIBS\"" >&6;}
-          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: pkg-config: ares_LDFLAGS: \"$ares_LDFLAGS\"" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: pkg-config: ares_LDFLAGS: \"$ares_LDFLAGS\"" >&5
 printf "%s\n" "$as_me: pkg-config: ares_LDFLAGS: \"$ares_LDFLAGS\"" >&6;}
-          { printf "%s\n" "$as_me:${as_lineno-$LINENO}: pkg-config: ares_CPPFLAGS: \"$ares_CPPFLAGS\"" >&5
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: pkg-config: ares_CPPFLAGS: \"$ares_CPPFLAGS\"" >&5
 printf "%s\n" "$as_me: pkg-config: ares_CPPFLAGS: \"$ares_CPPFLAGS\"" >&6;}
-        else
-          ares_CPPFLAGS=""
-          ares_LDFLAGS=""
-          ares_LIBS="-lcares"
-        fi
+      else
+        ares_CPPFLAGS=""
+        ares_LDFLAGS=""
+        ares_LIBS="-lcares"
       fi
     fi
     #
@@ -45089,28 +44302,28 @@ printf "%s\n" "$as_me: pkg-config: ares_CPPFLAGS: \"$ares_CPPFLAGS\"" >&6;}
     LDFLAGS="$clean_LDFLAGS $ares_LDFLAGS"
     LIBS="$ares_LIBS $clean_LIBS"
     #
-    if test "$embedded_ares" != "yes"; then
-                  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that c-ares is good and recent enough" >&5
+
+        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that c-ares is good and recent enough" >&5
 printf %s "checking that c-ares is good and recent enough... " >&6; }
-      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
 
 #include <ares.h>
-          /* set of dummy functions in case c-ares was built with debug */
-          void curl_dofree() { }
-          void curl_sclose() { }
-          void curl_domalloc() { }
-          void curl_docalloc() { }
-          void curl_socket() { }
+        /* set of dummy functions in case c-ares was built with debug */
+        void curl_dofree() { }
+        void curl_sclose() { }
+        void curl_domalloc() { }
+        void curl_docalloc() { }
+        void curl_socket() { }
 
 int main (void)
 {
 
-          ares_channel channel;
-          ares_cancel(channel); /* added in 1.2.0 */
-          ares_process_fd(channel, 0, 0); /* added in 1.4.0 */
-          ares_dup(&channel, channel); /* added in 1.6.0 */
+        ares_channel channel;
+        ares_cancel(channel); /* added in 1.2.0 */
+        ares_process_fd(channel, 0, 0); /* added in 1.4.0 */
+        ares_dup(&channel, channel); /* added in 1.6.0 */
 
  ;
  return 0;
@@ -45120,24 +44333,24 @@ _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
 
-        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 printf "%s\n" "yes" >&6; }
 
 else $as_nop
 
-        { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
-        as_fn_error $? "c-ares library defective or too old" "$LINENO" 5
-                CPPFLAGS="$clean_CPPFLAGS"
-        LDFLAGS="$clean_LDFLAGS"
-        LIBS="$clean_LIBS"
-        # prevent usage
-        want_ares="no"
+      as_fn_error $? "c-ares library defective or too old" "$LINENO" 5
+            CPPFLAGS="$clean_CPPFLAGS"
+      LDFLAGS="$clean_LDFLAGS"
+      LIBS="$clean_LIBS"
+      # prevent usage
+      want_ares="no"
 
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
     conftest$ac_exeext conftest.$ac_ext
-    fi
+
     if test "$want_ares" = "yes"; then
 
 printf "%s\n" "#define USE_ARES 1" >>confdefs.h
@@ -45148,14 +44361,6 @@ printf "%s\n" "#define USE_ARES 1" >>confdefs.h
     fi
   fi
 
- if test x$embedded_ares = xyes; then
-  USE_EMBEDDED_ARES_TRUE=
-  USE_EMBEDDED_ARES_FALSE='#'
-else
-  USE_EMBEDDED_ARES_TRUE='#'
-  USE_EMBEDDED_ARES_FALSE=
-fi
-
 
 if test "x$curl_cv_native_windows" != "xyes" &&
    test "x$enable_shared" = "xyes"; then
@@ -45267,9 +44472,25 @@ fi
 
             if test "$USE_THREADS_POSIX" != "1"
       then
-        CFLAGS="$CFLAGS -pthread"
         # assign PTHREAD for pkg-config use
         PTHREAD=" -pthread"
+
+        case $host in
+        *-ibm-aix*)
+                      COMPILER_VERSION=`"$CC" -qversion 2>/dev/null`
+           if test x"$COMPILER_VERSION" = "x"; then
+             CFLAGS="$CFLAGS -pthread"
+           else
+             CFLAGS="$CFLAGS -qthreaded"
+           fi
+           ;;
+        powerpc-*amigaos*)
+                      PTHREAD=" -lpthread"
+           ;;
+        *)
+           CFLAGS="$CFLAGS -pthread"
+           ;;
+        esac
         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_create in -lpthread" >&5
 printf %s "checking for pthread_create in -lpthread... " >&6; }
 if test ${ac_cv_lib_pthread_pthread_create+y}
@@ -45538,6 +44759,8 @@ printf %s "checking whether to enable NTLM delegation to winbind's helper... " >
     test "x$SSL_ENABLED" = "x"; then
     want_ntlm_wb_file=""
     want_ntlm_wb="no"
+  elif test "x$ac_cv_func_fork" != "xyes"; then
+        want_ntlm_wb="no"
   fi
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $want_ntlm_wb" >&5
 printf "%s\n" "$want_ntlm_wb" >&6; }
@@ -45609,8 +44832,15 @@ printf "%s\n" "auto" >&6; }
 fi
 
 if test "x$want_unix_sockets" != "xno"; then
-  ac_fn_c_check_member "$LINENO" "struct sockaddr_un" "sun_path" "ac_cv_member_struct_sockaddr_un_sun_path" "
-    #include <sys/un.h>
+  if test "x$curl_cv_native_windows" = "xyes"; then
+    USE_UNIX_SOCKETS=1
+
+printf "%s\n" "#define USE_UNIX_SOCKETS 1" >>confdefs.h
+
+    curl_unix_sockets_msg="enabled"
+  else
+    ac_fn_c_check_member "$LINENO" "struct sockaddr_un" "sun_path" "ac_cv_member_struct_sockaddr_un_sun_path" "
+      #include <sys/un.h>
 
 "
 if test "x$ac_cv_member_struct_sockaddr_un_sun_path" = xyes
@@ -45619,18 +44849,19 @@ then :
 
 printf "%s\n" "#define USE_UNIX_SOCKETS 1" >>confdefs.h
 
-    USE_UNIX_SOCKETS=1
+      USE_UNIX_SOCKETS=1
 
-    curl_unix_sockets_msg="enabled"
+      curl_unix_sockets_msg="enabled"
 
 else $as_nop
 
-    if test "x$want_unix_sockets" = "xyes"; then
-      as_fn_error $? "--enable-unix-sockets is not available on this platform!" "$LINENO" 5
-    fi
+      if test "x$want_unix_sockets" = "xyes"; then
+        as_fn_error $? "--enable-unix-sockets is not available on this platform!" "$LINENO" 5
+      fi
 
 fi
 
+  fi
 fi
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to support cookies" >&5
@@ -45893,8 +45124,33 @@ printf "%s\n" "yes" >&6; }
        ;;
   esac
 else $as_nop
-  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to support headers-api" >&5
+printf %s "checking whether to support headers-api... " >&6; }
+# Check whether --enable-headers-api was given.
+if test ${enable_headers_api+y}
+then :
+  enableval=$enable_headers_api;  case "$enableval" in
+  no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
 printf "%s\n" "no" >&6; }
+       curl_headers_msg="no      (--enable-headers-api)"
+
+printf "%s\n" "#define CURL_DISABLE_HEADERS_API 1" >>confdefs.h
+
+       ;;
+  *)
+       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+       ;;
+  esac
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
 
 fi
 
@@ -45970,13 +45226,61 @@ printf "%s\n" "$ECH_SUPPORT" >&6; }
   fi
 fi
 
+if test "x$OPENSSL_ENABLED" = "x1"; then
+  ac_fn_c_check_func "$LINENO" "SSL_set0_wbio" "ac_cv_func_SSL_set0_wbio"
+if test "x$ac_cv_func_SSL_set0_wbio" = xyes
+then :
+  printf "%s\n" "#define HAVE_SSL_SET0_WBIO 1" >>confdefs.h
+
+fi
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to support WebSockets" >&5
+printf %s "checking whether to support WebSockets... " >&6; }
+# Check whether --enable-websockets was given.
+if test ${enable_websockets+y}
+then :
+  enableval=$enable_websockets;  case "$enableval" in
+  no)
+     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+     ;;
+  *)
+     if test ${ac_cv_sizeof_curl_off_t} -gt 4; then
+         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+         curl_ws_msg="enabled"
+
+printf "%s\n" "#define USE_WEBSOCKETS 1" >>confdefs.h
+
+         SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS WS"
+         if test "x$SSL_ENABLED" = "x1"; then
+           SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS WSS"
+         fi
+         experimental="$experimental Websockets"
+     else
+                  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+         { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Websockets disabled due to lack of >32 bit curl_off_t" >&5
+printf "%s\n" "$as_me: WARNING: Websockets disabled due to lack of >32 bit curl_off_t" >&2;}
+     fi
+     ;;
+  esac
+else $as_nop
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+
+fi
+
+
+
 
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether hiding of library internal symbols will actually happen" >&5
 printf %s "checking whether hiding of library internal symbols will actually happen... " >&6; }
   CFLAG_CURL_SYMBOL_HIDING=""
   doing_symbol_hiding="no"
-  if test x"$curl_cv_native_windows" != "xyes" &&
-    test "$want_symbol_hiding" = "yes" &&
+  if test "$want_symbol_hiding" = "yes" &&
     test "$supports_symbol_hiding" = "yes"; then
     doing_symbol_hiding="yes"
     CFLAG_CURL_SYMBOL_HIDING="$symbol_hiding_CFLAGS"
@@ -46123,7 +45427,8 @@ if test "x$USE_NGHTTP2" = "x1" -o "x$USE_HYPER" = "x1"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2"
 fi
 
-if test "x$USE_NGTCP2" = "x1" -o "x$USE_QUICHE" = "x1"; then
+if test "x$USE_NGTCP2" = "x1" -o "x$USE_QUICHE" = "x1" \
+    -o "x$USE_MSH3" = "x1"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP3"
 fi
 
@@ -46132,8 +45437,17 @@ if test "x$CURL_WITH_MULTI_SSL" = "x1"; then
 fi
 
 if test "x$https_proxy" != "xno"; then
-  if test "x$OPENSSL_ENABLED" = "x1" -o "x$GNUTLS_ENABLED" = "x1" \
-      -o "x$NSS_ENABLED" = "x1"; then
+  if test "x$OPENSSL_ENABLED" = "x1" \
+      -o "x$GNUTLS_ENABLED" = "x1" \
+      -o "x$NSS_ENABLED" = "x1" \
+      -o "x$SECURETRANSPORT_ENABLED" = "x1" \
+      -o "x$RUSTLS_ENABLED" = "x1" \
+      -o "x$BEARSSL_ENABLED" = "x1" \
+      -o "x$SCHANNEL_ENABLED" = "x1" \
+      -o "x$GNUTLS_ENABLED" = "x1" \
+      -o "x$MBEDTLS_ENABLED" = "x1"; then
+    SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy"
+  elif test "x$WOLFSSL_ENABLED" = "x1" -a "x$WOLFSSL_FULL_BIO" = "x1"; then
     SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy"
   fi
 fi
@@ -46149,6 +45463,36 @@ if test ${ac_cv_sizeof_curl_off_t} -gt 4; then
   fi
 fi
 
+if test "$tst_atomic" = "yes"; then
+  SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe"
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+      #include <windows.h>
+
+int main (void)
+{
+
+      #if (WINVER < 0x600) && (_WIN32_WINNT < 0x600)
+      #error
+      #endif
+
+ ;
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
+     SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
 SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort | tr '\012' ' '`
 
 
@@ -46431,7 +45775,7 @@ if test "x$want_curldebug_assumed" = "xyes" &&
   ac_configure_args="$ac_configure_args --enable-curldebug"
 fi
 
-ac_config_files="$ac_config_files Makefile docs/Makefile docs/examples/Makefile docs/libcurl/Makefile docs/libcurl/opts/Makefile docs/cmdline-opts/Makefile include/Makefile include/curl/Makefile src/Makefile lib/Makefile scripts/Makefile lib/libcurl.vers tests/Makefile tests/certs/Makefile tests/certs/scripts/Makefile tests/data/Makefile tests/server/Makefile tests/libtest/Makefile tests/unit/Makefile packages/Makefile packages/vms/Makefile curl-config libcurl.pc"
+ac_config_files="$ac_config_files Makefile docs/Makefile docs/examples/Makefile docs/libcurl/Makefile docs/libcurl/opts/Makefile docs/cmdline-opts/Makefile include/Makefile include/curl/Makefile src/Makefile lib/Makefile scripts/Makefile lib/libcurl.vers lib/libcurl.plist tests/Makefile tests/config tests/certs/Makefile tests/certs/scripts/Makefile tests/data/Makefile tests/server/Makefile tests/libtest/Makefile tests/unit/Makefile tests/http/config.ini tests/http/Makefile packages/Makefile packages/vms/Makefile curl-config libcurl.pc"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -46602,6 +45946,10 @@ if test -z "${DOING_NATIVE_WINDOWS_TRUE}" && test -z "${DOING_NATIVE_WINDOWS_FAL
   as_fn_error $? "conditional \"DOING_NATIVE_WINDOWS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${HAVE_WINDRES_TRUE}" && test -z "${HAVE_WINDRES_FALSE}"; then
+  as_fn_error $? "conditional \"HAVE_WINDRES\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${HAVE_LIBZ_TRUE}" && test -z "${HAVE_LIBZ_FALSE}"; then
   as_fn_error $? "conditional \"HAVE_LIBZ\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -46626,10 +45974,6 @@ if test -z "${USE_MANUAL_TRUE}" && test -z "${USE_MANUAL_FALSE}"; then
   as_fn_error $? "conditional \"USE_MANUAL\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${USE_EMBEDDED_ARES_TRUE}" && test -z "${USE_EMBEDDED_ARES_FALSE}"; then
-  as_fn_error $? "conditional \"USE_EMBEDDED_ARES\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${BUILD_LIBHOSTNAME_TRUE}" && test -z "${BUILD_LIBHOSTNAME_FALSE}"; then
   as_fn_error $? "conditional \"BUILD_LIBHOSTNAME\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -47258,12 +46602,14 @@ lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_q
 lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
 reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
 reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
+FILECMD='`$ECHO "$FILECMD" | $SED "$delay_single_quote_subst"`'
 deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
 file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
 file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
 want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
 sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
 AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
+lt_ar_flags='`$ECHO "$lt_ar_flags" | $SED "$delay_single_quote_subst"`'
 AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
 archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
 STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
@@ -47357,6 +46703,48 @@ enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_sub
 enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
 old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
 striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
+LD_RC='`$ECHO "$LD_RC" | $SED "$delay_single_quote_subst"`'
+reload_flag_RC='`$ECHO "$reload_flag_RC" | $SED "$delay_single_quote_subst"`'
+reload_cmds_RC='`$ECHO "$reload_cmds_RC" | $SED "$delay_single_quote_subst"`'
+old_archive_cmds_RC='`$ECHO "$old_archive_cmds_RC" | $SED "$delay_single_quote_subst"`'
+compiler_RC='`$ECHO "$compiler_RC" | $SED "$delay_single_quote_subst"`'
+GCC_RC='`$ECHO "$GCC_RC" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag_RC='`$ECHO "$lt_prog_compiler_no_builtin_flag_RC" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_pic_RC='`$ECHO "$lt_prog_compiler_pic_RC" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_wl_RC='`$ECHO "$lt_prog_compiler_wl_RC" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_static_RC='`$ECHO "$lt_prog_compiler_static_RC" | $SED "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o_RC='`$ECHO "$lt_cv_prog_compiler_c_o_RC" | $SED "$delay_single_quote_subst"`'
+archive_cmds_need_lc_RC='`$ECHO "$archive_cmds_need_lc_RC" | $SED "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes_RC='`$ECHO "$enable_shared_with_static_runtimes_RC" | $SED "$delay_single_quote_subst"`'
+export_dynamic_flag_spec_RC='`$ECHO "$export_dynamic_flag_spec_RC" | $SED "$delay_single_quote_subst"`'
+whole_archive_flag_spec_RC='`$ECHO "$whole_archive_flag_spec_RC" | $SED "$delay_single_quote_subst"`'
+compiler_needs_object_RC='`$ECHO "$compiler_needs_object_RC" | $SED "$delay_single_quote_subst"`'
+old_archive_from_new_cmds_RC='`$ECHO "$old_archive_from_new_cmds_RC" | $SED "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds_RC='`$ECHO "$old_archive_from_expsyms_cmds_RC" | $SED "$delay_single_quote_subst"`'
+archive_cmds_RC='`$ECHO "$archive_cmds_RC" | $SED "$delay_single_quote_subst"`'
+archive_expsym_cmds_RC='`$ECHO "$archive_expsym_cmds_RC" | $SED "$delay_single_quote_subst"`'
+module_cmds_RC='`$ECHO "$module_cmds_RC" | $SED "$delay_single_quote_subst"`'
+module_expsym_cmds_RC='`$ECHO "$module_expsym_cmds_RC" | $SED "$delay_single_quote_subst"`'
+with_gnu_ld_RC='`$ECHO "$with_gnu_ld_RC" | $SED "$delay_single_quote_subst"`'
+allow_undefined_flag_RC='`$ECHO "$allow_undefined_flag_RC" | $SED "$delay_single_quote_subst"`'
+no_undefined_flag_RC='`$ECHO "$no_undefined_flag_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_RC='`$ECHO "$hardcode_libdir_flag_spec_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_separator_RC='`$ECHO "$hardcode_libdir_separator_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_direct_RC='`$ECHO "$hardcode_direct_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_direct_absolute_RC='`$ECHO "$hardcode_direct_absolute_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_minus_L_RC='`$ECHO "$hardcode_minus_L_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_shlibpath_var_RC='`$ECHO "$hardcode_shlibpath_var_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_automatic_RC='`$ECHO "$hardcode_automatic_RC" | $SED "$delay_single_quote_subst"`'
+inherit_rpath_RC='`$ECHO "$inherit_rpath_RC" | $SED "$delay_single_quote_subst"`'
+link_all_deplibs_RC='`$ECHO "$link_all_deplibs_RC" | $SED "$delay_single_quote_subst"`'
+always_export_symbols_RC='`$ECHO "$always_export_symbols_RC" | $SED "$delay_single_quote_subst"`'
+export_symbols_cmds_RC='`$ECHO "$export_symbols_cmds_RC" | $SED "$delay_single_quote_subst"`'
+exclude_expsyms_RC='`$ECHO "$exclude_expsyms_RC" | $SED "$delay_single_quote_subst"`'
+include_expsyms_RC='`$ECHO "$include_expsyms_RC" | $SED "$delay_single_quote_subst"`'
+prelink_cmds_RC='`$ECHO "$prelink_cmds_RC" | $SED "$delay_single_quote_subst"`'
+postlink_cmds_RC='`$ECHO "$postlink_cmds_RC" | $SED "$delay_single_quote_subst"`'
+file_list_spec_RC='`$ECHO "$file_list_spec_RC" | $SED "$delay_single_quote_subst"`'
+hardcode_action_RC='`$ECHO "$hardcode_action_RC" | $SED "$delay_single_quote_subst"`'
 
 LTCC='$LTCC'
 LTCFLAGS='$LTCFLAGS'
@@ -47387,13 +46775,13 @@ LN_S \
 lt_SP2NL \
 lt_NL2SP \
 reload_flag \
+FILECMD \
 deplibs_check_method \
 file_magic_cmd \
 file_magic_glob \
 want_nocaseglob \
 sharedlib_from_linklib_cmd \
 AR \
-AR_FLAGS \
 archiver_list_spec \
 STRIP \
 RANLIB \
@@ -47439,7 +46827,26 @@ soname_spec \
 install_override_mode \
 finish_eval \
 old_striplib \
-striplib; do
+striplib \
+LD_RC \
+reload_flag_RC \
+compiler_RC \
+lt_prog_compiler_no_builtin_flag_RC \
+lt_prog_compiler_pic_RC \
+lt_prog_compiler_wl_RC \
+lt_prog_compiler_static_RC \
+lt_cv_prog_compiler_c_o_RC \
+export_dynamic_flag_spec_RC \
+whole_archive_flag_spec_RC \
+compiler_needs_object_RC \
+with_gnu_ld_RC \
+allow_undefined_flag_RC \
+no_undefined_flag_RC \
+hardcode_libdir_flag_spec_RC \
+hardcode_libdir_separator_RC \
+exclude_expsyms_RC \
+include_expsyms_RC \
+file_list_spec_RC; do
     case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
     *[\\\\\\\`\\"\\\$]*)
       eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
@@ -47470,7 +46877,18 @@ postuninstall_cmds \
 finish_cmds \
 sys_lib_search_path_spec \
 configure_time_dlsearch_path \
-configure_time_lt_sys_library_path; do
+configure_time_lt_sys_library_path \
+reload_cmds_RC \
+old_archive_cmds_RC \
+old_archive_from_new_cmds_RC \
+old_archive_from_expsyms_cmds_RC \
+archive_cmds_RC \
+archive_expsym_cmds_RC \
+module_cmds_RC \
+module_expsym_cmds_RC \
+export_symbols_cmds_RC \
+prelink_cmds_RC \
+postlink_cmds_RC; do
     case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
     *[\\\\\\\`\\"\\\$]*)
       eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
@@ -47498,6 +46916,8 @@ fi
 
 
 
+
+
 _ACEOF
 
 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
@@ -47521,13 +46941,17 @@ do
     "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;;
     "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;;
     "lib/libcurl.vers") CONFIG_FILES="$CONFIG_FILES lib/libcurl.vers" ;;
+    "lib/libcurl.plist") CONFIG_FILES="$CONFIG_FILES lib/libcurl.plist" ;;
     "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
+    "tests/config") CONFIG_FILES="$CONFIG_FILES tests/config" ;;
     "tests/certs/Makefile") CONFIG_FILES="$CONFIG_FILES tests/certs/Makefile" ;;
     "tests/certs/scripts/Makefile") CONFIG_FILES="$CONFIG_FILES tests/certs/scripts/Makefile" ;;
     "tests/data/Makefile") CONFIG_FILES="$CONFIG_FILES tests/data/Makefile" ;;
     "tests/server/Makefile") CONFIG_FILES="$CONFIG_FILES tests/server/Makefile" ;;
     "tests/libtest/Makefile") CONFIG_FILES="$CONFIG_FILES tests/libtest/Makefile" ;;
     "tests/unit/Makefile") CONFIG_FILES="$CONFIG_FILES tests/unit/Makefile" ;;
+    "tests/http/config.ini") CONFIG_FILES="$CONFIG_FILES tests/http/config.ini" ;;
+    "tests/http/Makefile") CONFIG_FILES="$CONFIG_FILES tests/http/Makefile" ;;
     "packages/Makefile") CONFIG_FILES="$CONFIG_FILES packages/Makefile" ;;
     "packages/vms/Makefile") CONFIG_FILES="$CONFIG_FILES packages/vms/Makefile" ;;
     "curl-config") CONFIG_FILES="$CONFIG_FILES curl-config" ;;
@@ -48267,7 +47691,7 @@ See \`config.log' for more details" "$LINENO" 5; }
 
 
 # The names of the tagged configurations supported by this script.
-available_tags=''
+available_tags='RC '
 
 # Configured defaults for sys_lib_dlsearch_path munging.
 : \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
@@ -48366,6 +47790,9 @@ to_host_file_cmd=$lt_cv_to_host_file_cmd
 # convert \$build files to toolchain format.
 to_tool_file_cmd=$lt_cv_to_tool_file_cmd
 
+# A file(cmd) program that detects file types.
+FILECMD=$lt_FILECMD
+
 # Method to check whether dependent libraries are shared objects.
 deplibs_check_method=$lt_deplibs_check_method
 
@@ -48384,8 +47811,11 @@ sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
 # The archiver.
 AR=$lt_AR
 
+# Flags to create an archive (by configure).
+lt_ar_flags=$lt_ar_flags
+
 # Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
+AR_FLAGS=\${ARFLAGS-"\$lt_ar_flags"}
 
 # How to feed a file listing to the archiver.
 archiver_list_spec=$lt_archiver_list_spec
@@ -48761,13 +48191,152 @@ ltmain=$ac_aux_dir/ltmain.sh
   # if finds mixed CR/LF and LF-only lines.  Since sed operates in
   # text mode, it properly converts lines to CR/LF.  This bash problem
   # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
+  $SED '$q' "$ltmain" >> "$cfgfile" \
      || (rm -f "$cfgfile"; exit 1)
 
    mv -f "$cfgfile" "$ofile" ||
     (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
   chmod +x "$ofile"
 
+
+    cat <<_LT_EOF >> "$ofile"
+
+# ### BEGIN LIBTOOL TAG CONFIG: RC
+
+# The linker used to build libraries.
+LD=$lt_LD_RC
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag_RC
+reload_cmds=$lt_reload_cmds_RC
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds_RC
+
+# A language specific compiler.
+CC=$lt_compiler_RC
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC_RC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_RC
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_RC
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_RC
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_RC
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_RC
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_RC
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_RC
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_RC
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_RC
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object_RC
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_RC
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_RC
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds_RC
+archive_expsym_cmds=$lt_archive_expsym_cmds_RC
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds_RC
+module_expsym_cmds=$lt_module_expsym_cmds_RC
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld_RC
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_RC
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_RC
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_RC
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_RC
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct_RC
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \$shlibpath_var if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute_RC
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L_RC
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_RC
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic_RC
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath_RC
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_RC
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols_RC
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_RC
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_RC
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_RC
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds_RC
+
+# Commands necessary for finishing linking programs.
+postlink_cmds=$lt_postlink_cmds_RC
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec_RC
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_RC
+
+# ### END LIBTOOL TAG CONFIG: RC
+_LT_EOF
+
  ;;
 
   esac
@@ -48802,149 +48371,6 @@ if test "$no_create" != yes; then
   # would make configure fail if this is the last instruction.
   $ac_cs_success || as_fn_exit 1
 fi
-
-#
-# CONFIG_SUBDIRS section.
-#
-if test "$no_recursion" != yes; then
-
-  # Remove --cache-file, --srcdir, and --disable-option-checking arguments
-  # so they do not pile up.
-  ac_sub_configure_args=
-  ac_prev=
-  eval "set x $ac_configure_args"
-  shift
-  for ac_arg
-  do
-    if test -n "$ac_prev"; then
-      ac_prev=
-      continue
-    fi
-    case $ac_arg in
-    -cache-file | --cache-file | --cache-fil | --cache-fi \
-    | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
-      ac_prev=cache_file ;;
-    -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
-    | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* \
-    | --c=*)
-      ;;
-    --config-cache | -C)
-      ;;
-    -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
-      ac_prev=srcdir ;;
-    -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
-      ;;
-    -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
-      ac_prev=prefix ;;
-    -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
-      ;;
-    --disable-option-checking)
-      ;;
-    *)
-      case $ac_arg in
-      *\'*) ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-      esac
-      as_fn_append ac_sub_configure_args " '$ac_arg'" ;;
-    esac
-  done
-
-  # Always prepend --prefix to ensure using the same prefix
-  # in subdir configurations.
-  ac_arg="--prefix=$prefix"
-  case $ac_arg in
-  *\'*) ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
-  esac
-  ac_sub_configure_args="'$ac_arg' $ac_sub_configure_args"
-
-  # Pass --silent
-  if test "$silent" = yes; then
-    ac_sub_configure_args="--silent $ac_sub_configure_args"
-  fi
-
-  # Always prepend --disable-option-checking to silence warnings, since
-  # different subdirs can have different --enable and --with options.
-  ac_sub_configure_args="--disable-option-checking $ac_sub_configure_args"
-
-  ac_popdir=`pwd`
-  for ac_dir in : $subdirs; do test "x$ac_dir" = x: && continue
-
-    # Do not complain, so a configure script can configure whichever
-    # parts of a large source tree are present.
-    test -d "$srcdir/$ac_dir" || continue
-
-    ac_msg="=== configuring in $ac_dir (`pwd`/$ac_dir)"
-    printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_msg" >&5
-    printf "%s\n" "$ac_msg" >&6
-    as_dir="$ac_dir"; as_fn_mkdir_p
-    ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
-  ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
-  # A ".." for each directory in $ac_dir_suffix.
-  ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
-  case $ac_top_builddir_sub in
-  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
-  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
-  esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
-  .)  # We are building in place.
-    ac_srcdir=.
-    ac_top_srcdir=$ac_top_builddir_sub
-    ac_abs_top_srcdir=$ac_pwd ;;
-  [\\/]* | ?:[\\/]* )  # Absolute name.
-    ac_srcdir=$srcdir$ac_dir_suffix;
-    ac_top_srcdir=$srcdir
-    ac_abs_top_srcdir=$srcdir ;;
-  *) # Relative name.
-    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
-    ac_top_srcdir=$ac_top_build_prefix$srcdir
-    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
-    cd "$ac_dir"
-
-    # Check for configure.gnu first; this name is used for a wrapper for
-    # Metaconfig's "Configure" on case-insensitive file systems.
-    if test -f "$ac_srcdir/configure.gnu"; then
-      ac_sub_configure=$ac_srcdir/configure.gnu
-    elif test -f "$ac_srcdir/configure"; then
-      ac_sub_configure=$ac_srcdir/configure
-    else
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: no configuration information is in $ac_dir" >&5
-printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2;}
-      ac_sub_configure=
-    fi
-
-    # The recursion is here.
-    if test -n "$ac_sub_configure"; then
-      # Make the cache file name correct relative to the subdirectory.
-      case $cache_file in
-      [\\/]* | ?:[\\/]* ) ac_sub_cache_file=$cache_file ;;
-      *) # Relative name.
-	ac_sub_cache_file=$ac_top_build_prefix$cache_file ;;
-      esac
-
-      { printf "%s\n" "$as_me:${as_lineno-$LINENO}: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&5
-printf "%s\n" "$as_me: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&6;}
-      # The eval makes quoting arguments work.
-      eval "\$SHELL \"\$ac_sub_configure\" $ac_sub_configure_args \
-	   --cache-file=\"\$ac_sub_cache_file\" --srcdir=\"\$ac_srcdir\"" ||
-	as_fn_error $? "$ac_sub_configure failed for $ac_dir" "$LINENO" 5
-    fi
-
-    cd "$ac_popdir"
-  done
-fi
 if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
 printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
@@ -48983,111 +48409,6 @@ use vars qw(
 _EOF
 
 
-
-## ---------------------------------- ##
-##  Start of distclean amending code  ##
-## ---------------------------------- ##
-
-for xc_subdir in lib src tests/unit tests/server tests/libtest docs/examples
-do
-
-if test ! -f "$xc_subdir/Makefile"; then
-  echo "$xc_msg_err $xc_subdir/Makefile file not found. $xc_msg_abrt" >&2
-  exit 1
-fi
-
-# Fetch dependency tracking file list from Makefile include lines.
-
-xc_inc_lines=`grep '^include .*(DEPDIR)' "$xc_subdir/Makefile" 2>/dev/null`
-xc_cnt_words=`echo "$xc_inc_lines" | wc -w | tr -d "$xc_space$xc_tab"`
-
-# --disable-dependency-tracking might have been used, consequently
-# there is nothing to amend without a dependency tracking file list.
-
-if test $xc_cnt_words -gt 0; then
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: amending $xc_subdir/Makefile" >&5
-printf "%s\n" "$as_me: amending $xc_subdir/Makefile" >&6;}
-
-# Build Makefile specific patch hunk.
-
-xc_p="$xc_subdir/xc_patch.tmp"
-
-xc_rm_depfiles=`echo "$xc_inc_lines" \
-  | $SED 's%include%	-rm -f%' 2>/dev/null`
-
-xc_dep_subdirs=`echo "$xc_inc_lines" \
-  | $SED 's%include[ ][ ]*%%' 2>/dev/null \
-  | $SED 's%(DEPDIR)/.*%(DEPDIR)%' 2>/dev/null \
-  | sort | uniq`
-
-echo "$xc_rm_depfiles" >$xc_p
-
-for xc_dep_dir in $xc_dep_subdirs; do
-  echo "${xc_tab}@xm_dep_cnt=\`ls $xc_dep_dir | wc -l 2>/dev/null\`; \\"            >>$xc_p
-  echo "${xc_tab}if test \$\$xm_dep_cnt -eq 0 && test -d $xc_dep_dir; then \\"      >>$xc_p
-  echo "${xc_tab}  rm -rf $xc_dep_dir; \\"                                          >>$xc_p
-  echo "${xc_tab}fi"                                                                >>$xc_p
-done
-
-# Build Makefile patching sed scripts.
-
-xc_s1="$xc_subdir/xc_script_1.tmp"
-xc_s2="$xc_subdir/xc_script_2.tmp"
-xc_s3="$xc_subdir/xc_script_3.tmp"
-
-cat >$xc_s1 <<\_EOT
-/^distclean[ ]*:/,/^[^	][^	]*:/{
-  s/^.*(DEPDIR)/___xc_depdir_line___/
-}
-/^maintainer-clean[ ]*:/,/^[^	][^	]*:/{
-  s/^.*(DEPDIR)/___xc_depdir_line___/
-}
-_EOT
-
-cat >$xc_s2 <<\_EOT
-/___xc_depdir_line___$/{
-  N
-  /___xc_depdir_line___$/D
-}
-_EOT
-
-cat >$xc_s3 <<_EOT
-/^___xc_depdir_line___/{
-  r $xc_p
-  d
-}
-_EOT
-
-# Apply patch to Makefile and cleanup.
-
-$SED -f "$xc_s1" "$xc_subdir/Makefile"      >"$xc_subdir/Makefile.tmp1"
-$SED -f "$xc_s2" "$xc_subdir/Makefile.tmp1" >"$xc_subdir/Makefile.tmp2"
-$SED -f "$xc_s3" "$xc_subdir/Makefile.tmp2" >"$xc_subdir/Makefile.tmp3"
-
-if test -f "$xc_subdir/Makefile.tmp3"; then
-  mv -f "$xc_subdir/Makefile.tmp3" "$xc_subdir/Makefile"
-fi
-
-test -f "$xc_subdir/Makefile.tmp1" && rm -f "$xc_subdir/Makefile.tmp1"
-test -f "$xc_subdir/Makefile.tmp2" && rm -f "$xc_subdir/Makefile.tmp2"
-test -f "$xc_subdir/Makefile.tmp3" && rm -f "$xc_subdir/Makefile.tmp3"
-
-test -f "$xc_p"  && rm -f "$xc_p"
-test -f "$xc_s1" && rm -f "$xc_s1"
-test -f "$xc_s2" && rm -f "$xc_s2"
-test -f "$xc_s3" && rm -f "$xc_s3"
-
-fi
-
-done
-
-## -------------------------------- ##
-##  End of distclean amending code  ##
-## -------------------------------- ##
-
-
-
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Configured to build curl/libcurl:
 
   Host setup:       ${host}
@@ -49126,11 +48447,13 @@ done
   RTMP:             ${curl_rtmp_msg}
   PSL:              ${curl_psl_msg}
   Alt-svc:          ${curl_altsvc_msg}
+  Headers API:      ${curl_headers_msg}
   HSTS:             ${curl_hsts_msg}
   HTTP1:            ${curl_h1_msg}
   HTTP2:            ${curl_h2_msg}
   HTTP3:            ${curl_h3_msg}
   ECH:              ${curl_ech_msg}
+  WebSockets:       ${curl_ws_msg}
   Protocols:        ${SUPPORT_PROTOCOLS}
   Features:         ${SUPPORT_FEATURES}
 " >&5
@@ -49172,11 +48495,13 @@ printf "%s\n" "$as_me: Configured to build curl/libcurl:
   RTMP:             ${curl_rtmp_msg}
   PSL:              ${curl_psl_msg}
   Alt-svc:          ${curl_altsvc_msg}
+  Headers API:      ${curl_headers_msg}
   HSTS:             ${curl_hsts_msg}
   HTTP1:            ${curl_h1_msg}
   HTTP2:            ${curl_h2_msg}
   HTTP3:            ${curl_h3_msg}
   ECH:              ${curl_ech_msg}
+  WebSockets:       ${curl_ws_msg}
   Protocols:        ${SUPPORT_PROTOCOLS}
   Features:         ${SUPPORT_FEATURES}
 " >&6;}
diff --git a/configure.ac b/configure.ac
index d4fc183ed..a889919fe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -33,7 +33,7 @@ XC_OVR_ZZ60
 CURL_OVERRIDE_AUTOCONF
 
 dnl configure script copyright
-AC_COPYRIGHT([Copyright (c) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>
+AC_COPYRIGHT([Copyright (C) Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])
 
@@ -311,6 +311,79 @@ AS_HELP_STRING([--with-test-nghttpx=PATH],[where to find nghttpx for testing]),
 )
 AC_SUBST(TEST_NGHTTPX)
 
+CADDY=caddy
+AC_ARG_WITH(test-caddy,dnl
+AS_HELP_STRING([--with-test-caddy=PATH],[where to find caddy for testing]),
+  CADDY=$withval
+  if test X"$OPT_CADDY" = "Xno" ; then
+      CADDY=""
+  fi
+)
+AC_SUBST(CADDY)
+
+dnl we'd like a httpd+apachectl as test server
+dnl
+AC_ARG_WITH(test-httpd, [AS_HELP_STRING([--with-test-httpd=PATH],
+                         [where to find httpd/apache2 for testing])],
+  [request_httpd=$withval], [request_httpd=check])
+if test x"$request_httpd" = "xcheck"; then
+  if test -x "/usr/sbin/apache2" -a -x "/usr/sbin/apache2ctl"; then
+    # common location on distros (debian/ubuntu)
+    HTTPD="/usr/sbin/apache2"
+    APACHECTL="/usr/sbin/apache2ctl"
+    AC_PATH_PROG([APXS], [apxs])
+    if test "x$APXS" != "x"; then
+      AC_MSG_NOTICE([apache2-dev not installed, httpd tests disabled])
+    fi
+  else
+    AC_PATH_PROG([HTTPD], [httpd])
+    if test "x$HTTPD" = "x"; then
+      AC_PATH_PROG([HTTPD], [apache2])
+    fi
+    AC_PATH_PROG([APACHECTL], [apachectl])
+    AC_PATH_PROG([APXS], [apxs])
+    if test "x$HTTPD" = "x" -o "x$APACHECTL" = "x"; then
+      AC_MSG_NOTICE([httpd/apache2 not in PATH, httpd tests disabled])
+    fi
+    if test "x$APXS" = "x"; then
+      AC_MSG_NOTICE([apxs not in PATH, httpd tests disabled])
+    fi
+  fi
+else
+  HTTPD="${request_httpd}/bin/httpd"
+  APACHECTL="${request_httpd}/bin/apachectl"
+  APXS="${request_httpd}/bin/apxs"
+  if test ! -x "${HTTPD}"; then
+    AC_MSG_NOTICE([httpd not found as ${HTTPD}, httpd tests disabled])
+  elif test ! -x "${APACHECTL}"; then
+    AC_MSG_NOTICE([apachectl not found as ${APACHECTL}, httpd tests disabled])
+  elif test ! -x "${APXS}"; then
+    AC_MSG_NOTICE([apxs not found as ${APXS}, httpd tests disabled])
+  else
+    AC_MSG_NOTICE([using HTTPD=$HTTPD for tests])
+  fi
+fi
+AC_SUBST(HTTPD)
+AC_SUBST(APACHECTL)
+AC_SUBST(APXS)
+
+dnl the nghttpx we might use in httpd testing
+if test "x$TEST_NGHTTPX" != "x" -a "x$TEST_NGHTTPX" != "xnghttpx"; then
+  HTTPD_NGHTTPX="$TEST_NGHTTPX"
+else
+  AC_PATH_PROG([HTTPD_NGHTTPX], [nghttpx], [],
+    [$PATH:/usr/bin:/usr/local/bin])
+fi
+AC_SUBST(HTTPD_NGHTTPX)
+
+dnl the Caddy server we might use in testing
+if test "x$TEST_CADDY" != "x"; then
+  CADDY="$TEST_CADDY"
+else
+  AC_PATH_PROG([CADDY], [caddy])
+fi
+AC_SUBST(CADDY)
+
 dnl If no TLS choice has been made, check if it was explicitly disabled or
 dnl error out to force the user to decide.
 if test -z "$TLSCHOICE"; then
@@ -539,6 +612,7 @@ case $host in
       ]])
     ],[
       curl_mingw_original=yes
+      curl_mingw_die=yes
       AC_MSG_RESULT([yes])
     ],[
       AC_MSG_RESULT([no])
@@ -546,6 +620,18 @@ case $host in
     ;;
 esac
 
+
+AC_ARG_WITH(mingw1-deprecated,dnl
+AS_HELP_STRING([--with-mingw1-deprecated],[confirm you realize support for mingw v1 is dying]),
+  if test X"$withval" != Xno; then
+    curl_mingw_die=
+  fi
+)
+
+if test -n "$curl_mingw_die"; then
+  AC_MSG_ERROR([support for mingw v1 is going away, enable temporarily with --with-mingw1-deprecated])
+fi
+
 dnl **********************************************************************
 dnl Compilation based checks should not be done before this point.
 dnl **********************************************************************
@@ -3399,17 +3485,8 @@ AC_CHECK_TYPE(long long,
    longlong="yes"
 )
 
-
 if test ${ac_cv_sizeof_curl_off_t} -lt 8; then
-  AC_ARG_WITH(n64-deprecated,dnl
-AS_HELP_STRING([--with-n64-deprecated],[confirm you realize support for systems without 64 bit data types is going away]),
-  if test X"$withval" != Xno; then
-    OPT_N64_AWARE=$withval
-  fi
-)
-  if test -z "$OPT_N64_AWARE"; then
-    AC_MSG_ERROR([support for systems without 64 bit curl_off_t is deprecated, use --with-n64-deprecated until then])
-  fi
+  AC_MSG_ERROR([64 bit curl_off_t is required])
 fi
 
 # check for ssize_t
@@ -3562,7 +3639,8 @@ AC_CHECK_FUNCS([fnmatch \
   setrlimit \
   snprintf \
   utime \
-  utimes
+  utimes \
+  arc4random
 ],[
 ],[
   func="$ac_func"
@@ -4218,6 +4296,13 @@ if test "x$want_ech" != "xno"; then
 fi
 
 dnl *************************************************************
+dnl check whether OpenSSL (lookalikes) have SSL_set0_wbio
+dnl
+if test "x$OPENSSL_ENABLED" = "x1"; then
+  AC_CHECK_FUNCS([SSL_set0_wbio])
+fi
+
+dnl *************************************************************
 dnl WebSockets
 dnl
 AC_MSG_CHECKING([whether to support WebSockets])
@@ -4583,6 +4668,8 @@ AC_CONFIG_FILES([Makefile \
            tests/server/Makefile \
            tests/libtest/Makefile \
            tests/unit/Makefile \
+           tests/http/config.ini \
+           tests/http/Makefile \
            packages/Makefile \
            packages/vms/Makefile \
            curl-config \
@@ -4592,8 +4679,6 @@ AC_OUTPUT
 
 CURL_GENERATE_CONFIGUREHELP_PM
 
-XC_AMEND_DISTCLEAN([lib src tests/unit tests/server tests/libtest docs/examples])
-
 AC_MSG_NOTICE([Configured to build curl/libcurl:
 
   Host setup:       ${host}
diff --git a/curl-config.in b/curl-config.in
index f3e51617f..54f92d931 100644
--- a/curl-config.in
+++ b/curl-config.in
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2001 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/.gitignore b/docs/.gitignore
index df2652407..8d0bfb31b 100644
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/docs/BINDINGS.md b/docs/BINDINGS.md
index c397c53c2..7be5387eb 100644
--- a/docs/BINDINGS.md
+++ b/docs/BINDINGS.md
@@ -41,6 +41,8 @@ Clojure: [clj-curl](https://github.com/lsevero/clj-curl) by Lucas Severo
 
 [Ferite](https://web.archive.org/web/20150102192018/ferite.org/) Written by Paul Querna
 
+[Fortran](https://github.com/interkosmos/fortran-curl) Written by Philipp Engel
+
 [Gambas](https://gambas.sourceforge.net/)
 
 [glib/GTK+](https://web.archive.org/web/20100526203452/atterer.net/glibcurl) Written by Richard Atterer
diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt
index 97101a482..dd2c6dc74 100644
--- a/docs/CMakeLists.txt
+++ b/docs/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/CONTRIBUTE.md b/docs/CONTRIBUTE.md
index bc7b525c5..364bafb47 100644
--- a/docs/CONTRIBUTE.md
+++ b/docs/CONTRIBUTE.md
@@ -188,34 +188,62 @@ to the list or better yet: change it to a pull request.
 
 ### Commit messages
 
-A short guide to how to write commit messages in the curl project.
+A short guide to how to write git commit messages in the curl project.
 
     ---- start ----
     [area]: [short line describing the main effect]
            -- empty line --
-    [full description, no wider than 72 columns that describe as much as
+    [full description, no wider than 72 columns that describes as much as
     possible as to why this change is made, and possibly what things
-    it fixes and everything else that is related]
+    it fixes and everything else that is related, with unwieldy URLs replaced
+    with references like [0], [1], etc.]
            -- empty line --
-    [Closes/Fixes #1234 - if this closes or fixes a github issue]
-    [Bug: URL to source of the report or more related discussion]
-    [Reported-by: John Doe - credit the reporter]
-    [whatever-else-by: credit all helpers, finders, doers]
+    [[0] URL - Reference to a URL in the description, almost like Markdown;
+        the last numbered reference is followed by an -- empty line -- ]
+    [Follow-up to {shorthash} - if this fixes or continues a previous commit;
+        add a Ref: that commit's PR or issue if it's not a small, obvious fix;
+        followed by an -- empty line -- ]
+    [Bug: URL to the source of the report or more related discussion; use Fixes
+        for GitHub issues instead when that is appropriate]
+    [Approved-by: John Doe - credit someone who approved the PR; if you're
+        committing this for someone else using --author=... you don't need this
+        as you're implicitly approving it by committing]
+    [Authored-by: John Doe - credit the original author of the code; only use
+        this if you can't use "git commit --author=..."]
+    {Signed-off-by: John Doe - we don't use this, but don't bother removing it]
+    [whatever-else-by: credit all helpers, finders, doers; try to use one of
+        the following keywords if at all possible, for consistency:
+        Acked-by:, Assisted-by:, Co-authored-by:, Found-by:, Reported-by:,
+        Reviewed-by:, Suggested-by:, Tested-by:]
+    [Ref: #1234 - if this is related to a GitHub issue or PR, possibly one that
+                  has already been closed]
+    [Ref: URL to more information about the commit; use Bug: instead for
+        a reference to a bug on another bug tracker]
+    [Fixes #1234 - if this closes a GitHub issue; GitHub will actually
+        close the issue once this commit is merged]
+    [Closes #1234 - if this closes a GitHub PR; GitHub will actually
+        close the PR once this commit is merged]
     ---- stop ----
 
 The first line is a succinct description of the change:
 
  - use the imperative, present tense: "change" not "changed" nor "changes"
- - do not capitalize first letter
- - no dot (.) at the end
+ - do not capitalize the first letter
+ - no period (.) at the end
 
 The `[area]` in the first line can be `http2`, `cookies`, `openssl` or
 similar. There's no fixed list to select from but using the same "area" as
 other related changes could make sense.
 
-Do not forget to use commit --author="" if you commit someone else's work, and
+Do not forget to use commit --author=... if you commit someone else's work, and
 make sure that you have your own user and email setup correctly in git before
-you commit
+you commit.
+
+Add whichever header lines as appropriate, with one line per person if more
+than one person was involved. There's no need to credit yourself unless you are
+using --author=... which hides your identity. Don't include people's e-mail
+addresses in headers to avoid spam, unless they're already public from a
+previous commit; saying `{userid} on github` is OK.
 
 ### Write Access to git Repository
 
diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md
index b7afb3a73..aac9ab871 100644
--- a/docs/DEPRECATE.md
+++ b/docs/DEPRECATE.md
@@ -6,27 +6,6 @@ email the
 as soon as possible and explain to us why this is a problem for you and
 how your use case cannot be satisfied properly using a workaround.
 
-## Support for systems without 64 bit data types
-
-curl will *require* support for a 64 bit data type (like `long long` or an
-alternative) to build. These days, few systems are used where no such type is
-around, so it is increasingly unnecessary to spend effort and time on
-maintaining this support. Also, supporting 32 bit values for some of those
-fields is complicated and hard to test.
-
-Adding this requirement will make the code simpler, easier to maintain and the
-test coverage better. It is a low price too, since virtually no users are
-still building curl on such systems.
-
-`long long` was not a standard type until C99, but has been supported by C89
-compilers since the 1990s.
-
-Starting in 8.0.0 (March 2023), the plan is to drop support.
-
-Starting in 7.86.0, building curl with configure requires the additional flag
-`--with-n64-deprecated` if the `curl_off_t` type on your system is smaller
-than 8 bytes, in an attempt to highlight these plans to affected users.
-
 ## NSS
 
 We remove support for building curl with the NSS TLS library in August 2023.
@@ -40,9 +19,53 @@ We remove support for building curl with the NSS TLS library in August 2023.
 Starting in 7.82.0, building curl to use NSS configure requires the additional
 flag `--with-nss-deprecated` in an attempt to highlight these plans.
 
+## gskit
+
+We remove support for building curl with the gskit TLS library in August 2023.
+
+- This is a niche TLS library, only running on some IBM systems
+- no regular curl contributors use this backend
+- no CI builds use or verify this backend
+- gskit, or the curl adaption for it, lacks many modern TLS features making it
+  an inferior solution
+- build breakages in this code take weeks or more to get detected
+- fixing gskit code is mostly done "flying blind"
+
+## mingw v1
+
+We remove support for building curl with the original legacy mingw version 1
+in September 2023.
+
+During the deprecation period you can enable the support with the configure
+option `--with-mingw1-deprecated`.
+
+mingw version 1 is old and deprecated software. There are much better and
+still support build environments to use to build curl and other software. For
+example [MinGW-w64](https://www.mingw-w64.org/).
+
+## space-separated `NOPROXY` patterns
+
+When specifying patterns/domain names for curl that should *not* go through a
+proxy, the curl tool features the `--noproxy` command line option and the
+library supports the `NO_PROXY` environment variable and the `CURLOPT_NOPROXY`
+libcurl option.
+
+They all set the same list of patterns. This list is documented to be a set of
+**comma-separated** names, but can also be provided separated with just
+space. The ability to just use spaces for this has never been documented but
+some users may still have come to rely on this.
+
+Several other tools and utilities also parse the `NO_PROXY` environment
+variable but do not consider a space to be a valid separator. Using spaces for
+separator is probably less portable and might cause more friction than commas
+do. Users should use commas for this for greater portability.
+
+curl will remove the support for space-separated names in July 2024.
+
 ## past removals
 
  - Pipelining
  - axTLS
  - PolarSSL
  - NPN
+ - Support for systems without 64 bit data types
diff --git a/docs/DYNBUF.md b/docs/DYNBUF.md
index 41b022c42..b0d39296b 100644
--- a/docs/DYNBUF.md
+++ b/docs/DYNBUF.md
@@ -37,6 +37,8 @@ CURLcode Curl_dyn_addn(struct dynbuf *s, const void *mem, size_t len);
 
 Append arbitrary data of a given length to the end of the buffer.
 
+If this function fails it calls `Curl_dyn_free` on `dynbuf`.
+
 ## `Curl_dyn_add`
 
 ```c
@@ -45,6 +47,8 @@ CURLcode Curl_dyn_add(struct dynbuf *s, const char *str);
 
 Append a C string to the end of the buffer.
 
+If this function fails it calls `Curl_dyn_free` on `dynbuf`.
+
 ## `Curl_dyn_addf`
 
 ```c
@@ -53,6 +57,8 @@ CURLcode Curl_dyn_addf(struct dynbuf *s, const char *fmt, ...);
 
 Append a `printf()`-style string to the end of the buffer.
 
+If this function fails it calls `Curl_dyn_free` on `dynbuf`.
+
 ## `Curl_dyn_vaddf`
 
 ```c
@@ -61,6 +67,8 @@ CURLcode Curl_dyn_vaddf(struct dynbuf *s, const char *fmt, va_list ap);
 
 Append a `vprintf()`-style string to the end of the buffer.
 
+If this function fails it calls `Curl_dyn_free` on `dynbuf`.
+
 ## `Curl_dyn_reset`
 
 ```c
diff --git a/docs/EXPERIMENTAL.md b/docs/EXPERIMENTAL.md
index ce46c214d..6b7145df6 100644
--- a/docs/EXPERIMENTAL.md
+++ b/docs/EXPERIMENTAL.md
@@ -20,6 +20,5 @@ Experimental support in curl means:
 
  - The Hyper HTTP backend
  - HTTP/3 support and options
- - `CURLSSLOPT_NATIVE_CA` (No configure option, feature built in when supported)
  - The rustls backend
  - WebSocket
diff --git a/docs/FAQ b/docs/FAQ
index c8ba7feb3..b96357cc1 100644
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -990,11 +990,10 @@ FAQ
 
   4.16 My HTTP POST or PUT requests are slow
 
-  libcurl makes all POST and PUT requests (except for POST requests with a
-  tiny request body) use the "Expect: 100-continue" header. This header
-  allows the server to deny the operation early so that libcurl can bail out
-  before having to send any data. This is useful in authentication
-  cases and others.
+  libcurl makes all POST and PUT requests (except for requests with a small
+  request body) use the "Expect: 100-continue" header. This header allows the
+  server to deny the operation early so that libcurl can bail out before having
+  to send any data. This is useful in authentication cases and others.
 
   However, many servers do not implement the Expect: stuff properly and if the
   server does not respond (positively) within 1 second libcurl will continue
diff --git a/docs/HELP-US.md b/docs/HELP-US.md
index eabf80810..03a4e3acb 100644
--- a/docs/HELP-US.md
+++ b/docs/HELP-US.md
@@ -4,9 +4,11 @@ We are always in need of more help. If you are new to the project and are
 looking for ways to contribute and help out, this document aims to give a few
 good starting points.
 
-A good idea is to start by subscribing to the [curl-library mailing
+You may subscribe to the [curl-library mailing
 list](https://lists.haxx.se/listinfo/curl-library) to keep track of the
-current discussion topics.
+current discussion topics; or if you are registered on GitHub, you can use the
+[Discussions section](https://github.com/curl/curl/discussions) on the main
+curl repository.
 
 ## Scratch your own itch
 
diff --git a/docs/HTTP3.md b/docs/HTTP3.md
index f1cb9648f..dc1befee4 100644
--- a/docs/HTTP3.md
+++ b/docs/HTTP3.md
@@ -15,7 +15,7 @@ QUIC libraries we are experimenting with:
 
 [quiche](https://github.com/cloudflare/quiche)
 
-[msquic](https://github.com/microsoft/msquic) & [msh3](https://github.com/nibanks/msh3)
+[msh3](https://github.com/nibanks/msh3) (with [msquic](https://github.com/microsoft/msquic))
 
 ## Experimental
 
@@ -25,13 +25,21 @@ notice. It needs to be enabled at build-time.
 Further development and tweaking of the HTTP/3 support in curl will happen in
 the master branch using pull-requests, just like ordinary changes.
 
+To fix before we remove the experimental label:
+
+ - working multiplexing and GTFO handling
+ - fallback or another flexible way to go (back to) h1/h2 if h3 fails
+ - enough test cases to verify basic HTTP/3 functionality
+ - no "important" bugs left on HTTP/3
+ - it's fine to "leave" individual backends as experimental if necessary
+
 # ngtcp2 version
 
 ## Build with OpenSSL
 
 Build (patched) OpenSSL
 
-     % git clone --depth 1 -b openssl-3.0.0+quic https://github.com/quictls/openssl
+     % git clone --depth 1 -b openssl-3.0.8+quic https://github.com/quictls/openssl
      % cd openssl
      % ./config enable-tls1_3 --prefix=<somewhere1>
      % make
@@ -181,7 +189,7 @@ Build curl:
 
 Build msh3:
 
-     % git clone -b v0.4.0 --depth 1 --recursive https://github.com/nibanks/msh3
+     % git clone -b v0.6.0 --depth 1 --recursive https://github.com/nibanks/msh3
      % cd msh3 && mkdir build && cd build
      % cmake -G 'Unix Makefiles' -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
      % cmake --build .
@@ -202,7 +210,7 @@ Run from `/usr/local/bin/curl`.
 
 Build msh3:
 
-     % git clone -b v0.4.0 --depth 1 --recursive https://github.com/nibanks/msh3
+     % git clone -b v0.6.0 --depth 1 --recursive https://github.com/nibanks/msh3
      % cd msh3 && mkdir build && cd build
      % cmake -G 'Visual Studio 17 2022' -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
      % cmake --build . --config Release
@@ -231,7 +239,11 @@ directory, or copy `msquic.dll` and `msh3.dll` from that directory to the
 
 # `--http3`
 
-Use HTTP/3 directly:
+Use only HTTP/3:
+
+    curl --http3-only https://nghttp2.org:4433/
+
+Use HTTP/3 with fallback to HTTP/2 or HTTP/1.1 (see "HTTPS eyeballing" below):
 
     curl --http3 https://nghttp2.org:4433/
 
@@ -241,6 +253,28 @@ Upgrade via Alt-Svc:
 
 See this [list of public HTTP/3 servers](https://bagder.github.io/HTTP3-test/)
 
+### HTTPS eyeballing
+
+With option `--http3` curl will attempt earlier HTTP versions as well should the connect
+attempt via HTTP/3 not succeed "fast enough". This strategy is similar to IPv4/6 happy
+eyeballing where the alternate address family is used in parallel after a short delay.
+
+The IPv4/6 eyeballing has a default of 200ms and you may override that via `--happy-eyeballs-timeout-ms value`.
+Since HTTP/3 is still relatively new, we decided to use this timeout also for the HTTP eyeballing - with a slight twist.
+
+The `happy-eyeballs-timeout-ms` value is the **hard** timeout, meaning after that time expired, a TLS connection is opened in addition to negotiate HTTP/2 or HTTP/1.1. At half of that value - currently - is the **soft** timeout. The soft timeout fires, when there has been **no data at all** seen from the server on the HTTP/3 connection.
+
+So, without you specifying anything, the hard timeout is 200ms and the soft is 100ms:
+
+ * Ideally, the whole QUIC handshake happens and curl has a HTTP/3 connection in less than 100ms. 
+ * When QUIC is not supported (or UDP does not work for this network path), no reply is seen and the HTTP/2 TLS+TCP connection starts 100ms later.
+ * In the worst case, UDP replies start before 100ms, but drag on. This will start the TLS+TCP connection after 200ms.
+ * When the QUIC handshake fails, the TLS+TCP connection is attempted right away. For example, when the QUIC server presents the wrong certificate.
+
+The whole transfer only fails, when **both** QUIC and TLS+TCP fail to handshake or time out.
+
+Note that all this happens in addition to IP version happy eyeballing. If the name resolution for the server gives more than one IP address, curl will try all those until one succeeds - just as with all other protocols. And if those IP addresses contain both IPv6 and IPv4, those attempts will happen, delayed, in parallel (the actual eyeballing).
+
 ## Known Bugs
 
 Check out the [list of known HTTP3 bugs](https://curl.se/docs/knownbugs.html#HTTP3).
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 60bd843e1..dbb206805 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -135,12 +135,20 @@ These options are provided to select the TLS backend to use.
  - GnuTLS: `--with-gnutls`.
  - mbedTLS: `--with-mbedtls`
  - NSS: `--with-nss`
- - OpenSSL: `--with-openssl` (also for BoringSSL and libressl)
+ - OpenSSL: `--with-openssl` (also for BoringSSL, libressl and quictls)
  - rustls: `--with-rustls`
  - Schannel: `--with-schannel`
  - Secure Transport: `--with-secure-transport`
  - wolfSSL: `--with-wolfssl`
 
+You can build curl with *multiple* TLS backends at your choice, but some TLS
+backends cannot be combined: if you build with an OpenSSL fork (or wolfSSL),
+you cannot add another OpenSSL fork (or wolfSSL) simply because they have
+conflicting identical symbol names.
+
+When you build with multiple TLS backends, you can select the active one at
+run-time when curl starts up.
+
 # Windows
 
 ## Building Windows DLLs and C runtime (CRT) linkage issues
diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md
index 30cce8c98..0cebad1c4 100644
--- a/docs/INTERNALS.md
+++ b/docs/INTERNALS.md
@@ -2,11 +2,11 @@
 
 The canonical libcurl internals documentation is now in the [everything
 curl](https://everything.curl.dev/internals) book. This file lists supported
-versions of libs, tools and operating systems.
+versions of libs and build tools.
 
 ## Portability
 
- We write curl and libcurl to compile with C89 compilers. On 32-bit and up
+ We write curl and libcurl to compile with C89 compilers on 32-bit and up
  machines. Most of libcurl assumes more or less POSIX compliance but that is
  not a requirement.
 
@@ -33,18 +33,6 @@ versions of libs, tools and operating systems.
  - nghttp2      1.12.0
  - WinSock      2.2 (on Windows 95+ and Windows CE .NET 4.1+)
 
-## Operating Systems
-
- On systems where configure runs, we aim at working on them all - if they have
- a suitable C compiler. On systems that do not run configure, we strive to
- keep curl running correctly on:
-
- - Windows      98
- - AS/400       V5R3M0
- - Symbian      9.1
- - Windows CE   ?
- - TPF          ?
-
 ## Build tools
 
  When writing code (mostly for generating stuff included in release tarballs)
@@ -52,12 +40,13 @@ versions of libs, tools and operating systems.
  these versions:
 
  - GNU Libtool  1.4.2
- - GNU Autoconf 2.57
+ - GNU Autoconf 2.59
  - GNU Automake 1.7
  - GNU M4       1.4
  - perl         5.004
  - roffit       0.5
- - groff        ? (any version that supports `groff -Tps -man [in] [out]`)
+ - nroff        any version that supports `-man [in] [out]`
+ - cmake        3.7
 
 Library Symbols
 ===============
diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index cbf5be352..754ac0348 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -45,7 +45,6 @@ problems may have been fixed or changed somewhat since this was written.
  5.6 make distclean loops forever
  5.8 configure finding libs in wrong directory
  5.9 Utilize Requires.private directives in libcurl.pc
- 5.10 curl hangs on SMB upload over stdin
  5.11 configure --with-gssapi with Heimdal is ignored on macOS
  5.12 flaky Windows CI builds
  5.13 long paths are not fully supported on Windows
@@ -68,9 +67,6 @@ problems may have been fixed or changed somewhat since this was written.
  7. FTP
  7.3 FTP with NOBODY and FAILONERROR
  7.4 FTP with ACCT
- 7.5 ASCII FTP
- 7.9 Passive transfer tries only one IP address
- 7.10 FTPS needs session reuse
  7.11 FTPS upload data loss with TLS 1.3
  7.12 FTPS directory listing hangs on Windows with Schannel
 
@@ -89,8 +85,6 @@ problems may have been fixed or changed somewhat since this was written.
  11.4 HTTP test server 'connection-monitor' problems
  11.5 Connection information when using TCP Fast Open
  11.7 signal-based resolver timeouts
- 11.8 DoH leaks memory after followlocation
- 11.9 DoH does not inherit all transfer options
  11.10 Blocking socket operations in non-blocking API
  11.11 A shared connection cache is not thread-safe
  11.15 CURLOPT_OPENSOCKETPAIRFUNCTION is missing
@@ -113,20 +107,15 @@ problems may have been fixed or changed somewhat since this was written.
  15.6 uses -lpthread instead of Threads::Threads
  15.7 generated .pc file contains strange entries
  15.8 libcurl.pc uses absolute library paths
- 15.9 cert paths autodetected when cross-compiling
  15.10 libpsl is not supported
  15.11 ExternalProject_Add does not set CURL_CA_PATH
- 15.12 cannot enable LDAPS on Windows
  15.13 CMake build with MIT Kerberos does not work
 
  16. Applications
 
  17. HTTP/2
- 17.1 Excessive HTTP/2 packets with TCP_NODELAY
  17.2 HTTP/2 frames while in the connection pool kill reuse
  17.3 ENHANCE_YOUR_CALM causes infinite retries
- 17.4 Connection failures with parallel HTTP/2
- 17.5 HTTP/2 connections through HTTPS proxy frequently stall
 
  18. HTTP/3
  18.1 If the HTTP/3 server closes connection during upload curl hangs
@@ -332,10 +321,6 @@ problems may have been fixed or changed somewhat since this was written.
 
  https://github.com/curl/curl/issues/864
 
-5.10 curl hangs on SMB upload over stdin
-
- See https://github.com/curl/curl/issues/7896
-
 5.11 configure --with-gssapi with Heimdal is ignored on macOS
 
  ... unless you also pass --with-gssapi-libs
@@ -475,38 +460,6 @@ problems may have been fixed or changed somewhat since this was written.
  thus fails to issue the correct command:
  https://curl.se/bug/view.cgi?id=635
 
-7.5 ASCII FTP
-
- FTP ASCII transfers do not follow RFC959. They do not convert the data
- accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1
- clearly describes how this should be done:
-
-    The sender converts the data from an internal character representation to
-    the standard 8-bit NVT-ASCII representation (see the Telnet
-    specification). The receiver will convert the data from the standard
-    form to his own internal form.
-
- Since 7.15.4 at least line endings are converted.
-
-7.9 Passive transfer tries only one IP address
-
- When doing FTP operations through a proxy at localhost, the reported spotted
- that curl only tried to connect once to the proxy, while it had multiple
- addresses and a failed connect on one address should make it try the next.
-
- After switching to passive mode (EPSV), curl should try all IP addresses for
- "localhost". Currently it tries ::1, but it should also try 127.0.0.1.
-
- See https://github.com/curl/curl/issues/1508
-
-7.10 FTPS needs session reuse
-
- When the control connection is reused for a subsequent transfer, some FTPS
- servers complain about "missing session reuse" for the data channel for the
- second transfer.
-
- https://github.com/curl/curl/issues/4654
-
 7.11 FTPS upload data loss with TLS 1.3
 
  During FTPS upload curl does not attempt to read TLS handshake messages sent
@@ -614,24 +567,6 @@ problems may have been fixed or changed somewhat since this was written.
  Also, alarm() provides timeout resolution only to the nearest second. alarm
  ought to be replaced by setitimer on systems that support it.
 
-11.8 DoH leaks memory after followlocation
-
- https://github.com/curl/curl/issues/4592
-
-11.9 DoH does not inherit all transfer options
-
- Some options are not inherited because they are not relevant for the DoH SSL
- connections, or inheriting the option may result in unexpected behavior. For
- example the user's debug function callback is not inherited because it would
- be unexpected for internal handles (ie DoH handles) to be passed to that
- callback.
-
- If an option is not inherited then it is not possible to set it separately for
- DoH without a DoH-specific option. For example: CURLOPT_DOH_SSL_VERIFYHOST,
- CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS.
-
- See https://github.com/curl/curl/issues/6605
-
 11.10 Blocking socket operations in non-blocking API
 
  The list of blocking socket operations is in TODO section "More non-blocking".
@@ -747,13 +682,6 @@ problems may have been fixed or changed somewhat since this was written.
 
  See https://github.com/curl/curl/issues/6169
 
-15.9 cert paths autodetected when cross-compiling
-
- The autotools build disables the ca_path/ca_bundle detection when
- cross-compiling. The cmake build keeps doing the detection.
-
- See https://github.com/curl/curl/issues/6178
-
 15.10 libpsl is not supported
 
  See https://github.com/curl/curl/issues/6214
@@ -765,10 +693,6 @@ problems may have been fixed or changed somewhat since this was written.
 
  See https://github.com/curl/curl/issues/6313
 
-15.12 cannot enable LDAPS on Windows
-
- See https://github.com/curl/curl/issues/6284
-
 15.13 CMake build with MIT Kerberos does not work
 
  Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
@@ -784,16 +708,6 @@ problems may have been fixed or changed somewhat since this was written.
 
 17. HTTP/2
 
-17.1 Excessive HTTP/2 packets with TCP_NODELAY
-
- Because of how curl sets TCP_NODELAY by default, HTTP/2 requests are issued
- using more separate TCP packets than it would otherwise need to use. This
- means spending more bytes than it has to. Just disabling TCP_NODELAY for
- HTTP/2 is also not the correct fix because that then makes the outgoing
- packets to get delayed.
-
- See https://github.com/curl/curl/issues/6363
-
 17.2 HTTP/2 frames while in the connection pool kill reuse
 
  If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
@@ -811,14 +725,6 @@ problems may have been fixed or changed somewhat since this was written.
 
  See https://github.com/curl/curl/issues/5119
 
-17.4 Connection failures with parallel HTTP/2
-
- See https://github.com/curl/curl/issues/5611
-
-17.5 HTTP/2 connections through HTTPS proxy frequently stall
-
- See https://github.com/curl/curl/issues/6936
-
 18. HTTP/3
 
 18.1 If the HTTP/3 server closes connection during upload curl hangs
diff --git a/docs/MANUAL.md b/docs/MANUAL.md
index a14bb2289..aacf1768d 100644
--- a/docs/MANUAL.md
+++ b/docs/MANUAL.md
@@ -177,6 +177,16 @@ to a remote FTP server using a Blue Coat FTP proxy with the options:
 See the manual for your FTP proxy to determine the form it expects to set up
 transfers, and curl's `-v` option to see exactly what curl is sending.
 
+## Piping
+
+Get a key file and add it with `apt-key` (when on a system that uses `apt` for
+package management):
+
+    curl -L https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
+
+The '|' pipes the output to STDIN. `-` tells `apt-key` that the key file
+should be read from STDIN.
+
 ## Ranges
 
 HTTP 1.1 introduced byte-ranges. Using this, a client can request to get only
@@ -288,6 +298,10 @@ Post a simple `name` and `phone` guestbook.
 
     curl -d "name=Rafael%20Sagula&phone=3320780" http://www.where.com/guest.cgi
 
+Or automatically [URL encode the data](https://everything.curl.dev/http/post/url-encode).
+
+    curl --data-urlencode "name=Rafael Sagula&phone=3320780" http://www.where.com/guest.cgi
+
 How to post a form with curl, lesson #1:
 
 Dig out all the `<input>` tags in the form that you want to fill in.
diff --git a/docs/Makefile.am b/docs/Makefile.am
index 915d6899e..5c57e9665 100644
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/PARALLEL-TRANSFERS.md b/docs/PARALLEL-TRANSFERS.md
index 8ab477862..337fab5fa 100644
--- a/docs/PARALLEL-TRANSFERS.md
+++ b/docs/PARALLEL-TRANSFERS.md
@@ -1,6 +1,6 @@
 # Parallel transfers
 
-curl 7.66.0 introduces support for doing multiple transfers simultaneously; in
+curl 7.66.0 introduced support for doing multiple transfers simultaneously; in
 parallel.
 
 ## -Z, --parallel
@@ -48,11 +48,3 @@ To fix this, the authorization state could be made possible to share with the
 share API as well, as a context per origin + path (realm?) basically.
 
 Visible in test 153, 1412 and more.
-
-## Feedback
-
-This is early days for parallel transfer support. Keep your eyes open for
-unintended side effects or downright bugs.
-
-Tell us what you think and how you think we could improve this feature!
-
diff --git a/docs/RELEASE-PROCEDURE.md b/docs/RELEASE-PROCEDURE.md
index 776bebe83..d2d08f1ea 100644
--- a/docs/RELEASE-PROCEDURE.md
+++ b/docs/RELEASE-PROCEDURE.md
@@ -107,12 +107,11 @@ Coming dates
 Based on the description above, here are some planned release dates (at the
 time of this writing):
 
-- October 26, 2022 (7.86.0)
-- December 21, 2022
-- February 15, 2023 (last version 7 release, no feature window after)
 - March 20, 2023 (8.0.0 - curl 25 years)
-- April 17, 2023
-- July 12, 2023
+- May 17, 2023
+- July 19, 2023
 - September 6, 2023
 - November 1, 2023
 - December 27, 2023
+- February 21, 2024
+- April 17, 2024
diff --git a/docs/RUSTLS.md b/docs/RUSTLS.md
index a422cb41b..fec0c266a 100644
--- a/docs/RUSTLS.md
+++ b/docs/RUSTLS.md
@@ -3,7 +3,7 @@
 [Rustls is a TLS backend written in Rust](https://docs.rs/rustls/). Curl can
 be built to use it as an alternative to OpenSSL or other TLS backends. We use
 the [rustls-ffi C bindings](https://github.com/rustls/rustls-ffi/). This
-version of curl depends on version v0.8.2 of rustls-ffi.
+version of curl depends on version v0.9.2 of rustls-ffi.
 
 # Building with rustls
 
@@ -12,7 +12,7 @@ First, [install Rust](https://rustup.rs/).
 Next, check out, build, and install the appropriate version of rustls-ffi:
 
     % cargo install cbindgen
-    % git clone https://github.com/rustls/rustls-ffi -b v0.8.2
+    % git clone https://github.com/rustls/rustls-ffi -b v0.9.2
     % cd rustls-ffi
     % make
     % make DESTDIR=${HOME}/rustls-ffi-built/ install
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index 96d6bec42..1e85805d7 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -63,10 +63,14 @@ announcement.
 - Update the "security advisory" with the CVE number.
 
 - The security team commits the fix in a private branch. The commit message
-  should ideally contain the CVE number.
+  should ideally contain the CVE number. If the severity level of the issue is
+  set to Low or Medium, the fix is allowed to get merged into the master
+  repository via a normal PR - but without mentioning it being a security
+  vulnerability.
 
-- The security team also decides on and delivers a monetary reward to the
-  reporter as per the bug-bounty policies.
+- The monetary reward part of the bug-bounty is managed by the Internet Bug
+  Bounty team and the reporter is asked to request the reward from them after
+  the issue has been completely handled and published by curl.
 
 - No more than 10 days before release, inform
   [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros)
@@ -134,6 +138,50 @@ has been published.
 See [BUG-BOUNTY](https://curl.se/docs/bugbounty.html) for details on the
 bug bounty program.
 
+# Severity levels
+
+The curl project's security team rates security problems using four severity
+levels depending how serious we consider the problem to be. We use **Low**,
+**Medium**, **High** and **Critical**. We refrain from using numerical scoring
+of vulnerabilities.
+
+When deciding severity level on a particular issue, we take all the factors
+into account: attack vector, attack complexity, required privileges, necessary
+build configuration, protocols involved, platform specifics and also what
+effects a possible exploit or trigger of the issue can lead do, including
+confidentiality, integrity or availability problems.
+
+## Low
+
+This is a security problem that is truly hard or unlikely to exploit or
+trigger. Due to timing, platform requirements or the fact that options or
+protocols involved are rare etc. [Past
+example](https://curl.se/docs/CVE-2022-43552.html)
+
+## Medium
+
+This is a security problem that is less hard than **Low** to exploit or
+trigger. Less strict timing, wider platforms availability or involving more
+widely used options or protocols. A problem that usually needs something else
+to also happen to become serious. [Past
+example](https://curl.se/docs/CVE-2022-32206.html)
+
+## High
+
+This issue in itself a serious problem with real world impact. Flaws that can
+easily compromise the confidentiality, integrity or availability of resources.
+Exploiting or triggering this problem is not hard. [Past
+example](https://curl.se/docs/CVE-2019-3822.html)
+
+## Critical
+
+Easily exploitable by a remote unauthenticated attacker and lead to system
+compromise (arbitrary code execution) without requiring user interaction, with
+a common configuration on a popular platform. This issue has few restrictions
+and requirements and can be exploited easily using most curl configurations.
+
+No past curl vulnerability has had this severity level.
+
 # Not security issues
 
 This is an incomplete list of issues that are not considered vulnerabilities.
@@ -212,3 +260,11 @@ security vulnerabilities.
  - virtually every argument can contain sensitive data, depending on use
  - blanking all arguments would make it impractical for users to differentiate
    curl command lines in process listings
+
+## Busy-loops
+
+Busy-loops that consume 100% CPU time but eventually end (perhaps due to a set
+timeout value or otherwise) are not considered security problems. Applications
+are supposed to already handle situations when the transfer loop legitimately
+consumes 100% CPU time, so while a prolonged such busy-loop is a nasty bug, we
+do not consider it a security problem.
diff --git a/docs/THANKS b/docs/THANKS
index c8c3a8f1d..9c4ae0484 100644
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -111,6 +111,7 @@ Alexey Borzov
 Alexey Eremikhin
 Alexey Melnichuk
 Alexey Pesternikov
+Alexey Savchuk
 Alexey Simak
 Alexey Zakhlestin
 Alexis Carvalho
@@ -119,6 +120,7 @@ Alexis Vachette
 Alfonso Martone
 Alfred Gebert
 Ali Utku Selen
+ALittleDruid on github
 Allen Pulsifer
 Alona Rossen
 Amaury Denoyelle
@@ -331,6 +333,7 @@ Bob Schader
 bobmitchell1956 on github
 Bodo Bergmann
 Bogdan Nicula
+Boris Okunskiy
 Boris Rasin
 Boris Verkhovskiy
 Brad Burdick
@@ -356,6 +359,7 @@ Brian Childs
 Brian Chrisman
 Brian Dessent
 Brian E. Gallew
+Brian Green
 Brian Inglis
 Brian J. Murrell
 Brian Prodoehl
@@ -369,6 +373,7 @@ BrumBrum on hackerone
 Bruno Baguette
 Bruno de Carvalho
 Bruno Grasselli
+Bruno Henrique Batista Cruz da Silva
 Bruno Thomsen
 Bryan Henderson
 Bryan Kemp
@@ -381,6 +386,7 @@ Bylon2 on github
 Byrial Jensen
 Caleb Raitto
 Calvin Buckley
+Cameron Blomquist
 Cameron Cawley
 Cameron Kaiser
 Cameron MacMinn
@@ -434,6 +440,7 @@ Chris Young
 Christian Fillion
 Christian Grothoff
 Christian Heimes
+Christian Hesse
 Christian Hägele
 Christian Krause
 Christian Kurz
@@ -520,7 +527,6 @@ Dan Becker
 Dan Cristian
 Dan Donahue
 Dan Fandrich
-Dan Jacobson
 Dan Johnson
 Dan Kenigsberg
 Dan Locks
@@ -623,6 +629,7 @@ Davide Cassioli
 davidedec on github
 dbrowndan on github
 dEajL3kA on github
+dekerser on github
 Dengminwen
 Denis Baručić
 Denis Chaplygin
@@ -659,12 +666,14 @@ Dirk Wetter
 Dirkjan Bussink
 Diven Qi
 divinity76 on github
+Divy Le Ray
 dkjjr89 on github
 dkwolfe4 on github
 Dmitri Shubin
 Dmitri Tikhonov
 Dmitriy Sergeyev
 dmitrmax on github
+Dmitry Atamanov
 Dmitry Bartsevich
 Dmitry Eremin-Solenikov
 Dmitry Falko
@@ -791,6 +800,7 @@ Ernest Beinrohr
 Ernst Sjöstrand
 Erwan Legrand
 Erwin Authried
+Esdras de Morais da Silva
 Estanislau Augé-Pujadas
 Ethan Glasser Camp
 Etienne Simard
@@ -819,6 +829,7 @@ Fata Nugraha
 Fawad Mirza
 fds242 on github
 Federico Bianchi
+Federico Pellegrin
 Fedor Karpelevitch
 Fedor Korotkov
 Feist Josselin
@@ -831,6 +842,7 @@ Feng Tu
 Fernando Muñoz
 Filip Lundgren
 Filip Salomonsson
+finkjsc on github
 Firefox OS
 Flameborn on github
 Flavio Medeiros
@@ -868,7 +880,9 @@ Frederik B
 Frederik Wedel-Heinen
 Fredrik Thulin
 FuccDucc on github
+Fujii Hironori
 fullincome on github
+fundawang on github
 Gabriel Kuri
 Gabriel Simmer
 Gabriel Sjoberg
@@ -940,13 +954,16 @@ Gregor Jasny
 Gregory Jefferis
 Gregory Muchka
 Gregory Nicholls
+Gregory Panakkal
 Gregory Szorc
 Griffin Downs
 Grigory Entin
+Grisha Levit
 Guenole Bescon
 Guido Berhoerster
 Guillaume Arluison
 guitared on github
+Gunamoi Software
 Gunter Knauf
 Gustaf Hui
 Gustavo Grieco
@@ -966,6 +983,7 @@ Han Han
 Han Qiao
 Hang Kin Lau
 Hang Su
+Hannah Schierling
 Hannes Magnusson
 Hanno Böck
 Hanno Kranzhoff
@@ -998,6 +1016,7 @@ Henry Ludemann
 Henry Roeland
 Herve Amblard
 HexTheDragon
+Hide Ishikawa
 Hidemoto Nakada
 highmtworks on github
 Himanshu Gupta
@@ -1042,6 +1061,7 @@ Ilguiz Latypov
 Ilja van Sprundel
 Illarion Taev
 illusory-dream on github
+Ilmari Lauhakangas
 Ilya Kosarev
 imilli on github
 Immanuel Gregoire
@@ -1069,6 +1089,7 @@ J. Bromley
 Jack Boos Yu
 Jack Zhang
 Jackarain on github
+JackBoosY on github
 Jacky Lam
 Jacob Barthelmeh
 Jacob Hoffman-Andrews
@@ -1079,6 +1100,7 @@ Jactry Zeng
 Jad Chamcham
 Jaime Fullaondo
 jakirkham on github
+Jakob Hirsch
 Jakub Bochenski
 Jakub Wilk
 Jakub Zakrzewski
@@ -1093,6 +1115,7 @@ James Fuller
 James Gallagher
 James Griffiths
 James Housley
+James Keast
 James Knight
 James Le Cuirot
 James MacMillan
@@ -1103,6 +1126,7 @@ Jamie Wilkinson
 Jan Alexander Steffens
 Jan Chren
 Jan Ehrhardt
+Jan Engelhardt
 Jan Koen Annot
 Jan Kunder
 Jan Mazur
@@ -1159,6 +1183,7 @@ Jeff Weber
 Jeffrey Tolar
 Jeffrey Walton
 jeffrson on github
+Jelle van der Waa
 Jenny Heino
 Jens Finkhaeuser
 Jens Rantil
@@ -1178,6 +1203,7 @@ Jeroen Ooms
 Jerome Mao
 Jerome Muffat-Meridol
 Jerome Robert
+Jerome St-Louis
 Jerome Vouillon
 Jerry Krinock
 Jerry Wu
@@ -1250,6 +1276,7 @@ John Marino
 John Marshall
 John McGowan
 John P. McCaskey
+John Porter
 John Schroeder
 John Sherrill
 John Simpson
@@ -1297,6 +1324,7 @@ Jose Kahan
 Josef Wolf
 Joseph Chen
 Josh Bialkowski
+Josh Brobst
 Josh Kapell
 Josh Soref
 joshhe on github
@@ -1344,6 +1372,7 @@ jvreelanda on github
 jvvprasad78 on github
 jzinn on github
 János Fekete
+Jérémy Rabasco
 Jérémy Rocher
 Jörg Mueller-Tolk
 Jörn Hartroth
@@ -1372,6 +1401,7 @@ Kaspar Brand
 Katie Wang
 Katsuhiko YOSHIDA
 Kazuho Oku
+kchow-FTNT on github
 Kees Cook
 Kees Dekker
 Keitagit-kun on github
@@ -1397,6 +1427,7 @@ Kevin Lussier
 Kevin R. Bulgrien
 Kevin Reed
 Kevin Roth
+Kevin Ryan
 Kevin Smith
 Kevin Ushey
 Kim Minjoong
@@ -1433,6 +1464,7 @@ Kunal Chandarana
 Kunal Ekawde
 Kurt Fankhauser
 Kushal Das
+Kvarec Lezki
 Kwon-Young Choi
 Kyle Abramowitz
 Kyle Edwards
@@ -1539,6 +1571,7 @@ lwthiker on github
 Lyman Epp
 Lyndon Hill
 M.R.T on github
+Maciej Domanski
 Maciej Karpiuk
 Maciej Puzio
 Maciej W. Rozycki
@@ -1596,6 +1629,7 @@ Mark Itzcovitz
 Mark Karpeles
 Mark Lentczner
 Mark Nottingham
+Mark Roszko
 Mark Salisbury
 Mark Snelling
 Mark Swaanenburg
@@ -1611,10 +1645,12 @@ Markus Olsson
 Markus Westerlind
 Maros Priputen
 Marquis de Muesli
+marski on github
 Martijn Koster
 Martin Ankerl
 Martin Bašti
 Martin C. Martin
+Martin D'Aloia
 Martin Dorey
 Martin Drasar
 Martin Dreher
@@ -1635,6 +1671,7 @@ Martin Storsjö
 Martin Strunz
 Martin V
 Martin Vejnár
+Martin Waleczek
 Martin Ågren
 Marty Kuhrt
 Maruko
@@ -1643,6 +1680,7 @@ masbug on github
 Massimiliano Fantuzzi
 Massimiliano Ziccardi
 Massimo Callegari
+Master Inspire
 MasterInQuestion on github
 Mateusz Loskot
 Mathias Axelsson
@@ -1655,6 +1693,7 @@ Mats Lindestam
 Matt Arsenault
 Matt Ford
 Matt Holt
+Matt Jolly
 Matt Kraai
 Matt McClure
 Matt Veenstra
@@ -1766,6 +1805,7 @@ Mike Bytnar
 Mike Crowe
 Mike Dobbs
 Mike Dowell
+Mike Duglas
 Mike Frysinger
 Mike Gelfand
 Mike Giancola
@@ -1805,6 +1845,7 @@ Moti Avrahami
 MrdUkk on github
 MrSorcus on github
 Muhammad Herdiansyah
+Muhammad Hussein Ammari
 Muhammed Yavuz Nuzumlalı
 Murugan Balraj
 Muz Dima
@@ -1849,6 +1890,7 @@ Nick Gimbrone
 Nick Humfrey
 Nick Miyake
 Nick Zitzmann
+nick-telia on github
 Nicklas Avén
 Nico Baggus
 nico-abram on github
@@ -1883,10 +1925,12 @@ nopjmp on github
 Norbert Frese
 Norbert Kett
 Norbert Novotny
+norbertmm on github
 nosajsnikta on github
 NTMan on Github
 Nuru on github
 Octavio Schroeder
+odek86 on github
 Ofer
 Okhin Vasilij
 Ola Mork
@@ -1909,6 +1953,7 @@ Olivier Brunel
 Omar Ramadan
 omau on github
 opensignature on github
+opensslonzos-github on github
 Orange Tsai
 Oren Souroujon
 Oren Tirosh
@@ -2037,6 +2082,7 @@ Philip Heiduck
 Philip Langdale
 Philip Prindeville
 Philip Sanetra
+Philipp Engel
 Philipp Klaus Krause
 Philipp Waehnert
 Philippe Hameau
@@ -2064,6 +2110,7 @@ Prithvi MK
 privetryan on github
 Priyanka Shah
 ProceduralMan on github
+Pronyushkin Petr
 Przemysław Tomaszewski
 pszemus on github
 puckipedia on github
@@ -2075,8 +2122,10 @@ Quentin Balland
 Quinn Slack
 r-a-sattarov on github
 R. Dennis Steed
+Radek Brich
 Radek Zajic
 Radoslav Georgiev
+Radu Hociung
 Radu Simionescu
 Rafa Muyo
 Rafael Antonio
@@ -2097,6 +2146,7 @@ Ralph Mitchell
 Ram Krushna Mishra
 ramsay-jones on github
 Ran Mozes
+RanBarLavie on github
 Randall S. Becker
 Randolf J
 Randy Armstrong
@@ -2236,6 +2286,7 @@ Ronnie Mose
 Rosen Penev
 Rosimildo da Silva
 Ross Burton
+roughtex on github
 Roy Bellingan
 Roy Li
 Roy Shan
@@ -2247,6 +2298,7 @@ Ruslan Gazizov
 Rutger Hofman
 Ruurd Beerstra
 RuurdBeerstra on github
+rwmjones on github
 Ryan Beck-Buysse
 Ryan Braud
 Ryan Chan
@@ -2279,6 +2331,7 @@ Samuel Marks
 Samuel Surtees
 Samuel Thibault
 Samuel Tranchet
+SandakovMM on github
 Sander Gates
 Sandor Feldi
 Sandro Jaeckel
@@ -2311,12 +2364,15 @@ Sebastian Mundry
 Sebastian Pohlschmidt
 Sebastian Rasmussen
 Sebastian Sterk
+SendSonS on github
 Senthil Raja Velu
 Sergei Kuzmin
 Sergei Nikulov
 Sergey Bronnikov
+Sergey Fionov
 Sergey Markelov
 Sergey Ogryzkov
+Sergey Ryabinin
 Sergey Tatarincev
 Sergii Kavunenko
 Sergii Pylypenko
@@ -2324,8 +2380,11 @@ Sergio Ballestrero
 Sergio Barresi
 Sergio Borghese
 Sergio Durigan Junior
+Sergio Mijatovic
+Sergio-IME on github
 sergio-nsk on github
 Serj Kalichev
+SerusDev on github
 Seshubabu Pasam
 Seth Mos
 Sevan Janiyan
@@ -2383,6 +2442,7 @@ Stan Hu
 Stan van de Burgt
 Stanislav Ivochkin
 Stanislav Zidek
+Stanley Wucw
 Stathis Kapnidis
 Stav Nir
 steelman on github
@@ -2397,6 +2457,7 @@ Stefan Karpinski
 Stefan Krause
 Stefan Neis
 Stefan Strogin
+Stefan Talpalaru
 Stefan Teleman
 Stefan Tomanek
 Stefan Ulrich
@@ -2455,6 +2516,7 @@ swalkaus at yahoo.com
 sylgal on github
 Sylvestre Ledru
 Symeon Paraschoudis
+Sébastien Helleu
 Sébastien Willemijns
 T. Bharath
 T. Yamada
@@ -2500,6 +2562,7 @@ Thomas Tonino
 Thomas van Hesteren
 Thomas Vegas
 Thomas Weißschuh
+Thomas1664 on github
 Thorsten Schöning
 Tiit Pikma
 Till Maas
@@ -2519,6 +2582,7 @@ Tim Stack
 Tim Starling
 Tim Tassonis
 Tim Verhoeven
+Timmy Schierling
 Timo Lange
 Timo Sirainen
 Timotej Lazar
@@ -2611,6 +2675,7 @@ Ulf Samuelsson
 Ulrich Doehner
 Ulrich Telle
 Ulrich Zadow
+UnicornZhang on Github
 updatede on github
 UrsusArctos on github
 User Sg
@@ -2646,6 +2711,7 @@ Vincent Le Normand
 Vincent Penquerc'h
 Vincent Sanders
 Vincent Torri
+violetlige on github
 vitaha85 on github
 Vitaly Varyvdin
 vl409 on github
@@ -2690,6 +2756,7 @@ Willem Sparreboom
 William A. Rowe Jr
 William Ahern
 William Desportes
+William Tang
 wmsch on github
 wncboy on github
 Wojciech Zwiefka
@@ -2737,6 +2804,7 @@ Yu Xin
 Yukihiro Kawada
 Yun SangHo
 Yuri Slobodyanyuk
+Yurii Rashkovskii
 Yuriy Chernyshov
 Yuriy Sosov
 Yusuke Nakamura
@@ -2775,3 +2843,4 @@ zzq1015 on github
 不确定
 加藤郁之
 梦终无痕
+積丹尼 Dan Jacobson
diff --git a/docs/THANKS-filter b/docs/THANKS-filter
index 23c24ae7d..8a05f2370 100644
--- a/docs/THANKS-filter
+++ b/docs/THANKS-filter
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/TODO b/docs/TODO
index ba3e84a59..cbda167bc 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -45,6 +45,7 @@
  1.30 config file parsing
  1.31 erase secrets from heap/stack after use
  1.32 add asynch getaddrinfo support
+ 1.33 make DoH inherit more transfer properties
 
  2. libcurl - multi interface
  2.1 More non-blocking
@@ -68,6 +69,7 @@
  4.5 ASCII support
  4.6 GSSAPI via Windows SSPI
  4.7 STAT for LIST without data connection
+ 4.8 Passive transfer could try other IP addresses
 
  5. HTTP
  5.1 Provide the error body from a CONNECT response
@@ -427,6 +429,21 @@
 
  https://github.com/curl/curl/pull/6746
 
+1.33 make DoH inherit more transfer properties
+
+ Some options are not inherited because they are not relevant for the DoH SSL
+ connections, or inheriting the option may result in unexpected behavior. For
+ example the user's debug function callback is not inherited because it would
+ be unexpected for internal handles (ie DoH handles) to be passed to that
+ callback.
+
+ If an option is not inherited then it is not possible to set it separately
+ for DoH without a DoH-specific option. For example:
+ CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and
+ CURLOPT_DOH_SSL_VERIFYSTATUS.
+
+ See https://github.com/curl/curl/issues/6605
+
 2. libcurl - multi interface
 
 2.1 More non-blocking
@@ -564,6 +581,17 @@
 
  This is not detailed in any FTP specification.
 
+4.8 Passive transfer could try other IP addresses
+
+ When doing FTP operations through a proxy at localhost, the reported spotted
+ that curl only tried to connect once to the proxy, while it had multiple
+ addresses and a failed connect on one address should make it try the next.
+
+ After switching to passive mode (EPSV), curl could try all IP addresses for
+ "localhost". Currently it tries ::1, but it should also try 127.0.0.1.
+
+ See https://github.com/curl/curl/issues/1508
+
 5. HTTP
 
 5.1 Provide the error body from a CONNECT response
diff --git a/docs/URL-SYNTAX.md b/docs/URL-SYNTAX.md
index 691fcceac..802bbdef9 100644
--- a/docs/URL-SYNTAX.md
+++ b/docs/URL-SYNTAX.md
@@ -360,6 +360,9 @@ share and directory or the share to upload to and as such, may not be omitted.
 If the user name is embedded in the URL then it must contain the domain name
 and as such, the backslash must be URL encoded as %2f.
 
+When uploading to SMB, the size of the file needs to be known ahead of time,
+meaning that you can upload a file passed to curl over a pipe like stdin.
+
 curl supports SMB version 1 (only)
 
 ## SMTP
diff --git a/docs/WEBSOCKET.md b/docs/WEBSOCKET.md
index a52588d54..ba84c2284 100644
--- a/docs/WEBSOCKET.md
+++ b/docs/WEBSOCKET.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
@@ -9,7 +9,7 @@ SPDX-License-Identifier: curl
 ## URL
 
 WebSocket communication with libcurl is done by setting up a transfer to a URL
-using the `ws:/` or `wss://` URL schemes. The latter one being the secure
+using the `ws://` or `wss://` URL schemes. The latter one being the secure
 version done over HTTPS.
 
 When using `wss://` to do WebSocket over HTTPS, the standard TLS and HTTPS
diff --git a/docs/cmdline-opts/CMakeLists.txt b/docs/cmdline-opts/CMakeLists.txt
index fe7870f5d..3dd8be49b 100644
--- a/docs/cmdline-opts/CMakeLists.txt
+++ b/docs/cmdline-opts/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/cmdline-opts/MANPAGE.md b/docs/cmdline-opts/MANPAGE.md
index b760a9ad8..541d7806b 100644
--- a/docs/cmdline-opts/MANPAGE.md
+++ b/docs/cmdline-opts/MANPAGE.md
@@ -1,5 +1,5 @@
 <!--
-  Copyright (C) 2000 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+  Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
   SPDX-License-Identifier: curl
 -->
@@ -31,10 +31,11 @@ Each file has a set of meta-data and a body of text.
     Help: (short text for the --help output for this option)
     Long: (long form name, without dashes)
     Magic: (description of "magic" options)
-    Multi: single/append/boolean/mutex (if used more than once)
+    Multi: single/append/boolean/mutex/custom (if used more than once)
     Mutexed: (space separated list of options this overrides, no dashes)
     Protocols: (space separated list for which protocols this option works)
     Requires: (space separated list of features this requires, no dashes)
+    Scope: global (if the option is global)
     See-also: (space separated list of related options, no dashes)
     Short: (single letter, without dash)
     SPDX-License-Identifier: curl
diff --git a/docs/cmdline-opts/Makefile.am b/docs/cmdline-opts/Makefile.am
index df38e192a..5a8996bc2 100644
--- a/docs/cmdline-opts/Makefile.am
+++ b/docs/cmdline-opts/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -30,8 +30,12 @@ include Makefile.inc
 
 EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(OTHERPAGES) CMakeLists.txt
 
+GEN = $(GN_$(V))
+GN_0 = @echo "  GENERATE" $@;
+GN_1 =
+GN_ = $(GN_0)
+
 all: $(MANPAGE)
 
-$(MANPAGE): $(DPAGES) $(OTHERPAGES) Makefile.inc
-	@echo "generate $(MANPAGE)"
-	@(cd $(srcdir) && @PERL@ ./gen.pl mainpage $(DPAGES)) > $(MANPAGE)
+$(MANPAGE): $(DPAGES) $(OTHERPAGES) Makefile.inc gen.pl
+	$(GEN)(rm -f $(MANPAGE) && cd $(srcdir) && @PERL@ ./gen.pl mainpage $(DPAGES) > $(builddir)/manpage.tmp && mv $(builddir)/manpage.tmp $(MANPAGE))
diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc
index 4f83bdc96..ffc9169d3 100644
--- a/docs/cmdline-opts/Makefile.inc
+++ b/docs/cmdline-opts/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -107,6 +107,7 @@ DPAGES = \
   http2-prior-knowledge.d \
   http2.d \
   http3.d \
+  http3-only.d \
   ignore-content-length.d \
   include.d \
   insecure.d \
diff --git a/docs/cmdline-opts/abstract-unix-socket.d b/docs/cmdline-opts/abstract-unix-socket.d
index 32cd5e209..5c2fd4a47 100644
--- a/docs/cmdline-opts/abstract-unix-socket.d
+++ b/docs/cmdline-opts/abstract-unix-socket.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: abstract-unix-socket
 Arg: <path>
diff --git a/docs/cmdline-opts/alt-svc.d b/docs/cmdline-opts/alt-svc.d
index 6689d605c..b505311e2 100644
--- a/docs/cmdline-opts/alt-svc.d
+++ b/docs/cmdline-opts/alt-svc.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: alt-svc
 Arg: <file name>
diff --git a/docs/cmdline-opts/anyauth.d b/docs/cmdline-opts/anyauth.d
index cc871b6e2..1d0c3956b 100644
--- a/docs/cmdline-opts/anyauth.d
+++ b/docs/cmdline-opts/anyauth.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: anyauth
 Help: Pick any authentication method
diff --git a/docs/cmdline-opts/append.d b/docs/cmdline-opts/append.d
index b1eab78cf..d478aacea 100644
--- a/docs/cmdline-opts/append.d
+++ b/docs/cmdline-opts/append.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: a
 Long: append
diff --git a/docs/cmdline-opts/aws-sigv4.d b/docs/cmdline-opts/aws-sigv4.d
index 7f69c03ab..412036e43 100644
--- a/docs/cmdline-opts/aws-sigv4.d
+++ b/docs/cmdline-opts/aws-sigv4.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: aws-sigv4
 Arg: <provider1[:provider2[:region[:service]]]>
diff --git a/docs/cmdline-opts/basic.d b/docs/cmdline-opts/basic.d
index ca873b8bb..cb0642620 100644
--- a/docs/cmdline-opts/basic.d
+++ b/docs/cmdline-opts/basic.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: basic
 Help: Use HTTP Basic Authentication
diff --git a/docs/cmdline-opts/cacert.d b/docs/cmdline-opts/cacert.d
index 1f86b0e96..97e051c04 100644
--- a/docs/cmdline-opts/cacert.d
+++ b/docs/cmdline-opts/cacert.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: cacert
 Arg: <file>
diff --git a/docs/cmdline-opts/capath.d b/docs/cmdline-opts/capath.d
index 552c05a3c..a6753adab 100644
--- a/docs/cmdline-opts/capath.d
+++ b/docs/cmdline-opts/capath.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: capath
 Arg: <dir>
diff --git a/docs/cmdline-opts/cert-status.d b/docs/cmdline-opts/cert-status.d
index 83241dba2..e8ac156ca 100644
--- a/docs/cmdline-opts/cert-status.d
+++ b/docs/cmdline-opts/cert-status.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: cert-status
 Protocols: TLS
diff --git a/docs/cmdline-opts/cert-type.d b/docs/cmdline-opts/cert-type.d
index 13643fb53..cf9f17b7d 100644
--- a/docs/cmdline-opts/cert-type.d
+++ b/docs/cmdline-opts/cert-type.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: cert-type
 Protocols: TLS
diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d
index 54c5cb0a0..aad749c87 100644
--- a/docs/cmdline-opts/cert.d
+++ b/docs/cmdline-opts/cert.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: E
 Long: cert
diff --git a/docs/cmdline-opts/ciphers.d b/docs/cmdline-opts/ciphers.d
index e64a3f6a0..56bd20449 100644
--- a/docs/cmdline-opts/ciphers.d
+++ b/docs/cmdline-opts/ciphers.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ciphers
 Arg: <list of ciphers>
diff --git a/docs/cmdline-opts/compressed-ssh.d b/docs/cmdline-opts/compressed-ssh.d
index 0521a2ba4..897395677 100644
--- a/docs/cmdline-opts/compressed-ssh.d
+++ b/docs/cmdline-opts/compressed-ssh.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: compressed-ssh
 Help: Enable SSH compression
diff --git a/docs/cmdline-opts/compressed.d b/docs/cmdline-opts/compressed.d
index f3b03c672..97ab1b10b 100644
--- a/docs/cmdline-opts/compressed.d
+++ b/docs/cmdline-opts/compressed.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: compressed
 Help: Request compressed response
diff --git a/docs/cmdline-opts/config.d b/docs/cmdline-opts/config.d
index 84456f627..1c8a0b5ae 100644
--- a/docs/cmdline-opts/config.d
+++ b/docs/cmdline-opts/config.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: config
 Arg: <file>
diff --git a/docs/cmdline-opts/connect-timeout.d b/docs/cmdline-opts/connect-timeout.d
index d6d25ccb2..818214f2f 100644
--- a/docs/cmdline-opts/connect-timeout.d
+++ b/docs/cmdline-opts/connect-timeout.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: connect-timeout
 Arg: <fractional seconds>
diff --git a/docs/cmdline-opts/connect-to.d b/docs/cmdline-opts/connect-to.d
index 040ea19dd..95fab9112 100644
--- a/docs/cmdline-opts/connect-to.d
+++ b/docs/cmdline-opts/connect-to.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: connect-to
 Arg: <HOST1:PORT1:HOST2:PORT2>
diff --git a/docs/cmdline-opts/continue-at.d b/docs/cmdline-opts/continue-at.d
index 726171a41..9f91c44c8 100644
--- a/docs/cmdline-opts/continue-at.d
+++ b/docs/cmdline-opts/continue-at.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: C
 Long: continue-at
diff --git a/docs/cmdline-opts/cookie-jar.d b/docs/cmdline-opts/cookie-jar.d
index 2f3b8e9e6..08f73fa4e 100644
--- a/docs/cmdline-opts/cookie-jar.d
+++ b/docs/cmdline-opts/cookie-jar.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: c
 Long: cookie-jar
diff --git a/docs/cmdline-opts/cookie.d b/docs/cmdline-opts/cookie.d
index 2b736539e..1d247147c 100644
--- a/docs/cmdline-opts/cookie.d
+++ b/docs/cmdline-opts/cookie.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: b
 Long: cookie
diff --git a/docs/cmdline-opts/create-dirs.d b/docs/cmdline-opts/create-dirs.d
index 01b7ccf92..8f187b8d0 100644
--- a/docs/cmdline-opts/create-dirs.d
+++ b/docs/cmdline-opts/create-dirs.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: create-dirs
 Help: Create necessary local directory hierarchy
diff --git a/docs/cmdline-opts/create-file-mode.d b/docs/cmdline-opts/create-file-mode.d
index 32e6e84bf..c0ebc08d4 100644
--- a/docs/cmdline-opts/create-file-mode.d
+++ b/docs/cmdline-opts/create-file-mode.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: create-file-mode
 Arg: <mode>
diff --git a/docs/cmdline-opts/crlf.d b/docs/cmdline-opts/crlf.d
index f19a5b25d..ed9652ce0 100644
--- a/docs/cmdline-opts/crlf.d
+++ b/docs/cmdline-opts/crlf.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: crlf
 Help: Convert LF to CRLF in upload
diff --git a/docs/cmdline-opts/crlfile.d b/docs/cmdline-opts/crlfile.d
index deb54e124..da0d239ba 100644
--- a/docs/cmdline-opts/crlfile.d
+++ b/docs/cmdline-opts/crlfile.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: crlfile
 Arg: <file>
diff --git a/docs/cmdline-opts/curves.d b/docs/cmdline-opts/curves.d
index 84f1291d8..3fa9c4809 100644
--- a/docs/cmdline-opts/curves.d
+++ b/docs/cmdline-opts/curves.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: curves
 Arg: <algorithm list>
diff --git a/docs/cmdline-opts/data-ascii.d b/docs/cmdline-opts/data-ascii.d
index 4f9bdb1d3..5c7840bbc 100644
--- a/docs/cmdline-opts/data-ascii.d
+++ b/docs/cmdline-opts/data-ascii.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: data-ascii
 Arg: <data>
diff --git a/docs/cmdline-opts/data-binary.d b/docs/cmdline-opts/data-binary.d
index c1c9b20d1..e96650180 100644
--- a/docs/cmdline-opts/data-binary.d
+++ b/docs/cmdline-opts/data-binary.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: data-binary
 Arg: <data>
diff --git a/docs/cmdline-opts/data-raw.d b/docs/cmdline-opts/data-raw.d
index 8ec29fad8..e6a5a5b2b 100644
--- a/docs/cmdline-opts/data-raw.d
+++ b/docs/cmdline-opts/data-raw.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: data-raw
 Arg: <data>
diff --git a/docs/cmdline-opts/data-urlencode.d b/docs/cmdline-opts/data-urlencode.d
index e9adc4563..d8cfda622 100644
--- a/docs/cmdline-opts/data-urlencode.d
+++ b/docs/cmdline-opts/data-urlencode.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: data-urlencode
 Arg: <data>
diff --git a/docs/cmdline-opts/data.d b/docs/cmdline-opts/data.d
index 628b15069..7298615c5 100644
--- a/docs/cmdline-opts/data.d
+++ b/docs/cmdline-opts/data.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: data
 Short: d
diff --git a/docs/cmdline-opts/delegation.d b/docs/cmdline-opts/delegation.d
index c4659d844..c6f93bf5a 100644
--- a/docs/cmdline-opts/delegation.d
+++ b/docs/cmdline-opts/delegation.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: delegation
 Arg: <LEVEL>
diff --git a/docs/cmdline-opts/digest.d b/docs/cmdline-opts/digest.d
index c42486f04..f2ee551c5 100644
--- a/docs/cmdline-opts/digest.d
+++ b/docs/cmdline-opts/digest.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: digest
 Help: Use HTTP Digest Authentication
diff --git a/docs/cmdline-opts/disable-eprt.d b/docs/cmdline-opts/disable-eprt.d
index 8a21fed8d..4863d9d24 100644
--- a/docs/cmdline-opts/disable-eprt.d
+++ b/docs/cmdline-opts/disable-eprt.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: disable-eprt
 Help: Inhibit using EPRT or LPRT
diff --git a/docs/cmdline-opts/disable-epsv.d b/docs/cmdline-opts/disable-epsv.d
index 3f58f508c..bcc38db33 100644
--- a/docs/cmdline-opts/disable-epsv.d
+++ b/docs/cmdline-opts/disable-epsv.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: disable-epsv
 Help: Inhibit using EPSV
diff --git a/docs/cmdline-opts/disable.d b/docs/cmdline-opts/disable.d
index 4ce33cd61..ea95925c5 100644
--- a/docs/cmdline-opts/disable.d
+++ b/docs/cmdline-opts/disable.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: disable
 Short: q
diff --git a/docs/cmdline-opts/disallow-username-in-url.d b/docs/cmdline-opts/disallow-username-in-url.d
index 3e1de348a..d0537db97 100644
--- a/docs/cmdline-opts/disallow-username-in-url.d
+++ b/docs/cmdline-opts/disallow-username-in-url.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: disallow-username-in-url
 Help: Disallow username in URL
diff --git a/docs/cmdline-opts/dns-interface.d b/docs/cmdline-opts/dns-interface.d
index 8cd4d1347..fd924b897 100644
--- a/docs/cmdline-opts/dns-interface.d
+++ b/docs/cmdline-opts/dns-interface.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: dns-interface
 Arg: <interface>
diff --git a/docs/cmdline-opts/dns-ipv4-addr.d b/docs/cmdline-opts/dns-ipv4-addr.d
index 358bec368..17caf4697 100644
--- a/docs/cmdline-opts/dns-ipv4-addr.d
+++ b/docs/cmdline-opts/dns-ipv4-addr.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: dns-ipv4-addr
 Arg: <address>
diff --git a/docs/cmdline-opts/dns-ipv6-addr.d b/docs/cmdline-opts/dns-ipv6-addr.d
index 945265686..717b34719 100644
--- a/docs/cmdline-opts/dns-ipv6-addr.d
+++ b/docs/cmdline-opts/dns-ipv6-addr.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: dns-ipv6-addr
 Arg: <address>
diff --git a/docs/cmdline-opts/dns-servers.d b/docs/cmdline-opts/dns-servers.d
index ff0705122..bec23a3c3 100644
--- a/docs/cmdline-opts/dns-servers.d
+++ b/docs/cmdline-opts/dns-servers.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: dns-servers
 Arg: <addresses>
diff --git a/docs/cmdline-opts/doh-cert-status.d b/docs/cmdline-opts/doh-cert-status.d
index 534c79529..37ae0f827 100644
--- a/docs/cmdline-opts/doh-cert-status.d
+++ b/docs/cmdline-opts/doh-cert-status.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: doh-cert-status
 Help: Verify the status of the DoH server cert via OCSP-staple
diff --git a/docs/cmdline-opts/doh-insecure.d b/docs/cmdline-opts/doh-insecure.d
index 30c44bba3..dcc65fb6c 100644
--- a/docs/cmdline-opts/doh-insecure.d
+++ b/docs/cmdline-opts/doh-insecure.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: doh-insecure
 Help: Allow insecure DoH server connections
diff --git a/docs/cmdline-opts/doh-url.d b/docs/cmdline-opts/doh-url.d
index 4717a6ac6..fef7d6ad4 100644
--- a/docs/cmdline-opts/doh-url.d
+++ b/docs/cmdline-opts/doh-url.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: doh-url
 Arg: <URL>
diff --git a/docs/cmdline-opts/dump-header.d b/docs/cmdline-opts/dump-header.d
index 3e39f6007..657abcd4e 100644
--- a/docs/cmdline-opts/dump-header.d
+++ b/docs/cmdline-opts/dump-header.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: dump-header
 Short: D
@@ -18,4 +18,4 @@ When used in FTP, the FTP server response lines are considered being "headers"
 and thus are saved there.
 
 Having multiple transfers in one set of operations (i.e. the URLs in one
---next clause), will append them to the same file, seperated by a blank line.
+--next clause), will append them to the same file, separated by a blank line.
diff --git a/docs/cmdline-opts/egd-file.d b/docs/cmdline-opts/egd-file.d
index b6661c773..8464acde8 100644
--- a/docs/cmdline-opts/egd-file.d
+++ b/docs/cmdline-opts/egd-file.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: egd-file
 Arg: <file>
diff --git a/docs/cmdline-opts/engine.d b/docs/cmdline-opts/engine.d
index 58578ea8f..1ebc779c0 100644
--- a/docs/cmdline-opts/engine.d
+++ b/docs/cmdline-opts/engine.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: engine
 Arg: <name>
diff --git a/docs/cmdline-opts/etag-compare.d b/docs/cmdline-opts/etag-compare.d
index 12c786790..d3c48d17a 100644
--- a/docs/cmdline-opts/etag-compare.d
+++ b/docs/cmdline-opts/etag-compare.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: etag-compare
 Arg: <file>
diff --git a/docs/cmdline-opts/etag-save.d b/docs/cmdline-opts/etag-save.d
index 2f44c0f7d..6295a9e31 100644
--- a/docs/cmdline-opts/etag-save.d
+++ b/docs/cmdline-opts/etag-save.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: etag-save
 Arg: <file>
diff --git a/docs/cmdline-opts/expect100-timeout.d b/docs/cmdline-opts/expect100-timeout.d
index 279b90b29..f68165800 100644
--- a/docs/cmdline-opts/expect100-timeout.d
+++ b/docs/cmdline-opts/expect100-timeout.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: expect100-timeout
 Arg: <seconds>
diff --git a/docs/cmdline-opts/fail-early.d b/docs/cmdline-opts/fail-early.d
index cedc884f8..975f34627 100644
--- a/docs/cmdline-opts/fail-early.d
+++ b/docs/cmdline-opts/fail-early.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: fail-early
 Help: Fail on first transfer error, do not continue
@@ -7,6 +7,7 @@ Category: curl
 Example: --fail-early $URL https://two.example
 See-also: fail fail-with-body
 Multi: boolean
+Scope: global
 ---
 Fail and exit on the first detected transfer error.
 
@@ -20,8 +21,6 @@ Using this option, curl will instead return an error on the first transfer
 that fails, independent of the amount of URLs that are given on the command
 line. This way, no transfer failures go undetected by scripts and similar.
 
-This option is global and does not need to be specified for each use of --next.
-
 This option does not imply --fail, which causes transfers to fail due to the
 server's HTTP status code. You can combine the two options, however note --fail
 is not global and is therefore contained by --next.
diff --git a/docs/cmdline-opts/fail-with-body.d b/docs/cmdline-opts/fail-with-body.d
index adf5294f4..192b5e8b3 100644
--- a/docs/cmdline-opts/fail-with-body.d
+++ b/docs/cmdline-opts/fail-with-body.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: fail-with-body
 Protocols: HTTP
diff --git a/docs/cmdline-opts/fail.d b/docs/cmdline-opts/fail.d
index 66c08fa50..d16d11019 100644
--- a/docs/cmdline-opts/fail.d
+++ b/docs/cmdline-opts/fail.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: fail
 Short: f
diff --git a/docs/cmdline-opts/false-start.d b/docs/cmdline-opts/false-start.d
index b617a6b67..599b17ac2 100644
--- a/docs/cmdline-opts/false-start.d
+++ b/docs/cmdline-opts/false-start.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: false-start
 Help: Enable TLS False Start
diff --git a/docs/cmdline-opts/form-escape.d b/docs/cmdline-opts/form-escape.d
index b399741e2..304bfe814 100644
--- a/docs/cmdline-opts/form-escape.d
+++ b/docs/cmdline-opts/form-escape.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: form-escape
 Help: Escape multipart form field/file names using backslash
diff --git a/docs/cmdline-opts/form-string.d b/docs/cmdline-opts/form-string.d
index a2c450b17..32baab0f5 100644
--- a/docs/cmdline-opts/form-string.d
+++ b/docs/cmdline-opts/form-string.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: form-string
 Help: Specify multipart MIME data
diff --git a/docs/cmdline-opts/form.d b/docs/cmdline-opts/form.d
index 3954fdaf6..cf8366d6b 100644
--- a/docs/cmdline-opts/form.d
+++ b/docs/cmdline-opts/form.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: form
 Short: F
diff --git a/docs/cmdline-opts/ftp-account.d b/docs/cmdline-opts/ftp-account.d
index f71773f14..eb669c562 100644
--- a/docs/cmdline-opts/ftp-account.d
+++ b/docs/cmdline-opts/ftp-account.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-account
 Arg: <data>
diff --git a/docs/cmdline-opts/ftp-alternative-to-user.d b/docs/cmdline-opts/ftp-alternative-to-user.d
index 22e5b4f92..06f29fc00 100644
--- a/docs/cmdline-opts/ftp-alternative-to-user.d
+++ b/docs/cmdline-opts/ftp-alternative-to-user.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-alternative-to-user
 Arg: <command>
diff --git a/docs/cmdline-opts/ftp-create-dirs.d b/docs/cmdline-opts/ftp-create-dirs.d
index 7cf3e1c79..03f340ce4 100644
--- a/docs/cmdline-opts/ftp-create-dirs.d
+++ b/docs/cmdline-opts/ftp-create-dirs.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-create-dirs
 Protocols: FTP SFTP
diff --git a/docs/cmdline-opts/ftp-method.d b/docs/cmdline-opts/ftp-method.d
index d745cca32..af0f9ad35 100644
--- a/docs/cmdline-opts/ftp-method.d
+++ b/docs/cmdline-opts/ftp-method.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-method
 Arg: <method>
diff --git a/docs/cmdline-opts/ftp-pasv.d b/docs/cmdline-opts/ftp-pasv.d
index d6b4bfd9f..599493b1c 100644
--- a/docs/cmdline-opts/ftp-pasv.d
+++ b/docs/cmdline-opts/ftp-pasv.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-pasv
 Help: Use PASV/EPSV instead of PORT
diff --git a/docs/cmdline-opts/ftp-port.d b/docs/cmdline-opts/ftp-port.d
index 4f660bd9e..e77e9d579 100644
--- a/docs/cmdline-opts/ftp-port.d
+++ b/docs/cmdline-opts/ftp-port.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-port
 Arg: <address>
diff --git a/docs/cmdline-opts/ftp-pret.d b/docs/cmdline-opts/ftp-pret.d
index f31cc5625..4bea99e6d 100644
--- a/docs/cmdline-opts/ftp-pret.d
+++ b/docs/cmdline-opts/ftp-pret.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-pret
 Help: Send PRET before PASV
diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d
index af9eb7d57..4b38f9f9b 100644
--- a/docs/cmdline-opts/ftp-skip-pasv-ip.d
+++ b/docs/cmdline-opts/ftp-skip-pasv-ip.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-skip-pasv-ip
 Help: Skip the IP address for PASV
diff --git a/docs/cmdline-opts/ftp-ssl-ccc-mode.d b/docs/cmdline-opts/ftp-ssl-ccc-mode.d
index e738b55ba..6f446e6b0 100644
--- a/docs/cmdline-opts/ftp-ssl-ccc-mode.d
+++ b/docs/cmdline-opts/ftp-ssl-ccc-mode.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-ssl-ccc-mode
 Arg: <active/passive>
diff --git a/docs/cmdline-opts/ftp-ssl-ccc.d b/docs/cmdline-opts/ftp-ssl-ccc.d
index c6c0bfa4c..6b7d61f18 100644
--- a/docs/cmdline-opts/ftp-ssl-ccc.d
+++ b/docs/cmdline-opts/ftp-ssl-ccc.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-ssl-ccc
 Help: Send CCC after authenticating
diff --git a/docs/cmdline-opts/ftp-ssl-control.d b/docs/cmdline-opts/ftp-ssl-control.d
index 6bdc5806d..b89577927 100644
--- a/docs/cmdline-opts/ftp-ssl-control.d
+++ b/docs/cmdline-opts/ftp-ssl-control.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ftp-ssl-control
 Help: Require SSL/TLS for FTP login, clear for transfer
diff --git a/docs/cmdline-opts/gen.pl b/docs/cmdline-opts/gen.pl
index 55896ff75..40bd1b6e1 100755
--- a/docs/cmdline-opts/gen.pl
+++ b/docs/cmdline-opts/gen.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -51,6 +51,7 @@ use POSIX qw(strftime);
 my $date = strftime "%B %d %Y", localtime;
 my $year = strftime "%Y", localtime;
 my $version = "unknown";
+my $globals;
 
 open(INC, "<../../include/curl/curlver.h");
 while(<INC>) {
@@ -211,6 +212,7 @@ sub single {
     my $magic; # cmdline special option
     my $line;
     my $multi;
+    my $scope;
     my $experimental;
     while(<F>) {
         $line++;
@@ -253,6 +255,9 @@ sub single {
         elsif(/^Multi: *(.*)/i) {
             $multi=$1;
         }
+        elsif(/^Scope: *(.*)/i) {
+            $scope=$1;
+        }
         elsif(/^Experimental: yes/i) {
             $experimental=1;
         }
@@ -270,10 +275,6 @@ sub single {
                 print STDERR "ERROR: no 'Long:' in $f\n";
                 return 1;
             }
-            if($multi !~ /(single|append|boolean|mutex)/) {
-                print STDERR "ERROR: bad 'Multi:' in $f\n";
-                return 1;
-            }
             if(!$category) {
                 print STDERR "ERROR: no 'Category:' in $f\n";
                 return 2;
@@ -351,6 +352,16 @@ sub single {
     printdesc(@desc);
     undef @desc;
 
+    if($scope) {
+        if($scope eq "global") {
+            print "\nThis option is global and does not need to be specified for each use of --next.\n";
+        }
+        else {
+            print STDERR "$f:$line:1:ERROR: unrecognized scope: '$scope'\n";
+            return 2;
+        }
+    }
+
     my @extra;
     if($multi eq "single") {
         push @extra, "\nIf --$long is provided several times, the last set ".
@@ -375,6 +386,13 @@ sub single {
         push @extra,
             "\nProviding --$long multiple times has no extra effect.\n";
     }
+    elsif($multi eq "custom") {
+        ; # left for the text to describe
+    }
+    else {
+        print STDERR "$f:$line:1:ERROR: unrecognized Multi: '$multi'\n";
+        return 2;
+    }
 
     printdesc(@extra);
 
@@ -403,6 +421,7 @@ sub single {
         }
         push @foot, seealso($standalone, $mstr);
     }
+
     if($requires) {
         my $l = manpageify($long);
         push @foot, "$l requires that the underlying libcurl".
@@ -502,6 +521,7 @@ sub header {
     while(<F>) {
         s/%DATE/$date/g;
         s/%VERSION/$version/g;
+        s/%GLOBALS/$globals/g;
         push @d, $_;
     }
     close(F);
@@ -517,7 +537,7 @@ sub listhelp {
  *                            | (__| |_| |  _ <| |___
  *                             \\___|\\___/|_| \\_\\_____|
  *
- * Copyright (C) 1998 - $year, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel\@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -611,6 +631,36 @@ sub listcats {
     }
 }
 
+sub listglobals {
+    my (@files) = @_;
+    my @globalopts;
+
+    # Find all global options and output them
+    foreach my $f (sort @files) {
+        open(F, "<:crlf", "$f") ||
+            next;
+        my $long;
+        while(<F>) {
+            if(/^Long: *(.*)/i) {
+                $long=$1;
+            }
+            elsif(/^Scope: global/i) {
+                push @globalopts, $long;
+                last;
+            }
+            elsif(/^---/) {
+                last;
+            }
+        }
+        close(F);
+    }
+    return $ret if($ret);
+    for my $e (0 .. $#globalopts) {
+        $globals .= sprintf "%s--%s",  $e?($globalopts[$e+1] ? ", " : " and "):"",
+            $globalopts[$e],;
+    }
+}
+
 sub mainpage {
     my (@files) = @_;
     my $ret;
@@ -622,7 +672,9 @@ sub mainpage {
         $ret += single($f, 0);
     }
 
-    header("page-footer");
+    if(!$ret) {
+        header("page-footer");
+    }
     exit $ret if($ret);
 }
 
@@ -649,6 +701,7 @@ sub showprotocols {
 sub getargs {
     my ($f, @s) = @_;
     if($f eq "mainpage") {
+        listglobals(@s);
         mainpage(@s);
         return;
     }
diff --git a/docs/cmdline-opts/get.d b/docs/cmdline-opts/get.d
index fbfbe8672..8b34d10af 100644
--- a/docs/cmdline-opts/get.d
+++ b/docs/cmdline-opts/get.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: get
 Short: G
diff --git a/docs/cmdline-opts/globoff.d b/docs/cmdline-opts/globoff.d
index ff84ad01d..53bed6ec8 100644
--- a/docs/cmdline-opts/globoff.d
+++ b/docs/cmdline-opts/globoff.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: globoff
 Short: g
diff --git a/docs/cmdline-opts/happy-eyeballs-timeout-ms.d b/docs/cmdline-opts/happy-eyeballs-timeout-ms.d
index c5f10f6db..29114e209 100644
--- a/docs/cmdline-opts/happy-eyeballs-timeout-ms.d
+++ b/docs/cmdline-opts/happy-eyeballs-timeout-ms.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: happy-eyeballs-timeout-ms
 Arg: <milliseconds>
diff --git a/docs/cmdline-opts/haproxy-protocol.d b/docs/cmdline-opts/haproxy-protocol.d
index b2129e6eb..34119062e 100644
--- a/docs/cmdline-opts/haproxy-protocol.d
+++ b/docs/cmdline-opts/haproxy-protocol.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: haproxy-protocol
 Help: Send HAProxy PROXY protocol v1 header
diff --git a/docs/cmdline-opts/head.d b/docs/cmdline-opts/head.d
index 31de19aca..bb748b72e 100644
--- a/docs/cmdline-opts/head.d
+++ b/docs/cmdline-opts/head.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: head
 Short: I
diff --git a/docs/cmdline-opts/header.d b/docs/cmdline-opts/header.d
index a64873fcb..2a95c52a9 100644
--- a/docs/cmdline-opts/header.d
+++ b/docs/cmdline-opts/header.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: header
 Short: H
@@ -10,6 +10,7 @@ See-also: user-agent referer
 Example: -H "X-First-Name: Joe" $URL
 Example: -H "User-Agent: yes-please/2000" $URL
 Example: -H "Host:" $URL
+Example: -H @headers.txt $URL
 Added: 5.0
 Multi: append
 ---
diff --git a/docs/cmdline-opts/help.d b/docs/cmdline-opts/help.d
index 7d835a381..6c69dd43f 100644
--- a/docs/cmdline-opts/help.d
+++ b/docs/cmdline-opts/help.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: help
 Arg: <category>
@@ -8,7 +8,7 @@ Category: important curl
 Example: --help all
 Added: 4.0
 See-also: verbose
-Multi: boolean
+Multi: custom
 ---
 Usage help. This lists all commands of the <category>.
 If no arg was provided, curl will display the most important
diff --git a/docs/cmdline-opts/hostpubmd5.d b/docs/cmdline-opts/hostpubmd5.d
index 966bbca27..391b896f3 100644
--- a/docs/cmdline-opts/hostpubmd5.d
+++ b/docs/cmdline-opts/hostpubmd5.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: hostpubmd5
 Arg: <md5>
diff --git a/docs/cmdline-opts/hostpubsha256.d b/docs/cmdline-opts/hostpubsha256.d
index c95248504..ba33318f9 100644
--- a/docs/cmdline-opts/hostpubsha256.d
+++ b/docs/cmdline-opts/hostpubsha256.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: hostpubsha256
 Arg: <sha256>
@@ -13,3 +13,6 @@ Multi: single
 Pass a string containing a Base64-encoded SHA256 hash of the remote
 host's public key. Curl will refuse the connection with the host
 unless the hashes match.
+
+This feature requires libcurl to be built with libssh2 and does not work with
+other SSH backends.
diff --git a/docs/cmdline-opts/hsts.d b/docs/cmdline-opts/hsts.d
index ec251acbe..173ed0acb 100644
--- a/docs/cmdline-opts/hsts.d
+++ b/docs/cmdline-opts/hsts.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: hsts
 Arg: <file name>
@@ -14,6 +14,11 @@ This option enables HSTS for the transfer. If the file name points to an
 existing HSTS cache file, that will be used. After a completed transfer, the
 cache will be saved to the file name again if it has been modified.
 
+If curl is told to use HTTP:// for a transfer involving a host name that
+exists in the HSTS cache, it upgrades the transfer to use HTTPS. Each HSTS
+cache entry has an individual life time after which the upgrade is no longer
+performed.
+
 Specify a "" file name (zero length) to avoid loading/saving and make curl
 just handle HSTS in memory.
 
diff --git a/docs/cmdline-opts/http0.9.d b/docs/cmdline-opts/http0.9.d
index 58dec5577..a0b4e9f4f 100644
--- a/docs/cmdline-opts/http0.9.d
+++ b/docs/cmdline-opts/http0.9.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: http0.9
 Tags: Versions
diff --git a/docs/cmdline-opts/http1.0.d b/docs/cmdline-opts/http1.0.d
index 3f8277edd..c5f4de872 100644
--- a/docs/cmdline-opts/http1.0.d
+++ b/docs/cmdline-opts/http1.0.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: 0
 Long: http1.0
diff --git a/docs/cmdline-opts/http1.1.d b/docs/cmdline-opts/http1.1.d
index 205755309..3057aed36 100644
--- a/docs/cmdline-opts/http1.1.d
+++ b/docs/cmdline-opts/http1.1.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: http1.1
 Tags: Versions
diff --git a/docs/cmdline-opts/http2-prior-knowledge.d b/docs/cmdline-opts/http2-prior-knowledge.d
index eb79c9f36..8224e8055 100644
--- a/docs/cmdline-opts/http2-prior-knowledge.d
+++ b/docs/cmdline-opts/http2-prior-knowledge.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: http2-prior-knowledge
 Tags: Versions
diff --git a/docs/cmdline-opts/http2.d b/docs/cmdline-opts/http2.d
index e247b649c..fb1b2a05b 100644
--- a/docs/cmdline-opts/http2.d
+++ b/docs/cmdline-opts/http2.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: http2
 Tags: Versions
diff --git a/docs/cmdline-opts/http3-only.d b/docs/cmdline-opts/http3-only.d
new file mode 100644
index 000000000..a1d7db91d
--- /dev/null
+++ b/docs/cmdline-opts/http3-only.d
@@ -0,0 +1,25 @@
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+SPDX-License-Identifier: curl
+Long: http3-only
+Tags: Versions
+Protocols: HTTP
+Added: 7.88.0
+Mutexed: http1.1 http1.0 http2 http2-prior-knowledge http3
+Requires: HTTP/3
+Help: Use HTTP v3 only
+See-also: http1.1 http2 http3
+Category: http
+Example: --http3-only $URL
+Multi: mutex
+Experimental: yes
+---
+Instructs curl to use HTTP/3 to the host in the URL, with no fallback to
+earlier HTTP versions. HTTP/3 can only be used for HTTPS and not for HTTP
+URLs. For HTTP, this option will trigger an error.
+
+This option allows a user to avoid using the Alt-Svc method of upgrading to
+HTTP/3 when you know that the target speaks HTTP/3 on the given host and port.
+
+This option will make curl fail if a QUIC connection cannot be established, it
+will not attempt any other HTTP version on its own. Use --http3 for similar
+functionality *with* a fallback.
diff --git a/docs/cmdline-opts/http3.d b/docs/cmdline-opts/http3.d
index 7f5b8eb5a..1f6326fce 100644
--- a/docs/cmdline-opts/http3.d
+++ b/docs/cmdline-opts/http3.d
@@ -1,10 +1,10 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: http3
 Tags: Versions
 Protocols: HTTP
 Added: 7.66.0
-Mutexed: http1.1 http1.0 http2 http2-prior-knowledge
+Mutexed: http1.1 http1.0 http2 http2-prior-knowledge http3-only
 Requires: HTTP/3
 Help: Use HTTP v3
 See-also: http1.1 http2
@@ -13,10 +13,15 @@ Example: --http3 $URL
 Multi: mutex
 Experimental: yes
 ---
-Tells curl to use HTTP version 3 directly to the host and port number used in
-the URL. A normal HTTP/3 transaction will be done to a host and then get
-redirected via Alt-Svc, but this option allows a user to circumvent that when
-you know that the target speaks HTTP/3 on the given host and port.
+Tells curl to try HTTP/3 to the host in the URL, but fallback to earlier
+HTTP versions if the HTTP/3 connection establishment fails. HTTP/3 is only
+available for HTTPS and not for HTTP URLs.
 
-This option will make curl fail if a QUIC connection cannot be established, it
-cannot fall back to a lower HTTP version on its own.
+This option allows a user to avoid using the Alt-Svc method of upgrading to
+HTTP/3 when you know that the target speaks HTTP/3 on the given host and port.
+
+When asked to use HTTP/3, curl will issue a separate attempt to use older HTTP
+versions with a slight delay, so if the HTTP/3 transfer fails or is very slow,
+curl will still try to proceed with an older HTTP version.
+
+Use --http3-only for similar functionality *without* a fallback.
diff --git a/docs/cmdline-opts/ignore-content-length.d b/docs/cmdline-opts/ignore-content-length.d
index eda4bd016..8d4e328d7 100644
--- a/docs/cmdline-opts/ignore-content-length.d
+++ b/docs/cmdline-opts/ignore-content-length.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ignore-content-length
 Help: Ignore the size of the remote resource
diff --git a/docs/cmdline-opts/include.d b/docs/cmdline-opts/include.d
index 9e9649b7e..5491ca140 100644
--- a/docs/cmdline-opts/include.d
+++ b/docs/cmdline-opts/include.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: include
 Short: i
diff --git a/docs/cmdline-opts/insecure.d b/docs/cmdline-opts/insecure.d
index c75817efc..e48d50002 100644
--- a/docs/cmdline-opts/insecure.d
+++ b/docs/cmdline-opts/insecure.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: insecure
 Short: k
@@ -26,3 +26,8 @@ For SFTP and SCP, this option makes curl skip the *known_hosts* verification.
 ".ssh" subdirectory, which contains host names and their public keys.
 
 **WARNING**: using this option makes the transfer insecure.
+
+When curl uses secure protocols it trusts responses and allows for example
+HSTS and Alt-Svc information to be stored and used subsequently. Using
+--insecure can make curl trust and use such information from malicious
+servers.
diff --git a/docs/cmdline-opts/interface.d b/docs/cmdline-opts/interface.d
index 275f6151c..8c67688fd 100644
--- a/docs/cmdline-opts/interface.d
+++ b/docs/cmdline-opts/interface.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: interface
 Arg: <name>
diff --git a/docs/cmdline-opts/ipv4.d b/docs/cmdline-opts/ipv4.d
index 8a3e35e73..5e9cfaeac 100644
--- a/docs/cmdline-opts/ipv4.d
+++ b/docs/cmdline-opts/ipv4.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: 4
 Long: ipv4
diff --git a/docs/cmdline-opts/ipv6.d b/docs/cmdline-opts/ipv6.d
index 16c47f178..1c466fc2c 100644
--- a/docs/cmdline-opts/ipv6.d
+++ b/docs/cmdline-opts/ipv6.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: 6
 Long: ipv6
diff --git a/docs/cmdline-opts/json.d b/docs/cmdline-opts/json.d
index d2ea553b0..4414ac5cc 100644
--- a/docs/cmdline-opts/json.d
+++ b/docs/cmdline-opts/json.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: json
 Arg: <data>
diff --git a/docs/cmdline-opts/junk-session-cookies.d b/docs/cmdline-opts/junk-session-cookies.d
index 7816125fa..c33781913 100644
--- a/docs/cmdline-opts/junk-session-cookies.d
+++ b/docs/cmdline-opts/junk-session-cookies.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: junk-session-cookies
 Short: j
diff --git a/docs/cmdline-opts/keepalive-time.d b/docs/cmdline-opts/keepalive-time.d
index 9667633b9..5e284774d 100644
--- a/docs/cmdline-opts/keepalive-time.d
+++ b/docs/cmdline-opts/keepalive-time.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: keepalive-time
 Arg: <seconds>
diff --git a/docs/cmdline-opts/key-type.d b/docs/cmdline-opts/key-type.d
index 83ab99b94..22339b4c9 100644
--- a/docs/cmdline-opts/key-type.d
+++ b/docs/cmdline-opts/key-type.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: key-type
 Arg: <type>
diff --git a/docs/cmdline-opts/key.d b/docs/cmdline-opts/key.d
index 3e07c8ed1..3b9010000 100644
--- a/docs/cmdline-opts/key.d
+++ b/docs/cmdline-opts/key.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: key
 Arg: <key>
diff --git a/docs/cmdline-opts/krb.d b/docs/cmdline-opts/krb.d
index b2375ee79..b4b96e4fd 100644
--- a/docs/cmdline-opts/krb.d
+++ b/docs/cmdline-opts/krb.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: krb
 Arg: <level>
diff --git a/docs/cmdline-opts/libcurl.d b/docs/cmdline-opts/libcurl.d
index da845d939..0f5d5826c 100644
--- a/docs/cmdline-opts/libcurl.d
+++ b/docs/cmdline-opts/libcurl.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: libcurl
 Arg: <file>
@@ -8,10 +8,8 @@ Category: curl
 Example: --libcurl client.c $URL
 See-also: verbose
 Multi: single
+Scope: global
 ---
 Append this option to any ordinary curl command line, and you will get
 libcurl-using C source code written to the file that does the equivalent
 of what your command-line operation does!
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/limit-rate.d b/docs/cmdline-opts/limit-rate.d
index 4b5c036fc..2a43c4acf 100644
--- a/docs/cmdline-opts/limit-rate.d
+++ b/docs/cmdline-opts/limit-rate.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: limit-rate
 Arg: <speed>
diff --git a/docs/cmdline-opts/list-only.d b/docs/cmdline-opts/list-only.d
index d84974f49..6b6021c48 100644
--- a/docs/cmdline-opts/list-only.d
+++ b/docs/cmdline-opts/list-only.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: list-only
 Short: l
diff --git a/docs/cmdline-opts/local-port.d b/docs/cmdline-opts/local-port.d
index e889ee443..71af9bed0 100644
--- a/docs/cmdline-opts/local-port.d
+++ b/docs/cmdline-opts/local-port.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: local-port
 Arg: <num/range>
diff --git a/docs/cmdline-opts/location-trusted.d b/docs/cmdline-opts/location-trusted.d
index 8d19416d7..d801cb61f 100644
--- a/docs/cmdline-opts/location-trusted.d
+++ b/docs/cmdline-opts/location-trusted.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: location-trusted
 Help: Like --location, and send auth to other hosts
diff --git a/docs/cmdline-opts/location.d b/docs/cmdline-opts/location.d
index c3b2b5d82..fcd28675a 100644
--- a/docs/cmdline-opts/location.d
+++ b/docs/cmdline-opts/location.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: location
 Short: L
diff --git a/docs/cmdline-opts/login-options.d b/docs/cmdline-opts/login-options.d
index e9e07a3ef..dacddc3b5 100644
--- a/docs/cmdline-opts/login-options.d
+++ b/docs/cmdline-opts/login-options.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: login-options
 Arg: <options>
diff --git a/docs/cmdline-opts/mail-auth.d b/docs/cmdline-opts/mail-auth.d
index e215575be..5e3f3f26b 100644
--- a/docs/cmdline-opts/mail-auth.d
+++ b/docs/cmdline-opts/mail-auth.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: mail-auth
 Arg: <address>
diff --git a/docs/cmdline-opts/mail-from.d b/docs/cmdline-opts/mail-from.d
index c96193840..0729e841a 100644
--- a/docs/cmdline-opts/mail-from.d
+++ b/docs/cmdline-opts/mail-from.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: mail-from
 Arg: <address>
diff --git a/docs/cmdline-opts/mail-rcpt-allowfails.d b/docs/cmdline-opts/mail-rcpt-allowfails.d
index d14b9e8f0..2837ed0bb 100644
--- a/docs/cmdline-opts/mail-rcpt-allowfails.d
+++ b/docs/cmdline-opts/mail-rcpt-allowfails.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: mail-rcpt-allowfails
 Help: Allow RCPT TO command to fail for some recipients
diff --git a/docs/cmdline-opts/mail-rcpt.d b/docs/cmdline-opts/mail-rcpt.d
index d1e6a1561..3127e6bd8 100644
--- a/docs/cmdline-opts/mail-rcpt.d
+++ b/docs/cmdline-opts/mail-rcpt.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: mail-rcpt
 Arg: <address>
diff --git a/docs/cmdline-opts/manual.d b/docs/cmdline-opts/manual.d
index e6d439713..9ee4d075a 100644
--- a/docs/cmdline-opts/manual.d
+++ b/docs/cmdline-opts/manual.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: manual
 Short: M
@@ -7,6 +7,6 @@ Category: curl
 Example: --manual
 Added: 5.2
 See-also: verbose libcurl trace
-Multi: boolean
+Multi: custom
 ---
 Manual. Display the huge help text.
diff --git a/docs/cmdline-opts/max-filesize.d b/docs/cmdline-opts/max-filesize.d
index 822252e82..1900b9d0c 100644
--- a/docs/cmdline-opts/max-filesize.d
+++ b/docs/cmdline-opts/max-filesize.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: max-filesize
 Arg: <bytes>
diff --git a/docs/cmdline-opts/max-redirs.d b/docs/cmdline-opts/max-redirs.d
index f8434748e..31ce98ea5 100644
--- a/docs/cmdline-opts/max-redirs.d
+++ b/docs/cmdline-opts/max-redirs.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: max-redirs
 Arg: <num>
diff --git a/docs/cmdline-opts/max-time.d b/docs/cmdline-opts/max-time.d
index e50fb53bc..4f5675d35 100644
--- a/docs/cmdline-opts/max-time.d
+++ b/docs/cmdline-opts/max-time.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: max-time
 Short: m
diff --git a/docs/cmdline-opts/metalink.d b/docs/cmdline-opts/metalink.d
index 2a05228ae..25816a72d 100644
--- a/docs/cmdline-opts/metalink.d
+++ b/docs/cmdline-opts/metalink.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: metalink
 Help: Process given URLs as metalink XML file
diff --git a/docs/cmdline-opts/negotiate.d b/docs/cmdline-opts/negotiate.d
index 727f89826..c2adafae2 100644
--- a/docs/cmdline-opts/negotiate.d
+++ b/docs/cmdline-opts/negotiate.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: negotiate
 Help: Use HTTP Negotiate (SPNEGO) authentication
diff --git a/docs/cmdline-opts/netrc-file.d b/docs/cmdline-opts/netrc-file.d
index f50c0ed34..7e8572130 100644
--- a/docs/cmdline-opts/netrc-file.d
+++ b/docs/cmdline-opts/netrc-file.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: netrc-file
 Help: Specify FILE for netrc
diff --git a/docs/cmdline-opts/netrc-optional.d b/docs/cmdline-opts/netrc-optional.d
index 6d96acf6c..a7759640f 100644
--- a/docs/cmdline-opts/netrc-optional.d
+++ b/docs/cmdline-opts/netrc-optional.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: netrc-optional
 Help: Use either .netrc or URL
diff --git a/docs/cmdline-opts/netrc.d b/docs/cmdline-opts/netrc.d
index 72cea34b3..dd9af012b 100644
--- a/docs/cmdline-opts/netrc.d
+++ b/docs/cmdline-opts/netrc.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: netrc
 Short: n
diff --git a/docs/cmdline-opts/next.d b/docs/cmdline-opts/next.d
index 49a3d2e2e..778b3f30f 100644
--- a/docs/cmdline-opts/next.d
+++ b/docs/cmdline-opts/next.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: :
 Long: next
diff --git a/docs/cmdline-opts/no-alpn.d b/docs/cmdline-opts/no-alpn.d
index 8f01f4af4..7b86f129d 100644
--- a/docs/cmdline-opts/no-alpn.d
+++ b/docs/cmdline-opts/no-alpn.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: no-alpn
 Tags: HTTP/2
diff --git a/docs/cmdline-opts/no-buffer.d b/docs/cmdline-opts/no-buffer.d
index 2de48c97c..274a5a05f 100644
--- a/docs/cmdline-opts/no-buffer.d
+++ b/docs/cmdline-opts/no-buffer.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: no-buffer
 Short: N
diff --git a/docs/cmdline-opts/no-clobber.d b/docs/cmdline-opts/no-clobber.d
index d8fc3f141..15f4ed3a4 100644
--- a/docs/cmdline-opts/no-clobber.d
+++ b/docs/cmdline-opts/no-clobber.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: no-clobber
 Help: Do not overwrite files that already exist
@@ -15,5 +15,5 @@ of the file that would be created, up to filename.100 after which it will not
 create any file.
 
 Note that this is the negated option name documented.  You can thus use
---clobber to enforce the clobbering, even if --remote-header-name or -J is
+--clobber to enforce the clobbering, even if --remote-header-name is
 specified.
diff --git a/docs/cmdline-opts/no-keepalive.d b/docs/cmdline-opts/no-keepalive.d
index 0f4464647..0aeaef8d5 100644
--- a/docs/cmdline-opts/no-keepalive.d
+++ b/docs/cmdline-opts/no-keepalive.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: no-keepalive
 Help: Disable TCP keepalive on the connection
diff --git a/docs/cmdline-opts/no-npn.d b/docs/cmdline-opts/no-npn.d
index 97314e8cc..80a0ec9fa 100644
--- a/docs/cmdline-opts/no-npn.d
+++ b/docs/cmdline-opts/no-npn.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: no-npn
 Tags: Versions HTTP/2
diff --git a/docs/cmdline-opts/no-progress-meter.d b/docs/cmdline-opts/no-progress-meter.d
index 9a298c44c..820557d9d 100644
--- a/docs/cmdline-opts/no-progress-meter.d
+++ b/docs/cmdline-opts/no-progress-meter.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: no-progress-meter
 Help: Do not show the progress meter
diff --git a/docs/cmdline-opts/no-sessionid.d b/docs/cmdline-opts/no-sessionid.d
index b3e51b216..9699f46bc 100644
--- a/docs/cmdline-opts/no-sessionid.d
+++ b/docs/cmdline-opts/no-sessionid.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: no-sessionid
 Help: Disable SSL session-ID reusing
diff --git a/docs/cmdline-opts/noproxy.d b/docs/cmdline-opts/noproxy.d
index 998f57071..2bd42ad12 100644
--- a/docs/cmdline-opts/noproxy.d
+++ b/docs/cmdline-opts/noproxy.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: noproxy
 Arg: <no-proxy-list>
diff --git a/docs/cmdline-opts/ntlm-wb.d b/docs/cmdline-opts/ntlm-wb.d
index 7317adc78..4a3225293 100644
--- a/docs/cmdline-opts/ntlm-wb.d
+++ b/docs/cmdline-opts/ntlm-wb.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ntlm-wb
 Help: Use HTTP NTLM authentication with winbind
diff --git a/docs/cmdline-opts/ntlm.d b/docs/cmdline-opts/ntlm.d
index 9e1a99687..416374dd4 100644
--- a/docs/cmdline-opts/ntlm.d
+++ b/docs/cmdline-opts/ntlm.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ntlm
 Help: Use HTTP NTLM authentication
diff --git a/docs/cmdline-opts/oauth2-bearer.d b/docs/cmdline-opts/oauth2-bearer.d
index 6b639cba0..6f3514784 100644
--- a/docs/cmdline-opts/oauth2-bearer.d
+++ b/docs/cmdline-opts/oauth2-bearer.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: oauth2-bearer
 Help: OAuth 2 Bearer Token
diff --git a/docs/cmdline-opts/output-dir.d b/docs/cmdline-opts/output-dir.d
index 5c53c7fdc..eb6274fac 100644
--- a/docs/cmdline-opts/output-dir.d
+++ b/docs/cmdline-opts/output-dir.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: output-dir
 Arg: <dir>
diff --git a/docs/cmdline-opts/output.d b/docs/cmdline-opts/output.d
index e3005d587..9cfb899e9 100644
--- a/docs/cmdline-opts/output.d
+++ b/docs/cmdline-opts/output.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: output
 Arg: <file>
diff --git a/docs/cmdline-opts/page-footer b/docs/cmdline-opts/page-footer
index 38d63ecfb..6e7f9f391 100644
--- a/docs/cmdline-opts/page-footer
+++ b/docs/cmdline-opts/page-footer
@@ -300,6 +300,12 @@ be one out of several problems, see the error message for details.
 .IP 96
 QUIC connection error. This error may be caused by an SSL library error. QUIC
 is the protocol used for HTTP/3 transfers.
+.IP 97
+Proxy handshake error.
+.IP 98
+A client-side certificate is required to complete the TLS handshake.
+.IP 99
+Poll or select returned fatal error.
 .IP XX
 More error codes will appear here in future releases. The existing ones
 are meant to never change.
diff --git a/docs/cmdline-opts/page-header b/docs/cmdline-opts/page-header
index 179d5f021..acb9ef1f3 100644
--- a/docs/cmdline-opts/page-header
+++ b/docs/cmdline-opts/page-header
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -197,3 +197,11 @@ In general, all boolean options are enabled with --**option** and yet again
 disabled with --**no-**option. That is, you use the same option name but
 prefix it with "no-". However, in this list we mostly only list and show the
 --option version of them.
+
+When --next is used, it resets the parser state and you start again with a
+clean option state, except for the options that are "global". Global options
+will retain their values and meaning even after --next.
+
+The following options are global:
+%GLOBALS.
+
diff --git a/docs/cmdline-opts/parallel-immediate.d b/docs/cmdline-opts/parallel-immediate.d
index e202214c1..da15d6277 100644
--- a/docs/cmdline-opts/parallel-immediate.d
+++ b/docs/cmdline-opts/parallel-immediate.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: parallel-immediate
 Help: Do not wait for multiplexing (with --parallel)
@@ -7,11 +7,9 @@ See-also: parallel parallel-max
 Category: connection curl
 Example: --parallel-immediate -Z $URL -o file1 $URL -o file2
 Multi: boolean
+Scope: global
 ---
 When doing parallel transfers, this option will instruct curl that it should
 rather prefer opening up more connections in parallel at once rather than
 waiting to see if new transfers can be added as multiplexed streams on another
 connection.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/parallel-max.d b/docs/cmdline-opts/parallel-max.d
index 7bdd1b8f4..cc6d32d18 100644
--- a/docs/cmdline-opts/parallel-max.d
+++ b/docs/cmdline-opts/parallel-max.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: parallel-max
 Arg: <num>
diff --git a/docs/cmdline-opts/parallel.d b/docs/cmdline-opts/parallel.d
index 83c5cc5bd..4f698f8b3 100644
--- a/docs/cmdline-opts/parallel.d
+++ b/docs/cmdline-opts/parallel.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: Z
 Long: parallel
@@ -8,9 +8,7 @@ Category: connection curl
 Example: --parallel $URL -o file1 $URL -o file2
 See-also: next verbose
 Multi: boolean
+Scope: global
 ---
 Makes curl perform its transfers in parallel as compared to the regular serial
 manner.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/pass.d b/docs/cmdline-opts/pass.d
index a81c34892..2c0a2bef6 100644
--- a/docs/cmdline-opts/pass.d
+++ b/docs/cmdline-opts/pass.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: pass
 Arg: <phrase>
diff --git a/docs/cmdline-opts/path-as-is.d b/docs/cmdline-opts/path-as-is.d
index 45c161b6d..c079c5905 100644
--- a/docs/cmdline-opts/path-as-is.d
+++ b/docs/cmdline-opts/path-as-is.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: path-as-is
 Help: Do not squash .. sequences in URL path
diff --git a/docs/cmdline-opts/pinnedpubkey.d b/docs/cmdline-opts/pinnedpubkey.d
index 3ac484690..f5a36a202 100644
--- a/docs/cmdline-opts/pinnedpubkey.d
+++ b/docs/cmdline-opts/pinnedpubkey.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: pinnedpubkey
 Arg: <hashes>
diff --git a/docs/cmdline-opts/post301.d b/docs/cmdline-opts/post301.d
index 0de2e519e..d067fc8cc 100644
--- a/docs/cmdline-opts/post301.d
+++ b/docs/cmdline-opts/post301.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: post301
 Help: Do not switch to GET after following a 301
diff --git a/docs/cmdline-opts/post302.d b/docs/cmdline-opts/post302.d
index 4a42c79d0..b7190ce0f 100644
--- a/docs/cmdline-opts/post302.d
+++ b/docs/cmdline-opts/post302.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: post302
 Help: Do not switch to GET after following a 302
diff --git a/docs/cmdline-opts/post303.d b/docs/cmdline-opts/post303.d
index 79c891687..52d440c45 100644
--- a/docs/cmdline-opts/post303.d
+++ b/docs/cmdline-opts/post303.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: post303
 Help: Do not switch to GET after following a 303
diff --git a/docs/cmdline-opts/preproxy.d b/docs/cmdline-opts/preproxy.d
index 5be20712b..643179ede 100644
--- a/docs/cmdline-opts/preproxy.d
+++ b/docs/cmdline-opts/preproxy.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: preproxy
 Arg: [protocol://]host[:port]
diff --git a/docs/cmdline-opts/progress-bar.d b/docs/cmdline-opts/progress-bar.d
index 5c87023b8..a6cc8f50e 100644
--- a/docs/cmdline-opts/progress-bar.d
+++ b/docs/cmdline-opts/progress-bar.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: #
 Long: progress-bar
@@ -8,6 +8,7 @@ Example: -# -O $URL
 Added: 5.10
 See-also: styled-output
 Multi: boolean
+Scope: global
 ---
 Make curl display transfer progress as a simple progress bar instead of the
 standard, more informational, meter.
@@ -17,6 +18,3 @@ shows a percentage if the transfer size is known. For transfers without a
 known size, there will be space ship (-=o=-) that moves back and forth but
 only while data is being transferred, with a set of flying hash sign symbols on
 top.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/proto-default.d b/docs/cmdline-opts/proto-default.d
index bb8940f7e..d5b4bcd10 100644
--- a/docs/cmdline-opts/proto-default.d
+++ b/docs/cmdline-opts/proto-default.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proto-default
 Help: Use PROTOCOL for any URL missing a scheme
diff --git a/docs/cmdline-opts/proto-redir.d b/docs/cmdline-opts/proto-redir.d
index b6f0f0f36..183b37557 100644
--- a/docs/cmdline-opts/proto-redir.d
+++ b/docs/cmdline-opts/proto-redir.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proto-redir
 Arg: <protocols>
diff --git a/docs/cmdline-opts/proto.d b/docs/cmdline-opts/proto.d
index a24c0dbdc..ac024bf42 100644
--- a/docs/cmdline-opts/proto.d
+++ b/docs/cmdline-opts/proto.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proto
 Arg: <protocols>
diff --git a/docs/cmdline-opts/proxy-anyauth.d b/docs/cmdline-opts/proxy-anyauth.d
index c215ad746..fa460876e 100644
--- a/docs/cmdline-opts/proxy-anyauth.d
+++ b/docs/cmdline-opts/proxy-anyauth.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-anyauth
 Help: Pick any proxy authentication method
diff --git a/docs/cmdline-opts/proxy-basic.d b/docs/cmdline-opts/proxy-basic.d
index 3856c49f3..ff56631f7 100644
--- a/docs/cmdline-opts/proxy-basic.d
+++ b/docs/cmdline-opts/proxy-basic.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-basic
 Help: Use Basic authentication on the proxy
diff --git a/docs/cmdline-opts/proxy-cacert.d b/docs/cmdline-opts/proxy-cacert.d
index a7c8e743b..45dc3f301 100644
--- a/docs/cmdline-opts/proxy-cacert.d
+++ b/docs/cmdline-opts/proxy-cacert.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-cacert
 Help: CA certificate to verify peer against for proxy
diff --git a/docs/cmdline-opts/proxy-capath.d b/docs/cmdline-opts/proxy-capath.d
index e6113012b..309f9408a 100644
--- a/docs/cmdline-opts/proxy-capath.d
+++ b/docs/cmdline-opts/proxy-capath.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-capath
 Help: CA directory to verify peer against for proxy
diff --git a/docs/cmdline-opts/proxy-cert-type.d b/docs/cmdline-opts/proxy-cert-type.d
index 2376acab4..4ab38f5a8 100644
--- a/docs/cmdline-opts/proxy-cert-type.d
+++ b/docs/cmdline-opts/proxy-cert-type.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-cert-type
 Arg: <type>
diff --git a/docs/cmdline-opts/proxy-cert.d b/docs/cmdline-opts/proxy-cert.d
index cc2f8041b..2a869deb0 100644
--- a/docs/cmdline-opts/proxy-cert.d
+++ b/docs/cmdline-opts/proxy-cert.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-cert
 Arg: <cert[:passwd]>
diff --git a/docs/cmdline-opts/proxy-ciphers.d b/docs/cmdline-opts/proxy-ciphers.d
index 1fdbb3443..4030d64c3 100644
--- a/docs/cmdline-opts/proxy-ciphers.d
+++ b/docs/cmdline-opts/proxy-ciphers.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-ciphers
 Arg: <list>
diff --git a/docs/cmdline-opts/proxy-crlfile.d b/docs/cmdline-opts/proxy-crlfile.d
index 7e4ef24a9..1a8fdf25d 100644
--- a/docs/cmdline-opts/proxy-crlfile.d
+++ b/docs/cmdline-opts/proxy-crlfile.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-crlfile
 Arg: <file>
diff --git a/docs/cmdline-opts/proxy-digest.d b/docs/cmdline-opts/proxy-digest.d
index f8a56fac9..c5cb19c48 100644
--- a/docs/cmdline-opts/proxy-digest.d
+++ b/docs/cmdline-opts/proxy-digest.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-digest
 Help: Use Digest authentication on the proxy
diff --git a/docs/cmdline-opts/proxy-header.d b/docs/cmdline-opts/proxy-header.d
index c064b1ff8..13efc1138 100644
--- a/docs/cmdline-opts/proxy-header.d
+++ b/docs/cmdline-opts/proxy-header.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-header
 Arg: <header/@file>
diff --git a/docs/cmdline-opts/proxy-insecure.d b/docs/cmdline-opts/proxy-insecure.d
index 7eb00244e..beb8c2531 100644
--- a/docs/cmdline-opts/proxy-insecure.d
+++ b/docs/cmdline-opts/proxy-insecure.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-insecure
 Help: Do HTTPS proxy connections without verifying the proxy
diff --git a/docs/cmdline-opts/proxy-key-type.d b/docs/cmdline-opts/proxy-key-type.d
index 7f4e51ef0..3fd11f3a3 100644
--- a/docs/cmdline-opts/proxy-key-type.d
+++ b/docs/cmdline-opts/proxy-key-type.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-key-type
 Arg: <type>
diff --git a/docs/cmdline-opts/proxy-key.d b/docs/cmdline-opts/proxy-key.d
index 01bd51aa6..4bf2748a4 100644
--- a/docs/cmdline-opts/proxy-key.d
+++ b/docs/cmdline-opts/proxy-key.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-key
 Help: Private key for HTTPS proxy
diff --git a/docs/cmdline-opts/proxy-negotiate.d b/docs/cmdline-opts/proxy-negotiate.d
index f0ca0b08a..89b5c1bde 100644
--- a/docs/cmdline-opts/proxy-negotiate.d
+++ b/docs/cmdline-opts/proxy-negotiate.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-negotiate
 Help: Use HTTP Negotiate (SPNEGO) authentication on the proxy
diff --git a/docs/cmdline-opts/proxy-ntlm.d b/docs/cmdline-opts/proxy-ntlm.d
index 57cb9945d..f8481e5d6 100644
--- a/docs/cmdline-opts/proxy-ntlm.d
+++ b/docs/cmdline-opts/proxy-ntlm.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-ntlm
 Help: Use NTLM authentication on the proxy
diff --git a/docs/cmdline-opts/proxy-pass.d b/docs/cmdline-opts/proxy-pass.d
index 733e62615..307139951 100644
--- a/docs/cmdline-opts/proxy-pass.d
+++ b/docs/cmdline-opts/proxy-pass.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-pass
 Arg: <phrase>
diff --git a/docs/cmdline-opts/proxy-pinnedpubkey.d b/docs/cmdline-opts/proxy-pinnedpubkey.d
index 4f139af60..72f0cd1f0 100644
--- a/docs/cmdline-opts/proxy-pinnedpubkey.d
+++ b/docs/cmdline-opts/proxy-pinnedpubkey.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-pinnedpubkey
 Arg: <hashes>
diff --git a/docs/cmdline-opts/proxy-service-name.d b/docs/cmdline-opts/proxy-service-name.d
index 02191afb0..200973fb5 100644
--- a/docs/cmdline-opts/proxy-service-name.d
+++ b/docs/cmdline-opts/proxy-service-name.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-service-name
 Arg: <name>
diff --git a/docs/cmdline-opts/proxy-ssl-allow-beast.d b/docs/cmdline-opts/proxy-ssl-allow-beast.d
index c5149f597..55ff62b46 100644
--- a/docs/cmdline-opts/proxy-ssl-allow-beast.d
+++ b/docs/cmdline-opts/proxy-ssl-allow-beast.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-ssl-allow-beast
 Help: Allow security flaw for interop for HTTPS proxy
diff --git a/docs/cmdline-opts/proxy-ssl-auto-client-cert.d b/docs/cmdline-opts/proxy-ssl-auto-client-cert.d
index 21d09faa6..ea0f0c04d 100644
--- a/docs/cmdline-opts/proxy-ssl-auto-client-cert.d
+++ b/docs/cmdline-opts/proxy-ssl-auto-client-cert.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-ssl-auto-client-cert
 Help: Use auto client certificate for proxy (Schannel)
diff --git a/docs/cmdline-opts/proxy-tls13-ciphers.d b/docs/cmdline-opts/proxy-tls13-ciphers.d
index 90952ffad..c19a4c28a 100644
--- a/docs/cmdline-opts/proxy-tls13-ciphers.d
+++ b/docs/cmdline-opts/proxy-tls13-ciphers.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-tls13-ciphers
 Arg: <ciphersuite list>
diff --git a/docs/cmdline-opts/proxy-tlsauthtype.d b/docs/cmdline-opts/proxy-tlsauthtype.d
index 8ba7428e2..f83153e7b 100644
--- a/docs/cmdline-opts/proxy-tlsauthtype.d
+++ b/docs/cmdline-opts/proxy-tlsauthtype.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-tlsauthtype
 Arg: <type>
diff --git a/docs/cmdline-opts/proxy-tlspassword.d b/docs/cmdline-opts/proxy-tlspassword.d
index ba232e68a..7ec01401b 100644
--- a/docs/cmdline-opts/proxy-tlspassword.d
+++ b/docs/cmdline-opts/proxy-tlspassword.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-tlspassword
 Arg: <string>
diff --git a/docs/cmdline-opts/proxy-tlsuser.d b/docs/cmdline-opts/proxy-tlsuser.d
index 944d87601..17be7f7ba 100644
--- a/docs/cmdline-opts/proxy-tlsuser.d
+++ b/docs/cmdline-opts/proxy-tlsuser.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-tlsuser
 Arg: <name>
diff --git a/docs/cmdline-opts/proxy-tlsv1.d b/docs/cmdline-opts/proxy-tlsv1.d
index b6d039b15..c4345023e 100644
--- a/docs/cmdline-opts/proxy-tlsv1.d
+++ b/docs/cmdline-opts/proxy-tlsv1.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-tlsv1
 Help: Use TLSv1 for HTTPS proxy
diff --git a/docs/cmdline-opts/proxy-user.d b/docs/cmdline-opts/proxy-user.d
index 572cb06c0..5001ebb0e 100644
--- a/docs/cmdline-opts/proxy-user.d
+++ b/docs/cmdline-opts/proxy-user.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy-user
 Short: U
diff --git a/docs/cmdline-opts/proxy.d b/docs/cmdline-opts/proxy.d
index f975f6e74..73bfa9e2e 100644
--- a/docs/cmdline-opts/proxy.d
+++ b/docs/cmdline-opts/proxy.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy
 Short: x
diff --git a/docs/cmdline-opts/proxy1.0.d b/docs/cmdline-opts/proxy1.0.d
index 3f7b61331..53a8decb9 100644
--- a/docs/cmdline-opts/proxy1.0.d
+++ b/docs/cmdline-opts/proxy1.0.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxy1.0
 Arg: <host[:port]>
diff --git a/docs/cmdline-opts/proxytunnel.d b/docs/cmdline-opts/proxytunnel.d
index ef2d56b2a..f389406c4 100644
--- a/docs/cmdline-opts/proxytunnel.d
+++ b/docs/cmdline-opts/proxytunnel.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: proxytunnel
 Short: p
diff --git a/docs/cmdline-opts/pubkey.d b/docs/cmdline-opts/pubkey.d
index 2078982e2..ef4a25ffc 100644
--- a/docs/cmdline-opts/pubkey.d
+++ b/docs/cmdline-opts/pubkey.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: pubkey
 Arg: <key>
diff --git a/docs/cmdline-opts/quote.d b/docs/cmdline-opts/quote.d
index 96c4e1f17..9bb68d490 100644
--- a/docs/cmdline-opts/quote.d
+++ b/docs/cmdline-opts/quote.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: quote
 Arg: <command>
diff --git a/docs/cmdline-opts/random-file.d b/docs/cmdline-opts/random-file.d
index ad0a558cc..467d83ab9 100644
--- a/docs/cmdline-opts/random-file.d
+++ b/docs/cmdline-opts/random-file.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: random-file
 Arg: <file>
diff --git a/docs/cmdline-opts/range.d b/docs/cmdline-opts/range.d
index f49d40472..7fe19ca05 100644
--- a/docs/cmdline-opts/range.d
+++ b/docs/cmdline-opts/range.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: range
 Short: r
diff --git a/docs/cmdline-opts/rate.d b/docs/cmdline-opts/rate.d
index 953f86596..232106a60 100644
--- a/docs/cmdline-opts/rate.d
+++ b/docs/cmdline-opts/rate.d
@@ -1,15 +1,16 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: rate
 Arg: <max request rate>
 Help: Request rate for serial transfers
 Category: connection
-Example: --rate 2/s $URL
-Example: --rate 3/h $URL
-Example: --rate 14/m $URL
+Example: --rate 2/s $URL ...
+Example: --rate 3/h $URL ...
+Example: --rate 14/m $URL ...
 Added: 7.84.0
 See-also: limit-rate retry-delay
 Multi: single
+Scope: global
 ---
 Specify the maximum transfer frequency you allow curl to use - in number of
 transfer starts per time unit (sometimes called request rate). Without this
diff --git a/docs/cmdline-opts/raw.d b/docs/cmdline-opts/raw.d
index 8e753c126..0523d62fa 100644
--- a/docs/cmdline-opts/raw.d
+++ b/docs/cmdline-opts/raw.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: raw
 Help: Do HTTP "raw"; no transfer decoding
diff --git a/docs/cmdline-opts/referer.d b/docs/cmdline-opts/referer.d
index 3740957eb..0609e8c99 100644
--- a/docs/cmdline-opts/referer.d
+++ b/docs/cmdline-opts/referer.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: referer
 Short: e
diff --git a/docs/cmdline-opts/remote-header-name.d b/docs/cmdline-opts/remote-header-name.d
index f97cf49a3..8705b3b88 100644
--- a/docs/cmdline-opts/remote-header-name.d
+++ b/docs/cmdline-opts/remote-header-name.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: remote-header-name
 Short: J
@@ -20,12 +20,15 @@ The file is saved in the current directory, or in the directory specified with
 
 If the server specifies a file name and a file with that name already exists
 in the destination directory, it will not be overwritten and an error will
-occur. If the server does not specify a file name then this option has no
-effect.
+occur - unless you allow it by using the --clobber option. If the server does
+not specify a file name then this option has no effect.
 
 There's no attempt to decode %-sequences (yet) in the provided file name, so
 this option may provide you with rather unexpected file names.
 
+This feature uses the name from the "filename" field, it does not yet support
+the "filename*" field (filenames with explicit character sets).
+
 **WARNING**: Exercise judicious use of this option, especially on Windows. A
 rogue server could send you the name of a DLL or other file that could be
 loaded automatically by Windows or some third party software.
diff --git a/docs/cmdline-opts/remote-name-all.d b/docs/cmdline-opts/remote-name-all.d
index fa6a233bb..249c4e265 100644
--- a/docs/cmdline-opts/remote-name-all.d
+++ b/docs/cmdline-opts/remote-name-all.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: remote-name-all
 Help: Use the remote file name for all URLs
diff --git a/docs/cmdline-opts/remote-name.d b/docs/cmdline-opts/remote-name.d
index 4e51b1206..8a4a9bc3e 100644
--- a/docs/cmdline-opts/remote-name.d
+++ b/docs/cmdline-opts/remote-name.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: remote-name
 Short: O
diff --git a/docs/cmdline-opts/remote-time.d b/docs/cmdline-opts/remote-time.d
index 12bd88306..a8161c56c 100644
--- a/docs/cmdline-opts/remote-time.d
+++ b/docs/cmdline-opts/remote-time.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: remote-time
 Short: R
diff --git a/docs/cmdline-opts/remove-on-error.d b/docs/cmdline-opts/remove-on-error.d
index 4ac1595a9..50b7b1b65 100644
--- a/docs/cmdline-opts/remove-on-error.d
+++ b/docs/cmdline-opts/remove-on-error.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: remove-on-error
 Help: Remove output file on errors
diff --git a/docs/cmdline-opts/request-target.d b/docs/cmdline-opts/request-target.d
index 0ddcbc0b2..61ead5f2b 100644
--- a/docs/cmdline-opts/request-target.d
+++ b/docs/cmdline-opts/request-target.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: request-target
 Arg: <path>
diff --git a/docs/cmdline-opts/request.d b/docs/cmdline-opts/request.d
index c837f0987..8fff3aa15 100644
--- a/docs/cmdline-opts/request.d
+++ b/docs/cmdline-opts/request.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: request
 Short: X
diff --git a/docs/cmdline-opts/resolve.d b/docs/cmdline-opts/resolve.d
index f5592bc75..bfecb147e 100644
--- a/docs/cmdline-opts/resolve.d
+++ b/docs/cmdline-opts/resolve.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: resolve
 Arg: <[+]host:port:addr[,addr]...>
diff --git a/docs/cmdline-opts/retry-all-errors.d b/docs/cmdline-opts/retry-all-errors.d
index a1fb89e9d..4e3361273 100644
--- a/docs/cmdline-opts/retry-all-errors.d
+++ b/docs/cmdline-opts/retry-all-errors.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: retry-all-errors
 Help: Retry all errors (use with --retry)
diff --git a/docs/cmdline-opts/retry-connrefused.d b/docs/cmdline-opts/retry-connrefused.d
index 10a9dcf30..a7b9643ce 100644
--- a/docs/cmdline-opts/retry-connrefused.d
+++ b/docs/cmdline-opts/retry-connrefused.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: retry-connrefused
 Help: Retry on connection refused (use with --retry)
diff --git a/docs/cmdline-opts/retry-delay.d b/docs/cmdline-opts/retry-delay.d
index bddaf9df5..5f5489772 100644
--- a/docs/cmdline-opts/retry-delay.d
+++ b/docs/cmdline-opts/retry-delay.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: retry-delay
 Arg: <seconds>
diff --git a/docs/cmdline-opts/retry-max-time.d b/docs/cmdline-opts/retry-max-time.d
index 2e132f946..a919dcae2 100644
--- a/docs/cmdline-opts/retry-max-time.d
+++ b/docs/cmdline-opts/retry-max-time.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: retry-max-time
 Arg: <seconds>
diff --git a/docs/cmdline-opts/retry.d b/docs/cmdline-opts/retry.d
index 080825bf8..eddea1dfd 100644
--- a/docs/cmdline-opts/retry.d
+++ b/docs/cmdline-opts/retry.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: retry
 Arg: <num>
diff --git a/docs/cmdline-opts/sasl-authzid.d b/docs/cmdline-opts/sasl-authzid.d
index ff56ce9c2..904b3c84a 100644
--- a/docs/cmdline-opts/sasl-authzid.d
+++ b/docs/cmdline-opts/sasl-authzid.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: sasl-authzid
 Arg: <identity>
diff --git a/docs/cmdline-opts/sasl-ir.d b/docs/cmdline-opts/sasl-ir.d
index 8fe3a60e2..56f1ae8ad 100644
--- a/docs/cmdline-opts/sasl-ir.d
+++ b/docs/cmdline-opts/sasl-ir.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: sasl-ir
 Help: Enable initial response in SASL authentication
diff --git a/docs/cmdline-opts/service-name.d b/docs/cmdline-opts/service-name.d
index 0cf9cef74..0b4109e45 100644
--- a/docs/cmdline-opts/service-name.d
+++ b/docs/cmdline-opts/service-name.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: service-name
 Help: SPNEGO service name
diff --git a/docs/cmdline-opts/show-error.d b/docs/cmdline-opts/show-error.d
index a31e07d9e..f15028745 100644
--- a/docs/cmdline-opts/show-error.d
+++ b/docs/cmdline-opts/show-error.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: show-error
 Short: S
@@ -8,8 +8,6 @@ Category: curl
 Example: --show-error --silent $URL
 Added: 5.9
 Multi: boolean
+Scope: global
 ---
 When used with --silent, it makes curl show an error message if it fails.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/silent.d b/docs/cmdline-opts/silent.d
index b31fe5cf1..874206173 100644
--- a/docs/cmdline-opts/silent.d
+++ b/docs/cmdline-opts/silent.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: silent
 Short: s
diff --git a/docs/cmdline-opts/socks4.d b/docs/cmdline-opts/socks4.d
index c99a134e4..803032d62 100644
--- a/docs/cmdline-opts/socks4.d
+++ b/docs/cmdline-opts/socks4.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks4
 Arg: <host[:port]>
diff --git a/docs/cmdline-opts/socks4a.d b/docs/cmdline-opts/socks4a.d
index e3afbaf6b..0d8060071 100644
--- a/docs/cmdline-opts/socks4a.d
+++ b/docs/cmdline-opts/socks4a.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks4a
 Arg: <host[:port]>
diff --git a/docs/cmdline-opts/socks5-basic.d b/docs/cmdline-opts/socks5-basic.d
index 1f4d5e33f..a16831be1 100644
--- a/docs/cmdline-opts/socks5-basic.d
+++ b/docs/cmdline-opts/socks5-basic.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks5-basic
 Help: Enable username/password auth for SOCKS5 proxies
diff --git a/docs/cmdline-opts/socks5-gssapi-nec.d b/docs/cmdline-opts/socks5-gssapi-nec.d
index bc5d31735..957655a09 100644
--- a/docs/cmdline-opts/socks5-gssapi-nec.d
+++ b/docs/cmdline-opts/socks5-gssapi-nec.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks5-gssapi-nec
 Help: Compatibility with NEC SOCKS5 server
diff --git a/docs/cmdline-opts/socks5-gssapi-service.d b/docs/cmdline-opts/socks5-gssapi-service.d
index 218c0bf38..ac5b686c3 100644
--- a/docs/cmdline-opts/socks5-gssapi-service.d
+++ b/docs/cmdline-opts/socks5-gssapi-service.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks5-gssapi-service
 Arg: <name>
diff --git a/docs/cmdline-opts/socks5-gssapi.d b/docs/cmdline-opts/socks5-gssapi.d
index 3a4fda21c..cec684f42 100644
--- a/docs/cmdline-opts/socks5-gssapi.d
+++ b/docs/cmdline-opts/socks5-gssapi.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks5-gssapi
 Help: Enable GSS-API auth for SOCKS5 proxies
diff --git a/docs/cmdline-opts/socks5-hostname.d b/docs/cmdline-opts/socks5-hostname.d
index a5781370d..8845e196f 100644
--- a/docs/cmdline-opts/socks5-hostname.d
+++ b/docs/cmdline-opts/socks5-hostname.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks5-hostname
 Arg: <host[:port]>
diff --git a/docs/cmdline-opts/socks5.d b/docs/cmdline-opts/socks5.d
index 183b8c24d..c93c3f6db 100644
--- a/docs/cmdline-opts/socks5.d
+++ b/docs/cmdline-opts/socks5.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: socks5
 Arg: <host[:port]>
diff --git a/docs/cmdline-opts/speed-limit.d b/docs/cmdline-opts/speed-limit.d
index 878ca440d..dc9778db9 100644
--- a/docs/cmdline-opts/speed-limit.d
+++ b/docs/cmdline-opts/speed-limit.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: speed-limit
 Short: Y
diff --git a/docs/cmdline-opts/speed-time.d b/docs/cmdline-opts/speed-time.d
index 1426b5648..fe92b97f1 100644
--- a/docs/cmdline-opts/speed-time.d
+++ b/docs/cmdline-opts/speed-time.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: speed-time
 Short: y
diff --git a/docs/cmdline-opts/ssl-allow-beast.d b/docs/cmdline-opts/ssl-allow-beast.d
index 2545d07ba..2547675d6 100644
--- a/docs/cmdline-opts/ssl-allow-beast.d
+++ b/docs/cmdline-opts/ssl-allow-beast.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ssl-allow-beast
 Help: Allow security flaw to improve interop
diff --git a/docs/cmdline-opts/ssl-auto-client-cert.d b/docs/cmdline-opts/ssl-auto-client-cert.d
index 617d20a64..4eab1ab32 100644
--- a/docs/cmdline-opts/ssl-auto-client-cert.d
+++ b/docs/cmdline-opts/ssl-auto-client-cert.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ssl-auto-client-cert
 Help: Use auto client certificate (Schannel)
diff --git a/docs/cmdline-opts/ssl-no-revoke.d b/docs/cmdline-opts/ssl-no-revoke.d
index ad036740f..37e91d9c2 100644
--- a/docs/cmdline-opts/ssl-no-revoke.d
+++ b/docs/cmdline-opts/ssl-no-revoke.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ssl-no-revoke
 Help: Disable cert revocation checks (Schannel)
diff --git a/docs/cmdline-opts/ssl-reqd.d b/docs/cmdline-opts/ssl-reqd.d
index 6f95d5b67..acb7d3498 100644
--- a/docs/cmdline-opts/ssl-reqd.d
+++ b/docs/cmdline-opts/ssl-reqd.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ssl-reqd
 Help: Require SSL/TLS
diff --git a/docs/cmdline-opts/ssl-revoke-best-effort.d b/docs/cmdline-opts/ssl-revoke-best-effort.d
index edf04cc0e..b2d94d5d4 100644
--- a/docs/cmdline-opts/ssl-revoke-best-effort.d
+++ b/docs/cmdline-opts/ssl-revoke-best-effort.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ssl-revoke-best-effort
 Help: Ignore missing/offline cert CRL dist points
diff --git a/docs/cmdline-opts/ssl.d b/docs/cmdline-opts/ssl.d
index 31d46f883..b5d0e25a6 100644
--- a/docs/cmdline-opts/ssl.d
+++ b/docs/cmdline-opts/ssl.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: ssl
 Help: Try SSL/TLS
diff --git a/docs/cmdline-opts/sslv2.d b/docs/cmdline-opts/sslv2.d
index fbda3fa12..cef94ecce 100644
--- a/docs/cmdline-opts/sslv2.d
+++ b/docs/cmdline-opts/sslv2.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: 2
 Long: sslv2
diff --git a/docs/cmdline-opts/sslv3.d b/docs/cmdline-opts/sslv3.d
index 26f8e44b0..e78a69ad3 100644
--- a/docs/cmdline-opts/sslv3.d
+++ b/docs/cmdline-opts/sslv3.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: 3
 Long: sslv3
diff --git a/docs/cmdline-opts/stderr.d b/docs/cmdline-opts/stderr.d
index e23f3cd14..a80bf43d1 100644
--- a/docs/cmdline-opts/stderr.d
+++ b/docs/cmdline-opts/stderr.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: stderr
 Arg: <file>
@@ -8,9 +8,7 @@ Category: verbose
 Example: --stderr output.txt $URL
 Added: 6.2
 Multi: single
+Scope: global
 ---
 Redirect all writes to stderr to the specified file instead. If the file name
 is a plain '-', it is instead written to stdout.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/styled-output.d b/docs/cmdline-opts/styled-output.d
index 45b36e4c0..70e9da4e8 100644
--- a/docs/cmdline-opts/styled-output.d
+++ b/docs/cmdline-opts/styled-output.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: styled-output
 Help: Enable styled output for HTTP headers
@@ -7,12 +7,10 @@ Category: verbose
 Example: --styled-output -I $URL
 See-also: head verbose
 Multi: boolean
+Scope: global
 ---
 Enables the automatic use of bold font styles when writing HTTP headers to the
 terminal. Use --no-styled-output to switch them off.
 
 Styled output requires a terminal that supports bold fonts. This feature is
 not present on curl for Windows due to lack of this capability.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/suppress-connect-headers.d b/docs/cmdline-opts/suppress-connect-headers.d
index adde2499c..ed38f36de 100644
--- a/docs/cmdline-opts/suppress-connect-headers.d
+++ b/docs/cmdline-opts/suppress-connect-headers.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: suppress-connect-headers
 Help: Suppress proxy CONNECT response headers
diff --git a/docs/cmdline-opts/tcp-fastopen.d b/docs/cmdline-opts/tcp-fastopen.d
index 155dfed94..68d9aee4e 100644
--- a/docs/cmdline-opts/tcp-fastopen.d
+++ b/docs/cmdline-opts/tcp-fastopen.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tcp-fastopen
 Added: 7.49.0
diff --git a/docs/cmdline-opts/tcp-nodelay.d b/docs/cmdline-opts/tcp-nodelay.d
index cbb0a92ba..86b92fe23 100644
--- a/docs/cmdline-opts/tcp-nodelay.d
+++ b/docs/cmdline-opts/tcp-nodelay.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tcp-nodelay
 Help: Use the TCP_NODELAY option
diff --git a/docs/cmdline-opts/telnet-option.d b/docs/cmdline-opts/telnet-option.d
index 3e239e20f..dc9ba6d73 100644
--- a/docs/cmdline-opts/telnet-option.d
+++ b/docs/cmdline-opts/telnet-option.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: telnet-option
 Short: t
diff --git a/docs/cmdline-opts/tftp-blksize.d b/docs/cmdline-opts/tftp-blksize.d
index 9aaa9850d..cd9024217 100644
--- a/docs/cmdline-opts/tftp-blksize.d
+++ b/docs/cmdline-opts/tftp-blksize.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tftp-blksize
 Arg: <value>
diff --git a/docs/cmdline-opts/tftp-no-options.d b/docs/cmdline-opts/tftp-no-options.d
index 8b252bd28..43b1c00c4 100644
--- a/docs/cmdline-opts/tftp-no-options.d
+++ b/docs/cmdline-opts/tftp-no-options.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tftp-no-options
 Help: Do not send any TFTP options
diff --git a/docs/cmdline-opts/time-cond.d b/docs/cmdline-opts/time-cond.d
index 416b16527..aea4b3b25 100644
--- a/docs/cmdline-opts/time-cond.d
+++ b/docs/cmdline-opts/time-cond.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: time-cond
 Short: z
diff --git a/docs/cmdline-opts/tls-max.d b/docs/cmdline-opts/tls-max.d
index 6a7375a70..2a4f9c7d3 100644
--- a/docs/cmdline-opts/tls-max.d
+++ b/docs/cmdline-opts/tls-max.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tls-max
 Arg: <VERSION>
diff --git a/docs/cmdline-opts/tls13-ciphers.d b/docs/cmdline-opts/tls13-ciphers.d
index 60cbfe59a..1e9dcf594 100644
--- a/docs/cmdline-opts/tls13-ciphers.d
+++ b/docs/cmdline-opts/tls13-ciphers.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tls13-ciphers
 Arg: <ciphersuite list>
diff --git a/docs/cmdline-opts/tlsauthtype.d b/docs/cmdline-opts/tlsauthtype.d
index 239753994..7d3f7e5aa 100644
--- a/docs/cmdline-opts/tlsauthtype.d
+++ b/docs/cmdline-opts/tlsauthtype.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tlsauthtype
 Arg: <type>
diff --git a/docs/cmdline-opts/tlspassword.d b/docs/cmdline-opts/tlspassword.d
index 053751e7f..0513191ae 100644
--- a/docs/cmdline-opts/tlspassword.d
+++ b/docs/cmdline-opts/tlspassword.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tlspassword
 Arg: <string>
diff --git a/docs/cmdline-opts/tlsuser.d b/docs/cmdline-opts/tlsuser.d
index a3f0d54cd..f87532a7c 100644
--- a/docs/cmdline-opts/tlsuser.d
+++ b/docs/cmdline-opts/tlsuser.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tlsuser
 Arg: <name>
diff --git a/docs/cmdline-opts/tlsv1.0.d b/docs/cmdline-opts/tlsv1.0.d
index f5fe3bfb0..493c0c653 100644
--- a/docs/cmdline-opts/tlsv1.0.d
+++ b/docs/cmdline-opts/tlsv1.0.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tlsv1.0
 Help: Use TLSv1.0 or greater
diff --git a/docs/cmdline-opts/tlsv1.1.d b/docs/cmdline-opts/tlsv1.1.d
index 567254d70..f8ecdf67a 100644
--- a/docs/cmdline-opts/tlsv1.1.d
+++ b/docs/cmdline-opts/tlsv1.1.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tlsv1.1
 Help: Use TLSv1.1 or greater
diff --git a/docs/cmdline-opts/tlsv1.2.d b/docs/cmdline-opts/tlsv1.2.d
index df1b90be9..a9953604e 100644
--- a/docs/cmdline-opts/tlsv1.2.d
+++ b/docs/cmdline-opts/tlsv1.2.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tlsv1.2
 Help: Use TLSv1.2 or greater
diff --git a/docs/cmdline-opts/tlsv1.3.d b/docs/cmdline-opts/tlsv1.3.d
index d91b175d3..5690aa113 100644
--- a/docs/cmdline-opts/tlsv1.3.d
+++ b/docs/cmdline-opts/tlsv1.3.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tlsv1.3
 Help: Use TLSv1.3 or greater
diff --git a/docs/cmdline-opts/tlsv1.d b/docs/cmdline-opts/tlsv1.d
index b958a809e..8a037520a 100644
--- a/docs/cmdline-opts/tlsv1.d
+++ b/docs/cmdline-opts/tlsv1.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: 1
 Long: tlsv1
diff --git a/docs/cmdline-opts/tr-encoding.d b/docs/cmdline-opts/tr-encoding.d
index ca385ce53..053e18ca1 100644
--- a/docs/cmdline-opts/tr-encoding.d
+++ b/docs/cmdline-opts/tr-encoding.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: tr-encoding
 Added: 7.21.6
diff --git a/docs/cmdline-opts/trace-ascii.d b/docs/cmdline-opts/trace-ascii.d
index 01484f9f6..3d74b2903 100644
--- a/docs/cmdline-opts/trace-ascii.d
+++ b/docs/cmdline-opts/trace-ascii.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: trace-ascii
 Arg: <file>
@@ -9,6 +9,7 @@ Example: --trace-ascii log.txt $URL
 Added: 7.9.7
 See-also: verbose trace
 Multi: single
+Scope: global
 ---
 Enables a full trace dump of all incoming and outgoing data, including
 descriptive information, to the given output file. Use "-" as filename to have
@@ -17,6 +18,3 @@ the output sent to stdout.
 This is similar to --trace, but leaves out the hex part and only shows the
 ASCII part of the dump. It makes smaller output that might be easier to read
 for untrained humans.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/trace-time.d b/docs/cmdline-opts/trace-time.d
index e76988544..f40ee02d7 100644
--- a/docs/cmdline-opts/trace-time.d
+++ b/docs/cmdline-opts/trace-time.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: trace-time
 Help: Add time stamps to trace/verbose output
@@ -7,8 +7,6 @@ Category: verbose
 Example: --trace-time --trace-ascii output $URL
 See-also: trace verbose
 Multi: boolean
+Scope: global
 ---
 Prepends a time stamp to each trace or verbose line that curl displays.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/trace.d b/docs/cmdline-opts/trace.d
index 2f088ecb0..1b422c2f0 100644
--- a/docs/cmdline-opts/trace.d
+++ b/docs/cmdline-opts/trace.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: trace
 Arg: <file>
@@ -9,11 +9,9 @@ Example: --trace log.txt $URL
 Added: 7.9.7
 See-also: trace-ascii trace-time
 Multi: single
+Scope: global
 ---
 Enables a full trace dump of all incoming and outgoing data, including
 descriptive information, to the given output file. Use "-" as filename to have
 the output sent to stdout. Use "%" as filename to have the output sent to
 stderr.
-
-This option is global and does not need to be specified for each use of
---next.
diff --git a/docs/cmdline-opts/unix-socket.d b/docs/cmdline-opts/unix-socket.d
index 7d95a71df..5ea56ebf1 100644
--- a/docs/cmdline-opts/unix-socket.d
+++ b/docs/cmdline-opts/unix-socket.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: unix-socket
 Arg: <path>
diff --git a/docs/cmdline-opts/upload-file.d b/docs/cmdline-opts/upload-file.d
index 3709896f6..b6cbef106 100644
--- a/docs/cmdline-opts/upload-file.d
+++ b/docs/cmdline-opts/upload-file.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: upload-file
 Short: T
diff --git a/docs/cmdline-opts/url-query.d b/docs/cmdline-opts/url-query.d
index c74b4fb39..29b31e338 100644
--- a/docs/cmdline-opts/url-query.d
+++ b/docs/cmdline-opts/url-query.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: url-query
 Arg: <data>
diff --git a/docs/cmdline-opts/url.d b/docs/cmdline-opts/url.d
index 5ec61b1df..df399ccb5 100644
--- a/docs/cmdline-opts/url.d
+++ b/docs/cmdline-opts/url.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: url
 Arg: <url>
diff --git a/docs/cmdline-opts/use-ascii.d b/docs/cmdline-opts/use-ascii.d
index 569c7c6da..772992c17 100644
--- a/docs/cmdline-opts/use-ascii.d
+++ b/docs/cmdline-opts/use-ascii.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: B
 Long: use-ascii
diff --git a/docs/cmdline-opts/user-agent.d b/docs/cmdline-opts/user-agent.d
index 3f2b65d1a..33cbe210b 100644
--- a/docs/cmdline-opts/user-agent.d
+++ b/docs/cmdline-opts/user-agent.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: A
 Long: user-agent
diff --git a/docs/cmdline-opts/user.d b/docs/cmdline-opts/user.d
index 930df83cc..63ca4c542 100644
--- a/docs/cmdline-opts/user.d
+++ b/docs/cmdline-opts/user.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: user
 Short: u
diff --git a/docs/cmdline-opts/verbose.d b/docs/cmdline-opts/verbose.d
index 7122f7d24..4036aadc5 100644
--- a/docs/cmdline-opts/verbose.d
+++ b/docs/cmdline-opts/verbose.d
@@ -1,14 +1,15 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Short: v
 Long: verbose
 Mutexed: trace trace-ascii
 Help: Make the operation more talkative
-See-also: include
+See-also: include silent trace trace-ascii
 Category: important verbose
 Example: --verbose $URL
 Added: 4.0
 Multi: boolean
+Scope: global
 ---
 Makes curl verbose during the operation. Useful for debugging and seeing
 what's going on "under the hood". A line starting with '>' means "header data"
@@ -16,13 +17,8 @@ sent by curl, '<' means "header data" received by curl that is hidden in
 normal cases, and a line starting with '*' means additional info provided by
 curl.
 
-If you only want HTTP headers in the output, --include might be the option
-you are looking for.
+If you only want HTTP headers in the output, --include or --dump-header might
+be more suitable options.
 
 If you think this option still does not give you enough details, consider using
 --trace or --trace-ascii instead.
-
-This option is global and does not need to be specified for each use of
---next.
-
-Use --silent to make curl really quiet.
diff --git a/docs/cmdline-opts/version.d b/docs/cmdline-opts/version.d
index 032e2e2db..e4ea3145d 100644
--- a/docs/cmdline-opts/version.d
+++ b/docs/cmdline-opts/version.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: version
 Short: V
@@ -7,7 +7,7 @@ Category: important curl
 Example: --version
 Added: 4.0
 See-also: help manual
-Multi: boolean
+Multi: custom
 ---
 Displays information about curl and the libcurl version it uses.
 
diff --git a/docs/cmdline-opts/write-out.d b/docs/cmdline-opts/write-out.d
index 8ca1746d0..bb26528b5 100644
--- a/docs/cmdline-opts/write-out.d
+++ b/docs/cmdline-opts/write-out.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: write-out
 Short: w
@@ -31,12 +31,18 @@ trailing colon). The header contents are exactly as sent over the network,
 with leading and trailing whitespace trimmed. Added in curl 7.84.0.
 
 .B NOTE:
-The %-symbol is a special symbol in the win32-environment, where all
-occurrences of % must be doubled when using this option.
+In Windows the %-symbol is a special symbol used to expand environment
+variables. In batch files all occurrences of % must be doubled when using this
+option to properly escape. If this option is used at the command prompt then
+the % cannot be escaped and unintended expansion is possible.
 
 The variables available are:
 .RS
 .TP 15
+.B certs
+Output the certificate chain with details. Supported only by the OpenSSL,
+GnuTLS, Schannel, NSS, GSKit and Secure Transport backends (Added in 7.88.0)
+.TP
 .B content_type
 The Content-Type of the requested document, if there was any.
 .TP
@@ -59,7 +65,7 @@ server. (Added in 7.15.4)
 .B header_json
 A JSON object with all HTTP response headers from the recent transfer. Values
 are provided as arrays, since in the case of multiple headers there can be
-multiple values.
+multiple values. (Added in 7.83.0)
 
 The header names provided in lowercase, listed in order of appearance over the
 wire. Except for duplicated headers. They are grouped on the first occurrence
@@ -89,6 +95,11 @@ The local port number of the most recently done connection. (Added in 7.29.0)
 .B method
 The http method used in the most recent HTTP request. (Added in 7.72.0)
 .TP
+.B num_certs
+Number of server certificates received in the TLS handshake. Supported only by
+the OpenSSL, GnuTLS, Schannel, NSS, GSKit and Secure Transport backends (Added
+in 7.88.0)
+.TP
 .B num_connects
 Number of new connects made in the recent transfer. (Added in 7.12.3)
 .TP
diff --git a/docs/cmdline-opts/xattr.d b/docs/cmdline-opts/xattr.d
index 9f1a6cf8a..31bdb2d72 100644
--- a/docs/cmdline-opts/xattr.d
+++ b/docs/cmdline-opts/xattr.d
@@ -1,4 +1,4 @@
-c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 SPDX-License-Identifier: curl
 Long: xattr
 Help: Store metadata in extended file attributes
diff --git a/docs/curl-config.1 b/docs/curl-config.1
index 0d1d61fbb..3f74976ac 100644
--- a/docs/curl-config.1
+++ b/docs/curl-config.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/examples/.gitignore b/docs/examples/.gitignore
index 3443a8f20..f9a2c7797 100644
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/docs/examples/10-at-a-time.c b/docs/examples/10-at-a-time.c
index 395b68c19..b54a4410c 100644
--- a/docs/examples/10-at-a-time.c
+++ b/docs/examples/10-at-a-time.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/Makefile.am b/docs/examples/Makefile.am
index 81eb95bc6..80ccc5925 100644
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/examples/Makefile.example b/docs/examples/Makefile.example
index b05ca8ee1..cde00468d 100644
--- a/docs/examples/Makefile.example
+++ b/docs/examples/Makefile.example
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/examples/Makefile.inc b/docs/examples/Makefile.inc
index 42247fe61..9f25f980f 100644
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -123,7 +123,6 @@ check_PROGRAMS = \
 COMPLICATED_EXAMPLES = \
   cacertinmem.c \
   crawler.c \
-  curlgtk.c \
   ephiperfifo.c \
   evhiperfifo.c \
   ghiper.c \
diff --git a/docs/examples/Makefile.mk b/docs/examples/Makefile.mk
index c5687119f..599acee0b 100644
--- a/docs/examples/Makefile.mk
+++ b/docs/examples/Makefile.mk
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/examples/README.md b/docs/examples/README.md
index c74dc9416..3f95f03c0 100644
--- a/docs/examples/README.md
+++ b/docs/examples/README.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/docs/examples/adddocsref.pl b/docs/examples/adddocsref.pl
index 811319f07..01be96a84 100755
--- a/docs/examples/adddocsref.pl
+++ b/docs/examples/adddocsref.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2004 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/examples/altsvc.c b/docs/examples/altsvc.c
index 7fa47c2c2..28e9794e8 100644
--- a/docs/examples/altsvc.c
+++ b/docs/examples/altsvc.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/anyauthput.c b/docs/examples/anyauthput.c
index 852e2e2eb..ff09d83f0 100644
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/cacertinmem.c b/docs/examples/cacertinmem.c
index a1a140f3d..647b495b4 100644
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/certinfo.c b/docs/examples/certinfo.c
index 381ee5110..795be6c3d 100644
--- a/docs/examples/certinfo.c
+++ b/docs/examples/certinfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/chkspeed.c b/docs/examples/chkspeed.c
index a467913a7..45765b988 100644
--- a/docs/examples/chkspeed.c
+++ b/docs/examples/chkspeed.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/cookie_interface.c b/docs/examples/cookie_interface.c
index 62e9dd798..131ef6542 100644
--- a/docs/examples/cookie_interface.c
+++ b/docs/examples/cookie_interface.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/crawler.c b/docs/examples/crawler.c
index 1859c274e..33312cace 100644
--- a/docs/examples/crawler.c
+++ b/docs/examples/crawler.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022 Jeroen Ooms <jeroenooms@gmail.com>
+ * Copyright (C) Jeroen Ooms <jeroenooms@gmail.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/curlgtk.c b/docs/examples/curlgtk.c
deleted file mode 100644
index 756894121..000000000
--- a/docs/examples/curlgtk.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (c) 2000 - 2022 David Odin (aka DindinX) for MandrakeSoft
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-/* <DESC>
- * use the libcurl in a gtk-threaded application
- * </DESC>
- */
-
-#include <stdio.h>
-#include <gtk/gtk.h>
-
-#include <curl/curl.h>
-
-GtkWidget *Bar;
-
-static size_t my_write_func(void *ptr, size_t size, size_t nmemb, FILE *stream)
-{
-  return fwrite(ptr, size, nmemb, stream);
-}
-
-static size_t my_read_func(char *ptr, size_t size, size_t nmemb, FILE *stream)
-{
-  return fread(ptr, size, nmemb, stream);
-}
-
-static int my_progress_func(GtkWidget *bar,
-                            double t, /* dltotal */
-                            double d, /* dlnow */
-                            double ultotal,
-                            double ulnow)
-{
-/*  printf("%d / %d (%g %%)\n", d, t, d*100.0/t);*/
-  gdk_threads_enter();
-  gtk_progress_set_value(GTK_PROGRESS(bar), d*100.0/t);
-  gdk_threads_leave();
-  return 0;
-}
-
-static void *my_thread(void *ptr)
-{
-  CURL *curl;
-
-  curl = curl_easy_init();
-  if(curl) {
-    gchar *url = ptr;
-    const char *filename = "test.curl";
-    FILE *outfile = fopen(filename, "wb");
-
-    curl_easy_setopt(curl, CURLOPT_URL, url);
-    curl_easy_setopt(curl, CURLOPT_WRITEDATA, outfile);
-    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_write_func);
-    curl_easy_setopt(curl, CURLOPT_READFUNCTION, my_read_func);
-    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
-    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, my_progress_func);
-    curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, Bar);
-
-    curl_easy_perform(curl);
-
-    fclose(outfile);
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-  }
-
-  return NULL;
-}
-
-int main(int argc, char **argv)
-{
-  GtkWidget *Window, *Frame, *Frame2;
-  GtkAdjustment *adj;
-
-  /* Must initialize libcurl before any threads are started */
-  curl_global_init(CURL_GLOBAL_ALL);
-
-  /* Init thread */
-  g_thread_init(NULL);
-
-  gtk_init(&argc, &argv);
-  Window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
-  Frame = gtk_frame_new(NULL);
-  gtk_frame_set_shadow_type(GTK_FRAME(Frame), GTK_SHADOW_OUT);
-  gtk_container_add(GTK_CONTAINER(Window), Frame);
-  Frame2 = gtk_frame_new(NULL);
-  gtk_frame_set_shadow_type(GTK_FRAME(Frame2), GTK_SHADOW_IN);
-  gtk_container_add(GTK_CONTAINER(Frame), Frame2);
-  gtk_container_set_border_width(GTK_CONTAINER(Frame2), 5);
-  adj = (GtkAdjustment*)gtk_adjustment_new(0, 0, 100, 0, 0, 0);
-  Bar = gtk_progress_bar_new_with_adjustment(adj);
-  gtk_container_add(GTK_CONTAINER(Frame2), Bar);
-  gtk_widget_show_all(Window);
-
-  if(!g_thread_create(&my_thread, argv[1], FALSE, NULL) != 0)
-    g_warning("cannot create the thread");
-
-  gdk_threads_enter();
-  gtk_main();
-  gdk_threads_leave();
-  return 0;
-}
diff --git a/docs/examples/debug.c b/docs/examples/debug.c
index aeef8290a..684a18327 100644
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ephiperfifo.c b/docs/examples/ephiperfifo.c
index 268f9a928..f0ee0a1be 100644
--- a/docs/examples/ephiperfifo.c
+++ b/docs/examples/ephiperfifo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/evhiperfifo.c b/docs/examples/evhiperfifo.c
index 3c9ca57dd..2a361b94a 100644
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/externalsocket.c b/docs/examples/externalsocket.c
index f0deeb9ed..1c78c3db4 100644
--- a/docs/examples/externalsocket.c
+++ b/docs/examples/externalsocket.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/fileupload.c b/docs/examples/fileupload.c
index 8d3e6cdf8..9e3bd84f7 100644
--- a/docs/examples/fileupload.c
+++ b/docs/examples/fileupload.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftp-wildcard.c b/docs/examples/ftp-wildcard.c
index 9c1c913f1..f80543247 100644
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftpget.c b/docs/examples/ftpget.c
index 3229dbf7b..b25e6680a 100644
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftpgetinfo.c b/docs/examples/ftpgetinfo.c
index d95753d3e..be24fa71e 100644
--- a/docs/examples/ftpgetinfo.c
+++ b/docs/examples/ftpgetinfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftpgetresp.c b/docs/examples/ftpgetresp.c
index 1bee903db..238885dfe 100644
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftpsget.c b/docs/examples/ftpsget.c
index 521ad5cb6..88ba0023c 100644
--- a/docs/examples/ftpsget.c
+++ b/docs/examples/ftpsget.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftpupload.c b/docs/examples/ftpupload.c
index 046166a43..00de126ea 100644
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftpuploadfrommem.c b/docs/examples/ftpuploadfrommem.c
index b32020e80..9613cca26 100644
--- a/docs/examples/ftpuploadfrommem.c
+++ b/docs/examples/ftpuploadfrommem.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ftpuploadresume.c b/docs/examples/ftpuploadresume.c
index 5014e3f23..26f2f9bf8 100644
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/getinfo.c b/docs/examples/getinfo.c
index d63b030aa..9c178c2c8 100644
--- a/docs/examples/getinfo.c
+++ b/docs/examples/getinfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/getinmemory.c b/docs/examples/getinmemory.c
index 085ece7b7..8ec84142d 100644
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/getredirect.c b/docs/examples/getredirect.c
index 85ea382b7..9163c9b07 100644
--- a/docs/examples/getredirect.c
+++ b/docs/examples/getredirect.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/getreferrer.c b/docs/examples/getreferrer.c
index d320c104d..6073f9fca 100644
--- a/docs/examples/getreferrer.c
+++ b/docs/examples/getreferrer.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/ghiper.c b/docs/examples/ghiper.c
index e18ca6e5b..b30afd160 100644
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/headerapi.c b/docs/examples/headerapi.c
index 58c858629..4df6cbd67 100644
--- a/docs/examples/headerapi.c
+++ b/docs/examples/headerapi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/hiperfifo.c b/docs/examples/hiperfifo.c
index ea0cdb185..06cb13878 100644
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/href_extractor.c b/docs/examples/href_extractor.c
index b73157b8d..5c92b0c23 100644
--- a/docs/examples/href_extractor.c
+++ b/docs/examples/href_extractor.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/htmltidy.c b/docs/examples/htmltidy.c
index 97e3eac73..cc6f63e1c 100644
--- a/docs/examples/htmltidy.c
+++ b/docs/examples/htmltidy.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/htmltitle.cpp b/docs/examples/htmltitle.cpp
index b5c78f796..0f4bad4a8 100644
--- a/docs/examples/htmltitle.cpp
+++ b/docs/examples/htmltitle.cpp
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/http-post.c b/docs/examples/http-post.c
index 58fb545cd..2cacefee4 100644
--- a/docs/examples/http-post.c
+++ b/docs/examples/http-post.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/http2-download.c b/docs/examples/http2-download.c
index e88f578cd..e263571b8 100644
--- a/docs/examples/http2-download.c
+++ b/docs/examples/http2-download.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/http2-pushinmemory.c b/docs/examples/http2-pushinmemory.c
index 78273c9db..c982bd5c5 100644
--- a/docs/examples/http2-pushinmemory.c
+++ b/docs/examples/http2-pushinmemory.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/http2-serverpush.c b/docs/examples/http2-serverpush.c
index f27935516..31a34715d 100644
--- a/docs/examples/http2-serverpush.c
+++ b/docs/examples/http2-serverpush.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/http2-upload.c b/docs/examples/http2-upload.c
index d0d54695e..5889d0c36 100644
--- a/docs/examples/http2-upload.c
+++ b/docs/examples/http2-upload.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/http3-present.c b/docs/examples/http3-present.c
index 3e189203c..56ba0f572 100644
--- a/docs/examples/http3-present.c
+++ b/docs/examples/http3-present.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/http3.c b/docs/examples/http3.c
index 6463ccfd0..900e11920 100644
--- a/docs/examples/http3.c
+++ b/docs/examples/http3.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,10 +37,9 @@ int main(void)
   if(curl) {
     curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
 
-    /* Forcing HTTP/3 will make the connection fail if the server is not
-       accessible over QUIC + HTTP/3 on the given host and port.
-       Consider using CURLOPT_ALTSVC instead! */
-    curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, (long)CURL_HTTP_VERSION_3);
+    /* Use HTTP/3 but fallback to earlier HTTP if necessary */
+    curl_easy_setopt(curl, CURLOPT_HTTP_VERSION,
+                     (long)CURL_HTTP_VERSION_3);
 
     /* Perform the request, res will get the return code */
     res = curl_easy_perform(curl);
diff --git a/docs/examples/httpcustomheader.c b/docs/examples/httpcustomheader.c
index c72a474e0..a3881674c 100644
--- a/docs/examples/httpcustomheader.c
+++ b/docs/examples/httpcustomheader.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/httpput-postfields.c b/docs/examples/httpput-postfields.c
index 6641a4380..98d7c3d74 100644
--- a/docs/examples/httpput-postfields.c
+++ b/docs/examples/httpput-postfields.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/httpput.c b/docs/examples/httpput.c
index 2eb0ea68b..c80100bbe 100644
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/https.c b/docs/examples/https.c
index 7be330a8e..26e72085b 100644
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-append.c b/docs/examples/imap-append.c
index 303c36fa9..1abfda3fd 100644
--- a/docs/examples/imap-append.c
+++ b/docs/examples/imap-append.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-authzid.c b/docs/examples/imap-authzid.c
index 9cf0d7f4d..af0732064 100644
--- a/docs/examples/imap-authzid.c
+++ b/docs/examples/imap-authzid.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-copy.c b/docs/examples/imap-copy.c
index 10e3e74e9..0920f0944 100644
--- a/docs/examples/imap-copy.c
+++ b/docs/examples/imap-copy.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-create.c b/docs/examples/imap-create.c
index b73c6d1af..6a9b56534 100644
--- a/docs/examples/imap-create.c
+++ b/docs/examples/imap-create.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-delete.c b/docs/examples/imap-delete.c
index 693f6b974..e43ab2e98 100644
--- a/docs/examples/imap-delete.c
+++ b/docs/examples/imap-delete.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-examine.c b/docs/examples/imap-examine.c
index 782dc0fca..34217bfa4 100644
--- a/docs/examples/imap-examine.c
+++ b/docs/examples/imap-examine.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-fetch.c b/docs/examples/imap-fetch.c
index 68ae01f28..3361d7cfe 100644
--- a/docs/examples/imap-fetch.c
+++ b/docs/examples/imap-fetch.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-list.c b/docs/examples/imap-list.c
index d9c01cd00..2f3780f2d 100644
--- a/docs/examples/imap-list.c
+++ b/docs/examples/imap-list.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-lsub.c b/docs/examples/imap-lsub.c
index 18de27238..9cb87fe9a 100644
--- a/docs/examples/imap-lsub.c
+++ b/docs/examples/imap-lsub.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-multi.c b/docs/examples/imap-multi.c
index ace2551d9..6a5f4b070 100644
--- a/docs/examples/imap-multi.c
+++ b/docs/examples/imap-multi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-noop.c b/docs/examples/imap-noop.c
index 3c7497d60..9e5a3da2d 100644
--- a/docs/examples/imap-noop.c
+++ b/docs/examples/imap-noop.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-search.c b/docs/examples/imap-search.c
index b92547474..141b06f64 100644
--- a/docs/examples/imap-search.c
+++ b/docs/examples/imap-search.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-ssl.c b/docs/examples/imap-ssl.c
index bf36e31e2..51d2d1d91 100644
--- a/docs/examples/imap-ssl.c
+++ b/docs/examples/imap-ssl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-store.c b/docs/examples/imap-store.c
index 571b218d9..d04a6072c 100644
--- a/docs/examples/imap-store.c
+++ b/docs/examples/imap-store.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/imap-tls.c b/docs/examples/imap-tls.c
index 124c04240..5a47e4de2 100644
--- a/docs/examples/imap-tls.c
+++ b/docs/examples/imap-tls.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-app.c b/docs/examples/multi-app.c
index bf9475b82..3dbc46483 100644
--- a/docs/examples/multi-app.c
+++ b/docs/examples/multi-app.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-debugcallback.c b/docs/examples/multi-debugcallback.c
index 0c7811bb7..32d4e5783 100644
--- a/docs/examples/multi-debugcallback.c
+++ b/docs/examples/multi-debugcallback.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-double.c b/docs/examples/multi-double.c
index b9bba520d..62295a92c 100644
--- a/docs/examples/multi-double.c
+++ b/docs/examples/multi-double.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-event.c b/docs/examples/multi-event.c
index 4f61f5e4b..5a24bb203 100644
--- a/docs/examples/multi-event.c
+++ b/docs/examples/multi-event.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-formadd.c b/docs/examples/multi-formadd.c
index e62de32ab..801b61e6d 100644
--- a/docs/examples/multi-formadd.c
+++ b/docs/examples/multi-formadd.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-legacy.c b/docs/examples/multi-legacy.c
index a1504231c..e34600cd2 100644
--- a/docs/examples/multi-legacy.c
+++ b/docs/examples/multi-legacy.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-post.c b/docs/examples/multi-post.c
index c141c68e9..112f3c0cd 100644
--- a/docs/examples/multi-post.c
+++ b/docs/examples/multi-post.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-single.c b/docs/examples/multi-single.c
index d0c6321ed..c5933627a 100644
--- a/docs/examples/multi-single.c
+++ b/docs/examples/multi-single.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multi-uv.c b/docs/examples/multi-uv.c
index fe7b357e8..6581b9fa6 100644
--- a/docs/examples/multi-uv.c
+++ b/docs/examples/multi-uv.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/multithread.c b/docs/examples/multithread.c
index 2b89798e3..cc4ce7c12 100644
--- a/docs/examples/multithread.c
+++ b/docs/examples/multithread.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/opensslthreadlock.c b/docs/examples/opensslthreadlock.c
index a7de777ca..6f875673c 100644
--- a/docs/examples/opensslthreadlock.c
+++ b/docs/examples/opensslthreadlock.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/parseurl.c b/docs/examples/parseurl.c
index d6682d70b..ab1714d6a 100644
--- a/docs/examples/parseurl.c
+++ b/docs/examples/parseurl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/persistent.c b/docs/examples/persistent.c
index 6ddfc40ac..2b6eb4645 100644
--- a/docs/examples/persistent.c
+++ b/docs/examples/persistent.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-authzid.c b/docs/examples/pop3-authzid.c
index 168eb76fc..a948e95c6 100644
--- a/docs/examples/pop3-authzid.c
+++ b/docs/examples/pop3-authzid.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-dele.c b/docs/examples/pop3-dele.c
index 7aea644e0..fe3795c24 100644
--- a/docs/examples/pop3-dele.c
+++ b/docs/examples/pop3-dele.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-list.c b/docs/examples/pop3-list.c
index 1dae86ea5..2e8b3baee 100644
--- a/docs/examples/pop3-list.c
+++ b/docs/examples/pop3-list.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-multi.c b/docs/examples/pop3-multi.c
index 53d0fd511..b4fad1925 100644
--- a/docs/examples/pop3-multi.c
+++ b/docs/examples/pop3-multi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-noop.c b/docs/examples/pop3-noop.c
index 41c205df5..16181d287 100644
--- a/docs/examples/pop3-noop.c
+++ b/docs/examples/pop3-noop.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-retr.c b/docs/examples/pop3-retr.c
index d3866f3aa..4940e0781 100644
--- a/docs/examples/pop3-retr.c
+++ b/docs/examples/pop3-retr.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-ssl.c b/docs/examples/pop3-ssl.c
index 0415363d7..b9a758833 100644
--- a/docs/examples/pop3-ssl.c
+++ b/docs/examples/pop3-ssl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-stat.c b/docs/examples/pop3-stat.c
index f78ea5f39..419859bfa 100644
--- a/docs/examples/pop3-stat.c
+++ b/docs/examples/pop3-stat.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-tls.c b/docs/examples/pop3-tls.c
index 3e8d8db3b..976ce4ab2 100644
--- a/docs/examples/pop3-tls.c
+++ b/docs/examples/pop3-tls.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-top.c b/docs/examples/pop3-top.c
index c63b43c73..7ceba881b 100644
--- a/docs/examples/pop3-top.c
+++ b/docs/examples/pop3-top.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/pop3-uidl.c b/docs/examples/pop3-uidl.c
index 6fa9b210d..496e5b08d 100644
--- a/docs/examples/pop3-uidl.c
+++ b/docs/examples/pop3-uidl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/post-callback.c b/docs/examples/post-callback.c
index cf74db88d..a802c3582 100644
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/postinmemory.c b/docs/examples/postinmemory.c
index 68ad8c1fe..1610ad5a5 100644
--- a/docs/examples/postinmemory.c
+++ b/docs/examples/postinmemory.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/postit2-formadd.c b/docs/examples/postit2-formadd.c
index 502776960..292c0c93d 100644
--- a/docs/examples/postit2-formadd.c
+++ b/docs/examples/postit2-formadd.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/postit2.c b/docs/examples/postit2.c
index 5e9c609d3..3add296d4 100644
--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/progressfunc.c b/docs/examples/progressfunc.c
index be32b67aa..e164f03ca 100644
--- a/docs/examples/progressfunc.c
+++ b/docs/examples/progressfunc.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/resolve.c b/docs/examples/resolve.c
index 40bdfb345..a16f45954 100644
--- a/docs/examples/resolve.c
+++ b/docs/examples/resolve.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/sendrecv.c b/docs/examples/sendrecv.c
index 954ae810b..80b4751ea 100644
--- a/docs/examples/sendrecv.c
+++ b/docs/examples/sendrecv.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/sepheaders.c b/docs/examples/sepheaders.c
index a398d0568..0d090ed81 100644
--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/sessioninfo.c b/docs/examples/sessioninfo.c
index 4a848b9fe..befb8f3c0 100644
--- a/docs/examples/sessioninfo.c
+++ b/docs/examples/sessioninfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/sftpget.c b/docs/examples/sftpget.c
index 05041b18b..ac2c879a7 100644
--- a/docs/examples/sftpget.c
+++ b/docs/examples/sftpget.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/sftpuploadresume.c b/docs/examples/sftpuploadresume.c
index 7c72e5d09..aabe5c395 100644
--- a/docs/examples/sftpuploadresume.c
+++ b/docs/examples/sftpuploadresume.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/shared-connection-cache.c b/docs/examples/shared-connection-cache.c
index ac9eb5492..26bfb1a46 100644
--- a/docs/examples/shared-connection-cache.c
+++ b/docs/examples/shared-connection-cache.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/simple.c b/docs/examples/simple.c
index 38134c394..8579b0ba5 100644
--- a/docs/examples/simple.c
+++ b/docs/examples/simple.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/simplepost.c b/docs/examples/simplepost.c
index 95564d75f..89435afa6 100644
--- a/docs/examples/simplepost.c
+++ b/docs/examples/simplepost.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/simplessl.c b/docs/examples/simplessl.c
index 879672b3f..1be805cc3 100644
--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smooth-gtk-thread.c b/docs/examples/smooth-gtk-thread.c
index c9923746f..906660f99 100644
--- a/docs/examples/smooth-gtk-thread.c
+++ b/docs/examples/smooth-gtk-thread.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-authzid.c b/docs/examples/smtp-authzid.c
index d48a811c8..d86e1bada 100644
--- a/docs/examples/smtp-authzid.c
+++ b/docs/examples/smtp-authzid.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-expn.c b/docs/examples/smtp-expn.c
index dc2351af1..e8ba530ad 100644
--- a/docs/examples/smtp-expn.c
+++ b/docs/examples/smtp-expn.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-mail.c b/docs/examples/smtp-mail.c
index 5f3fcfddb..77e6cc4e9 100644
--- a/docs/examples/smtp-mail.c
+++ b/docs/examples/smtp-mail.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-mime.c b/docs/examples/smtp-mime.c
index 76a91eb4b..872dbff6c 100644
--- a/docs/examples/smtp-mime.c
+++ b/docs/examples/smtp-mime.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-multi.c b/docs/examples/smtp-multi.c
index 80b156bd0..d80077f8c 100644
--- a/docs/examples/smtp-multi.c
+++ b/docs/examples/smtp-multi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-ssl.c b/docs/examples/smtp-ssl.c
index 4ccf7686d..f09f7f495 100644
--- a/docs/examples/smtp-ssl.c
+++ b/docs/examples/smtp-ssl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-tls.c b/docs/examples/smtp-tls.c
index c33c902de..e6fec1906 100644
--- a/docs/examples/smtp-tls.c
+++ b/docs/examples/smtp-tls.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/smtp-vrfy.c b/docs/examples/smtp-vrfy.c
index d88bfc7d8..64d931095 100644
--- a/docs/examples/smtp-vrfy.c
+++ b/docs/examples/smtp-vrfy.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/sslbackend.c b/docs/examples/sslbackend.c
index e07d1905e..76744730f 100644
--- a/docs/examples/sslbackend.c
+++ b/docs/examples/sslbackend.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c
index b617dd6ab..1c0579a08 100644
--- a/docs/examples/synctime.c
+++ b/docs/examples/synctime.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/threaded-ssl.c b/docs/examples/threaded-ssl.c
index 09292c49a..f58e44741 100644
--- a/docs/examples/threaded-ssl.c
+++ b/docs/examples/threaded-ssl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/url2file.c b/docs/examples/url2file.c
index c01bcf3e4..f95d57464 100644
--- a/docs/examples/url2file.c
+++ b/docs/examples/url2file.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/urlapi.c b/docs/examples/urlapi.c
index 11962abc5..2f446e60c 100644
--- a/docs/examples/urlapi.c
+++ b/docs/examples/urlapi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/usercertinmem.c b/docs/examples/usercertinmem.c
index f8fada460..12a2b7937 100644
--- a/docs/examples/usercertinmem.c
+++ b/docs/examples/usercertinmem.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/examples/version-check.pl b/docs/examples/version-check.pl
index aca37995a..932d154bd 100755
--- a/docs/examples/version-check.pl
+++ b/docs/examples/version-check.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/examples/xmlstream.c b/docs/examples/xmlstream.c
index ae5963b95..76a8e48cc 100644
--- a/docs/examples/xmlstream.c
+++ b/docs/examples/xmlstream.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/.gitignore b/docs/libcurl/.gitignore
index 5deb37fb7..fd35ad0fc 100644
--- a/docs/libcurl/.gitignore
+++ b/docs/libcurl/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/docs/libcurl/ABI.md b/docs/libcurl/ABI.md
index f03363327..408ea1094 100644
--- a/docs/libcurl/ABI.md
+++ b/docs/libcurl/ABI.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/docs/libcurl/CMakeLists.txt b/docs/libcurl/CMakeLists.txt
index e90d9bbd5..c83b5c91c 100644
--- a/docs/libcurl/CMakeLists.txt
+++ b/docs/libcurl/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/Makefile.am b/docs/libcurl/Makefile.am
index aa0eda05a..8d512a6c2 100644
--- a/docs/libcurl/Makefile.am
+++ b/docs/libcurl/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/Makefile.inc b/docs/libcurl/Makefile.inc
index 3e62ff0b0..a815d0796 100644
--- a/docs/libcurl/Makefile.inc
+++ b/docs/libcurl/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2008 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_cleanup.3 b/docs/libcurl/curl_easy_cleanup.3
index ba8f82a46..81702dd08 100644
--- a/docs/libcurl/curl_easy_cleanup.3
+++ b/docs/libcurl/curl_easy_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_duphandle.3 b/docs/libcurl/curl_easy_duphandle.3
index a1a561e57..df8ede961 100644
--- a/docs/libcurl/curl_easy_duphandle.3
+++ b/docs/libcurl/curl_easy_duphandle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_escape.3 b/docs/libcurl/curl_easy_escape.3
index b4594817e..2c211307e 100644
--- a/docs/libcurl/curl_easy_escape.3
+++ b/docs/libcurl/curl_easy_escape.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_getinfo.3 b/docs/libcurl/curl_easy_getinfo.3
index 5813bd6e0..c190cb501 100644
--- a/docs/libcurl/curl_easy_getinfo.3
+++ b/docs/libcurl/curl_easy_getinfo.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_header.3 b/docs/libcurl/curl_easy_header.3
index 186f0be36..47e8388ec 100644
--- a/docs/libcurl/curl_easy_header.3
+++ b/docs/libcurl/curl_easy_header.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -134,20 +134,7 @@ CURLHcode h =
 Added in 7.83.0. Officially supported since 7.84.0.
 .SH RETURN VALUE
 This function returns a CURLHcode indicating success or error.
-.IP "CURLHE_BADINDEX (1)"
-There is no header with the requested index.
-.IP "CURLHE_MISSING (2)"
-No such header exists.
-.IP "CURLHE_NOHEADERS (3)"
-No headers at all have been recorded.
-.IP "CURLHE_NOREQUEST (4)"
-There was no such request number.
-.IP "CURLHE_OUT_OF_MEMORY (5)"
-Out of resources
-.IP "CURLHE_BAD_ARGUMENT (6)"
-One or more of the given arguments are bad.
-.IP "CURLHE_NOT_BUILT_IN (7)"
-HTTP or the header API has been disabled in the build.
 .SH "SEE ALSO"
 .BR curl_easy_nextheader "(3), " curl_easy_perform "(3), "
-.BR CURLOPT_HEADERFUNCTION "(3), " CURLINFO_CONTENT_TYPE "(3) "
+.BR CURLOPT_HEADERFUNCTION "(3), " CURLINFO_CONTENT_TYPE "(3), "
+.BR libcurl-errors "(3) "
diff --git a/docs/libcurl/curl_easy_init.3 b/docs/libcurl/curl_easy_init.3
index 65b7d2f74..f54ad0e8a 100644
--- a/docs/libcurl/curl_easy_init.3
+++ b/docs/libcurl/curl_easy_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_nextheader.3 b/docs/libcurl/curl_easy_nextheader.3
index 7980eb47e..7437cbea1 100644
--- a/docs/libcurl/curl_easy_nextheader.3
+++ b/docs/libcurl/curl_easy_nextheader.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_option_by_id.3 b/docs/libcurl/curl_easy_option_by_id.3
index 734cd6924..7a7380ace 100644
--- a/docs/libcurl/curl_easy_option_by_id.3
+++ b/docs/libcurl/curl_easy_option_by_id.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_option_by_name.3 b/docs/libcurl/curl_easy_option_by_name.3
index f7e315a23..e4688fbfe 100644
--- a/docs/libcurl/curl_easy_option_by_name.3
+++ b/docs/libcurl/curl_easy_option_by_name.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_option_next.3 b/docs/libcurl/curl_easy_option_next.3
index 58adf78d1..bbd68ffa7 100644
--- a/docs/libcurl/curl_easy_option_next.3
+++ b/docs/libcurl/curl_easy_option_next.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_pause.3 b/docs/libcurl/curl_easy_pause.3
index d602fc88e..96f2d2a36 100644
--- a/docs/libcurl/curl_easy_pause.3
+++ b/docs/libcurl/curl_easy_pause.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_perform.3 b/docs/libcurl/curl_easy_perform.3
index 77d7f59a2..bb914b9c8 100644
--- a/docs/libcurl/curl_easy_perform.3
+++ b/docs/libcurl/curl_easy_perform.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_recv.3 b/docs/libcurl/curl_easy_recv.3
index 22e128f5a..21fc0cad1 100644
--- a/docs/libcurl/curl_easy_recv.3
+++ b/docs/libcurl/curl_easy_recv.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_reset.3 b/docs/libcurl/curl_easy_reset.3
index a46b54310..d8d28f3b9 100644
--- a/docs/libcurl/curl_easy_reset.3
+++ b/docs/libcurl/curl_easy_reset.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_send.3 b/docs/libcurl/curl_easy_send.3
index ce7e0d9d0..6ec647cae 100644
--- a/docs/libcurl/curl_easy_send.3
+++ b/docs/libcurl/curl_easy_send.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 9295d84aa..da90e5c19 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_strerror.3 b/docs/libcurl/curl_easy_strerror.3
index eda4f8d1e..0bdb38e99 100644
--- a/docs/libcurl/curl_easy_strerror.3
+++ b/docs/libcurl/curl_easy_strerror.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_unescape.3 b/docs/libcurl/curl_easy_unescape.3
index e68c6dcef..8d85a1e9a 100644
--- a/docs/libcurl/curl_easy_unescape.3
+++ b/docs/libcurl/curl_easy_unescape.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_easy_upkeep.3 b/docs/libcurl/curl_easy_upkeep.3
index c32c72d87..9bdc6d244 100644
--- a/docs/libcurl/curl_easy_upkeep.3
+++ b/docs/libcurl/curl_easy_upkeep.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_escape.3 b/docs/libcurl/curl_escape.3
index 58036f68f..f7b1372f3 100644
--- a/docs/libcurl/curl_escape.3
+++ b/docs/libcurl/curl_escape.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_formadd.3 b/docs/libcurl/curl_formadd.3
index 04e10b3f2..0d6fe5e36 100644
--- a/docs/libcurl/curl_formadd.3
+++ b/docs/libcurl/curl_formadd.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_formfree.3 b/docs/libcurl/curl_formfree.3
index fc0a25c43..2dde5f245 100644
--- a/docs/libcurl/curl_formfree.3
+++ b/docs/libcurl/curl_formfree.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_formget.3 b/docs/libcurl/curl_formget.3
index 7b55014be..e8a4f36c0 100644
--- a/docs/libcurl/curl_formget.3
+++ b/docs/libcurl/curl_formget.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_free.3 b/docs/libcurl/curl_free.3
index 2f384010a..7513c89d1 100644
--- a/docs/libcurl/curl_free.3
+++ b/docs/libcurl/curl_free.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -28,7 +28,7 @@ curl_free - reclaim memory that has been obtained through a libcurl call
 .nf
 #include <curl/curl.h>
 
-void curl_free(char *ptr);
+void curl_free(void *ptr);
 .fi
 .SH DESCRIPTION
 curl_free reclaims memory that has been obtained through a libcurl call. Use
diff --git a/docs/libcurl/curl_getdate.3 b/docs/libcurl/curl_getdate.3
index ffe8201fe..dd50757ba 100644
--- a/docs/libcurl/curl_getdate.3
+++ b/docs/libcurl/curl_getdate.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -97,8 +97,9 @@ calendar date.
 .SH STANDARDS
 This parser handles date formats specified in RFC 822 (including the update in
 RFC 1123) using time zone name or time zone delta and RFC 850 (obsoleted by
-RFC 1036) and ANSI C's \fIasctime()\fP format. These formats are the only ones
-RFC 7231 says HTTP applications may use.
+RFC 1036) and ANSI C's \fIasctime()\fP format.
+
+These formats are the only ones RFC 7231 says HTTP applications may use.
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
diff --git a/docs/libcurl/curl_getenv.3 b/docs/libcurl/curl_getenv.3
index 51218ca1b..35388c7b0 100644
--- a/docs/libcurl/curl_getenv.3
+++ b/docs/libcurl/curl_getenv.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_global_cleanup.3 b/docs/libcurl/curl_global_cleanup.3
index 983f03422..9b07f2381 100644
--- a/docs/libcurl/curl_global_cleanup.3
+++ b/docs/libcurl/curl_global_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_global_init.3 b/docs/libcurl/curl_global_init.3
index 09a34e4bc..b8f5b673e 100644
--- a/docs/libcurl/curl_global_init.3
+++ b/docs/libcurl/curl_global_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_global_init_mem.3 b/docs/libcurl/curl_global_init_mem.3
index 8699756c4..478e7ba18 100644
--- a/docs/libcurl/curl_global_init_mem.3
+++ b/docs/libcurl/curl_global_init_mem.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_global_sslset.3 b/docs/libcurl/curl_global_sslset.3
index c1e791afe..d0d1afe12 100644
--- a/docs/libcurl/curl_global_sslset.3
+++ b/docs/libcurl/curl_global_sslset.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ typedef struct {
 
 typedef enum {
   CURLSSLBACKEND_NONE = 0,
-  CURLSSLBACKEND_OPENSSL = 1,
+  CURLSSLBACKEND_OPENSSL = 1, /* or one of its forks */
   CURLSSLBACKEND_GNUTLS = 2,
   CURLSSLBACKEND_NSS = 3,
   CURLSSLBACKEND_GSKIT = 5,
@@ -45,8 +45,9 @@ typedef enum {
   CURLSSLBACKEND_SECURETRANSPORT = 9,
   CURLSSLBACKEND_AXTLS = 10, /* deprecated */
   CURLSSLBACKEND_MBEDTLS = 11,
-  CURLSSLBACKEND_MESALINK = 12,
-  CURLSSLBACKEND_BEARSSL = 13
+  CURLSSLBACKEND_MESALINK = 12, /* deprecated */
+  CURLSSLBACKEND_BEARSSL = 13,
+  CURLSSLBACKEND_RUSTLS = 14
 } curl_sslbackend;
 
 CURLsslset curl_global_sslset(curl_sslbackend id,
@@ -88,6 +89,15 @@ This function is thread-safe since libcurl 7.84.0 if
 If this is not thread-safe, you must not call this function when any other
 thread in the program (i.e. a thread sharing the same memory) is running.
 This does not just mean no other thread that is using libcurl.
+.SH OpenSSL
+The name "OpenSSL" is used for all versions of OpenSSL and its associated
+forks/flavors in this function. OpenSSL, BoringSSL, libressl, quictls and
+AmiSSL are all supported by libcurl, but in the eyes of
+\fIcurl_global_sslset(3)\fP they are all just "OpenSSL". They all mostly
+provide the same API.
+
+\fIcurl_version_info(3)\fP can return more specific info about the exact
+OpenSSL flavor and version number is use.
 .SH EXAMPLE
 .nf
   /* choose a specific backend */
diff --git a/docs/libcurl/curl_mime_addpart.3 b/docs/libcurl/curl_mime_addpart.3
index 0eb3b6265..5ddf3af85 100644
--- a/docs/libcurl/curl_mime_addpart.3
+++ b/docs/libcurl/curl_mime_addpart.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_data.3 b/docs/libcurl/curl_mime_data.3
index 24bc58bed..c724bdea7 100644
--- a/docs/libcurl/curl_mime_data.3
+++ b/docs/libcurl/curl_mime_data.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_data_cb.3 b/docs/libcurl/curl_mime_data_cb.3
index 8882ebbc5..4222b6c08 100644
--- a/docs/libcurl/curl_mime_data_cb.3
+++ b/docs/libcurl/curl_mime_data_cb.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_encoder.3 b/docs/libcurl/curl_mime_encoder.3
index dad13e80a..a6c831e73 100644
--- a/docs/libcurl/curl_mime_encoder.3
+++ b/docs/libcurl/curl_mime_encoder.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_filedata.3 b/docs/libcurl/curl_mime_filedata.3
index ade613e0d..e2a3c1bd6 100644
--- a/docs/libcurl/curl_mime_filedata.3
+++ b/docs/libcurl/curl_mime_filedata.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_filename.3 b/docs/libcurl/curl_mime_filename.3
index f63d70d0b..febb94357 100644
--- a/docs/libcurl/curl_mime_filename.3
+++ b/docs/libcurl/curl_mime_filename.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_free.3 b/docs/libcurl/curl_mime_free.3
index f4b3ac462..9067fcc26 100644
--- a/docs/libcurl/curl_mime_free.3
+++ b/docs/libcurl/curl_mime_free.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_headers.3 b/docs/libcurl/curl_mime_headers.3
index 86c038211..2f200164e 100644
--- a/docs/libcurl/curl_mime_headers.3
+++ b/docs/libcurl/curl_mime_headers.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_init.3 b/docs/libcurl/curl_mime_init.3
index 09c3ee166..dc7f7b1f1 100644
--- a/docs/libcurl/curl_mime_init.3
+++ b/docs/libcurl/curl_mime_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_name.3 b/docs/libcurl/curl_mime_name.3
index 10fe35fb5..94bd90386 100644
--- a/docs/libcurl/curl_mime_name.3
+++ b/docs/libcurl/curl_mime_name.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_subparts.3 b/docs/libcurl/curl_mime_subparts.3
index 294832571..d7fc86379 100644
--- a/docs/libcurl/curl_mime_subparts.3
+++ b/docs/libcurl/curl_mime_subparts.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mime_type.3 b/docs/libcurl/curl_mime_type.3
index de9c036eb..cd24c9b4b 100644
--- a/docs/libcurl/curl_mime_type.3
+++ b/docs/libcurl/curl_mime_type.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_mprintf.3 b/docs/libcurl/curl_mprintf.3
index 35a3baa18..750c5616b 100644
--- a/docs/libcurl/curl_mprintf.3
+++ b/docs/libcurl/curl_mprintf.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_add_handle.3 b/docs/libcurl/curl_multi_add_handle.3
index 7237eba08..3de671a4f 100644
--- a/docs/libcurl/curl_multi_add_handle.3
+++ b/docs/libcurl/curl_multi_add_handle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_assign.3 b/docs/libcurl/curl_multi_assign.3
index 147e2e3a8..2ac3f75c7 100644
--- a/docs/libcurl/curl_multi_assign.3
+++ b/docs/libcurl/curl_multi_assign.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_cleanup.3 b/docs/libcurl/curl_multi_cleanup.3
index 09a44cd1b..9b684a551 100644
--- a/docs/libcurl/curl_multi_cleanup.3
+++ b/docs/libcurl/curl_multi_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_fdset.3 b/docs/libcurl/curl_multi_fdset.3
index 5265b06fb..c2aad0f20 100644
--- a/docs/libcurl/curl_multi_fdset.3
+++ b/docs/libcurl/curl_multi_fdset.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_info_read.3 b/docs/libcurl/curl_multi_info_read.3
index 1b099a946..044a5c188 100644
--- a/docs/libcurl/curl_multi_info_read.3
+++ b/docs/libcurl/curl_multi_info_read.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_init.3 b/docs/libcurl/curl_multi_init.3
index d1c4446a6..349507424 100644
--- a/docs/libcurl/curl_multi_init.3
+++ b/docs/libcurl/curl_multi_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_perform.3 b/docs/libcurl/curl_multi_perform.3
index 36b7b8234..e4731fb70 100644
--- a/docs/libcurl/curl_multi_perform.3
+++ b/docs/libcurl/curl_multi_perform.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_poll.3 b/docs/libcurl/curl_multi_poll.3
index dca6be43c..60a30548b 100644
--- a/docs/libcurl/curl_multi_poll.3
+++ b/docs/libcurl/curl_multi_poll.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_remove_handle.3 b/docs/libcurl/curl_multi_remove_handle.3
index 9543ece4a..5d3a1678b 100644
--- a/docs/libcurl/curl_multi_remove_handle.3
+++ b/docs/libcurl/curl_multi_remove_handle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_setopt.3 b/docs/libcurl/curl_multi_setopt.3
index ef366ab03..1d0845fc9 100644
--- a/docs/libcurl/curl_multi_setopt.3
+++ b/docs/libcurl/curl_multi_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_socket.3 b/docs/libcurl/curl_multi_socket.3
index b0fb69970..d62925284 100644
--- a/docs/libcurl/curl_multi_socket.3
+++ b/docs/libcurl/curl_multi_socket.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_socket_action.3 b/docs/libcurl/curl_multi_socket_action.3
index 8513e52d3..16f942baa 100644
--- a/docs/libcurl/curl_multi_socket_action.3
+++ b/docs/libcurl/curl_multi_socket_action.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_strerror.3 b/docs/libcurl/curl_multi_strerror.3
index cafce1b5a..bcb1d4263 100644
--- a/docs/libcurl/curl_multi_strerror.3
+++ b/docs/libcurl/curl_multi_strerror.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_timeout.3 b/docs/libcurl/curl_multi_timeout.3
index 80ca42c67..4590fd7e1 100644
--- a/docs/libcurl/curl_multi_timeout.3
+++ b/docs/libcurl/curl_multi_timeout.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_wait.3 b/docs/libcurl/curl_multi_wait.3
index cf3260814..c798e2cdd 100644
--- a/docs/libcurl/curl_multi_wait.3
+++ b/docs/libcurl/curl_multi_wait.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_multi_wakeup.3 b/docs/libcurl/curl_multi_wakeup.3
index 89a3d2ea4..dfc3eeb52 100644
--- a/docs/libcurl/curl_multi_wakeup.3
+++ b/docs/libcurl/curl_multi_wakeup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_share_cleanup.3 b/docs/libcurl/curl_share_cleanup.3
index 234671292..4c4a32ac8 100644
--- a/docs/libcurl/curl_share_cleanup.3
+++ b/docs/libcurl/curl_share_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_share_init.3 b/docs/libcurl/curl_share_init.3
index bf36c1a46..28776aca5 100644
--- a/docs/libcurl/curl_share_init.3
+++ b/docs/libcurl/curl_share_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_share_setopt.3 b/docs/libcurl/curl_share_setopt.3
index aef3d513a..d3aca5cf2 100644
--- a/docs/libcurl/curl_share_setopt.3
+++ b/docs/libcurl/curl_share_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_share_strerror.3 b/docs/libcurl/curl_share_strerror.3
index dc66f0936..7a91916e3 100644
--- a/docs/libcurl/curl_share_strerror.3
+++ b/docs/libcurl/curl_share_strerror.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_slist_append.3 b/docs/libcurl/curl_slist_append.3
index ba664b1a1..cb8264cc0 100644
--- a/docs/libcurl/curl_slist_append.3
+++ b/docs/libcurl/curl_slist_append.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_slist_free_all.3 b/docs/libcurl/curl_slist_free_all.3
index 222d6db39..c33a0afe0 100644
--- a/docs/libcurl/curl_slist_free_all.3
+++ b/docs/libcurl/curl_slist_free_all.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_strequal.3 b/docs/libcurl/curl_strequal.3
index b97061dcf..0a9048b42 100644
--- a/docs/libcurl/curl_strequal.3
+++ b/docs/libcurl/curl_strequal.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_unescape.3 b/docs/libcurl/curl_unescape.3
index 43f7dc4d9..c067f1b52 100644
--- a/docs/libcurl/curl_unescape.3
+++ b/docs/libcurl/curl_unescape.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_url.3 b/docs/libcurl/curl_url.3
index de941a120..ac4ba83e9 100644
--- a/docs/libcurl/curl_url.3
+++ b/docs/libcurl/curl_url.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_url_cleanup.3 b/docs/libcurl/curl_url_cleanup.3
index 0d95b43cf..836f4b60f 100644
--- a/docs/libcurl/curl_url_cleanup.3
+++ b/docs/libcurl/curl_url_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_url_dup.3 b/docs/libcurl/curl_url_dup.3
index 66f48ecb7..3eb061740 100644
--- a/docs/libcurl/curl_url_dup.3
+++ b/docs/libcurl/curl_url_dup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_url_get.3 b/docs/libcurl/curl_url_get.3
index d86d93754..9dc46231d 100644
--- a/docs/libcurl/curl_url_get.3
+++ b/docs/libcurl/curl_url_get.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,6 +41,10 @@ The \fIwhat\fP argument should be the particular part to extract (see list
 below) and \fIpart\fP points to a 'char *' to get updated to point to a newly
 allocated string with the contents.
 
+The URL API has no particular maximum length for URL fiends. In the real
+world, excessively long field in URLs will cause problems even if this API
+accepts them. This function can return very large ones.
+
 The \fIflags\fP argument is a bitmask with individual features.
 
 The returned part pointer must be freed with \fIcurl_free(3)\fP after use.
@@ -76,30 +80,53 @@ typically using non-ASCII bytes that otherwise will be percent-encoded.
 
 Note that even when not asking for URL encoding, the '%' (byte 37) will be URL
 encoded to make sure the host name remains valid.
+.IP CURLU_PUNYCODE
+If set and \fICURLU_URLENCODE\fP is not set, and asked to retrieve the
+\fBCURLUPART_HOST\fP or \fBCURLUPART_URL\fP parts, libcurl returns the host
+name in its punycode version if it contains any non-ASCII octets (and is an
+IDN name).
+
+If libcurl is built without IDN capabilities, using this bit will make
+\fIcurl_url_get(3)\fP return \fICURLUE_LACKS_IDN\fP if the host name contains
+anything outside the ASCII range.
+
+(Added in curl 7.88.0)
 .SH PARTS
 .IP CURLUPART_URL
 When asked to return the full URL, \fIcurl_url_get(3)\fP will return a
 normalized and possibly cleaned up version of what was previously parsed.
+
+We advise using the \fICURLU_PUNYCODE\fP option to get the URL as "normalized"
+as possible since IDN allows host names to be written in many different ways
+that still end up the same punycode version.
 .IP CURLUPART_SCHEME
 Scheme cannot be URL decoded on get.
 .IP CURLUPART_USER
 .IP CURLUPART_PASSWORD
 .IP CURLUPART_OPTIONS
+The options field is an optional field that might follow the password in the
+userinfo part. It is only recognized/used when parsing URLs for the following
+schemes: pop3, smtp and imap. The URL API still allows users to set and get
+this field independently of scheme when not parsing full URLs.
 .IP CURLUPART_HOST
 The host name. If it is an IPv6 numeric address, the zone id will not be part
 of it but is provided separately in \fICURLUPART_ZONEID\fP. IPv6 numerical
 addresses are returned within brackets ([]).
+
+IPv6 names are normalized when set, which should make them as short as
+possible while maintaining correct syntax.
 .IP CURLUPART_ZONEID
 If the host name is a numeric IPv6 address, this field might also be set.
 .IP CURLUPART_PORT
-Port cannot be URL decoded on get.
+A port cannot be URL decoded on get. This number is returned in a string just
+like all other parts. That string is guaranteed to hold a valid port number in
+ASCII using base 10.
 .IP CURLUPART_PATH
-\fIpart\fP will be '/' even if no path is supplied in the URL.
+The \fIpart\fP will be '/' even if no path is supplied in the URL. A URL path
+always starts with a slash.
 .IP CURLUPART_QUERY
-The initial question mark that denotes the beginning of the query part is
-a delimiter only.
-It is not part of the query contents.
-
+The initial question mark that denotes the beginning of the query part is a
+delimiter only.  It is not part of the query contents.
 
 A not-present query will lead \fIpart\fP to be set to NULL.
 A zero-length query will lead \fIpart\fP to be set to a zero-length string.
@@ -107,6 +134,8 @@ A zero-length query will lead \fIpart\fP to be set to a zero-length string.
 The query part will also get pluses converted to space when asked to URL
 decode on get with the CURLU_URLDECODE bit.
 .IP CURLUPART_FRAGMENT
+The initial hash sign that denotes the beginning of the fragment is a
+delimiter only. It is not part of the fragment contents.
 .SH EXAMPLE
 .nf
   CURLUcode rc;
diff --git a/docs/libcurl/curl_url_set.3 b/docs/libcurl/curl_url_set.3
index 6f458959b..36d4a44e9 100644
--- a/docs/libcurl/curl_url_set.3
+++ b/docs/libcurl/curl_url_set.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -54,6 +54,10 @@ does not know about, the \fBCURLU_NON_SUPPORT_SCHEME\fP flags bit must be
 set. Otherwise, this function returns \fICURLUE_UNSUPPORTED_SCHEME\fP on URL
 schemes it does not recognize.
 
+This function call has no particular maximum length for any provided input
+string. In the real world, excessively long field in URLs will cause problems
+even if this API accepts them.
+
 The \fIflags\fP argument is a bitmask with independent features.
 .SH PARTS
 .IP CURLUPART_URL
@@ -66,16 +70,25 @@ will be replaced with the information of the newly set URL.
 Pass a pointer to a null-terminated string to the \fIurl\fP parameter. The
 string must point to a correctly formatted "RFC 3986+" URL or be a NULL
 pointer.
+
+Unless \fICURLU_NO_AUTHORITY\fP is set, a blank host name is not allowed in
+the URL.
 .IP CURLUPART_SCHEME
 Scheme cannot be URL decoded on set. libcurl only accepts setting schemes up
 to 40 bytes long.
 .IP CURLUPART_USER
 .IP CURLUPART_PASSWORD
 .IP CURLUPART_OPTIONS
+The options field is an optional field that might follow the password in the
+userinfo part. It is only recognized/used when parsing URLs for the following
+schemes: pop3, smtp and imap. This function however allows users to
+independently set this field at will.
 .IP CURLUPART_HOST
 The host name. If it is IDNA the string must then be encoded as your locale
 says or UTF-8 (when WinIDN is used). If it is a bracketed IPv6 numeric address
 it may contain a zone id (or you can use CURLUPART_ZONEID).
+
+Unless \fICURLU_NO_AUTHORITY\fP is set, a blank host name is not allowed to set.
 .IP CURLUPART_ZONEID
 If the host name is a numeric IPv6 address, this field can also be set.
 .IP CURLUPART_PORT
diff --git a/docs/libcurl/curl_url_strerror.3 b/docs/libcurl/curl_url_strerror.3
index aaa541e18..0778d79c0 100644
--- a/docs/libcurl/curl_url_strerror.3
+++ b/docs/libcurl/curl_url_strerror.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_version.3 b/docs/libcurl/curl_version.3
index aa131647d..75f75cd4d 100644
--- a/docs/libcurl/curl_version.3
+++ b/docs/libcurl/curl_version.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_version_info.3 b/docs/libcurl/curl_version_info.3
index a6c28a7d3..96c942d4d 100644
--- a/docs/libcurl/curl_version_info.3
+++ b/docs/libcurl/curl_version_info.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -311,7 +311,7 @@ curl_version_info_data *ver = curl_version_info(CURLVERSION_NOW);
 printf("libcurl version %u.%u.%u\\n",
        (ver->version_num >> 16) & 0xff,
        (ver->version_num >> 8) & 0xff,
-       ver->version_num & 0xff,
+       ver->version_num & 0xff);
 .fi
 .SH AVAILABILITY
 Added in 7.10
diff --git a/docs/libcurl/curl_ws_meta.3 b/docs/libcurl/curl_ws_meta.3
index 73107ddc4..3914baadd 100644
--- a/docs/libcurl/curl_ws_meta.3
+++ b/docs/libcurl/curl_ws_meta.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/curl_ws_recv.3 b/docs/libcurl/curl_ws_recv.3
index 3fd71c3e7..487027145 100644
--- a/docs/libcurl/curl_ws_recv.3
+++ b/docs/libcurl/curl_ws_recv.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -59,6 +59,10 @@ Added in 7.86.0.
 Returns \fBCURLE_OK\fP if everything is okay, and a non-zero number for
 errors. Returns \fBCURLE_GOT_NOTHING\fP if the associated connection is
 closed.
+
+Instead of blocking, the function returns \fBCURLE_AGAIN\fP. The correct
+behavior is then to wait for the socket to signal readability before calling
+this function again.
 .SH "SEE ALSO"
 .BR curl_easy_setopt "(3), " curl_easy_perform "(3), "
 .BR curl_easy_getinfo "(3), "
diff --git a/docs/libcurl/curl_ws_send.3 b/docs/libcurl/curl_ws_send.3
index 19c10c32e..bf4801e44 100644
--- a/docs/libcurl/curl_ws_send.3
+++ b/docs/libcurl/curl_ws_send.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -53,6 +53,8 @@ should be set to zero.
 If \fBCURLWS_RAW_MODE\fP is enabled in \fICURLOPT_WS_OPTIONS(3)\fP, the
 \fBflags\fP argument should be set to 0.
 
+To send a message consisting of multiple frames, set the \fICURLWS_CONT\fP bit
+in all frames except the final one.
 .SH FLAGS
 .IP CURLWS_TEXT
 The buffer contains text data. Note that this makes a difference to WebSocket
diff --git a/docs/libcurl/libcurl-easy.3 b/docs/libcurl/libcurl-easy.3
index 79eb6d95a..f0392e643 100644
--- a/docs/libcurl/libcurl-easy.3
+++ b/docs/libcurl/libcurl-easy.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl-env.3 b/docs/libcurl/libcurl-env.3
index 8db55acd2..57dd4921d 100644
--- a/docs/libcurl/libcurl-env.3
+++ b/docs/libcurl/libcurl-env.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl-errors.3 b/docs/libcurl/libcurl-errors.3
index 7121ba828..6948bbb26 100644
--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -412,6 +412,23 @@ The scheme part of the URL contained bad or invalid characters.
 The URL contained an invalid number of slashes.
 .IP "CURLUE_BAD_USER (29)"
 The user part of the URL contained bad or invalid characters.
+.SH "CURLHcode"
+The header interface returns a \fICURLHcode\fP to indicate when an error has
+occurred.
+.IP "CURLHE_BADINDEX (1)"
+There is no header with the requested index.
+.IP "CURLHE_MISSING (2)"
+No such header exists.
+.IP "CURLHE_NOHEADERS (3)"
+No headers at all have been recorded.
+.IP "CURLHE_NOREQUEST (4)"
+There was no such request number.
+.IP "CURLHE_OUT_OF_MEMORY (5)"
+Out of resources
+.IP "CURLHE_BAD_ARGUMENT (6)"
+One or more of the given arguments are bad.
+.IP "CURLHE_NOT_BUILT_IN (7)"
+HTTP support or the header API has been disabled in the build.
 .SH "SEE ALSO"
 .BR curl_easy_strerror "(3), " curl_multi_strerror "(3), "
 .BR curl_share_strerror "(3), " curl_url_strerror "(3), "
diff --git a/docs/libcurl/libcurl-multi.3 b/docs/libcurl/libcurl-multi.3
index 55bed7cc2..fd504a75a 100644
--- a/docs/libcurl/libcurl-multi.3
+++ b/docs/libcurl/libcurl-multi.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3
index 4f307aee4..beee2f82d 100644
--- a/docs/libcurl/libcurl-security.3
+++ b/docs/libcurl/libcurl-security.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl-share.3 b/docs/libcurl/libcurl-share.3
index 88a3c5210..30bb43f03 100644
--- a/docs/libcurl/libcurl-share.3
+++ b/docs/libcurl/libcurl-share.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl-thread.3 b/docs/libcurl/libcurl-thread.3
index 32562c780..fecb8cfd6 100644
--- a/docs/libcurl/libcurl-thread.3
+++ b/docs/libcurl/libcurl-thread.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl-tutorial.3 b/docs/libcurl/libcurl-tutorial.3
index d9ab5a4c6..3f7ee413d 100644
--- a/docs/libcurl/libcurl-tutorial.3
+++ b/docs/libcurl/libcurl-tutorial.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl-url.3 b/docs/libcurl/libcurl-url.3
index 830fec9ce..f52c13b3f 100644
--- a/docs/libcurl/libcurl-url.3
+++ b/docs/libcurl/libcurl-url.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -137,6 +137,9 @@ Now the URL looks like
 .fi
 .SH AVAILABILITY
 The URL API was introduced in libcurl 7.62.0.
+
+A URL with a literal IPv6 address can be parsed even when IPv6 support is not
+enabled.
 .SH "SEE ALSO"
 .BR curl_url "(3), " curl_url_cleanup "(3), " curl_url_get "(3), "
 .BR curl_url_dup "(3), " curl_url_set "(3), " curl_url_strerror "(3), "
diff --git a/docs/libcurl/libcurl.3 b/docs/libcurl/libcurl.3
index c1ed7c0bb..9aea44811 100644
--- a/docs/libcurl/libcurl.3
+++ b/docs/libcurl/libcurl.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/libcurl.m4 b/docs/libcurl/libcurl.m4
index 0908a028e..d02092073 100644
--- a/docs/libcurl/libcurl.m4
+++ b/docs/libcurl/libcurl.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2006 - 2022, David Shaw <dshaw@jabberwocky.com>
+# Copyright (C) David Shaw <dshaw@jabberwocky.com>
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -199,9 +199,10 @@ if (x) {;}
            _libcurl_save_libs=$LIBS
            LIBS="$LIBS $LIBCURL"
 
-           AC_CHECK_FUNC(curl_free,,
-              AC_DEFINE(curl_free,free,
-                [Define curl_free() as free() if our version of curl lacks curl_free.]))
+           AC_CHECK_DECL([curl_free],[],
+              [AC_DEFINE([curl_free],[free],
+                [Define curl_free() as free() if our version of curl lacks curl_free.])],
+              [[#include <curl/curl.h>]])
 
            CPPFLAGS=$_libcurl_save_cppflags
            LIBS=$_libcurl_save_libs
diff --git a/docs/libcurl/mksymbolsmanpage.pl b/docs/libcurl/mksymbolsmanpage.pl
index 8d1ddd044..591056523 100755
--- a/docs/libcurl/mksymbolsmanpage.pl
+++ b/docs/libcurl/mksymbolsmanpage.pl
@@ -6,7 +6,7 @@
 # *                            | (__| |_| |  _ <| |___
 # *                             \___|\___/|_| \_\_____|
 # *
-# * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 # *
 # * This software is licensed as described in the file COPYING, which
 # * you should have received as part of this distribution. The terms
@@ -37,7 +37,7 @@ print <<HEADER
 .\\" *                            | (__| |_| |  _ <| |___
 .\\" *                             \\___|\\___/|_| \\_\\_____|
 .\\" *
-.\\" * Copyright (C) 1998 - $year, Daniel Stenberg, <daniel\@haxx.se>, et al.
+.\\" * Copyright (C) Daniel Stenberg, <daniel\@haxx.se>, et al.
 .\\" *
 .\\" * This software is licensed as described in the file COPYING, which
 .\\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CMakeLists.txt b/docs/libcurl/opts/CMakeLists.txt
index 10d8c5f85..152a08a35 100644
--- a/docs/libcurl/opts/CMakeLists.txt
+++ b/docs/libcurl/opts/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2009 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3 b/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3
index 04a6b711a..363803a9a 100644
--- a/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3
+++ b/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3 b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3
index 3173a5741..2a891800e 100644
--- a/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3
+++ b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.3 b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.3
index 99f1e5306..a596f468f 100644
--- a/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CAINFO.3 b/docs/libcurl/opts/CURLINFO_CAINFO.3
index 70ecc4c65..a740b78fa 100644
--- a/docs/libcurl/opts/CURLINFO_CAINFO.3
+++ b/docs/libcurl/opts/CURLINFO_CAINFO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CAPATH.3 b/docs/libcurl/opts/CURLINFO_CAPATH.3
index 28e84c171..d71bcc7a2 100644
--- a/docs/libcurl/opts/CURLINFO_CAPATH.3
+++ b/docs/libcurl/opts/CURLINFO_CAPATH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CERTINFO.3 b/docs/libcurl/opts/CURLINFO_CERTINFO.3
index 1e604cccf..1a6c480a5 100644
--- a/docs/libcurl/opts/CURLINFO_CERTINFO.3
+++ b/docs/libcurl/opts/CURLINFO_CERTINFO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3 b/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3
index f3c0e1bd9..4f8e9ec88 100644
--- a/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3
+++ b/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3 b/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3
index de81ff3db..4af87b4d6 100644
--- a/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3
+++ b/docs/libcurl/opts/CURLINFO_CONNECT_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.3 b/docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.3
index c4b930964..e0fda0df4 100644
--- a/docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3 b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3
index d200727c0..ef00716ae 100644
--- a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3
+++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
index f852f46c7..398be65f6 100644
--- a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
+++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3 b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3
index 85f0c83f8..0a8f0f6fd 100644
--- a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3
+++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3 b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3
index 9334d29fd..08a64b1af 100644
--- a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3
+++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3 b/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3
index c0b7bb64f..b48d14464 100644
--- a/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3
+++ b/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_COOKIELIST.3 b/docs/libcurl/opts/CURLINFO_COOKIELIST.3
index 7f66215a1..e1bb917e7 100644
--- a/docs/libcurl/opts/CURLINFO_COOKIELIST.3
+++ b/docs/libcurl/opts/CURLINFO_COOKIELIST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.3 b/docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.3
index ae79741cd..1c958555a 100644
--- a/docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.3
+++ b/docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3 b/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3
index c98c320fd..bb1f331c6 100644
--- a/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3
+++ b/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_FILETIME.3 b/docs/libcurl/opts/CURLINFO_FILETIME.3
index 5c34ffc8d..c6a1b881f 100644
--- a/docs/libcurl/opts/CURLINFO_FILETIME.3
+++ b/docs/libcurl/opts/CURLINFO_FILETIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_FILETIME_T.3 b/docs/libcurl/opts/CURLINFO_FILETIME_T.3
index cb6c4a941..4ccc6ba64 100644
--- a/docs/libcurl/opts/CURLINFO_FILETIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_FILETIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3 b/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3
index fa5cdac4f..9c487a61c 100644
--- a/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3
+++ b/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3 b/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3
index 6e4726505..1102fee8a 100644
--- a/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3
+++ b/docs/libcurl/opts/CURLINFO_HEADER_SIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3 b/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3
index 09e05dddb..2e3c16692 100644
--- a/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3
+++ b/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3 b/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3
index eb7f069c7..aa9d687a5 100644
--- a/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3
+++ b/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3 b/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3
index 5c3c15584..fec09912a 100644
--- a/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3
+++ b/docs/libcurl/opts/CURLINFO_HTTP_VERSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_LASTSOCKET.3 b/docs/libcurl/opts/CURLINFO_LASTSOCKET.3
index e4749d7da..08afdf4a0 100644
--- a/docs/libcurl/opts/CURLINFO_LASTSOCKET.3
+++ b/docs/libcurl/opts/CURLINFO_LASTSOCKET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_LOCAL_IP.3 b/docs/libcurl/opts/CURLINFO_LOCAL_IP.3
index e9d4042a8..dad745d22 100644
--- a/docs/libcurl/opts/CURLINFO_LOCAL_IP.3
+++ b/docs/libcurl/opts/CURLINFO_LOCAL_IP.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3 b/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3
index 9d81cc1dd..f50430189 100644
--- a/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3
+++ b/docs/libcurl/opts/CURLINFO_LOCAL_PORT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3 b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3
index 6c42d62db..e7cad2065 100644
--- a/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3
+++ b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.3 b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.3
index b1cbc2cf1..a4e72018b 100644
--- a/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3 b/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3
index 19dd930f8..ce676eb1d 100644
--- a/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3
+++ b/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_OS_ERRNO.3 b/docs/libcurl/opts/CURLINFO_OS_ERRNO.3
index 05cfb008b..fe8d5d4d1 100644
--- a/docs/libcurl/opts/CURLINFO_OS_ERRNO.3
+++ b/docs/libcurl/opts/CURLINFO_OS_ERRNO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3 b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3
index 2b3e8009d..4103782ec 100644
--- a/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3
+++ b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.3 b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.3
index 04579ce33..3c115ebf0 100644
--- a/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3 b/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3
index 4109d394c..6ab1b5414 100644
--- a/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3
+++ b/docs/libcurl/opts/CURLINFO_PRIMARY_IP.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3 b/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3
index 318d34fcd..cff5bbd73 100644
--- a/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3
+++ b/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PRIVATE.3 b/docs/libcurl/opts/CURLINFO_PRIVATE.3
index 632bc3d3d..29b9d3006 100644
--- a/docs/libcurl/opts/CURLINFO_PRIVATE.3
+++ b/docs/libcurl/opts/CURLINFO_PRIVATE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PROTOCOL.3 b/docs/libcurl/opts/CURLINFO_PROTOCOL.3
index ae8f55eef..fb5a6d1d3 100644
--- a/docs/libcurl/opts/CURLINFO_PROTOCOL.3
+++ b/docs/libcurl/opts/CURLINFO_PROTOCOL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3 b/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3
index 0fed03ff1..e14e0241d 100644
--- a/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3
+++ b/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PROXY_ERROR.3 b/docs/libcurl/opts/CURLINFO_PROXY_ERROR.3
index 45100cd27..2952cde26 100644
--- a/docs/libcurl/opts/CURLINFO_PROXY_ERROR.3
+++ b/docs/libcurl/opts/CURLINFO_PROXY_ERROR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3 b/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3
index 4c9a8ac29..dea72d136 100644
--- a/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3
+++ b/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3 b/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3
index 037679842..62d484265 100644
--- a/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3
+++ b/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3 b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3
index f8a56bacb..de50915b0 100644
--- a/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3
+++ b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.3 b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.3
index a1e003125..c884cf2b3 100644
--- a/docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3 b/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3
index 63366a6a3..69b74155d 100644
--- a/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3
+++ b/docs/libcurl/opts/CURLINFO_REDIRECT_URL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_REFERER.3 b/docs/libcurl/opts/CURLINFO_REFERER.3
index bc342b2eb..0a59b5ee8 100644
--- a/docs/libcurl/opts/CURLINFO_REFERER.3
+++ b/docs/libcurl/opts/CURLINFO_REFERER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3 b/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3
index fef978fe0..d807dca5c 100644
--- a/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3
+++ b/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3 b/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3
index f833a3f91..1d664aac4 100644
--- a/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3
+++ b/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_RETRY_AFTER.3 b/docs/libcurl/opts/CURLINFO_RETRY_AFTER.3
index 14755888f..6cbedcaff 100644
--- a/docs/libcurl/opts/CURLINFO_RETRY_AFTER.3
+++ b/docs/libcurl/opts/CURLINFO_RETRY_AFTER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3 b/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3
index 5ab6f22bf..e2f96d366 100644
--- a/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3
+++ b/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3 b/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3
index 17efe83bb..086105d16 100644
--- a/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3
+++ b/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3 b/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3
index 30b06e89b..a1ced741b 100644
--- a/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3
+++ b/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3 b/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3
index c6e2440f6..d80b5bc39 100644
--- a/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3
+++ b/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SCHEME.3 b/docs/libcurl/opts/CURLINFO_SCHEME.3
index 086748c2d..65ff114a6 100644
--- a/docs/libcurl/opts/CURLINFO_SCHEME.3
+++ b/docs/libcurl/opts/CURLINFO_SCHEME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3 b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3
index 5be913306..b6efebe34 100644
--- a/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3
+++ b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3 b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3
index 04e6db0ff..f45498109 100644
--- a/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3
+++ b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3 b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3
index fd66bbac2..cdf557441 100644
--- a/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3
+++ b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3 b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3
index fda09af25..c3922f909 100644
--- a/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3
+++ b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3 b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3
index 0015df246..11d749082 100644
--- a/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3
+++ b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3 b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3
index dba9e070d..0076a30f6 100644
--- a/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3
+++ b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3 b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3
index f2555e24d..52e6b4d19 100644
--- a/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3
+++ b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3 b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3
index a2348a038..27cd40af4 100644
--- a/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3
+++ b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3 b/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3
index 242c591d2..2e500de8a 100644
--- a/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3
+++ b/docs/libcurl/opts/CURLINFO_SSL_ENGINES.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3 b/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3
index 5bf2409c0..0565a644f 100644
--- a/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3
+++ b/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3 b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3
index 9edb68342..0c0127cea 100644
--- a/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3
+++ b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.3 b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.3
index 2941828b8..baabf9658 100644
--- a/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_TLS_SESSION.3 b/docs/libcurl/opts/CURLINFO_TLS_SESSION.3
index f438398ca..66efc52da 100644
--- a/docs/libcurl/opts/CURLINFO_TLS_SESSION.3
+++ b/docs/libcurl/opts/CURLINFO_TLS_SESSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
index 529385346..38f18a973 100644
--- a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
+++ b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3 b/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3
index d22f5a256..7202a2576 100644
--- a/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3
+++ b/docs/libcurl/opts/CURLINFO_TOTAL_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.3 b/docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.3
index 3d5babfb4..a8fe8d4ab 100644
--- a/docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.3
+++ b/docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 b/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3
index b15288735..52b530057 100644
--- a/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3
+++ b/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 b/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3
index f6a01e142..8b004dd48 100644
--- a/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3
+++ b/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3 b/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3
index 87d44a8f8..6ed4bcede 100644
--- a/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3
+++ b/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.3 b/docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.3
index 7d06b96ac..01c10961d 100644
--- a/docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.3
+++ b/docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3 b/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3
index 4c172892e..b5a2d4b73 100644
--- a/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3
+++ b/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3 b/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3
index e399f61f7..cde091f2b 100644
--- a/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3
+++ b/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3 b/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3
index 250899f5d..eb3deece1 100644
--- a/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3
+++ b/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_PIPELINING.3 b/docs/libcurl/opts/CURLMOPT_PIPELINING.3
index 650f1588a..62349ca89 100644
--- a/docs/libcurl/opts/CURLMOPT_PIPELINING.3
+++ b/docs/libcurl/opts/CURLMOPT_PIPELINING.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3 b/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3
index e68c5755f..56007fe71 100644
--- a/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3
+++ b/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3 b/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3
index 3074ad6dd..5e144d530 100644
--- a/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3
+++ b/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLMOPT_PUSHDATA.3 b/docs/libcurl/opts/CURLMOPT_PUSHDATA.3
index 9ddc1fd0d..fc844f35a 100644
--- a/docs/libcurl/opts/CURLMOPT_PUSHDATA.3
+++ b/docs/libcurl/opts/CURLMOPT_PUSHDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -46,10 +46,10 @@ int push_callback(CURL *parent,
                   CURL *easy,
                   size_t num_headers,
                   struct curl_pushheaders *headers,
-                  void *userp)
+                  void *clientp)
 {
   char *headp;
-  int *transfers = (int *)userp;
+  int *transfers = (int *)clientp;
   FILE *out;
   headp = curl_pushheader_byname(headers, ":path");
   if(headp && !strncmp(headp, "/push-", 6)) {
diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3
index fa2d966f7..498ec805e 100644
--- a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3
+++ b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ int curl_push_callback(CURL *parent,
                        CURL *easy,
                        size_t num_headers,
                        struct curl_pushheaders *headers,
-                       void *userp);
+                       void *clientp);
 
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHFUNCTION,
                             curl_push_callback func);
@@ -63,7 +63,7 @@ functions described below. This only accesses and provides the PUSH_PROMISE
 headers, the normal response headers will be provided in the header callback
 as usual.
 
-\fIuserp\fP is the pointer set with \fICURLMOPT_PUSHDATA(3)\fP
+\fIclientp\fP is the pointer set with \fICURLMOPT_PUSHDATA(3)\fP
 
 If the callback returns CURL_PUSH_OK, the 'easy' handle will be added to the
 multi handle, the callback must not do that by itself.
@@ -104,10 +104,10 @@ int push_callback(CURL *parent,
                   CURL *easy,
                   size_t num_headers,
                   struct curl_pushheaders *headers,
-                  void *userp)
+                  void *clientp)
 {
   char *headp;
-  int *transfers = (int *)userp;
+  int *transfers = (int *)clientp;
   FILE *out;
   headp = curl_pushheader_byname(headers, ":path");
   if(headp && !strncmp(headp, "/push-", 6)) {
diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3 b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3
index b3b233240..fab5560c4 100644
--- a/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3
+++ b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ A data \fIpointer\fP to pass to the socket callback set with the
 \fICURLMOPT_SOCKETFUNCTION(3)\fP option.
 
 This pointer will not be touched by libcurl but will only be passed in to the
-socket callbacks's \fBuserp\fP argument.
+socket callbacks's \fBclientp\fP argument.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3
index 4e276a83a..f732b6db9 100644
--- a/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3
+++ b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -32,7 +32,7 @@ CURLMOPT_SOCKETFUNCTION \- callback informed about what to wait for
 int socket_callback(CURL *easy,      /* easy handle */
                     curl_socket_t s, /* socket */
                     int what,        /* describes the socket */
-                    void *userp,     /* private callback pointer */
+                    void *clientp,     /* private callback pointer */
                     void *socketp);  /* private socket pointer */
 
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETFUNCTION, socket_callback);
@@ -63,7 +63,7 @@ The socket callback should return 0 on success, and -1 on error. If this
 callback returns error, \fBall\fP transfers currently in progress in this
 multi handle will be aborted and fail.
 
-\fBuserp\fP is set with \fICURLMOPT_SOCKETDATA(3)\fP.
+\fBclientp\fP is set with \fICURLMOPT_SOCKETDATA(3)\fP.
 
 \fBsocketp\fP is set with \fIcurl_multi_assign(3)\fP or will be NULL.
 
diff --git a/docs/libcurl/opts/CURLMOPT_TIMERDATA.3 b/docs/libcurl/opts/CURLMOPT_TIMERDATA.3
index 553d2522a..8d7e9c374 100644
--- a/docs/libcurl/opts/CURLMOPT_TIMERDATA.3
+++ b/docs/libcurl/opts/CURLMOPT_TIMERDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ A data \fBpointer\fP to pass to the timer callback set with the
 \fICURLMOPT_TIMERFUNCTION(3)\fP option.
 
 This pointer will not be touched by libcurl but will only be passed in to the
-timer callbacks's \fBuserp\fP argument.
+timer callbacks's \fBclientp\fP argument.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
@@ -53,9 +53,9 @@ static gboolean timeout_cb(gpointer user_data)
   return G_SOURCE_REMOVE;
 }
 
-static int timerfunc(CURLM *multi, long timeout_ms, void *userp)
+static int timerfunc(CURLM *multi, long timeout_ms, void *clientp)
 {
-  guint *id = userp;
+  guint *id = clientp;
 
   if(id)
     g_source_remove(*id);
diff --git a/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3
index 78c1e8163..8611eafaa 100644
--- a/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3
+++ b/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -31,7 +31,7 @@ CURLMOPT_TIMERFUNCTION \- callback to receive timeout values
 
 int timer_callback(CURLM *multi,    /* multi handle */
                    long timeout_ms, /* timeout in number of ms */
-                   void *userp);    /* private callback pointer */
+                   void *clientp);    /* private callback pointer */
 
 CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERFUNCTION, timer_callback);
 .SH DESCRIPTION
@@ -52,7 +52,7 @@ the timer. All other values are valid expire times in number of milliseconds.
 The \fBtimer_callback\fP will only be called when the timeout expire time is
 changed.
 
-The \fBuserp\fP pointer is set with \fICURLMOPT_TIMERDATA(3)\fP.
+The \fBclientp\fP pointer is set with \fICURLMOPT_TIMERDATA(3)\fP.
 
 The timer callback should return 0 on success, and -1 on error. If this
 callback returns error, \fBall\fP transfers currently in progress in this
@@ -82,9 +82,9 @@ static gboolean timeout_cb(gpointer user_data)
   return G_SOURCE_REMOVE;
 }
 
-static int timerfunc(CURLM *multi, long timeout_ms, void *userp)
+static int timerfunc(CURLM *multi, long timeout_ms, void *clientp)
 {
-  guint *id = userp;
+  guint *id = clientp;
 
   if(id)
     g_source_remove(*id);
diff --git a/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3 b/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3
index 01691b173..f9ea1a8be 100644
--- a/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3
+++ b/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3 b/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3
index bb0e37887..e9cba01e9 100644
--- a/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3 b/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3
index 058be391d..e1ef9e795 100644
--- a/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3
+++ b/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3 b/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3
index 6894ec2e1..f1a00d8e4 100644
--- a/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3
+++ b/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ALTSVC.3 b/docs/libcurl/opts/CURLOPT_ALTSVC.3
index e2ada903b..c0d754ed2 100644
--- a/docs/libcurl/opts/CURLOPT_ALTSVC.3
+++ b/docs/libcurl/opts/CURLOPT_ALTSVC.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.3 b/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.3
index f42f3496b..d0b27e087 100644
--- a/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.3
+++ b/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_APPEND.3 b/docs/libcurl/opts/CURLOPT_APPEND.3
index c488fffad..d36b51c21 100644
--- a/docs/libcurl/opts/CURLOPT_APPEND.3
+++ b/docs/libcurl/opts/CURLOPT_APPEND.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_AUTOREFERER.3 b/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
index e880eac26..c38ec5993 100644
--- a/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
+++ b/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3 b/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3
index 900e1840f..d4519fc95 100644
--- a/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3
+++ b/docs/libcurl/opts/CURLOPT_AWS_SIGV4.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -101,5 +101,9 @@ calculation.  For POST requests, this is a checksum of the provided
 \fICURLOPT_POSTFIELDS(3)\fP.  Otherwise, it's the checksum of an empty buffer.
 For requests like PUT, you can provide your own checksum in a HTTP header named
 \fBx-provider2-content-sha256\fP.
+.PP
+For \fBaws:s3\fP, a \fBx-amz-content-sha256\fP header is added to every request
+if not already present. For s3 requests with unknown payload, this header takes
+the special value "UNSIGNED-PAYLOAD".
 .SH "SEE ALSO"
 .BR CURLOPT_HEADEROPT "(3), " CURLOPT_HTTPHEADER "(3), "
diff --git a/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3 b/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3
index 073e4b3b7..7e6a19a07 100644
--- a/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3
+++ b/docs/libcurl/opts/CURLOPT_BUFFERSIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,11 +41,13 @@ This is just treated as a request, not an order. You cannot be guaranteed to
 actually get the given size.
 
 This buffer size is by default \fICURL_MAX_WRITE_SIZE\fP (16kB). The maximum
-buffer size allowed to be set is \fICURL_MAX_READ_SIZE\fP (512kB). The minimum
+buffer size allowed to be set is \fICURL_MAX_READ_SIZE\fP (10MB). The minimum
 buffer size allowed to be set is 1024.
 
 DO NOT set this option on a handle that is currently used for an active
 transfer as that may lead to unintended consequences.
+
+The maximum size was 512kB until 7.88.0.
 .SH DEFAULT
 CURL_MAX_WRITE_SIZE (16kB)
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.3 b/docs/libcurl/opts/CURLOPT_CAINFO.3
index c02950fc9..171701943 100644
--- a/docs/libcurl/opts/CURLOPT_CAINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CAINFO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.3 b/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.3
index 6371a230b..790865063 100644
--- a/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.3 b/docs/libcurl/opts/CURLOPT_CAPATH.3
index 565c02f38..5f77d796e 100644
--- a/docs/libcurl/opts/CURLOPT_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.3 b/docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.3
index a91535bc4..70c8fd16d 100644
--- a/docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.3
+++ b/docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CERTINFO.3 b/docs/libcurl/opts/CURLOPT_CERTINFO.3
index ad65765e2..563b7067e 100644
--- a/docs/libcurl/opts/CURLOPT_CERTINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CERTINFO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3
index fd0ed1d79..3d9cc7c74 100644
--- a/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 b/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3
index 2c00a6cee..b06c52e70 100644
--- a/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3
+++ b/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3
index 813554ea9..b01a0de55 100644
--- a/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3 b/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3
index d3d47731b..1c1194a07 100644
--- a/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3
+++ b/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3 b/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3
index d9a3e0f17..2d85fe71b 100644
--- a/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3 b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3
index f5f5a9f7c..f472361e2 100644
--- a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3
+++ b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3 b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3
index 7b55bae95..4cc5fe438 100644
--- a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3 b/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3
index 97f33beb9..8f22cbd8a 100644
--- a/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3
+++ b/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CONNECT_TO.3 b/docs/libcurl/opts/CURLOPT_CONNECT_TO.3
index 8955dd73f..a21e88261 100644
--- a/docs/libcurl/opts/CURLOPT_CONNECT_TO.3
+++ b/docs/libcurl/opts/CURLOPT_CONNECT_TO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3
index dd9c8a3e1..49c2ae4d5 100644
--- a/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3
index 501306f18..d00983039 100644
--- a/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3
index 0e53d2041..df80c4573 100644
--- a/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_COOKIE.3 b/docs/libcurl/opts/CURLOPT_COOKIE.3
index 6ff0826e3..b36386553 100644
--- a/docs/libcurl/opts/CURLOPT_COOKIE.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_COOKIEFILE.3 b/docs/libcurl/opts/CURLOPT_COOKIEFILE.3
index 4d2514cd1..d5704749c 100644
--- a/docs/libcurl/opts/CURLOPT_COOKIEFILE.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIEFILE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_COOKIEJAR.3 b/docs/libcurl/opts/CURLOPT_COOKIEJAR.3
index fa554265e..7b2900ad4 100644
--- a/docs/libcurl/opts/CURLOPT_COOKIEJAR.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIEJAR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_COOKIELIST.3 b/docs/libcurl/opts/CURLOPT_COOKIELIST.3
index bd1a31096..f626c9c5a 100644
--- a/docs/libcurl/opts/CURLOPT_COOKIELIST.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIELIST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_COOKIESESSION.3 b/docs/libcurl/opts/CURLOPT_COOKIESESSION.3
index 9e9d3747e..5b53b0433 100644
--- a/docs/libcurl/opts/CURLOPT_COOKIESESSION.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIESESSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3 b/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3
index e8040c230..af7137bbd 100644
--- a/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3
+++ b/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CRLF.3 b/docs/libcurl/opts/CURLOPT_CRLF.3
index bd32ee7de..1ee158319 100644
--- a/docs/libcurl/opts/CURLOPT_CRLF.3
+++ b/docs/libcurl/opts/CURLOPT_CRLF.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CRLFILE.3 b/docs/libcurl/opts/CURLOPT_CRLFILE.3
index 6f48c43a9..17a7d65c8 100644
--- a/docs/libcurl/opts/CURLOPT_CRLFILE.3
+++ b/docs/libcurl/opts/CURLOPT_CRLFILE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CURLU.3 b/docs/libcurl/opts/CURLOPT_CURLU.3
index f4dfa9d60..c1bab9163 100644
--- a/docs/libcurl/opts/CURLOPT_CURLU.3
+++ b/docs/libcurl/opts/CURLOPT_CURLU.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3 b/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3
index 0a1b19464..506ec5714 100644
--- a/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3
+++ b/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DEBUGDATA.3 b/docs/libcurl/opts/CURLOPT_DEBUGDATA.3
index 90b0b4e9b..7326c8495 100644
--- a/docs/libcurl/opts/CURLOPT_DEBUGDATA.3
+++ b/docs/libcurl/opts/CURLOPT_DEBUGDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 b/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3
index 7ef3e48f7..29d379e65 100644
--- a/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -44,7 +44,7 @@ int debug_callback(CURL *handle,
                    curl_infotype type,
                    char *data,
                    size_t size,
-                   void *userptr);
+                   void *clientp);
 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DEBUGFUNCTION,
                           debug_callback);
@@ -59,7 +59,7 @@ return 0. The \fIdata\fP pointed to by the char * passed to this function WILL
 NOT be null-terminated, but will be exactly of the \fIsize\fP as told by the
 \fIsize\fP argument.
 
-The \fIuserptr\fP argument is the pointer set with \fICURLOPT_DEBUGDATA(3)\fP.
+The \fIclientp\fP argument is the pointer set with \fICURLOPT_DEBUGDATA(3)\fP.
 
 Available \fBcurl_infotype\fP values:
 .IP CURLINFO_TEXT
@@ -120,11 +120,11 @@ void dump(const char *text,
 static
 int my_trace(CURL *handle, curl_infotype type,
              char *data, size_t size,
-             void *userp)
+             void *clientp)
 {
   const char *text;
   (void)handle; /* prevent compiler warning */
-  (void)userp;
+  (void)clientp;
 
   switch (type) {
   case CURLINFO_TEXT:
diff --git a/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3 b/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3
index 5c69aefd3..60c82ba13 100644
--- a/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3
+++ b/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3 b/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3
index 15e3f3d53..3a2442ac0 100644
--- a/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3
+++ b/docs/libcurl/opts/CURLOPT_DIRLISTONLY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.3 b/docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.3
index f331b1b62..2771bd6d7 100644
--- a/docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.3
+++ b/docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3 b/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3
index 103339343..fc16895be 100644
--- a/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3
+++ b/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3 b/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3
index 90c7030bc..ce9f44173 100644
--- a/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3
+++ b/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3 b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3
index 336b3b0c5..745e2c479 100644
--- a/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3
+++ b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3 b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3
index 13d937b32..53f150332 100644
--- a/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3
+++ b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3 b/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3
index ce65b9069..a900337f9 100644
--- a/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3
+++ b/docs/libcurl/opts/CURLOPT_DNS_SERVERS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.3 b/docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.3
index 4e5a977a0..dba5b00a9 100644
--- a/docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.3
+++ b/docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3 b/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3
index 9793c917a..b9bbfbe8a 100644
--- a/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3
+++ b/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3 b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3
index c59ab6399..9f9ed54c8 100644
--- a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3
+++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3
index 133f1f306..af1860b00 100644
--- a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3 b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3
index dac570d7d..a46624d9b 100644
--- a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3
+++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_DOH_URL.3 b/docs/libcurl/opts/CURLOPT_DOH_URL.3
index d5148d3c8..e7594994e 100644
--- a/docs/libcurl/opts/CURLOPT_DOH_URL.3
+++ b/docs/libcurl/opts/CURLOPT_DOH_URL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_EGDSOCKET.3 b/docs/libcurl/opts/CURLOPT_EGDSOCKET.3
index 9e5cafb98..101bebd06 100644
--- a/docs/libcurl/opts/CURLOPT_EGDSOCKET.3
+++ b/docs/libcurl/opts/CURLOPT_EGDSOCKET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3 b/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3
index e799d5163..af3287dae 100644
--- a/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3
+++ b/docs/libcurl/opts/CURLOPT_ERRORBUFFER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3 b/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3
index 1fc0cf663..06feb3308 100644
--- a/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FAILONERROR.3 b/docs/libcurl/opts/CURLOPT_FAILONERROR.3
index a858bf795..a788d3857 100644
--- a/docs/libcurl/opts/CURLOPT_FAILONERROR.3
+++ b/docs/libcurl/opts/CURLOPT_FAILONERROR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FILETIME.3 b/docs/libcurl/opts/CURLOPT_FILETIME.3
index 83d2f04a3..bf98034b2 100644
--- a/docs/libcurl/opts/CURLOPT_FILETIME.3
+++ b/docs/libcurl/opts/CURLOPT_FILETIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3 b/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3
index 8f7275616..a5b725451 100644
--- a/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3
+++ b/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3
index ac087c892..4389b9a58 100644
--- a/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3
index 0c2f4de83..419ed2e5e 100644
--- a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3
+++ b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3 b/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3
index 44c11d446..59b26199d 100644
--- a/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3
+++ b/docs/libcurl/opts/CURLOPT_FORBID_REUSE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3 b/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3
index 6d01387ae..5802cff0b 100644
--- a/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3
+++ b/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTPPORT.3 b/docs/libcurl/opts/CURLOPT_FTPPORT.3
index d9ba35639..a8dcd4f0d 100644
--- a/docs/libcurl/opts/CURLOPT_FTPPORT.3
+++ b/docs/libcurl/opts/CURLOPT_FTPPORT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3 b/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3
index 4e317fbc8..4314dc1c8 100644
--- a/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3
+++ b/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3 b/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3
index 50db213e9..cf936375c 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3 b/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3
index a7e7bdb9d..bc4c69074 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3 b/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3
index 67f2a6387..191450f4c 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3 b/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3
index db6c6071d..d2484dd05 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3 b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
index 7cf153660..a5b8089b0 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3 b/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3
index 225d945f3..123ae3be3 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3 b/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3
index 134bd864e..7e8947f04 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3 b/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3
index a842d9605..5b0624abf 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3 b/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3
index 48304a307..dc9aeef04 100644
--- a/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3
+++ b/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3 b/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3
index ef85dbc25..f7b6dfb33 100644
--- a/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3
+++ b/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 b/docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
index 932b0311b..cd27b714a 100644
--- a/docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.3 b/docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.3
index d99c33521..f066afd91 100644
--- a/docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.3
+++ b/docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HEADER.3 b/docs/libcurl/opts/CURLOPT_HEADER.3
index aaea07941..75509f580 100644
--- a/docs/libcurl/opts/CURLOPT_HEADER.3
+++ b/docs/libcurl/opts/CURLOPT_HEADER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HEADERDATA.3 b/docs/libcurl/opts/CURLOPT_HEADERDATA.3
index ab04724df..7311f2dce 100644
--- a/docs/libcurl/opts/CURLOPT_HEADERDATA.3
+++ b/docs/libcurl/opts/CURLOPT_HEADERDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,6 +40,10 @@ If \fICURLOPT_WRITEFUNCTION(3)\fP or \fICURLOPT_HEADERFUNCTION(3)\fP is used,
 
 If neither of those options are set, \fIpointer\fP must be a valid FILE * and
 it will be used by a plain fwrite() to write headers to.
+
+If you are using libcurl as a win32 DLL, you \fBMUST\fP use a
+\fICURLOPT_WRITEFUNCTION(3)\fP or \fICURLOPT_HEADERFUNCTION(3)\fP if you set
+this option or you will experience crashes.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 b/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3
index 33286470a..4c7ef0d02 100644
--- a/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HEADEROPT.3 b/docs/libcurl/opts/CURLOPT_HEADEROPT.3
index fb8625b99..ad08c9b96 100644
--- a/docs/libcurl/opts/CURLOPT_HEADEROPT.3
+++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HSTS.3 b/docs/libcurl/opts/CURLOPT_HSTS.3
index 559435399..3c1d85d90 100644
--- a/docs/libcurl/opts/CURLOPT_HSTS.3
+++ b/docs/libcurl/opts/CURLOPT_HSTS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HSTSREADDATA.3 b/docs/libcurl/opts/CURLOPT_HSTSREADDATA.3
index 16f255d84..c7e4187b1 100644
--- a/docs/libcurl/opts/CURLOPT_HSTSREADDATA.3
+++ b/docs/libcurl/opts/CURLOPT_HSTSREADDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.3 b/docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.3
index e27d31cda..edfb8b432 100644
--- a/docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ struct curl_hstsentry {
   char expire[18]; /* YYYYMMDD HH:MM:SS [null-terminated] */
 };
 
-CURLSTScode hstsread(CURL *easy, struct curl_hstsentry *sts, void *userp);
+CURLSTScode hstsread(CURL *easy, struct curl_hstsentry *sts, void *clientp);
 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTSREADFUNCTION, hstsread);
 .fi
@@ -46,8 +46,8 @@ Pass a pointer to your callback function, as the prototype shows above.
 This callback function gets called by libcurl repeatedly when it populates the
 in-memory HSTS cache.
 
-Set the \fIuserp\fP argument with the \fICURLOPT_HSTSREADDATA(3)\fP option or
-it will be NULL.
+Set the \fIclientp\fP argument with the \fICURLOPT_HSTSREADDATA(3)\fP option
+or it will be NULL.
 
 When this callback is invoked, the \fIsts\fP pointer points to a populated
 struct: Copy the host name to \fIname\fP (no longer than \fInamelen\fP
diff --git a/docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.3 b/docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.3
index e4e4c30cc..45f508249 100644
--- a/docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.3
+++ b/docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.3 b/docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.3
index 373f3e5ab..cbef705a2 100644
--- a/docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,7 +42,7 @@ struct curl_index {
 };
 
 CURLSTScode hstswrite(CURL *easy, struct curl_hstsentry *sts,
-                      struct curl_index *count, void *userp);
+                      struct curl_index *count, void *clientp);
 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTSWRITEFUNCTION, hstswrite);
 .fi
@@ -53,8 +53,8 @@ This callback function gets called by libcurl repeatedly to allow the
 application to store the in-memory HSTS cache when libcurl is about to discard
 it.
 
-Set the \fIuserp\fP argument with the \fICURLOPT_HSTSWRITEDATA(3)\fP option or
-it will be NULL.
+Set the \fIclientp\fP argument with the \fICURLOPT_HSTSWRITEDATA(3)\fP option
+or it will be NULL.
 
 When the callback is invoked, the \fIsts\fP pointer points to a populated
 struct: Read the host name to 'name' (it is \fInamelen\fP bytes long and null
diff --git a/docs/libcurl/opts/CURLOPT_HSTS_CTRL.3 b/docs/libcurl/opts/CURLOPT_HSTS_CTRL.3
index f43ad5895..d6469e0e4 100644
--- a/docs/libcurl/opts/CURLOPT_HSTS_CTRL.3
+++ b/docs/libcurl/opts/CURLOPT_HSTS_CTRL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022, 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3 b/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3
index 0ed43de9e..fead90b60 100644
--- a/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3
+++ b/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3 b/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3
index 9ad75c689..83dfad170 100644
--- a/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3
+++ b/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTPAUTH.3 b/docs/libcurl/opts/CURLOPT_HTTPAUTH.3
index e217f7822..4dc9c23ea 100644
--- a/docs/libcurl/opts/CURLOPT_HTTPAUTH.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPAUTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTPGET.3 b/docs/libcurl/opts/CURLOPT_HTTPGET.3
index 759d0e23d..b54b5d5ae 100644
--- a/docs/libcurl/opts/CURLOPT_HTTPGET.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPGET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
index 3458d9203..1c37f90ab 100644
--- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTPPOST.3 b/docs/libcurl/opts/CURLOPT_HTTPPOST.3
index 3941664eb..2320a56fd 100644
--- a/docs/libcurl/opts/CURLOPT_HTTPPOST.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPPOST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3 b/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3
index cd6dd94f6..23d90b5ee 100644
--- a/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3 b/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3
index 2d6d7426e..af41edbf0 100644
--- a/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3
+++ b/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3 b/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3
index e34169e2e..be784f72b 100644
--- a/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3
+++ b/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3
index 894dbf03e..4a2bc2bbc 100644
--- a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3
+++ b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,13 +66,12 @@ prior knowledge that the server supports HTTP/2 straight away. HTTPS requests
 will still do HTTP/2 the standard way with negotiated protocol version in the
 TLS handshake. (Added in 7.49.0)
 .IP CURL_HTTP_VERSION_3
-(Added in 7.66.0) Setting this value will make libcurl attempt to use HTTP/3
-directly to server given in the URL. Note that this cannot gracefully
-downgrade to earlier HTTP version if the server does not support HTTP/3.
-
-For more reliably upgrading to HTTP/3, set the preferred version to something
-lower and let the server announce its HTTP/3 support via Alt-Svc:. See
-\fICURLOPT_ALTSVC(3)\fP.
+(Added in 7.66.0) This option makes libcurl attempt to use HTTP/3 to the host
+given in the URL, with fallback to earlier HTTP versions if needed.
+.IP CURL_HTTP_VERSION_3ONLY
+(Added in 7.88.0) Setting this value will make libcurl attempt to use HTTP/3
+directly to server given in the URL but will not downgrade to earlier HTTP
+version if the server does not support HTTP/3.
 .SH DEFAULT
 Since curl 7.62.0: CURL_HTTP_VERSION_2TLS
 
diff --git a/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3 b/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3
index 9247ddcc7..00ac060ad 100644
--- a/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3
+++ b/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_INFILESIZE.3 b/docs/libcurl/opts/CURLOPT_INFILESIZE.3
index 23e3bff0d..265579963 100644
--- a/docs/libcurl/opts/CURLOPT_INFILESIZE.3
+++ b/docs/libcurl/opts/CURLOPT_INFILESIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3 b/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3
index d96d0486f..ae45e406e 100644
--- a/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_INTERFACE.3 b/docs/libcurl/opts/CURLOPT_INTERFACE.3
index 43aed3269..177d26dd8 100644
--- a/docs/libcurl/opts/CURLOPT_INTERFACE.3
+++ b/docs/libcurl/opts/CURLOPT_INTERFACE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3 b/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3
index 7370aa9da..b3c7d7bae 100644
--- a/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3
+++ b/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3 b/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3
index 211b5055e..0d32425f8 100644
--- a/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_IOCTLDATA.3 b/docs/libcurl/opts/CURLOPT_IOCTLDATA.3
index 32daa64ee..37adb49bb 100644
--- a/docs/libcurl/opts/CURLOPT_IOCTLDATA.3
+++ b/docs/libcurl/opts/CURLOPT_IOCTLDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3 b/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3
index 22d8f9ea4..893c10cec 100644
--- a/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_IPRESOLVE.3 b/docs/libcurl/opts/CURLOPT_IPRESOLVE.3
index 642becdfd..a8dae06d3 100644
--- a/docs/libcurl/opts/CURLOPT_IPRESOLVE.3
+++ b/docs/libcurl/opts/CURLOPT_IPRESOLVE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ISSUERCERT.3 b/docs/libcurl/opts/CURLOPT_ISSUERCERT.3
index f77e35d11..a79db176e 100644
--- a/docs/libcurl/opts/CURLOPT_ISSUERCERT.3
+++ b/docs/libcurl/opts/CURLOPT_ISSUERCERT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.3 b/docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.3
index d9ca8241a..a1263f528 100644
--- a/docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3 b/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3
index ef3b52ee3..03ba23318 100644
--- a/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3
+++ b/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_KEYPASSWD.3 b/docs/libcurl/opts/CURLOPT_KEYPASSWD.3
index 6849f7be9..c1b51af04 100644
--- a/docs/libcurl/opts/CURLOPT_KEYPASSWD.3
+++ b/docs/libcurl/opts/CURLOPT_KEYPASSWD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_KRBLEVEL.3 b/docs/libcurl/opts/CURLOPT_KRBLEVEL.3
index 3005d938c..8967ead78 100644
--- a/docs/libcurl/opts/CURLOPT_KRBLEVEL.3
+++ b/docs/libcurl/opts/CURLOPT_KRBLEVEL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_LOCALPORT.3 b/docs/libcurl/opts/CURLOPT_LOCALPORT.3
index f0707958a..35587f72b 100644
--- a/docs/libcurl/opts/CURLOPT_LOCALPORT.3
+++ b/docs/libcurl/opts/CURLOPT_LOCALPORT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3 b/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3
index 663124f44..a6af3c62b 100644
--- a/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3
+++ b/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3
index 8e4dc8358..423be8e22 100644
--- a/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3
+++ b/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3 b/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3
index 424d630b4..7803e5654 100644
--- a/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3
+++ b/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3 b/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3
index d57f0ccc6..ceda80a3b 100644
--- a/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3
+++ b/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3 b/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3
index 05baf7cd7..361a9c7c6 100644
--- a/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3
+++ b/docs/libcurl/opts/CURLOPT_MAIL_AUTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAIL_FROM.3 b/docs/libcurl/opts/CURLOPT_MAIL_FROM.3
index 360621b52..478f2fccc 100644
--- a/docs/libcurl/opts/CURLOPT_MAIL_FROM.3
+++ b/docs/libcurl/opts/CURLOPT_MAIL_FROM.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 b/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3
index 950dd4b5b..0a03dbaeb 100644
--- a/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3
+++ b/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLLOWFAILS.3 b/docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLLOWFAILS.3
index c87e363c8..ec9e4e51c 100644
--- a/docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLLOWFAILS.3
+++ b/docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLLOWFAILS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAXAGE_CONN.3 b/docs/libcurl/opts/CURLOPT_MAXAGE_CONN.3
index 01c7f8a74..5a41da533 100644
--- a/docs/libcurl/opts/CURLOPT_MAXAGE_CONN.3
+++ b/docs/libcurl/opts/CURLOPT_MAXAGE_CONN.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3 b/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3
index b5f726e22..741a682cb 100644
--- a/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3
+++ b/docs/libcurl/opts/CURLOPT_MAXCONNECTS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3 b/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3
index bcd7e9de3..1abf0fbcf 100644
--- a/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3
+++ b/docs/libcurl/opts/CURLOPT_MAXFILESIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3 b/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3
index f31449b2d..6be4d241c 100644
--- a/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.3 b/docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.3
index 80cc4fe7b..d6856e8a8 100644
--- a/docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.3
+++ b/docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAXREDIRS.3 b/docs/libcurl/opts/CURLOPT_MAXREDIRS.3
index b69dc66ad..d98c65bf9 100644
--- a/docs/libcurl/opts/CURLOPT_MAXREDIRS.3
+++ b/docs/libcurl/opts/CURLOPT_MAXREDIRS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3 b/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3
index 996a890be..53f341aec 100644
--- a/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3 b/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3
index 1e18c7f5e..a20135d9f 100644
--- a/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MIMEPOST.3 b/docs/libcurl/opts/CURLOPT_MIMEPOST.3
index 20a4456bc..45c6dd797 100644
--- a/docs/libcurl/opts/CURLOPT_MIMEPOST.3
+++ b/docs/libcurl/opts/CURLOPT_MIMEPOST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_MIME_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_MIME_OPTIONS.3
index 6f48f3fdb..398db2e02 100644
--- a/docs/libcurl/opts/CURLOPT_MIME_OPTIONS.3
+++ b/docs/libcurl/opts/CURLOPT_MIME_OPTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NETRC.3 b/docs/libcurl/opts/CURLOPT_NETRC.3
index d1b7880b0..e60edf500 100644
--- a/docs/libcurl/opts/CURLOPT_NETRC.3
+++ b/docs/libcurl/opts/CURLOPT_NETRC.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NETRC_FILE.3 b/docs/libcurl/opts/CURLOPT_NETRC_FILE.3
index 6795ee309..6953328d0 100644
--- a/docs/libcurl/opts/CURLOPT_NETRC_FILE.3
+++ b/docs/libcurl/opts/CURLOPT_NETRC_FILE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3 b/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3
index 7c4ffc067..e450d9fb9 100644
--- a/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3
+++ b/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3 b/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3
index 0d890fed2..4d5cabbe5 100644
--- a/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3
+++ b/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NOBODY.3 b/docs/libcurl/opts/CURLOPT_NOBODY.3
index a87cf44df..7470fa552 100644
--- a/docs/libcurl/opts/CURLOPT_NOBODY.3
+++ b/docs/libcurl/opts/CURLOPT_NOBODY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NOPROGRESS.3 b/docs/libcurl/opts/CURLOPT_NOPROGRESS.3
index 0d9008686..8da4454e9 100644
--- a/docs/libcurl/opts/CURLOPT_NOPROGRESS.3
+++ b/docs/libcurl/opts/CURLOPT_NOPROGRESS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.3 b/docs/libcurl/opts/CURLOPT_NOPROXY.3
index dc3cf7c10..c3d38d7f4 100644
--- a/docs/libcurl/opts/CURLOPT_NOPROXY.3
+++ b/docs/libcurl/opts/CURLOPT_NOPROXY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_NOSIGNAL.3 b/docs/libcurl/opts/CURLOPT_NOSIGNAL.3
index 416b2d758..ab466e8dc 100644
--- a/docs/libcurl/opts/CURLOPT_NOSIGNAL.3
+++ b/docs/libcurl/opts/CURLOPT_NOSIGNAL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3 b/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3
index f72c3188f..a369ca400 100644
--- a/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3
+++ b/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3 b/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3
index 898add719..f7abffd4d 100644
--- a/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PASSWORD.3 b/docs/libcurl/opts/CURLOPT_PASSWORD.3
index 5f29665cd..386dac040 100644
--- a/docs/libcurl/opts/CURLOPT_PASSWORD.3
+++ b/docs/libcurl/opts/CURLOPT_PASSWORD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3 b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3
index 871b20cfe..0847ba17e 100644
--- a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3
+++ b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
index 40279021a..88f2c7527 100644
--- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
+++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 b/docs/libcurl/opts/CURLOPT_PIPEWAIT.3
index d5f56579c..339a12e5f 100644
--- a/docs/libcurl/opts/CURLOPT_PIPEWAIT.3
+++ b/docs/libcurl/opts/CURLOPT_PIPEWAIT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PORT.3 b/docs/libcurl/opts/CURLOPT_PORT.3
index 1012bfad3..268cda704 100644
--- a/docs/libcurl/opts/CURLOPT_PORT.3
+++ b/docs/libcurl/opts/CURLOPT_PORT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_POST.3 b/docs/libcurl/opts/CURLOPT_POST.3
index f93e18786..81d72f2a5 100644
--- a/docs/libcurl/opts/CURLOPT_POST.3
+++ b/docs/libcurl/opts/CURLOPT_POST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_POSTFIELDS.3 b/docs/libcurl/opts/CURLOPT_POSTFIELDS.3
index f0fcda915..95e0026ad 100644
--- a/docs/libcurl/opts/CURLOPT_POSTFIELDS.3
+++ b/docs/libcurl/opts/CURLOPT_POSTFIELDS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3 b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3
index aceb32014..57ff8f4e4 100644
--- a/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3
+++ b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -32,10 +32,11 @@ CURLOPT_POSTFIELDSIZE \- size of POST data pointed to
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTFIELDSIZE, long size);
 .fi
 .SH DESCRIPTION
-If you want to post data to the server without having libcurl do a strlen() to
-measure the data size, this option must be used. When this option is used you
-can post fully binary data, which otherwise is likely to fail. If this size is
-set to -1, the library will use strlen() to get the size.
+If you want to post static data to the server without having libcurl do a
+strlen() to measure the data size, this option must be used. When this option
+is used you can post fully binary data, which otherwise is likely to fail. If
+this size is set to -1, the library will use strlen() to get the size or rely
+on the \fICURLOPT_READFUNCTION\fP (if used) to signal the end of data.
 
 If you post more than 2GB, use \fICURLOPT_POSTFIELDSIZE_LARGE(3)\fP.
 .SH DEFAULT
diff --git a/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3 b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3
index 391c49dc1..220ba0d3d 100644
--- a/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -32,10 +32,11 @@ CURLOPT_POSTFIELDSIZE_LARGE \- size of POST data pointed to
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTFIELDSIZE_LARGE,
                           curl_off_t size);
 .SH DESCRIPTION
-If you want to post data to the server without having libcurl do a strlen() to
-measure the data size, this option must be used. When this option is used you
-can post fully binary data, which otherwise is likely to fail. If this size is
-set to -1, the library will use strlen() to get the size.
+If you want to post static data to the server without having libcurl do a
+strlen() to measure the data size, this option must be used. When this option
+is used you can post fully binary data, which otherwise is likely to fail. If
+this size is set to -1, the library will use strlen() to get the size or rely
+on the \fICURLOPT_READFUNCTION\fP (if used) to signal the end of data.
 .SH DEFAULT
 -1
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/CURLOPT_POSTQUOTE.3 b/docs/libcurl/opts/CURLOPT_POSTQUOTE.3
index a402cfffe..2c6bacb98 100644
--- a/docs/libcurl/opts/CURLOPT_POSTQUOTE.3
+++ b/docs/libcurl/opts/CURLOPT_POSTQUOTE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_POSTREDIR.3 b/docs/libcurl/opts/CURLOPT_POSTREDIR.3
index 074e9df5a..1f3061bcf 100644
--- a/docs/libcurl/opts/CURLOPT_POSTREDIR.3
+++ b/docs/libcurl/opts/CURLOPT_POSTREDIR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PREQUOTE.3 b/docs/libcurl/opts/CURLOPT_PREQUOTE.3
index 40d3de171..2987f109f 100644
--- a/docs/libcurl/opts/CURLOPT_PREQUOTE.3
+++ b/docs/libcurl/opts/CURLOPT_PREQUOTE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PREREQDATA.3 b/docs/libcurl/opts/CURLOPT_PREREQDATA.3
index a865a6ac3..11e47e9d5 100644
--- a/docs/libcurl/opts/CURLOPT_PREREQDATA.3
+++ b/docs/libcurl/opts/CURLOPT_PREREQDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022, Max Dymond, <max.dymond@microsoft.com>, et al.
+.\" * Copyright (C) Max Dymond, <max.dymond@microsoft.com>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.3 b/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.3
index 050d64742..1e2397221 100644
--- a/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2022 - 2022, Max Dymond, <max.dymond@microsoft.com>, et al.
+.\" * Copyright (C) Max Dymond, <max.dymond@microsoft.com>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PRE_PROXY.3 b/docs/libcurl/opts/CURLOPT_PRE_PROXY.3
index 894b3c181..c3ca7dc37 100644
--- a/docs/libcurl/opts/CURLOPT_PRE_PROXY.3
+++ b/docs/libcurl/opts/CURLOPT_PRE_PROXY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PRIVATE.3 b/docs/libcurl/opts/CURLOPT_PRIVATE.3
index dd05a4f58..fbcdb5649 100644
--- a/docs/libcurl/opts/CURLOPT_PRIVATE.3
+++ b/docs/libcurl/opts/CURLOPT_PRIVATE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3 b/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3
index b8e479008..a905e7a7f 100644
--- a/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3
+++ b/docs/libcurl/opts/CURLOPT_PROGRESSDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -51,7 +51,7 @@ All
                                  double ultotal,
                                  double ulnow)
  {
-   struct memory *progress = (struct progress *)userp;
+   struct memory *progress = (struct progress *)clientp;
 
    /* use the values */
 
diff --git a/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3 b/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3
index cf1a2af51..657c5e98e 100644
--- a/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROTOCOLS.3 b/docs/libcurl/opts/CURLOPT_PROTOCOLS.3
index 8bb78c981..5da7e3355 100644
--- a/docs/libcurl/opts/CURLOPT_PROTOCOLS.3
+++ b/docs/libcurl/opts/CURLOPT_PROTOCOLS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.3 b/docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.3
index 825f941e8..6dbad3028 100644
--- a/docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.3
+++ b/docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY.3 b/docs/libcurl/opts/CURLOPT_PROXY.3
index 0205c7eda..22ec86d0c 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -118,6 +118,9 @@ Since 7.21.7 the proxy string supports the socks protocols as "schemes".
 
 Since 7.50.2, unsupported schemes in proxy strings cause libcurl to return
 error.
+
+curl built to use NSS cannot connect to a HTTPS server over a unix domain
+socket.
 .SH RETURN VALUE
 Returns CURLE_OK if proxies are supported, CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
diff --git a/docs/libcurl/opts/CURLOPT_PROXYAUTH.3 b/docs/libcurl/opts/CURLOPT_PROXYAUTH.3
index 84b5ea1f7..580d86767 100644
--- a/docs/libcurl/opts/CURLOPT_PROXYAUTH.3
+++ b/docs/libcurl/opts/CURLOPT_PROXYAUTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXYHEADER.3 b/docs/libcurl/opts/CURLOPT_PROXYHEADER.3
index 374ac93ec..a6ff75198 100644
--- a/docs/libcurl/opts/CURLOPT_PROXYHEADER.3
+++ b/docs/libcurl/opts/CURLOPT_PROXYHEADER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3 b/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3
index b39008f6d..b7ba5f137 100644
--- a/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3
+++ b/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXYPORT.3 b/docs/libcurl/opts/CURLOPT_PROXYPORT.3
index e79f24ae5..cd114c4ab 100644
--- a/docs/libcurl/opts/CURLOPT_PROXYPORT.3
+++ b/docs/libcurl/opts/CURLOPT_PROXYPORT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXYTYPE.3 b/docs/libcurl/opts/CURLOPT_PROXYTYPE.3
index 537f01aad..773723886 100644
--- a/docs/libcurl/opts/CURLOPT_PROXYTYPE.3
+++ b/docs/libcurl/opts/CURLOPT_PROXYTYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3 b/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3
index bb5808f71..6b0246d87 100644
--- a/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3
+++ b/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3 b/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3
index 3de4e94ba..d4d6bc13c 100644
--- a/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3
+++ b/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3 b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3
index 07b9a665a..4795a1fee 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.3 b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.3
index c4788ebe5..e1bc6eae4 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3 b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
index 90ebe2307..01f60a826 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3 b/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3
index ae49fd56e..9f1f59d97 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.3 b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.3
index d92ab6793..5d25fc37e 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.3 b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.3
index 0c994ff57..3580d3823 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3 b/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3
index 3fab2f40b..8a72fc819 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3
index 8a319e65a..2011c59b7 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3 b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3
index db9f838bc..c7596d531 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3
index 4273710e4..15e52f92e 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3
index 7bfc79442..ad25348a8 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.3
index 7c071fa57..af0d1cf1a 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3
index 670f1147d..718191af0 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3
index 7214c01b2..ac75cc73a 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.3
index fa908fb25..bab416e9d 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
index 0bb470d5a..f8281c2e4 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3
index 359ee4681..791450a1d 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3
index 745faa2cb..a3c7ad9aa 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -60,6 +60,12 @@ offline distribution points for those SSL backends where such behavior is
 present. This option is only supported for Schannel (the native Windows SSL
 library). If combined with \fICURLSSLOPT_NO_REVOKE\fP, the latter takes
 precedence. (Added in 7.70.0)
+.IP CURLSSLOPT_NATIVE_CA
+Tell libcurl to use the operating system's native CA store for certificate
+verification. Works only on Windows when built to use OpenSSL. If you set this
+option and also set a CA certificate file or directory then during verification
+those certificates are searched in addition to the native CA store.
+(Added in 7.71.0)
 .IP CURLSSLOPT_AUTO_CLIENT_CERT
 Tell libcurl to automatically locate and use a client certificate for
 authentication, when requested by the server. This option is only supported
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3
index 9eec07add..a8b08da00 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3
index 51ed2c437..079868b68 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3 b/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3
index 9700f106e..fc3633b2d 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3 b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3
index 8212844cc..8730d9a9c 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3 b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3
index 0d45be65c..37e08a784 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3 b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3
index 5ae522416..5ad00910e 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3 b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3
index b8a7daade..55d81639c 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_PUT.3 b/docs/libcurl/opts/CURLOPT_PUT.3
index ca6f72548..1501579b0 100644
--- a/docs/libcurl/opts/CURLOPT_PUT.3
+++ b/docs/libcurl/opts/CURLOPT_PUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_QUICK_EXIT.3 b/docs/libcurl/opts/CURLOPT_QUICK_EXIT.3
index 5f800bbd1..e1d1230c6 100644
--- a/docs/libcurl/opts/CURLOPT_QUICK_EXIT.3
+++ b/docs/libcurl/opts/CURLOPT_QUICK_EXIT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_QUOTE.3 b/docs/libcurl/opts/CURLOPT_QUOTE.3
index 01bd56c9d..a2183aeb1 100644
--- a/docs/libcurl/opts/CURLOPT_QUOTE.3
+++ b/docs/libcurl/opts/CURLOPT_QUOTE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3 b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3
index 9fe34f77e..a325fdfe9 100644
--- a/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3
+++ b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RANGE.3 b/docs/libcurl/opts/CURLOPT_RANGE.3
index 067f0e61b..d7eb2055c 100644
--- a/docs/libcurl/opts/CURLOPT_RANGE.3
+++ b/docs/libcurl/opts/CURLOPT_RANGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_READDATA.3 b/docs/libcurl/opts/CURLOPT_READDATA.3
index 70f1b095e..29c3f23d5 100644
--- a/docs/libcurl/opts/CURLOPT_READDATA.3
+++ b/docs/libcurl/opts/CURLOPT_READDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_READFUNCTION.3 b/docs/libcurl/opts/CURLOPT_READFUNCTION.3
index 4436683e3..ee20e8b1e 100644
--- a/docs/libcurl/opts/CURLOPT_READFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_READFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,7 +40,7 @@ This callback function gets called by libcurl as soon as it needs to read data
 in order to send it to the peer - like if you ask it to upload or post data to
 the server. The data area pointed at by the pointer \fIbuffer\fP should be
 filled up with at most \fIsize\fP multiplied with \fInitems\fP number of bytes
-by your function.
+by your function. \fIsize\fP is always 1.
 
 Set the \fIuserdata\fP argument with the \fICURLOPT_READDATA(3)\fP option.
 
diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3
index 4c22e12c1..958edfa1e 100644
--- a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3
+++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.3 b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.3
index cd527967f..07e393cd1 100644
--- a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.3
+++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_REFERER.3 b/docs/libcurl/opts/CURLOPT_REFERER.3
index 907bfc939..1c61c5987 100644
--- a/docs/libcurl/opts/CURLOPT_REFERER.3
+++ b/docs/libcurl/opts/CURLOPT_REFERER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3 b/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3
index 5da596124..f2a55d08b 100644
--- a/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3
+++ b/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RESOLVE.3 b/docs/libcurl/opts/CURLOPT_RESOLVE.3
index 08baa4a30..a57c0d196 100644
--- a/docs/libcurl/opts/CURLOPT_RESOLVE.3
+++ b/docs/libcurl/opts/CURLOPT_RESOLVE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.3 b/docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.3
index 16cd33aac..4e182898a 100644
--- a/docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.3
+++ b/docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.3
index 59819d744..bf4407040 100644
--- a/docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RESUME_FROM.3 b/docs/libcurl/opts/CURLOPT_RESUME_FROM.3
index 76de70bce..f1e72ca0c 100644
--- a/docs/libcurl/opts/CURLOPT_RESUME_FROM.3
+++ b/docs/libcurl/opts/CURLOPT_RESUME_FROM.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3 b/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3
index 3df636e84..a4f9f6cf3 100644
--- a/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3 b/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3
index 09a948907..c30d53c49 100644
--- a/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3
+++ b/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 b/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3
index d0d11a936..1eea86681 100644
--- a/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3
+++ b/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3 b/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3
index d00bb5314..b303f8df1 100644
--- a/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3
+++ b/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3 b/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3
index 9d3ed2158..619b01aaf 100644
--- a/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3
+++ b/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 b/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3
index b7703126e..22a0def07 100644
--- a/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3
+++ b/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3 b/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3
index 08ed9a499..20397f032 100644
--- a/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3
+++ b/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3 b/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3
index 106e77e8e..8f6f3bafc 100644
--- a/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3
+++ b/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SASL_IR.3 b/docs/libcurl/opts/CURLOPT_SASL_IR.3
index c6c8afeea..197f3cf50 100644
--- a/docs/libcurl/opts/CURLOPT_SASL_IR.3
+++ b/docs/libcurl/opts/CURLOPT_SASL_IR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SEEKDATA.3 b/docs/libcurl/opts/CURLOPT_SEEKDATA.3
index f8c3274ad..5055e5103 100644
--- a/docs/libcurl/opts/CURLOPT_SEEKDATA.3
+++ b/docs/libcurl/opts/CURLOPT_SEEKDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,9 +41,9 @@ If you do not set this, NULL is passed to the callback.
 HTTP, FTP, SFTP
 .SH EXAMPLE
 .nf
-static int seek_cb(void *userp, curl_off_t offset, int origin)
+static int seek_cb(void *clientp, curl_off_t offset, int origin)
 {
-  struct data *d = (struct data *)userp;
+  struct data *d = (struct data *)clientp;
   lseek(d->our_fd, offset, origin);
   return CURL_SEEKFUNC_OK;
 }
diff --git a/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3 b/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3
index ee2a83ba5..9d26a548e 100644
--- a/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ CURLOPT_SEEKFUNCTION \- user callback for seeking in input stream
 #define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking cannot be done, so
                                     libcurl might try other means instead */
 
-int seek_callback(void *userp, curl_off_t offset, int origin);
+int seek_callback(void *clientp, curl_off_t offset, int origin);
 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SEEKFUNCTION, seek_callback);
 .SH DESCRIPTION
@@ -53,7 +53,7 @@ connection. The function shall work like fseek(3) or lseek(3) and it gets
 SEEK_SET, SEEK_CUR or SEEK_END as argument for \fIorigin\fP, although libcurl
 currently only passes SEEK_SET.
 
-\fIuserp\fP is the pointer you set with \fICURLOPT_SEEKDATA(3)\fP.
+\fIclientp\fP is the pointer you set with \fICURLOPT_SEEKDATA(3)\fP.
 
 The callback function must return \fICURL_SEEKFUNC_OK\fP on success,
 \fICURL_SEEKFUNC_FAIL\fP to cause the upload operation to fail or
@@ -70,9 +70,9 @@ By default, this is NULL and unused.
 HTTP, FTP, SFTP
 .SH EXAMPLE
 .nf
-static int seek_cb(void *userp, curl_off_t offset, int origin)
+static int seek_cb(void *clientp, curl_off_t offset, int origin)
 {
-  struct data *d = (struct data *)userp;
+  struct data *d = (struct data *)clientp;
   lseek(our_fd, offset, origin);
   return CURL_SEEKFUNC_OK;
 }
diff --git a/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.3 b/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.3
index e92127c94..906f09f07 100644
--- a/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.3
+++ b/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3 b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3
index ff8672bc4..6e0ed80ac 100644
--- a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3
+++ b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SHARE.3 b/docs/libcurl/opts/CURLOPT_SHARE.3
index 05a2e4aeb..e9408c173 100644
--- a/docs/libcurl/opts/CURLOPT_SHARE.3
+++ b/docs/libcurl/opts/CURLOPT_SHARE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3 b/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3
index 2e02b5692..e278aa8fc 100644
--- a/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3
+++ b/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3 b/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3
index c83838483..5f2e5618f 100644
--- a/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3 b/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3
index 71d15e5d2..69d09a1d9 100644
--- a/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3
+++ b/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3 b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3
index b313ea055..008c6f18b 100644
--- a/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3
+++ b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3 b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3
index e4a902dac..80d0fb0da 100644
--- a/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3
+++ b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3 b/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3
index 592bcc434..3a30bbfc6 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3 b/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3
index c3dd7d8c9..4d099750a 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.3 b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.3
index f09b00ee2..bd39becf2 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.3
index 7a39b37f9..f97cb4140 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3 b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3
index f9bd36d7b..79911f0e9 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3 b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3
index 47a87e102..3f657fad3 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3 b/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3
index 65e35a83a..40b2d1e2d 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3
index 6cc677d7e..a7dcece45 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3 b/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3
index f47801dcb..40d24a519 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3 b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3
index db78d81e5..2b605f6b5 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3 b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3
index 5a4b54f17..e80cd7feb 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLCERT.3 b/docs/libcurl/opts/CURLOPT_SSLCERT.3
index fd0ee71c4..db52b5ca2 100644
--- a/docs/libcurl/opts/CURLOPT_SSLCERT.3
+++ b/docs/libcurl/opts/CURLOPT_SSLCERT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3 b/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3
index d5b82e9a5..64e62c31d 100644
--- a/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3
+++ b/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.3 b/docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.3
index 9f4e2463e..864f3289a 100644
--- a/docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLENGINE.3 b/docs/libcurl/opts/CURLOPT_SSLENGINE.3
index 5106e95a7..6e7711396 100644
--- a/docs/libcurl/opts/CURLOPT_SSLENGINE.3
+++ b/docs/libcurl/opts/CURLOPT_SSLENGINE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3 b/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
index 826868c6f..abd365ae6 100644
--- a/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
+++ b/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLKEY.3 b/docs/libcurl/opts/CURLOPT_SSLKEY.3
index df6d1c94b..c6e7e5876 100644
--- a/docs/libcurl/opts/CURLOPT_SSLKEY.3
+++ b/docs/libcurl/opts/CURLOPT_SSLKEY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3 b/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3
index 0fddc02cb..e4911d3c1 100644
--- a/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3
+++ b/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.3 b/docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.3
index 609d7a456..003f09208 100644
--- a/docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.3
+++ b/docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
index f2e771b84..6d26f36e1 100644
--- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3 b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
index 5815272d9..89835934c 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3
index dd5d02cbf..0163b8427 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
index c36882b1f..fceaafbf7 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,7 +29,7 @@ CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL or mbedTLS
 .nf
 #include <curl/curl.h>
 
-CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
+CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *clientp);
 
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
                           ssl_ctx_callback);
@@ -49,7 +49,7 @@ library's \fISSL_CTX\fP for OpenSSL or wolfSSL, a pointer to
 \fImbedtls_ssl_config\fP for mbedTLS or a pointer to
 \fIbr_ssl_client_context\fP for BearSSL. If an error is returned from the
 callback no attempt to establish a connection is made and the perform
-operation will return the callback's error code. Set the \fIuserptr\fP
+operation will return the callback's error code. Set the \fIclientp\fP
 argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP option.
 
 This function will get called on all new connections made to a server, during
diff --git a/docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.3 b/docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.3
index 0fea2da91..2cf74b56a 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3 b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3
index a294aa611..118435a60 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3 b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3
index c4285ba09..c367dd4e3 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3 b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
index daf826c77..3f743cd55 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3
index 69087dddb..9b743f234 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -61,8 +61,9 @@ library). If combined with \fICURLSSLOPT_NO_REVOKE\fP, the latter takes
 precedence. (Added in 7.70.0)
 .IP CURLSSLOPT_NATIVE_CA
 Tell libcurl to use the operating system's native CA store for certificate
-verification. Works only on Windows when built to use OpenSSL. This option is
-experimental and behavior is subject to change.
+verification. Works only on Windows when built to use OpenSSL. If you set this
+option and also set a CA certificate file or directory then during verification
+those certificates are searched in addition to the native CA store.
 (Added in 7.71.0)
 .IP CURLSSLOPT_AUTO_CLIENT_CERT
 Tell libcurl to automatically locate and use a client certificate for
diff --git a/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3 b/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3
index 6e0048fff..a80b06fa1 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
index 024661b43..445985fc9 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -67,6 +67,17 @@ The default value for this option is 2.
 This option controls checking the server's certificate's claimed identity.
 The server could be lying.  To control lying, see
 \fICURLOPT_SSL_VERIFYPEER(3)\fP.
+
+WARNING: disabling verification of the certificate allows bad guys to
+man-in-the-middle the communication without you knowing it. Disabling
+verification makes the communication insecure. Just having encryption on a
+transfer is not enough as you cannot be sure that you are communicating with
+the correct end-point.
+
+When libcurl uses secure protocols it trusts responses and allows for example
+HSTS and Alt-Svc information to be stored and used subsequently. Disabling
+certificate verification can make libcurl trust and use such information from
+malicious servers.
 .SH LIMITATIONS
 Secure Transport: If \fIverify\fP value is 0, then SNI is also disabled. SNI is
 a TLS extension that sends the hostname to the server. The server may use that
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
index 7b643a207..8d75daf2b 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -61,6 +61,11 @@ man-in-the-middle the communication without you knowing it. Disabling
 verification makes the communication insecure. Just having encryption on a
 transfer is not enough as you cannot be sure that you are communicating with
 the correct end-point.
+
+When libcurl uses secure protocols it trusts responses and allows for example
+HSTS and Alt-Svc information to be stored and used subsequently. Disabling
+certificate verification can make libcurl trust and use such information from
+malicious servers.
 .SH DEFAULT
 By default, curl assumes a value of 1.
 .SH PROTOCOLS
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3
index b19b1a2fc..bc9608644 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_STDERR.3 b/docs/libcurl/opts/CURLOPT_STDERR.3
index 51031a56f..6a8217f43 100644
--- a/docs/libcurl/opts/CURLOPT_STDERR.3
+++ b/docs/libcurl/opts/CURLOPT_STDERR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3 b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3
index 792c289f8..edfff5417 100644
--- a/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3
+++ b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3 b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3
index 19d2caa0e..82092a92d 100644
--- a/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3
+++ b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3 b/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3
index 73421c757..ccaac0123 100644
--- a/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3
+++ b/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3 b/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3
index 197d31659..24b2a4fc2 100644
--- a/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3
+++ b/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3 b/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3
index b8b57fafd..0404c3355 100644
--- a/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 b/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3
index 56ddae76f..e42ce781c 100644
--- a/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 b/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3
index 18538dc23..6c2f39eaf 100644
--- a/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 b/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3
index ec3a3843a..0a4b55766 100644
--- a/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3 b/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3
index 0ba8bad93..0d31b0e2b 100644
--- a/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_NODELAY.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3 b/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3
index 6bd449a03..371750782 100644
--- a/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3
+++ b/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3 b/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3
index 6d63e88e4..d89b48340 100644
--- a/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3
+++ b/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3
index 43de154c8..707847634 100644
--- a/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3
+++ b/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TIMECONDITION.3 b/docs/libcurl/opts/CURLOPT_TIMECONDITION.3
index 65289cda6..04d304e75 100644
--- a/docs/libcurl/opts/CURLOPT_TIMECONDITION.3
+++ b/docs/libcurl/opts/CURLOPT_TIMECONDITION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TIMEOUT.3 b/docs/libcurl/opts/CURLOPT_TIMEOUT.3
index ae9dcdaf3..401462ce9 100644
--- a/docs/libcurl/opts/CURLOPT_TIMEOUT.3
+++ b/docs/libcurl/opts/CURLOPT_TIMEOUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3 b/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3
index 6ea80a6ba..ff06d2c6f 100644
--- a/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TIMEVALUE.3 b/docs/libcurl/opts/CURLOPT_TIMEVALUE.3
index 6ae67ee4b..43339862c 100644
--- a/docs/libcurl/opts/CURLOPT_TIMEVALUE.3
+++ b/docs/libcurl/opts/CURLOPT_TIMEVALUE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.3 b/docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.3
index 18f3a8cae..a1aa6cbea 100644
--- a/docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3 b/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3
index 4371902bf..3de933fb6 100644
--- a/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3
+++ b/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3 b/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3
index 5b01b8471..e09f80c45 100644
--- a/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3
+++ b/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3 b/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3
index f5808611f..75f672f2e 100644
--- a/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3
+++ b/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3 b/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3
index 5ba093ae0..52e7b446f 100644
--- a/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3
+++ b/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TRAILERDATA.3 b/docs/libcurl/opts/CURLOPT_TRAILERDATA.3
index f59d3c4a1..c44f0aabe 100644
--- a/docs/libcurl/opts/CURLOPT_TRAILERDATA.3
+++ b/docs/libcurl/opts/CURLOPT_TRAILERDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.3 b/docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.3
index bba40845f..6fa3fc70c 100644
--- a/docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3 b/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3
index 88d342c10..4aa3bfbdd 100644
--- a/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3
+++ b/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3 b/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3
index 8ca96b0ac..28920108b 100644
--- a/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3
+++ b/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3 b/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3
index c7467b869..952b586a8 100644
--- a/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3
+++ b/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3 b/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3
index 6247b5818..4f4d8a44e 100644
--- a/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3
+++ b/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.3 b/docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.3
index 511e65faf..45024967f 100644
--- a/docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.3
+++ b/docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_UPLOAD.3 b/docs/libcurl/opts/CURLOPT_UPLOAD.3
index 4184e952f..163a3ce8f 100644
--- a/docs/libcurl/opts/CURLOPT_UPLOAD.3
+++ b/docs/libcurl/opts/CURLOPT_UPLOAD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.3 b/docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.3
index a2903c322..41bedca26 100644
--- a/docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.3
+++ b/docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_URL.3 b/docs/libcurl/opts/CURLOPT_URL.3
index 31ce66095..92290ccf7 100644
--- a/docs/libcurl/opts/CURLOPT_URL.3
+++ b/docs/libcurl/opts/CURLOPT_URL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_USERAGENT.3 b/docs/libcurl/opts/CURLOPT_USERAGENT.3
index 012e0b069..7c6eb2108 100644
--- a/docs/libcurl/opts/CURLOPT_USERAGENT.3
+++ b/docs/libcurl/opts/CURLOPT_USERAGENT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_USERNAME.3 b/docs/libcurl/opts/CURLOPT_USERNAME.3
index 1e2295fec..4d8cc6bc8 100644
--- a/docs/libcurl/opts/CURLOPT_USERNAME.3
+++ b/docs/libcurl/opts/CURLOPT_USERNAME.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_USERPWD.3 b/docs/libcurl/opts/CURLOPT_USERPWD.3
index 419f1314d..1c2be9a65 100644
--- a/docs/libcurl/opts/CURLOPT_USERPWD.3
+++ b/docs/libcurl/opts/CURLOPT_USERPWD.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_USE_SSL.3 b/docs/libcurl/opts/CURLOPT_USE_SSL.3
index 64c805e1c..02d60a65a 100644
--- a/docs/libcurl/opts/CURLOPT_USE_SSL.3
+++ b/docs/libcurl/opts/CURLOPT_USE_SSL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_VERBOSE.3 b/docs/libcurl/opts/CURLOPT_VERBOSE.3
index 278aa4741..d04a8de50 100644
--- a/docs/libcurl/opts/CURLOPT_VERBOSE.3
+++ b/docs/libcurl/opts/CURLOPT_VERBOSE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3 b/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3
index 9634d671e..021c42a4b 100644
--- a/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3
+++ b/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_WRITEDATA.3 b/docs/libcurl/opts/CURLOPT_WRITEDATA.3
index 5e718ec30..20942671e 100644
--- a/docs/libcurl/opts/CURLOPT_WRITEDATA.3
+++ b/docs/libcurl/opts/CURLOPT_WRITEDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3 b/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3
index fcefb9d1c..c9519a8c2 100644
--- a/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -80,35 +80,48 @@ libcurl will use 'fwrite' as a callback by default.
 For all protocols
 .SH EXAMPLE
 .nf
- struct memory {
-   char *response;
-   size_t size;
- };
+struct memory {
+  char *response;
+  size_t size;
+};
 
- static size_t cb(void *data, size_t size, size_t nmemb, void *userp)
- {
-   size_t realsize = size * nmemb;
-   struct memory *mem = (struct memory *)userp;
+static size_t cb(void *data, size_t size, size_t nmemb, void *clientp)
+{
+  size_t realsize = size * nmemb;
+  struct memory *mem = (struct memory *)clientp;
 
-   char *ptr = realloc(mem->response, mem->size + realsize + 1);
-   if(ptr == NULL)
-     return 0;  /* out of memory! */
+  char *ptr = realloc(mem->response, mem->size + realsize + 1);
+  if(ptr == NULL)
+    return 0;  /* out of memory! */
 
-   mem->response = ptr;
-   memcpy(&(mem->response[mem->size]), data, realsize);
-   mem->size += realsize;
-   mem->response[mem->size] = 0;
+  mem->response = ptr;
+  memcpy(&(mem->response[mem->size]), data, realsize);
+  mem->size += realsize;
+  mem->response[mem->size] = 0;
 
-   return realsize;
- }
+  return realsize;
+}
 
- struct memory chunk = {0};
+struct memory chunk = {0};
+CURLcode res;
+CURL *curl_handle = curl_easy_init();
 
- /* send all data to this function  */
- curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, cb);
+if (curl_handle)
+{
+  /* send all data to this function  */
+  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, cb);
 
- /* we pass our 'chunk' struct to the callback function */
- curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
+  /* we pass our 'chunk' struct to the callback function */
+  curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)&chunk);
+
+  /* send a request */
+  res = curl_easy_perform(curl_handle);
+
+  /* remember to free the buffer */
+  free(chunk.response)
+
+  curl_easy_cleanup(curl_handle);
+}
 .fi
 .SH AVAILABILITY
 Support for the CURL_WRITEFUNC_PAUSE return code was added in version 7.18.0.
diff --git a/docs/libcurl/opts/CURLOPT_WS_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_WS_OPTIONS.3
index 31a407038..5716b6c99 100644
--- a/docs/libcurl/opts/CURLOPT_WS_OPTIONS.3
+++ b/docs/libcurl/opts/CURLOPT_WS_OPTIONS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -62,7 +62,7 @@ if(curl) {
 }
 .fi
 .SH AVAILABILITY
-Added in 7.85.0
+Added in 7.86.0
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
diff --git a/docs/libcurl/opts/CURLOPT_XFERINFODATA.3 b/docs/libcurl/opts/CURLOPT_XFERINFODATA.3
index fa700487a..f689ac42c 100644
--- a/docs/libcurl/opts/CURLOPT_XFERINFODATA.3
+++ b/docs/libcurl/opts/CURLOPT_XFERINFODATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -53,7 +53,7 @@ All
                                  curl_off_t ultotal,
                                  curl_off_t ulnow)
  {
-   struct memory *progress = (struct progress *)userp;
+   struct memory *progress = (struct progress *)clientp;
 
    /* use the values */
 
diff --git a/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3 b/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3
index 4711f2ef9..6fe47099c 100644
--- a/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3 b/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3
index d5c8badbf..1840b3608 100644
--- a/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3
+++ b/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLSHOPT_LOCKFUNC.3 b/docs/libcurl/opts/CURLSHOPT_LOCKFUNC.3
index ed265fc85..52cec4942 100644
--- a/docs/libcurl/opts/CURLSHOPT_LOCKFUNC.3
+++ b/docs/libcurl/opts/CURLSHOPT_LOCKFUNC.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,7 +29,7 @@ CURLSHOPT_LOCKFUNC - mutex lock callback
 #include <curl/curl.h>
 
 void lockcb(CURL *handle, curl_lock_data data, curl_lock_access access,
-            void *userptr);
+            void *clientp);
 
 CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_LOCKFUNC, lockcb);
 .fi
@@ -49,7 +49,7 @@ sure that the callback uses a different lock for each kind of data.
 
 \fIaccess\fP defines what access type libcurl wants, shared or single.
 
-\fIuserptr\fP is the private pointer you set with \fICURLSHOPT_USERDATA\fP.
+\fIclientp\fP is the private pointer you set with \fICURLSHOPT_USERDATA\fP.
 This pointer is not used by libcurl itself.
 .SH PROTOCOLS
 All
diff --git a/docs/libcurl/opts/CURLSHOPT_SHARE.3 b/docs/libcurl/opts/CURLSHOPT_SHARE.3
index 72079d8fb..84f5f9659 100644
--- a/docs/libcurl/opts/CURLSHOPT_SHARE.3
+++ b/docs/libcurl/opts/CURLSHOPT_SHARE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -56,8 +56,7 @@ implemented until 7.23.0.
 Put the connection cache in the share object and make all easy handles using
 this share object share the connection cache.
 
-Note that due to a known bug, it is not safe to share connections this way
-between multiple concurrent threads.
+It is not supported to share connections between multiple concurrent threads.
 
 Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing only
 get additional transfers added to them if the existing connection is held by
@@ -78,6 +77,12 @@ Added in 7.61.0.
 
 Note that when you use the multi interface, all easy handles added to the same
 multi handle will share PSL cache by default without using this option.
+.IP CURL_LOCK_DATA_HSTS
+The in-memory HSTS cache.
+
+It is not supported to share the HSTS between multiple concurrent threads.
+
+Added in 7.88.0
 .SH PROTOCOLS
 All
 .SH EXAMPLE
diff --git a/docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.3 b/docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.3
index b46022128..05877eb9d 100644
--- a/docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.3
+++ b/docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -28,7 +28,7 @@ CURLSHOPT_UNLOCKFUNC - mutex unlock callback
 .nf
 #include <curl/curl.h>
 
-void unlockcb(CURL *handle, curl_lock_data data, void *userptr);
+void unlockcb(CURL *handle, curl_lock_data data, void *clientp);
 
 CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_UNLOCKFUNC, unlockcb);
 .fi
@@ -45,7 +45,7 @@ is released.
 The \fIdata\fP argument tells what kind of data libcurl wants to unlock. Make
 sure that the callback uses a different lock for each kind of data.
 
-\fIuserptr\fP is the private pointer you set with \fICURLSHOPT_USERDATA\fP.
+\fIclientp\fP is the private pointer you set with \fICURLSHOPT_USERDATA\fP.
 This pointer is not used by libcurl itself.
 .SH PROTOCOLS
 All
diff --git a/docs/libcurl/opts/CURLSHOPT_UNSHARE.3 b/docs/libcurl/opts/CURLSHOPT_UNSHARE.3
index f712f9c3f..b818ac6d4 100644
--- a/docs/libcurl/opts/CURLSHOPT_UNSHARE.3
+++ b/docs/libcurl/opts/CURLSHOPT_UNSHARE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/CURLSHOPT_USERDATA.3 b/docs/libcurl/opts/CURLSHOPT_USERDATA.3
index 4c864413f..6164f97b6 100644
--- a/docs/libcurl/opts/CURLSHOPT_USERDATA.3
+++ b/docs/libcurl/opts/CURLSHOPT_USERDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -28,12 +28,12 @@ CURLSHOPT_USERDATA - pointer passed to the lock and unlock mutex callbacks
 .nf
 #include <curl/curl.h>
 
-CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_USERDATA, void *ptr);
+CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_USERDATA, void *clientp);
 .fi
 .SH DESCRIPTION
-The \fIptr\fP parameter is held verbatim by libcurl and is passed on as the
-\fIuserptr\fP argument to the callbacks set with \fICURLSHOPT_LOCKFUNC(3)\fP
-and \fICURLSHOPT_UNLOCKFUNC(3)\fP.
+The \fIclientp\fP parameter is held verbatim by libcurl and is passed on as
+the \fIclientp\fP argument to the callbacks set with
+\fICURLSHOPT_LOCKFUNC(3)\fP and \fICURLSHOPT_UNLOCKFUNC(3)\fP.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
diff --git a/docs/libcurl/opts/Makefile.am b/docs/libcurl/opts/Makefile.am
index e952cd973..21193e0d4 100644
--- a/docs/libcurl/opts/Makefile.am
+++ b/docs/libcurl/opts/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/Makefile.inc b/docs/libcurl/opts/Makefile.inc
index d0f5c98ca..a4a028c2d 100644
--- a/docs/libcurl/opts/Makefile.inc
+++ b/docs/libcurl/opts/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/opts/template.3 b/docs/libcurl/opts/template.3
index 835454971..e5a6b394f 100644
--- a/docs/libcurl/opts/template.3
+++ b/docs/libcurl/opts/template.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index 5ee245d36..4081314e0 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -53,6 +53,7 @@ CURL_HTTP_VERSION_2_0           7.33.0
 CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE 7.49.0
 CURL_HTTP_VERSION_2TLS          7.47.0
 CURL_HTTP_VERSION_3             7.66.0
+CURL_HTTP_VERSION_3ONLY         7.88.0
 CURL_HTTP_VERSION_NONE          7.9.1
 CURL_HTTPPOST_BUFFER            7.46.0
 CURL_HTTPPOST_CALLBACK          7.46.0
@@ -73,6 +74,7 @@ CURL_LOCK_ACCESS_SINGLE         7.10.3
 CURL_LOCK_DATA_CONNECT          7.10.3
 CURL_LOCK_DATA_COOKIE           7.10.3
 CURL_LOCK_DATA_DNS              7.10.3
+CURL_LOCK_DATA_HSTS             7.88.0
 CURL_LOCK_DATA_NONE             7.10.3
 CURL_LOCK_DATA_PSL              7.61.0
 CURL_LOCK_DATA_SHARE            7.10.4
@@ -1055,6 +1057,7 @@ CURLU_NO_AUTHORITY              7.67.0
 CURLU_NO_DEFAULT_PORT           7.62.0
 CURLU_NON_SUPPORT_SCHEME        7.62.0
 CURLU_PATH_AS_IS                7.62.0
+CURLU_PUNYCODE                  7.88.0
 CURLU_URLDECODE                 7.62.0
 CURLU_URLENCODE                 7.62.0
 CURLUE_BAD_FILE_URL             7.81.0
@@ -1071,6 +1074,7 @@ CURLUE_BAD_QUERY                7.81.0
 CURLUE_BAD_SCHEME               7.81.0
 CURLUE_BAD_SLASHES              7.81.0
 CURLUE_BAD_USER                 7.81.0
+CURLUE_LACKS_IDN                7.88.0
 CURLUE_MALFORMED_INPUT          7.62.0
 CURLUE_NO_FRAGMENT              7.62.0
 CURLUE_NO_HOST                  7.62.0
diff --git a/docs/libcurl/symbols.pl b/docs/libcurl/symbols.pl
index 8087d0f57..a92d4ec2e 100755
--- a/docs/libcurl/symbols.pl
+++ b/docs/libcurl/symbols.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/docs/mk-ca-bundle.1 b/docs/mk-ca-bundle.1
index 98b5ae1c4..d86e46d29 100644
--- a/docs/mk-ca-bundle.1
+++ b/docs/mk-ca-bundle.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2008 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/docs/options-in-versions b/docs/options-in-versions
index 8e64f2f3f..039837320 100644
--- a/docs/options-in-versions
+++ b/docs/options-in-versions
@@ -93,6 +93,7 @@
 --http2                              7.33.0
 --http2-prior-knowledge              7.49.0
 --http3                              7.66.0
+--http3-only                         7.88.0
 --ignore-content-length              7.14.1
 --include (-i)                       4.8
 --insecure (-k)                      7.10
diff --git a/include/Makefile.am b/include/Makefile.am
index 32d7b339d..d65bfeaa0 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/include/README.md b/include/README.md
index 8fdbe0e0e..c96593263 100644
--- a/include/README.md
+++ b/include/README.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/include/curl/.gitignore b/include/curl/.gitignore
index a856a0f96..246793882 100644
--- a/include/curl/.gitignore
+++ b/include/curl/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/include/curl/Makefile.am b/include/curl/Makefile.am
index 29f470c09..a655aff1c 100644
--- a/include/curl/Makefile.am
+++ b/include/curl/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/include/curl/curl.h b/include/curl/curl.h
index 139df9995..63a13823e 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -34,11 +34,12 @@
 #endif
 
 /* Compile-time deprecation macros. */
-#if defined(__GNUC__) && (__GNUC__ >= 6) &&                             \
+#if defined(__GNUC__) &&                                                \
+  ((__GNUC__ > 12) || ((__GNUC__ == 12) && (__GNUC_MINOR__ >= 1 ))) &&  \
   !defined(__INTEL_COMPILER) &&                                         \
   !defined(CURL_DISABLE_DEPRECATION) && !defined(BUILDING_LIBCURL)
-#define CURL_DEPRECATED(version, message) \
-    __attribute__((deprecated("since " # version ". " message)))
+#define CURL_DEPRECATED(version, message)                       \
+  __attribute__((deprecated("since " # version ". " message)))
 #define CURL_IGNORE_DEPRECATION(statements) \
       _Pragma("GCC diagnostic push") \
       _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") \
@@ -167,7 +168,7 @@ typedef enum {
   CURLSSLBACKEND_SECURETRANSPORT = 9,
   CURLSSLBACKEND_AXTLS                  CURL_DEPRECATED(7.61.0, "") = 10,
   CURLSSLBACKEND_MBEDTLS = 11,
-  CURLSSLBACKEND_MESALINK = 12,
+  CURLSSLBACKEND_MESALINK               CURL_DEPRECATED(7.82.0, "") = 12,
   CURLSSLBACKEND_BEARSSL = 13,
   CURLSSLBACKEND_RUSTLS = 14
 } curl_sslbackend;
@@ -248,7 +249,7 @@ typedef int (*curl_xferinfo_callback)(void *clientp,
 
 #ifndef CURL_MAX_READ_SIZE
   /* The maximum receive buffer size configurable via CURLOPT_BUFFERSIZE. */
-#define CURL_MAX_READ_SIZE 524288
+#define CURL_MAX_READ_SIZE (10*1024*1024)
 #endif
 
 #ifndef CURL_MAX_WRITE_SIZE
@@ -2259,8 +2260,13 @@ enum {
   CURL_HTTP_VERSION_2TLS, /* use version 2 for HTTPS, version 1.1 for HTTP */
   CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE,  /* please use HTTP 2 without HTTP/1.1
                                            Upgrade */
-  CURL_HTTP_VERSION_3 = 30, /* Makes use of explicit HTTP/3 without fallback.
-                               Use CURLOPT_ALTSVC to enable HTTP/3 upgrade */
+  CURL_HTTP_VERSION_3 = 30, /* Use HTTP/3, fallback to HTTP/2 or HTTP/1 if
+                               needed. For HTTPS only. For HTTP, this option
+                               makes libcurl return error. */
+  CURL_HTTP_VERSION_3ONLY = 31, /* Use HTTP/3 without fallback. For HTTPS
+                                   only. For HTTP, this makes libcurl
+                                   return error. */
+
   CURL_HTTP_VERSION_LAST /* *ILLEGAL* http version */
 };
 
@@ -2953,6 +2959,7 @@ typedef enum {
   CURL_LOCK_DATA_SSL_SESSION,
   CURL_LOCK_DATA_CONNECT,
   CURL_LOCK_DATA_PSL,
+  CURL_LOCK_DATA_HSTS,
   CURL_LOCK_DATA_LAST
 } curl_lock_data;
 
diff --git a/include/curl/curlver.h b/include/curl/curlver.h
index 3487d1bdc..c0fd01584 100644
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -28,17 +28,17 @@
    a script at release-time. This was made its own header file in 7.11.2 */
 
 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2022 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "Daniel Stenberg, <daniel@haxx.se>."
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.87.0-DEV"
+#define LIBCURL_VERSION "8.0.1-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
-#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 87
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_MAJOR 8
+#define LIBCURL_VERSION_MINOR 0
+#define LIBCURL_VERSION_PATCH 1
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -59,7 +59,7 @@
    CURL_VERSION_BITS() macro since curl's own configure script greps for it
    and needs it to contain the full number.
 */
-#define LIBCURL_VERSION_NUM 0x075700
+#define LIBCURL_VERSION_NUM 0x080001
 
 /*
  * This is the date and time when the full source package was created. The
diff --git a/include/curl/easy.h b/include/curl/easy.h
index 98ee8888e..394668a8f 100644
--- a/include/curl/easy.h
+++ b/include/curl/easy.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/include/curl/header.h b/include/curl/header.h
index 1598c6f11..8df11e1e4 100644
--- a/include/curl/header.h
+++ b/include/curl/header.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/include/curl/mprintf.h b/include/curl/mprintf.h
index 06ef5c6d8..e652a6520 100644
--- a/include/curl/mprintf.h
+++ b/include/curl/mprintf.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/include/curl/multi.h b/include/curl/multi.h
index c956d28e8..30a3d9301 100644
--- a/include/curl/multi.h
+++ b/include/curl/multi.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/include/curl/options.h b/include/curl/options.h
index a792687cf..1ed76a95c 100644
--- a/include/curl/options.h
+++ b/include/curl/options.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/include/curl/stdcheaders.h b/include/curl/stdcheaders.h
index 82e1b5fef..7451aa305 100644
--- a/include/curl/stdcheaders.h
+++ b/include/curl/stdcheaders.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/include/curl/system.h b/include/curl/system.h
index 11db51ecf..def773924 100644
--- a/include/curl/system.h
+++ b/include/curl/system.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -227,16 +227,14 @@
 #  define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int
 
 #elif defined(__OS400__)
-#  if defined(__ILEC400__)
-#    define CURL_TYPEOF_CURL_OFF_T     long long
-#    define CURL_FORMAT_CURL_OFF_T     "lld"
-#    define CURL_FORMAT_CURL_OFF_TU    "llu"
-#    define CURL_SUFFIX_CURL_OFF_T     LL
-#    define CURL_SUFFIX_CURL_OFF_TU    ULL
-#    define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
-#    define CURL_PULL_SYS_TYPES_H      1
-#    define CURL_PULL_SYS_SOCKET_H     1
-#  endif
+#  define CURL_TYPEOF_CURL_OFF_T     long long
+#  define CURL_FORMAT_CURL_OFF_T     "lld"
+#  define CURL_FORMAT_CURL_OFF_TU    "llu"
+#  define CURL_SUFFIX_CURL_OFF_T     LL
+#  define CURL_SUFFIX_CURL_OFF_TU    ULL
+#  define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
+#  define CURL_PULL_SYS_TYPES_H      1
+#  define CURL_PULL_SYS_SOCKET_H     1
 
 #elif defined(__MVS__)
 #  if defined(__IBMC__) || defined(__IBMCPP__)
diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
index bf655bb63..bc8d7a78c 100644
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -42,9 +42,8 @@
  */
 #define curl_easy_setopt(handle, option, value)                         \
   __extension__({                                                       \
-      CURL_IGNORE_DEPRECATION(__typeof__(option) _curl_opt = option;)   \
+      CURLoption _curl_opt = (option);                                  \
       if(__builtin_constant_p(_curl_opt)) {                             \
-        (void) option;                                                  \
         CURL_IGNORE_DEPRECATION(                                        \
           if(curlcheck_long_option(_curl_opt))                          \
             if(!curlcheck_long(value))                                  \
@@ -120,9 +119,8 @@
 /* wraps curl_easy_getinfo() with typechecking */
 #define curl_easy_getinfo(handle, info, arg)                            \
   __extension__({                                                       \
-      CURL_IGNORE_DEPRECATION(__typeof__(info) _curl_info = info;)      \
+      CURLINFO _curl_info = (info);                                     \
       if(__builtin_constant_p(_curl_info)) {                            \
-        (void) info;                                                    \
         CURL_IGNORE_DEPRECATION(                                        \
           if(curlcheck_string_info(_curl_info))                         \
             if(!curlcheck_arr((arg), char *))                           \
diff --git a/include/curl/urlapi.h b/include/curl/urlapi.h
index e15c213cc..b3504b683 100644
--- a/include/curl/urlapi.h
+++ b/include/curl/urlapi.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -62,6 +62,7 @@ typedef enum {
   CURLUE_BAD_SCHEME,          /* 27 */
   CURLUE_BAD_SLASHES,         /* 28 */
   CURLUE_BAD_USER,            /* 29 */
+  CURLUE_LACKS_IDN,           /* 30 */
   CURLUE_LAST
 } CURLUcode;
 
@@ -95,6 +96,7 @@ typedef enum {
 #define CURLU_NO_AUTHORITY (1<<10)      /* Allow empty authority when the
                                            scheme is unknown. */
 #define CURLU_ALLOW_SPACE (1<<11)       /* Allow spaces in the URL */
+#define CURLU_PUNYCODE (1<<12)          /* get the host name in pynycode */
 
 typedef struct Curl_URL CURLU;
 
@@ -115,14 +117,14 @@ CURL_EXTERN void curl_url_cleanup(CURLU *handle);
  * curl_url_dup() duplicates a CURLU handle and returns a new copy. The new
  * handle must also be freed with curl_url_cleanup().
  */
-CURL_EXTERN CURLU *curl_url_dup(CURLU *in);
+CURL_EXTERN CURLU *curl_url_dup(const CURLU *in);
 
 /*
  * curl_url_get() extracts a specific part of the URL from a CURLU
  * handle. Returns error code. The returned pointer MUST be freed with
  * curl_free() afterwards.
  */
-CURL_EXTERN CURLUcode curl_url_get(CURLU *handle, CURLUPart what,
+CURL_EXTERN CURLUcode curl_url_get(const CURLU *handle, CURLUPart what,
                                    char **part, unsigned int flags);
 
 /*
diff --git a/include/curl/websockets.h b/include/curl/websockets.h
index 4d57f91e5..fd6a91654 100644
--- a/include/curl/websockets.h
+++ b/include/curl/websockets.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -33,6 +33,7 @@ struct curl_ws_frame {
   int flags;            /* See the CURLWS_* defines */
   curl_off_t offset;    /* the offset of this data into the frame */
   curl_off_t bytesleft; /* number of pending bytes left of the payload */
+  size_t len;           /* size of the current data chunk */
 };
 
 /* flag bits */
diff --git a/lib/.gitattributes b/lib/.gitattributes
index 313120963..7e1eea50f 100644
--- a/lib/.gitattributes
+++ b/lib/.gitattributes
@@ -1,3 +1,3 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
diff --git a/lib/.gitignore b/lib/.gitignore
index ef1564336..7528196ed 100644
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 5ca5357d9..a50b3242b 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -47,29 +47,6 @@ if(WIN32 AND NOT CURL_STATICLIB)
   list(APPEND CSOURCES libcurl.rc)
 endif()
 
-# SET(CSOURCES
-# #  memdebug.c -not used
-# # nwlib.c - Not used
-# # strtok.c - specify later
-# # strtoofft.c - specify later
-# )
-
-# #OPTION(CURL_MALLOC_DEBUG "Debug mallocs in Curl" OFF)
-# MARK_AS_ADVANCED(CURL_MALLOC_DEBUG)
-# IF(CURL_MALLOC_DEBUG)
-# SET(CSOURCES ${CSOURCES}
-# memdebug.c
-# )
-# ENDIF(CURL_MALLOC_DEBUG)
-
-# # only build compat strtoofft if we need to
-# IF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
-# SET(CSOURCES ${CSOURCES}
-# strtoofft.c
-# )
-# ENDIF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
-
-
 # The rest of the build
 
 include_directories(${CMAKE_CURRENT_BINARY_DIR}/../include)
@@ -108,11 +85,12 @@ set_target_properties(${LIB_NAME} PROPERTIES
 
 if(CMAKE_SYSTEM_NAME STREQUAL "AIX" OR
   CMAKE_SYSTEM_NAME STREQUAL "Linux" OR
+  CMAKE_SYSTEM_NAME STREQUAL "Darwin" OR
   CMAKE_SYSTEM_NAME STREQUAL "GNU/kFreeBSD" OR
 
   # FreeBSD comes with the a.out and elf flavours
   # but a.out was supported up to version 3.x and
-  # elf from 3.x. I cannot imagine someone runnig
+  # elf from 3.x. I cannot imagine someone running
   # CMake on those ancient systems
   CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
 
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 033b4bf10..3c0a70912 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/lib/Makefile.inc b/lib/Makefile.inc
index 9eafa93b9..663190a19 100644
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -79,16 +79,17 @@ LIB_VTLS_HFILES =           \
   vtls/x509asn1.h
 
 LIB_VQUIC_CFILES = \
-  vquic/msh3.c   \
-  vquic/ngtcp2.c   \
-  vquic/quiche.c   \
+  vquic/curl_msh3.c   \
+  vquic/curl_ngtcp2.c   \
+  vquic/curl_quiche.c   \
   vquic/vquic.c
 
 LIB_VQUIC_HFILES = \
-  vquic/msh3.h   \
-  vquic/ngtcp2.h   \
-  vquic/quiche.h   \
-  vquic/vquic.h
+  vquic/curl_msh3.h   \
+  vquic/curl_ngtcp2.h   \
+  vquic/curl_quiche.h   \
+  vquic/vquic.h    \
+  vquic/vquic_int.h
 
 LIB_VSSH_CFILES =  \
   vssh/libssh.c    \
@@ -106,6 +107,8 @@ LIB_CFILES =         \
   base64.c           \
   bufref.c           \
   c-hyper.c          \
+  cf-https-connect.c \
+  cf-socket.c        \
   cfilters.c         \
   conncache.c        \
   connect.c          \
@@ -118,6 +121,7 @@ LIB_CFILES =         \
   curl_get_line.c    \
   curl_gethostname.c \
   curl_gssapi.c      \
+  curl_log.c         \
   curl_memrchr.c     \
   curl_multibyte.c   \
   curl_ntlm_core.c   \
@@ -219,7 +223,6 @@ LIB_CFILES =         \
   version.c          \
   version_win32.c    \
   warnless.c         \
-  wildcard.c         \
   ws.c
 
 LIB_HFILES =         \
@@ -229,6 +232,8 @@ LIB_HFILES =         \
   asyn.h             \
   bufref.h           \
   c-hyper.h          \
+  cf-https-connect.h \
+  cf-socket.h        \
   cfilters.h         \
   conncache.h        \
   connect.h          \
@@ -246,6 +251,7 @@ LIB_HFILES =         \
   curl_hmac.h        \
   curl_krb5.h        \
   curl_ldap.h        \
+  curl_log.h         \
   curl_md4.h         \
   curl_md5.h         \
   curl_memory.h      \
@@ -312,7 +318,6 @@ LIB_HFILES =         \
   pop3.h             \
   progress.h         \
   psl.h              \
-  quic.h             \
   rand.h             \
   rename.h           \
   rtsp.h             \
@@ -346,7 +351,6 @@ LIB_HFILES =         \
   urldata.h          \
   version_win32.h    \
   warnless.h         \
-  wildcard.h         \
   ws.h
 
 LIB_RCFILES = libcurl.rc
diff --git a/lib/Makefile.mk b/lib/Makefile.mk
index 56917e020..bee76116d 100644
--- a/lib/Makefile.mk
+++ b/lib/Makefile.mk
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -103,8 +103,8 @@ endif
 ### Optional features
 
 ifneq ($(findstring -debug,$(CFG)),)
+  CFLAGS += -g
   CPPFLAGS += -DDEBUGBUILD
-  LDFLAGS += -g
 else
   CPPFLAGS += -DNDEBUG
 endif
@@ -183,13 +183,6 @@ ifneq ($(findstring -ssl,$(CFG)),)
   OPENSSL_LIBS ?= -lssl -lcrypto
   _LIBS += $(OPENSSL_LIBS)
 
-  ifneq ($(wildcard $(OPENSSL_INCLUDE)/openssl/aead.h),)
-    OPENSSL := boringssl
-  else
-    # including libressl
-    OPENSSL := openssl
-  endif
-
   ifneq ($(findstring -srp,$(CFG)),)
     ifneq ($(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h),)
       # OpenSSL 1.0.1 and later.
@@ -197,18 +190,18 @@ ifneq ($(findstring -ssl,$(CFG)),)
     endif
   endif
   SSLLIBS += 1
-else ifneq ($(findstring -wolfssl,$(CFG)),)
-  WOLFSSL_PATH ?= $(PROOT)/../zlib
+endif
+ifneq ($(findstring -wolfssl,$(CFG)),)
+  WOLFSSL_PATH ?= $(PROOT)/../wolfssl
   CPPFLAGS += -DUSE_WOLFSSL
   CPPFLAGS += -DSIZEOF_LONG_LONG=8
   CPPFLAGS += -I"$(WOLFSSL_PATH)/include"
   _LDFLAGS += -L"$(WOLFSSL_PATH)/lib"
   _LIBS += -lwolfssl
-  OPENSSL := wolfssl
   SSLLIBS += 1
 endif
 ifneq ($(findstring -mbedtls,$(CFG)),)
-  MBEDTLS_PATH ?= $(PROOT)/../zlib
+  MBEDTLS_PATH ?= $(PROOT)/../mbedtls
   CPPFLAGS += -DUSE_MBEDTLS
   CPPFLAGS += -I"$(MBEDTLS_PATH)/include"
   _LDFLAGS += -L"$(MBEDTLS_PATH)/lib"
@@ -239,9 +232,20 @@ ifeq ($(findstring -nghttp3,$(CFG))$(findstring -ngtcp2,$(CFG)),-nghttp3-ngtcp2)
   CPPFLAGS += -DUSE_NGTCP2
   CPPFLAGS += -I"$(NGTCP2_PATH)/include"
   _LDFLAGS += -L"$(NGTCP2_PATH)/lib"
-  ifneq ($(OPENSSL),)
-    NGTCP2_LIBS ?= -lngtcp2_crypto_$(OPENSSL)
+
+  NGTCP2_LIBS ?=
+  ifeq ($(NGTCP2_LIBS),)
+    ifneq ($(findstring -ssl,$(CFG)),)
+      ifneq ($(wildcard $(OPENSSL_INCLUDE)/openssl/aead.h),)
+        NGTCP2_LIBS := -lngtcp2_crypto_boringssl
+      else  # including libressl
+        NGTCP2_LIBS := -lngtcp2_crypto_openssl
+      endif
+    else ifneq ($(findstring -wolfssl,$(CFG)),)
+      NGTCP2_LIBS := -lngtcp2_crypto_wolfssl
+    endif
   endif
+
   _LIBS += -lngtcp2 $(NGTCP2_LIBS)
 endif
 
@@ -306,9 +310,6 @@ endif
 ifneq ($(findstring -ipv6,$(CFG)),)
   CPPFLAGS += -DENABLE_IPV6
 endif
-ifneq ($(findstring -ldaps,$(CFG)),)
-  CPPFLAGS += -DHAVE_LDAP_SSL
-endif
 
 ifneq ($(findstring -watt,$(CFG))$(MSDOS),)
   WATT_PATH ?= $(PROOT)/../watt
diff --git a/lib/Makefile.soname b/lib/Makefile.soname
index 2c6cfdea6..02e003a8a 100644
--- a/lib/Makefile.soname
+++ b/lib/Makefile.soname
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/lib/altsvc.c b/lib/altsvc.c
index ec18e381c..31a7abcc5 100644
--- a/lib/altsvc.c
+++ b/lib/altsvc.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/altsvc.h b/lib/altsvc.h
index 2751d272a..7fea1434a 100644
--- a/lib/altsvc.h
+++ b/lib/altsvc.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/amigaos.c b/lib/amigaos.c
index e8c2fc02e..b0a950026 100644
--- a/lib/amigaos.c
+++ b/lib/amigaos.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/amigaos.h b/lib/amigaos.h
index 9abfb59ea..7997ede80 100644
--- a/lib/amigaos.h
+++ b/lib/amigaos.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/arpa_telnet.h b/lib/arpa_telnet.h
index 523f7f51e..de1373800 100644
--- a/lib/arpa_telnet.h
+++ b/lib/arpa_telnet.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/asyn-ares.c b/lib/asyn-ares.c
index 4436da3c4..19fe8536b 100644
--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
index 705f0f612..4d7f8605f 100644
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/asyn.h b/lib/asyn.h
index 1aab21aaa..7e207c4f5 100644
--- a/lib/asyn.h
+++ b/lib/asyn.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/base64.c b/lib/base64.c
index bacd627cf..e1b7b7287 100644
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/bufref.c b/lib/bufref.c
index 91b037431..ce686b6f3 100644
--- a/lib/bufref.c
+++ b/lib/bufref.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/bufref.h b/lib/bufref.h
index 96b818b53..dd424f18f 100644
--- a/lib/bufref.h
+++ b/lib/bufref.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/c-hyper.c b/lib/c-hyper.c
index 65f5581ae..9c7632d35 100644
--- a/lib/c-hyper.c
+++ b/lib/c-hyper.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -485,7 +485,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data,
     if(k->upgr101 == UPGR101_WS) {
       if(http_status == 101) {
         /* verify the response */
-        result = Curl_ws_accept(data);
+        result = Curl_ws_accept(data, NULL, 0);
         if(result)
           return result;
       }
@@ -1128,6 +1128,16 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
       goto error;
   }
 
+#ifdef HAVE_LIBZ
+  /* we only consider transfer-encoding magic if libz support is built-in */
+  result = Curl_transferencode(data);
+  if(result)
+    goto error;
+  result = Curl_hyper_header(data, headers, data->state.aptr.te);
+  if(result)
+    goto error;
+#endif
+
   if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) &&
      data->set.str[STRING_ENCODING]) {
     Curl_safefree(data->state.aptr.accept_encoding);
@@ -1144,16 +1154,6 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
   else
     Curl_safefree(data->state.aptr.accept_encoding);
 
-#ifdef HAVE_LIBZ
-  /* we only consider transfer-encoding magic if libz support is built-in */
-  result = Curl_transferencode(data);
-  if(result)
-    goto error;
-  result = Curl_hyper_header(data, headers, data->state.aptr.te);
-  if(result)
-    goto error;
-#endif
-
   result = cookies(data, conn, headers);
   if(result)
     goto error;
diff --git a/lib/c-hyper.h b/lib/c-hyper.h
index 70507ad2a..4218cda75 100644
--- a/lib/c-hyper.h
+++ b/lib/c-hyper.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/cf-https-connect.c b/lib/cf-https-connect.c
new file mode 100644
index 000000000..ed70ad05f
--- /dev/null
+++ b/lib/cf-https-connect.c
@@ -0,0 +1,569 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
+
+#include "urldata.h"
+#include <curl/curl.h>
+#include "curl_log.h"
+#include "cfilters.h"
+#include "connect.h"
+#include "multiif.h"
+#include "cf-https-connect.h"
+#include "http2.h"
+#include "vquic/vquic.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+
+typedef enum {
+  CF_HC_INIT,
+  CF_HC_CONNECT,
+  CF_HC_SUCCESS,
+  CF_HC_FAILURE
+} cf_hc_state;
+
+struct cf_hc_baller {
+  const char *name;
+  struct Curl_cfilter *cf;
+  CURLcode result;
+  struct curltime started;
+  int reply_ms;
+  bool enabled;
+};
+
+static void cf_hc_baller_reset(struct cf_hc_baller *b,
+                               struct Curl_easy *data)
+{
+  if(b->cf) {
+    Curl_conn_cf_close(b->cf, data);
+    Curl_conn_cf_discard_chain(&b->cf, data);
+    b->cf = NULL;
+  }
+  b->result = CURLE_OK;
+  b->reply_ms = -1;
+}
+
+static bool cf_hc_baller_is_active(struct cf_hc_baller *b)
+{
+  return b->enabled && b->cf && !b->result;
+}
+
+static bool cf_hc_baller_has_started(struct cf_hc_baller *b)
+{
+  return !!b->cf;
+}
+
+static int cf_hc_baller_reply_ms(struct cf_hc_baller *b,
+                                 struct Curl_easy *data)
+{
+  if(b->reply_ms < 0)
+    b->cf->cft->query(b->cf, data, CF_QUERY_CONNECT_REPLY_MS,
+                      &b->reply_ms, NULL);
+  return b->reply_ms;
+}
+
+static bool cf_hc_baller_data_pending(struct cf_hc_baller *b,
+                                      const struct Curl_easy *data)
+{
+  return b->cf && !b->result && b->cf->cft->has_data_pending(b->cf, data);
+}
+
+struct cf_hc_ctx {
+  cf_hc_state state;
+  const struct Curl_dns_entry *remotehost;
+  struct curltime started;  /* when connect started */
+  CURLcode result;          /* overall result */
+  struct cf_hc_baller h3_baller;
+  struct cf_hc_baller h21_baller;
+  int soft_eyeballs_timeout_ms;
+  int hard_eyeballs_timeout_ms;
+};
+
+static void cf_hc_baller_init(struct cf_hc_baller *b,
+                              struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              const char *name,
+                              int transport)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+  struct Curl_cfilter *save = cf->next;
+
+  b->name = name;
+  cf->next = NULL;
+  b->started = Curl_now();
+  b->result = Curl_cf_setup_insert_after(cf, data, ctx->remotehost,
+                                         transport, CURL_CF_SSL_ENABLE);
+  b->cf = cf->next;
+  cf->next = save;
+}
+
+static CURLcode cf_hc_baller_connect(struct cf_hc_baller *b,
+                                     struct Curl_cfilter *cf,
+                                     struct Curl_easy *data,
+                                     bool *done)
+{
+  struct Curl_cfilter *save = cf->next;
+
+  cf->next = b->cf;
+  b->result = Curl_conn_cf_connect(cf->next, data, FALSE, done);
+  b->cf = cf->next; /* it might mutate */
+  cf->next = save;
+  return b->result;
+}
+
+static void cf_hc_reset(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+
+  if(ctx) {
+    cf_hc_baller_reset(&ctx->h3_baller, data);
+    cf_hc_baller_reset(&ctx->h21_baller, data);
+    ctx->state = CF_HC_INIT;
+    ctx->result = CURLE_OK;
+    ctx->hard_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout;
+    ctx->soft_eyeballs_timeout_ms = data->set.happy_eyeballs_timeout / 2;
+  }
+}
+
+static CURLcode baller_connected(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data,
+                                 struct cf_hc_baller *winner)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+
+  DEBUGASSERT(winner->cf);
+  if(winner != &ctx->h3_baller)
+    cf_hc_baller_reset(&ctx->h3_baller, data);
+  if(winner != &ctx->h21_baller)
+    cf_hc_baller_reset(&ctx->h21_baller, data);
+
+  DEBUGF(LOG_CF(data, cf, "connect+handshake %s: %dms, 1st data: %dms",
+                winner->name, (int)Curl_timediff(Curl_now(), winner->started),
+                cf_hc_baller_reply_ms(winner, data)));
+  cf->next = winner->cf;
+  winner->cf = NULL;
+
+  switch(cf->conn->alpn) {
+  case CURL_HTTP_VERSION_3:
+    infof(data, "using HTTP/3");
+    break;
+  case CURL_HTTP_VERSION_2:
+#ifdef USE_NGHTTP2
+    /* Using nghttp2, we add the filter "below" us, so when the conn
+     * closes, we tear it down for a fresh reconnect */
+    result = Curl_http2_switch_at(cf, data);
+    if(result) {
+      ctx->state = CF_HC_FAILURE;
+      ctx->result = result;
+      return result;
+    }
+#endif
+    infof(data, "using HTTP/2");
+    break;
+  case CURL_HTTP_VERSION_1_1:
+    infof(data, "using HTTP/1.1");
+    break;
+  default:
+    infof(data, "using HTTP/1.x");
+    break;
+  }
+  ctx->state = CF_HC_SUCCESS;
+  cf->connected = TRUE;
+  Curl_conn_cf_cntrl(cf->next, data, TRUE,
+                     CF_CTRL_CONN_INFO_UPDATE, 0, NULL);
+  return result;
+}
+
+
+static bool time_to_start_h21(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              struct curltime now)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+  timediff_t elapsed_ms;
+
+  if(!ctx->h21_baller.enabled || cf_hc_baller_has_started(&ctx->h21_baller))
+    return FALSE;
+
+  if(!ctx->h3_baller.enabled || !cf_hc_baller_is_active(&ctx->h3_baller))
+    return TRUE;
+
+  elapsed_ms = Curl_timediff(now, ctx->started);
+  if(elapsed_ms >= ctx->hard_eyeballs_timeout_ms) {
+    DEBUGF(LOG_CF(data, cf, "hard timeout of %dms reached, starting h21",
+                  ctx->hard_eyeballs_timeout_ms));
+    return TRUE;
+  }
+
+  if(elapsed_ms >= ctx->soft_eyeballs_timeout_ms) {
+    if(cf_hc_baller_reply_ms(&ctx->h3_baller, data) < 0) {
+      DEBUGF(LOG_CF(data, cf, "soft timeout of %dms reached, h3 has not "
+                    "seen any data, starting h21",
+                    ctx->soft_eyeballs_timeout_ms));
+      return TRUE;
+    }
+    /* set the effective hard timeout again */
+    Curl_expire(data, ctx->hard_eyeballs_timeout_ms - elapsed_ms,
+                EXPIRE_ALPN_EYEBALLS);
+  }
+  return FALSE;
+}
+
+static CURLcode cf_hc_connect(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              bool blocking, bool *done)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+  struct curltime now;
+  CURLcode result = CURLE_OK;
+
+  (void)blocking;
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  *done = FALSE;
+  now = Curl_now();
+  switch(ctx->state) {
+  case CF_HC_INIT:
+    DEBUGASSERT(!ctx->h3_baller.cf);
+    DEBUGASSERT(!ctx->h21_baller.cf);
+    DEBUGASSERT(!cf->next);
+    DEBUGF(LOG_CF(data, cf, "connect, init"));
+    ctx->started = now;
+    if(ctx->h3_baller.enabled) {
+      cf_hc_baller_init(&ctx->h3_baller, cf, data, "h3", TRNSPRT_QUIC);
+      if(ctx->h21_baller.enabled)
+        Curl_expire(data, ctx->soft_eyeballs_timeout_ms, EXPIRE_ALPN_EYEBALLS);
+    }
+    else if(ctx->h21_baller.enabled)
+      cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21",
+                       cf->conn->transport);
+    ctx->state = CF_HC_CONNECT;
+    /* FALLTHROUGH */
+
+  case CF_HC_CONNECT:
+    if(cf_hc_baller_is_active(&ctx->h3_baller)) {
+      result = cf_hc_baller_connect(&ctx->h3_baller, cf, data, done);
+      if(!result && *done) {
+        result = baller_connected(cf, data, &ctx->h3_baller);
+        goto out;
+      }
+    }
+
+    if(time_to_start_h21(cf, data, now)) {
+      cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21",
+                        cf->conn->transport);
+    }
+
+    if(cf_hc_baller_is_active(&ctx->h21_baller)) {
+      DEBUGF(LOG_CF(data, cf, "connect, check h21"));
+      result = cf_hc_baller_connect(&ctx->h21_baller, cf, data, done);
+      if(!result && *done) {
+        result = baller_connected(cf, data, &ctx->h21_baller);
+        goto out;
+      }
+    }
+
+    if((!ctx->h3_baller.enabled || ctx->h3_baller.result) &&
+       (!ctx->h21_baller.enabled || ctx->h21_baller.result)) {
+      /* both failed or disabled. we give up */
+      DEBUGF(LOG_CF(data, cf, "connect, all failed"));
+      result = ctx->result = ctx->h3_baller.enabled?
+                              ctx->h3_baller.result : ctx->h21_baller.result;
+      ctx->state = CF_HC_FAILURE;
+      goto out;
+    }
+    result = CURLE_OK;
+    *done = FALSE;
+    break;
+
+  case CF_HC_FAILURE:
+    result = ctx->result;
+    cf->connected = FALSE;
+    *done = FALSE;
+    break;
+
+  case CF_HC_SUCCESS:
+    result = CURLE_OK;
+    cf->connected = TRUE;
+    *done = TRUE;
+    break;
+  }
+
+out:
+  DEBUGF(LOG_CF(data, cf, "connect -> %d, done=%d", result, *done));
+  return result;
+}
+
+static int cf_hc_get_select_socks(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  curl_socket_t *socks)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+  size_t i, j, s;
+  int brc, rc = GETSOCK_BLANK;
+  curl_socket_t bsocks[MAX_SOCKSPEREASYHANDLE];
+  struct cf_hc_baller *ballers[2];
+
+  if(cf->connected)
+    return cf->next->cft->get_select_socks(cf->next, data, socks);
+
+  ballers[0] = &ctx->h3_baller;
+  ballers[1] = &ctx->h21_baller;
+  for(i = s = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) {
+    struct cf_hc_baller *b = ballers[i];
+    if(!cf_hc_baller_is_active(b))
+      continue;
+    brc = Curl_conn_cf_get_select_socks(b->cf, data, bsocks);
+    DEBUGF(LOG_CF(data, cf, "get_selected_socks(%s) -> %x", b->name, brc));
+    if(!brc)
+      continue;
+    for(j = 0; j < MAX_SOCKSPEREASYHANDLE && s < MAX_SOCKSPEREASYHANDLE; ++j) {
+      if((brc & GETSOCK_WRITESOCK(j)) || (brc & GETSOCK_READSOCK(j))) {
+        socks[s] = bsocks[j];
+        if(brc & GETSOCK_WRITESOCK(j))
+          rc |= GETSOCK_WRITESOCK(s);
+        if(brc & GETSOCK_READSOCK(j))
+          rc |= GETSOCK_READSOCK(s);
+        s++;
+      }
+    }
+  }
+  DEBUGF(LOG_CF(data, cf, "get_selected_socks -> %x", rc));
+  return rc;
+}
+
+static bool cf_hc_data_pending(struct Curl_cfilter *cf,
+                               const struct Curl_easy *data)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+
+  if(cf->connected)
+    return cf->next->cft->has_data_pending(cf->next, data);
+
+  DEBUGF(LOG_CF((struct Curl_easy *)data, cf, "data_pending"));
+  return cf_hc_baller_data_pending(&ctx->h3_baller, data)
+         || cf_hc_baller_data_pending(&ctx->h21_baller, data);
+}
+
+static struct curltime get_max_baller_time(struct Curl_cfilter *cf,
+                                          struct Curl_easy *data,
+                                          int query)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+  struct Curl_cfilter *cfb;
+  struct curltime t, tmax;
+
+  memset(&tmax, 0, sizeof(tmax));
+  memset(&t, 0, sizeof(t));
+  cfb = ctx->h21_baller.enabled? ctx->h21_baller.cf : NULL;
+  if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) {
+    if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0)
+      tmax = t;
+  }
+  memset(&t, 0, sizeof(t));
+  cfb = ctx->h3_baller.enabled? ctx->h3_baller.cf : NULL;
+  if(cfb && !cfb->cft->query(cfb, data, query, NULL, &t)) {
+    if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0)
+      tmax = t;
+  }
+  return tmax;
+}
+
+static CURLcode cf_hc_query(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            int query, int *pres1, void *pres2)
+{
+  if(!cf->connected) {
+    switch(query) {
+    case CF_QUERY_TIMER_CONNECT: {
+      struct curltime *when = pres2;
+      *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_CONNECT);
+      return CURLE_OK;
+    }
+    case CF_QUERY_TIMER_APPCONNECT: {
+      struct curltime *when = pres2;
+      *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT);
+      return CURLE_OK;
+    }
+    default:
+      break;
+    }
+  }
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
+}
+
+static void cf_hc_close(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  DEBUGF(LOG_CF(data, cf, "close"));
+  cf_hc_reset(cf, data);
+  cf->connected = FALSE;
+
+  if(cf->next) {
+    cf->next->cft->close(cf->next, data);
+    Curl_conn_cf_discard_chain(&cf->next, data);
+  }
+}
+
+static void cf_hc_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_hc_ctx *ctx = cf->ctx;
+
+  (void)data;
+  DEBUGF(LOG_CF(data, cf, "destroy"));
+  cf_hc_reset(cf, data);
+  Curl_safefree(ctx);
+}
+
+struct Curl_cftype Curl_cft_http_connect = {
+  "HTTPS-CONNECT",
+  0,
+  CURL_LOG_DEFAULT,
+  cf_hc_destroy,
+  cf_hc_connect,
+  cf_hc_close,
+  Curl_cf_def_get_host,
+  cf_hc_get_select_socks,
+  cf_hc_data_pending,
+  Curl_cf_def_send,
+  Curl_cf_def_recv,
+  Curl_cf_def_cntrl,
+  Curl_cf_def_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_hc_query,
+};
+
+static CURLcode cf_hc_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             const struct Curl_dns_entry *remotehost,
+                             bool try_h3, bool try_h21)
+{
+  struct Curl_cfilter *cf = NULL;
+  struct cf_hc_ctx *ctx;
+  CURLcode result = CURLE_OK;
+
+  (void)data;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  ctx->remotehost = remotehost;
+  ctx->h3_baller.enabled = try_h3;
+  ctx->h21_baller.enabled = try_h21;
+
+  result = Curl_cf_create(&cf, &Curl_cft_http_connect, ctx);
+  if(result)
+    goto out;
+  ctx = NULL;
+  cf_hc_reset(cf, data);
+
+out:
+  *pcf = result? NULL : cf;
+  free(ctx);
+  return result;
+}
+
+CURLcode Curl_cf_http_connect_add(struct Curl_easy *data,
+                                  struct connectdata *conn,
+                                  int sockindex,
+                                  const struct Curl_dns_entry *remotehost,
+                                  bool try_h3, bool try_h21)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result = CURLE_OK;
+
+  DEBUGASSERT(data);
+  result = cf_hc_create(&cf, data, remotehost, try_h3, try_h21);
+  if(result)
+    goto out;
+  Curl_conn_cf_add(data, conn, sockindex, cf);
+out:
+  return result;
+}
+
+CURLcode
+Curl_cf_http_connect_insert_after(struct Curl_cfilter *cf_at,
+                                  struct Curl_easy *data,
+                                  const struct Curl_dns_entry *remotehost,
+                                  bool try_h3, bool try_h21)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  DEBUGASSERT(data);
+  result = cf_hc_create(&cf, data, remotehost, try_h3, try_h21);
+  if(result)
+    goto out;
+  Curl_conn_cf_insert_after(cf_at, cf);
+out:
+  return result;
+}
+
+CURLcode Curl_cf_https_setup(struct Curl_easy *data,
+                             struct connectdata *conn,
+                             int sockindex,
+                             const struct Curl_dns_entry *remotehost)
+{
+  bool try_h3 = FALSE, try_h21 = TRUE; /* defaults, for now */
+  CURLcode result = CURLE_OK;
+
+  (void)sockindex;
+  (void)remotehost;
+
+  if(!conn->bits.tls_enable_alpn)
+    goto out;
+
+  if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) {
+    result = Curl_conn_may_http3(data, conn);
+    if(result) /* can't do it */
+      goto out;
+    try_h3 = TRUE;
+    try_h21 = FALSE;
+  }
+  else if(data->state.httpwant >= CURL_HTTP_VERSION_3) {
+    /* We assume that silently not even trying H3 is ok here */
+    /* TODO: should we fail instead? */
+    try_h3 = (Curl_conn_may_http3(data, conn) == CURLE_OK);
+    try_h21 = TRUE;
+  }
+
+  result = Curl_cf_http_connect_add(data, conn, sockindex, remotehost,
+                                    try_h3, try_h21);
+out:
+  return result;
+}
+
+#endif /* !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) */
diff --git a/lib/cf-https-connect.h b/lib/cf-https-connect.h
new file mode 100644
index 000000000..6a3952731
--- /dev/null
+++ b/lib/cf-https-connect.h
@@ -0,0 +1,58 @@
+#ifndef HEADER_CURL_CF_HTTP_H
+#define HEADER_CURL_CF_HTTP_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
+
+struct Curl_cfilter;
+struct Curl_easy;
+struct connectdata;
+struct Curl_cftype;
+struct Curl_dns_entry;
+
+extern struct Curl_cftype Curl_cft_http_connect;
+
+CURLcode Curl_cf_http_connect_add(struct Curl_easy *data,
+                                  struct connectdata *conn,
+                                  int sockindex,
+                                  const struct Curl_dns_entry *remotehost,
+                                  bool try_h3, bool try_h21);
+
+CURLcode
+Curl_cf_http_connect_insert_after(struct Curl_cfilter *cf_at,
+                                  struct Curl_easy *data,
+                                  const struct Curl_dns_entry *remotehost,
+                                  bool try_h3, bool try_h21);
+
+
+CURLcode Curl_cf_https_setup(struct Curl_easy *data,
+                             struct connectdata *conn,
+                             int sockindex,
+                             const struct Curl_dns_entry *remotehost);
+
+
+#endif /* !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) */
+#endif /* HEADER_CURL_CF_HTTP_H */
diff --git a/lib/cf-socket.c b/lib/cf-socket.c
new file mode 100644
index 000000000..6d9ace426
--- /dev/null
+++ b/lib/cf-socket.c
@@ -0,0 +1,1921 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h> /* <netinet/tcp.h> may need it */
+#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h> /* for sockaddr_un */
+#endif
+#ifdef HAVE_LINUX_TCP_H
+#include <linux/tcp.h>
+#elif defined(HAVE_NETINET_TCP_H)
+#include <netinet/tcp.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "if2ip.h"
+#include "strerror.h"
+#include "cfilters.h"
+#include "cf-socket.h"
+#include "connect.h"
+#include "select.h"
+#include "url.h" /* for Curl_safefree() */
+#include "multiif.h"
+#include "sockaddr.h" /* required for Curl_sockaddr_storage */
+#include "inet_ntop.h"
+#include "inet_pton.h"
+#include "progress.h"
+#include "warnless.h"
+#include "conncache.h"
+#include "multihandle.h"
+#include "share.h"
+#include "version_win32.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+
+static void tcpnodelay(struct Curl_easy *data, curl_socket_t sockfd)
+{
+#if defined(TCP_NODELAY)
+  curl_socklen_t onoff = (curl_socklen_t) 1;
+  int level = IPPROTO_TCP;
+#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  char buffer[STRERROR_LEN];
+#else
+  (void) data;
+#endif
+
+  if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff,
+                sizeof(onoff)) < 0)
+    infof(data, "Could not set TCP_NODELAY: %s",
+          Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
+#else
+  (void)data;
+  (void)sockfd;
+#endif
+}
+
+#ifdef SO_NOSIGPIPE
+/* The preferred method on Mac OS X (10.2 and later) to prevent SIGPIPEs when
+   sending data to a dead peer (instead of relying on the 4th argument to send
+   being MSG_NOSIGNAL). Possibly also existing and in use on other BSD
+   systems? */
+static void nosigpipe(struct Curl_easy *data,
+                      curl_socket_t sockfd)
+{
+  int onoff = 1;
+  if(setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&onoff,
+                sizeof(onoff)) < 0) {
+#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
+    char buffer[STRERROR_LEN];
+    infof(data, "Could not set SO_NOSIGPIPE: %s",
+          Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
+#endif
+  }
+}
+#else
+#define nosigpipe(x,y) Curl_nop_stmt
+#endif
+
+#if defined(__DragonFly__) || defined(HAVE_WINSOCK2_H)
+/* DragonFlyBSD and Windows use millisecond units */
+#define KEEPALIVE_FACTOR(x) (x *= 1000)
+#else
+#define KEEPALIVE_FACTOR(x)
+#endif
+
+#if defined(HAVE_WINSOCK2_H) && !defined(SIO_KEEPALIVE_VALS)
+#define SIO_KEEPALIVE_VALS    _WSAIOW(IOC_VENDOR,4)
+
+struct tcp_keepalive {
+  u_long onoff;
+  u_long keepalivetime;
+  u_long keepaliveinterval;
+};
+#endif
+
+static void
+tcpkeepalive(struct Curl_easy *data,
+             curl_socket_t sockfd)
+{
+  int optval = data->set.tcp_keepalive?1:0;
+
+  /* only set IDLE and INTVL if setting KEEPALIVE is successful */
+  if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE,
+        (void *)&optval, sizeof(optval)) < 0) {
+    infof(data, "Failed to set SO_KEEPALIVE on fd %d", sockfd);
+  }
+  else {
+#if defined(SIO_KEEPALIVE_VALS)
+    struct tcp_keepalive vals;
+    DWORD dummy;
+    vals.onoff = 1;
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    vals.keepalivetime = optval;
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    KEEPALIVE_FACTOR(optval);
+    vals.keepaliveinterval = optval;
+    if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals),
+                NULL, 0, &dummy, NULL, NULL) != 0) {
+      infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd %d: %d",
+            (int)sockfd, WSAGetLastError());
+    }
+#else
+#ifdef TCP_KEEPIDLE
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPIDLE on fd %d", sockfd);
+    }
+#elif defined(TCP_KEEPALIVE)
+    /* Mac OS X style */
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE,
+      (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd);
+    }
+#endif
+#ifdef TCP_KEEPINTVL
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPINTVL on fd %d", sockfd);
+    }
+#endif
+#endif
+  }
+}
+
+void Curl_sock_assign_addr(struct Curl_sockaddr_ex *dest,
+                           const struct Curl_addrinfo *ai,
+                           int transport)
+{
+  /*
+   * The Curl_sockaddr_ex structure is basically libcurl's external API
+   * curl_sockaddr structure with enough space available to directly hold
+   * any protocol-specific address structures. The variable declared here
+   * will be used to pass / receive data to/from the fopensocket callback
+   * if this has been set, before that, it is initialized from parameters.
+   */
+  dest->family = ai->ai_family;
+  switch(transport) {
+  case TRNSPRT_TCP:
+    dest->socktype = SOCK_STREAM;
+    dest->protocol = IPPROTO_TCP;
+    break;
+  case TRNSPRT_UNIX:
+    dest->socktype = SOCK_STREAM;
+    dest->protocol = IPPROTO_IP;
+    break;
+  default: /* UDP and QUIC */
+    dest->socktype = SOCK_DGRAM;
+    dest->protocol = IPPROTO_UDP;
+    break;
+  }
+  dest->addrlen = ai->ai_addrlen;
+
+  if(dest->addrlen > sizeof(struct Curl_sockaddr_storage))
+     dest->addrlen = sizeof(struct Curl_sockaddr_storage);
+  memcpy(&dest->sa_addr, ai->ai_addr, dest->addrlen);
+}
+
+static CURLcode socket_open(struct Curl_easy *data,
+                            struct Curl_sockaddr_ex *addr,
+                            curl_socket_t *sockfd)
+{
+  DEBUGASSERT(data);
+  DEBUGASSERT(data->conn);
+  if(data->set.fopensocket) {
+   /*
+    * If the opensocket callback is set, all the destination address
+    * information is passed to the callback. Depending on this information the
+    * callback may opt to abort the connection, this is indicated returning
+    * CURL_SOCKET_BAD; otherwise it will return a not-connected socket. When
+    * the callback returns a valid socket the destination address information
+    * might have been changed and this 'new' address will actually be used
+    * here to connect.
+    */
+    Curl_set_in_callback(data, true);
+    *sockfd = data->set.fopensocket(data->set.opensocket_client,
+                                    CURLSOCKTYPE_IPCXN,
+                                    (struct curl_sockaddr *)addr);
+    Curl_set_in_callback(data, false);
+  }
+  else {
+    /* opensocket callback not set, so simply create the socket now */
+    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+  }
+
+  if(*sockfd == CURL_SOCKET_BAD)
+    /* no socket, no connection */
+    return CURLE_COULDNT_CONNECT;
+
+#if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
+  if(data->conn->scope_id && (addr->family == AF_INET6)) {
+    struct sockaddr_in6 * const sa6 = (void *)&addr->sa_addr;
+    sa6->sin6_scope_id = data->conn->scope_id;
+  }
+#endif
+  return CURLE_OK;
+}
+
+/*
+ * Create a socket based on info from 'conn' and 'ai'.
+ *
+ * 'addr' should be a pointer to the correct struct to get data back, or NULL.
+ * 'sockfd' must be a pointer to a socket descriptor.
+ *
+ * If the open socket callback is set, used that!
+ *
+ */
+CURLcode Curl_socket_open(struct Curl_easy *data,
+                            const struct Curl_addrinfo *ai,
+                            struct Curl_sockaddr_ex *addr,
+                            int transport,
+                            curl_socket_t *sockfd)
+{
+  struct Curl_sockaddr_ex dummy;
+
+  if(!addr)
+    /* if the caller doesn't want info back, use a local temp copy */
+    addr = &dummy;
+
+  Curl_sock_assign_addr(addr, ai, transport);
+  return socket_open(data, addr, sockfd);
+}
+
+static int socket_close(struct Curl_easy *data, struct connectdata *conn,
+                        int use_callback, curl_socket_t sock)
+{
+  if(use_callback && conn && conn->fclosesocket) {
+    int rc;
+    Curl_multi_closed(data, sock);
+    Curl_set_in_callback(data, true);
+    rc = conn->fclosesocket(conn->closesocket_client, sock);
+    Curl_set_in_callback(data, false);
+    return rc;
+  }
+
+  if(conn)
+    /* tell the multi-socket code about this */
+    Curl_multi_closed(data, sock);
+
+  sclose(sock);
+
+  return 0;
+}
+
+/*
+ * Close a socket.
+ *
+ * 'conn' can be NULL, beware!
+ */
+int Curl_socket_close(struct Curl_easy *data, struct connectdata *conn,
+                      curl_socket_t sock)
+{
+  return socket_close(data, conn, FALSE, sock);
+}
+
+#ifdef USE_WINSOCK
+/* When you run a program that uses the Windows Sockets API, you may
+   experience slow performance when you copy data to a TCP server.
+
+   https://support.microsoft.com/kb/823764
+
+   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
+   Buffer Size
+
+   The problem described in this knowledge-base is applied only to pre-Vista
+   Windows.  Following function trying to detect OS version and skips
+   SO_SNDBUF adjustment for Windows Vista and above.
+*/
+#define DETECT_OS_NONE 0
+#define DETECT_OS_PREVISTA 1
+#define DETECT_OS_VISTA_OR_LATER 2
+
+void Curl_sndbufset(curl_socket_t sockfd)
+{
+  int val = CURL_MAX_WRITE_SIZE + 32;
+  int curval = 0;
+  int curlen = sizeof(curval);
+
+  static int detectOsState = DETECT_OS_NONE;
+
+  if(detectOsState == DETECT_OS_NONE) {
+    if(curlx_verify_windows_version(6, 0, 0, PLATFORM_WINNT,
+                                    VERSION_GREATER_THAN_EQUAL))
+      detectOsState = DETECT_OS_VISTA_OR_LATER;
+    else
+      detectOsState = DETECT_OS_PREVISTA;
+  }
+
+  if(detectOsState == DETECT_OS_VISTA_OR_LATER)
+    return;
+
+  if(getsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (char *)&curval, &curlen) == 0)
+    if(curval > val)
+      return;
+
+  setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const char *)&val, sizeof(val));
+}
+#endif
+
+static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn,
+                          curl_socket_t sockfd, int af, unsigned int scope)
+{
+  struct Curl_sockaddr_storage sa;
+  struct sockaddr *sock = (struct sockaddr *)&sa;  /* bind to this address */
+  curl_socklen_t sizeof_sa = 0; /* size of the data sock points to */
+  struct sockaddr_in *si4 = (struct sockaddr_in *)&sa;
+#ifdef ENABLE_IPV6
+  struct sockaddr_in6 *si6 = (struct sockaddr_in6 *)&sa;
+#endif
+
+  struct Curl_dns_entry *h = NULL;
+  unsigned short port = data->set.localport; /* use this port number, 0 for
+                                                "random" */
+  /* how many port numbers to try to bind to, increasing one at a time */
+  int portnum = data->set.localportrange;
+  const char *dev = data->set.str[STRING_DEVICE];
+  int error;
+#ifdef IP_BIND_ADDRESS_NO_PORT
+  int on = 1;
+#endif
+#ifndef ENABLE_IPV6
+  (void)scope;
+#endif
+
+  /*************************************************************
+   * Select device to bind socket to
+   *************************************************************/
+  if(!dev && !port)
+    /* no local kind of binding was requested */
+    return CURLE_OK;
+
+  memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
+
+  if(dev && (strlen(dev)<255) ) {
+    char myhost[256] = "";
+    int done = 0; /* -1 for error, 1 for address found */
+    bool is_interface = FALSE;
+    bool is_host = FALSE;
+    static const char *if_prefix = "if!";
+    static const char *host_prefix = "host!";
+
+    if(strncmp(if_prefix, dev, strlen(if_prefix)) == 0) {
+      dev += strlen(if_prefix);
+      is_interface = TRUE;
+    }
+    else if(strncmp(host_prefix, dev, strlen(host_prefix)) == 0) {
+      dev += strlen(host_prefix);
+      is_host = TRUE;
+    }
+
+    /* interface */
+    if(!is_host) {
+#ifdef SO_BINDTODEVICE
+      /* I am not sure any other OSs than Linux that provide this feature,
+       * and at the least I cannot test. --Ben
+       *
+       * This feature allows one to tightly bind the local socket to a
+       * particular interface.  This will force even requests to other
+       * local interfaces to go out the external interface.
+       *
+       *
+       * Only bind to the interface when specified as interface, not just
+       * as a hostname or ip address.
+       *
+       * interface might be a VRF, eg: vrf-blue, which means it cannot be
+       * converted to an IP address and would fail Curl_if2ip. Simply try
+       * to use it straight away.
+       */
+      if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+                    dev, (curl_socklen_t)strlen(dev) + 1) == 0) {
+        /* This is typically "errno 1, error: Operation not permitted" if
+         * you're not running as root or another suitable privileged
+         * user.
+         * If it succeeds it means the parameter was a valid interface and
+         * not an IP address. Return immediately.
+         */
+        return CURLE_OK;
+      }
+#endif
+
+      switch(Curl_if2ip(af,
+#ifdef ENABLE_IPV6
+                        scope, conn->scope_id,
+#endif
+                        dev, myhost, sizeof(myhost))) {
+        case IF2IP_NOT_FOUND:
+          if(is_interface) {
+            /* Do not fall back to treating it as a host name */
+            failf(data, "Couldn't bind to interface '%s'", dev);
+            return CURLE_INTERFACE_FAILED;
+          }
+          break;
+        case IF2IP_AF_NOT_SUPPORTED:
+          /* Signal the caller to try another address family if available */
+          return CURLE_UNSUPPORTED_PROTOCOL;
+        case IF2IP_FOUND:
+          is_interface = TRUE;
+          /*
+           * We now have the numerical IP address in the 'myhost' buffer
+           */
+          infof(data, "Local Interface %s is ip %s using address family %i",
+                dev, myhost, af);
+          done = 1;
+          break;
+      }
+    }
+    if(!is_interface) {
+      /*
+       * This was not an interface, resolve the name as a host name
+       * or IP number
+       *
+       * Temporarily force name resolution to use only the address type
+       * of the connection. The resolve functions should really be changed
+       * to take a type parameter instead.
+       */
+      unsigned char ipver = conn->ip_version;
+      int rc;
+
+      if(af == AF_INET)
+        conn->ip_version = CURL_IPRESOLVE_V4;
+#ifdef ENABLE_IPV6
+      else if(af == AF_INET6)
+        conn->ip_version = CURL_IPRESOLVE_V6;
+#endif
+
+      rc = Curl_resolv(data, dev, 80, FALSE, &h);
+      if(rc == CURLRESOLV_PENDING)
+        (void)Curl_resolver_wait_resolv(data, &h);
+      conn->ip_version = ipver;
+
+      if(h) {
+        /* convert the resolved address, sizeof myhost >= INET_ADDRSTRLEN */
+        Curl_printable_address(h->addr, myhost, sizeof(myhost));
+        infof(data, "Name '%s' family %i resolved to '%s' family %i",
+              dev, af, myhost, h->addr->ai_family);
+        Curl_resolv_unlock(data, h);
+        if(af != h->addr->ai_family) {
+          /* bad IP version combo, signal the caller to try another address
+             family if available */
+          return CURLE_UNSUPPORTED_PROTOCOL;
+        }
+        done = 1;
+      }
+      else {
+        /*
+         * provided dev was no interface (or interfaces are not supported
+         * e.g. solaris) no ip address and no domain we fail here
+         */
+        done = -1;
+      }
+    }
+
+    if(done > 0) {
+#ifdef ENABLE_IPV6
+      /* IPv6 address */
+      if(af == AF_INET6) {
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+        char *scope_ptr = strchr(myhost, '%');
+        if(scope_ptr)
+          *(scope_ptr++) = '\0';
+#endif
+        if(Curl_inet_pton(AF_INET6, myhost, &si6->sin6_addr) > 0) {
+          si6->sin6_family = AF_INET6;
+          si6->sin6_port = htons(port);
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+          if(scope_ptr) {
+            /* The "myhost" string either comes from Curl_if2ip or from
+               Curl_printable_address. The latter returns only numeric scope
+               IDs and the former returns none at all.  So the scope ID, if
+               present, is known to be numeric */
+            unsigned long scope_id = strtoul(scope_ptr, NULL, 10);
+            if(scope_id > UINT_MAX)
+              return CURLE_UNSUPPORTED_PROTOCOL;
+
+            si6->sin6_scope_id = (unsigned int)scope_id;
+          }
+#endif
+        }
+        sizeof_sa = sizeof(struct sockaddr_in6);
+      }
+      else
+#endif
+      /* IPv4 address */
+      if((af == AF_INET) &&
+         (Curl_inet_pton(AF_INET, myhost, &si4->sin_addr) > 0)) {
+        si4->sin_family = AF_INET;
+        si4->sin_port = htons(port);
+        sizeof_sa = sizeof(struct sockaddr_in);
+      }
+    }
+
+    if(done < 1) {
+      /* errorbuf is set false so failf will overwrite any message already in
+         the error buffer, so the user receives this error message instead of a
+         generic resolve error. */
+      data->state.errorbuf = FALSE;
+      failf(data, "Couldn't bind to '%s'", dev);
+      return CURLE_INTERFACE_FAILED;
+    }
+  }
+  else {
+    /* no device was given, prepare sa to match af's needs */
+#ifdef ENABLE_IPV6
+    if(af == AF_INET6) {
+      si6->sin6_family = AF_INET6;
+      si6->sin6_port = htons(port);
+      sizeof_sa = sizeof(struct sockaddr_in6);
+    }
+    else
+#endif
+    if(af == AF_INET) {
+      si4->sin_family = AF_INET;
+      si4->sin_port = htons(port);
+      sizeof_sa = sizeof(struct sockaddr_in);
+    }
+  }
+#ifdef IP_BIND_ADDRESS_NO_PORT
+  (void)setsockopt(sockfd, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &on, sizeof(on));
+#endif
+  for(;;) {
+    if(bind(sockfd, sock, sizeof_sa) >= 0) {
+      /* we succeeded to bind */
+      struct Curl_sockaddr_storage add;
+      curl_socklen_t size = sizeof(add);
+      memset(&add, 0, sizeof(struct Curl_sockaddr_storage));
+      if(getsockname(sockfd, (struct sockaddr *) &add, &size) < 0) {
+        char buffer[STRERROR_LEN];
+        data->state.os_errno = error = SOCKERRNO;
+        failf(data, "getsockname() failed with errno %d: %s",
+              error, Curl_strerror(error, buffer, sizeof(buffer)));
+        return CURLE_INTERFACE_FAILED;
+      }
+      infof(data, "Local port: %hu", port);
+      conn->bits.bound = TRUE;
+      return CURLE_OK;
+    }
+
+    if(--portnum > 0) {
+      port++; /* try next port */
+      if(port == 0)
+        break;
+      infof(data, "Bind to local port %hu failed, trying next", port - 1);
+      /* We re-use/clobber the port variable here below */
+      if(sock->sa_family == AF_INET)
+        si4->sin_port = ntohs(port);
+#ifdef ENABLE_IPV6
+      else
+        si6->sin6_port = ntohs(port);
+#endif
+    }
+    else
+      break;
+  }
+  {
+    char buffer[STRERROR_LEN];
+    data->state.os_errno = error = SOCKERRNO;
+    failf(data, "bind failed with errno %d: %s",
+          error, Curl_strerror(error, buffer, sizeof(buffer)));
+  }
+
+  return CURLE_INTERFACE_FAILED;
+}
+
+/*
+ * verifyconnect() returns TRUE if the connect really has happened.
+ */
+static bool verifyconnect(curl_socket_t sockfd, int *error)
+{
+  bool rc = TRUE;
+#ifdef SO_ERROR
+  int err = 0;
+  curl_socklen_t errSize = sizeof(err);
+
+#ifdef WIN32
+  /*
+   * In October 2003 we effectively nullified this function on Windows due to
+   * problems with it using all CPU in multi-threaded cases.
+   *
+   * In May 2004, we bring it back to offer more info back on connect failures.
+   * Gisle Vanem could reproduce the former problems with this function, but
+   * could avoid them by adding this SleepEx() call below:
+   *
+   *    "I don't have Rational Quantify, but the hint from his post was
+   *    ntdll::NtRemoveIoCompletion(). So I'd assume the SleepEx (or maybe
+   *    just Sleep(0) would be enough?) would release whatever
+   *    mutex/critical-section the ntdll call is waiting on.
+   *
+   *    Someone got to verify this on Win-NT 4.0, 2000."
+   */
+
+#ifdef _WIN32_WCE
+  Sleep(0);
+#else
+  SleepEx(0, FALSE);
+#endif
+
+#endif
+
+  if(0 != getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void *)&err, &errSize))
+    err = SOCKERRNO;
+#ifdef _WIN32_WCE
+  /* Old WinCE versions don't support SO_ERROR */
+  if(WSAENOPROTOOPT == err) {
+    SET_SOCKERRNO(0);
+    err = 0;
+  }
+#endif
+#if defined(EBADIOCTL) && defined(__minix)
+  /* Minix 3.1.x doesn't support getsockopt on UDP sockets */
+  if(EBADIOCTL == err) {
+    SET_SOCKERRNO(0);
+    err = 0;
+  }
+#endif
+  if((0 == err) || (EISCONN == err))
+    /* we are connected, awesome! */
+    rc = TRUE;
+  else
+    /* This wasn't a successful connect */
+    rc = FALSE;
+  if(error)
+    *error = err;
+#else
+  (void)sockfd;
+  if(error)
+    *error = SOCKERRNO;
+#endif
+  return rc;
+}
+
+CURLcode Curl_socket_connect_result(struct Curl_easy *data,
+                                    const char *ipaddress, int error)
+{
+  char buffer[STRERROR_LEN];
+
+  switch(error) {
+  case EINPROGRESS:
+  case EWOULDBLOCK:
+#if defined(EAGAIN)
+#if (EAGAIN) != (EWOULDBLOCK)
+    /* On some platforms EAGAIN and EWOULDBLOCK are the
+     * same value, and on others they are different, hence
+     * the odd #if
+     */
+  case EAGAIN:
+#endif
+#endif
+    return CURLE_OK;
+
+  default:
+    /* unknown error, fallthrough and try another address! */
+    infof(data, "Immediate connect fail for %s: %s",
+          ipaddress, Curl_strerror(error, buffer, sizeof(buffer)));
+    data->state.os_errno = error;
+    /* connect failed */
+    return CURLE_COULDNT_CONNECT;
+  }
+}
+
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+struct io_buffer {
+  char *bufr;
+  size_t allc;           /* size of the current allocation */
+  size_t head;           /* bufr index for next read */
+  size_t tail;           /* bufr index for next write */
+};
+
+static void io_buffer_reset(struct io_buffer *iob)
+{
+  if(iob->bufr)
+    free(iob->bufr);
+  memset(iob, 0, sizeof(*iob));
+}
+#endif /* USE_RECV_BEFORE_SEND_WORKAROUND */
+
+struct cf_socket_ctx {
+  int transport;
+  struct Curl_sockaddr_ex addr;      /* address to connect to */
+  curl_socket_t sock;                /* current attempt socket */
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+  struct io_buffer recv_buffer;
+#endif
+  char r_ip[MAX_IPADR_LEN];          /* remote IP as string */
+  int r_port;                        /* remote port number */
+  char l_ip[MAX_IPADR_LEN];          /* local IP as string */
+  int l_port;                        /* local port number */
+  struct curltime started_at;        /* when socket was created */
+  struct curltime connected_at;      /* when socket connected/got first byte */
+  struct curltime first_byte_at;     /* when first byte was recvd */
+  int error;                         /* errno of last failure or 0 */
+  BIT(got_first_byte);               /* if first byte was received */
+  BIT(accepted);                     /* socket was accepted, not connected */
+  BIT(active);
+};
+
+static void cf_socket_ctx_init(struct cf_socket_ctx *ctx,
+                               const struct Curl_addrinfo *ai,
+                               int transport)
+{
+  memset(ctx, 0, sizeof(*ctx));
+  ctx->sock = CURL_SOCKET_BAD;
+  ctx->transport = transport;
+  Curl_sock_assign_addr(&ctx->addr, ai, transport);
+}
+
+static void cf_socket_close(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+
+  if(ctx && CURL_SOCKET_BAD != ctx->sock) {
+    if(ctx->active) {
+      /* We share our socket at cf->conn->sock[cf->sockindex] when active.
+       * If it is no longer there, someone has stolen (and hopefully
+       * closed it) and we just forget about it.
+       */
+      if(ctx->sock == cf->conn->sock[cf->sockindex]) {
+        DEBUGF(LOG_CF(data, cf, "cf_socket_close(%d, active)",
+                     (int)ctx->sock));
+        socket_close(data, cf->conn, !ctx->accepted, ctx->sock);
+        cf->conn->sock[cf->sockindex] = CURL_SOCKET_BAD;
+      }
+      else {
+        DEBUGF(LOG_CF(data, cf, "cf_socket_close(%d) no longer at "
+                      "conn->sock[], discarding", (int)ctx->sock));
+        /* TODO: we do not want this to happen. Need to check which
+         * code is messing with conn->sock[cf->sockindex] */
+      }
+      ctx->sock = CURL_SOCKET_BAD;
+      if(cf->sockindex == FIRSTSOCKET)
+        cf->conn->remote_addr = NULL;
+    }
+    else {
+      /* this is our local socket, we did never publish it */
+      DEBUGF(LOG_CF(data, cf, "cf_socket_close(%d, not active)",
+                    (int)ctx->sock));
+      sclose(ctx->sock);
+      ctx->sock = CURL_SOCKET_BAD;
+    }
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+    io_buffer_reset(&ctx->recv_buffer);
+#endif
+    ctx->active = FALSE;
+    memset(&ctx->started_at, 0, sizeof(ctx->started_at));
+    memset(&ctx->connected_at, 0, sizeof(ctx->connected_at));
+  }
+
+  cf->connected = FALSE;
+}
+
+static void cf_socket_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+
+  cf_socket_close(cf, data);
+  DEBUGF(LOG_CF(data, cf, "destroy"));
+  free(ctx);
+  cf->ctx = NULL;
+}
+
+static CURLcode set_local_ip(struct Curl_cfilter *cf,
+                             struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+
+#ifdef HAVE_GETSOCKNAME
+  char buffer[STRERROR_LEN];
+  struct Curl_sockaddr_storage ssloc;
+  curl_socklen_t slen = sizeof(struct Curl_sockaddr_storage);
+
+  memset(&ssloc, 0, sizeof(ssloc));
+  if(getsockname(ctx->sock, (struct sockaddr*) &ssloc, &slen)) {
+    int error = SOCKERRNO;
+    failf(data, "getsockname() failed with errno %d: %s",
+          error, Curl_strerror(error, buffer, sizeof(buffer)));
+    return CURLE_FAILED_INIT;
+  }
+  if(!Curl_addr2string((struct sockaddr*)&ssloc, slen,
+                       ctx->l_ip, &ctx->l_port)) {
+    failf(data, "ssloc inet_ntop() failed with errno %d: %s",
+          errno, Curl_strerror(errno, buffer, sizeof(buffer)));
+    return CURLE_FAILED_INIT;
+  }
+#else
+  (void)data;
+  ctx->l_ip[0] = 0;
+  ctx->l_port = -1;
+#endif
+  return CURLE_OK;
+}
+
+static CURLcode set_remote_ip(struct Curl_cfilter *cf,
+                              struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+
+  /* store remote address and port used in this connection attempt */
+  if(!Curl_addr2string(&ctx->addr.sa_addr, ctx->addr.addrlen,
+                       ctx->r_ip, &ctx->r_port)) {
+    char buffer[STRERROR_LEN];
+
+    ctx->error = errno;
+    /* malformed address or bug in inet_ntop, try next address */
+    failf(data, "sa_addr inet_ntop() failed with errno %d: %s",
+          errno, Curl_strerror(errno, buffer, sizeof(buffer)));
+    return CURLE_FAILED_INIT;
+  }
+  return CURLE_OK;
+}
+
+static CURLcode cf_socket_open(struct Curl_cfilter *cf,
+                              struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  int error = 0;
+  bool isconnected = FALSE;
+  CURLcode result = CURLE_COULDNT_CONNECT;
+  bool is_tcp;
+  const char *ipmsg;
+
+  (void)data;
+  DEBUGASSERT(ctx->sock == CURL_SOCKET_BAD);
+  ctx->started_at = Curl_now();
+  result = socket_open(data, &ctx->addr, &ctx->sock);
+  if(result)
+    goto out;
+
+  result = set_remote_ip(cf, data);
+  if(result)
+    goto out;
+
+#ifdef ENABLE_IPV6
+  if(ctx->addr.family == AF_INET6)
+    ipmsg = "  Trying [%s]:%d...";
+  else
+#endif
+    ipmsg = "  Trying %s:%d...";
+  infof(data, ipmsg, ctx->r_ip, ctx->r_port);
+
+#ifdef ENABLE_IPV6
+  is_tcp = (ctx->addr.family == AF_INET
+            || ctx->addr.family == AF_INET6) &&
+           ctx->addr.socktype == SOCK_STREAM;
+#else
+  is_tcp = (ctx->addr.family == AF_INET) &&
+           ctx->addr.socktype == SOCK_STREAM;
+#endif
+  if(is_tcp && data->set.tcp_nodelay)
+    tcpnodelay(data, ctx->sock);
+
+  nosigpipe(data, ctx->sock);
+
+  Curl_sndbufset(ctx->sock);
+
+  if(is_tcp && data->set.tcp_keepalive)
+    tcpkeepalive(data, ctx->sock);
+
+  if(data->set.fsockopt) {
+    /* activate callback for setting socket options */
+    Curl_set_in_callback(data, true);
+    error = data->set.fsockopt(data->set.sockopt_client,
+                               ctx->sock,
+                               CURLSOCKTYPE_IPCXN);
+    Curl_set_in_callback(data, false);
+
+    if(error == CURL_SOCKOPT_ALREADY_CONNECTED)
+      isconnected = TRUE;
+    else if(error) {
+      result = CURLE_ABORTED_BY_CALLBACK;
+      goto out;
+    }
+  }
+
+  /* possibly bind the local end to an IP, interface or port */
+  if(ctx->addr.family == AF_INET
+#ifdef ENABLE_IPV6
+     || ctx->addr.family == AF_INET6
+#endif
+    ) {
+    result = bindlocal(data, cf->conn, ctx->sock, ctx->addr.family,
+                       Curl_ipv6_scope(&ctx->addr.sa_addr));
+    if(result) {
+      if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+        /* The address family is not supported on this interface.
+           We can continue trying addresses */
+        result = CURLE_COULDNT_CONNECT;
+      }
+      goto out;
+    }
+  }
+
+  /* set socket non-blocking */
+  (void)curlx_nonblock(ctx->sock, TRUE);
+
+out:
+  if(result) {
+    if(ctx->sock != CURL_SOCKET_BAD) {
+      socket_close(data, cf->conn, TRUE, ctx->sock);
+      ctx->sock = CURL_SOCKET_BAD;
+    }
+  }
+  else if(isconnected) {
+    set_local_ip(cf, data);
+    ctx->connected_at = Curl_now();
+    cf->connected = TRUE;
+  }
+  DEBUGF(LOG_CF(data, cf, "cf_socket_open() -> %d, fd=%d", result, ctx->sock));
+  return result;
+}
+
+static int do_connect(struct Curl_cfilter *cf, struct Curl_easy *data,
+                      bool is_tcp_fastopen)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+#ifdef TCP_FASTOPEN_CONNECT
+  int optval = 1;
+#endif
+  int rc = -1;
+
+  (void)data;
+  if(is_tcp_fastopen) {
+#if defined(CONNECT_DATA_IDEMPOTENT) /* Darwin */
+#  if defined(HAVE_BUILTIN_AVAILABLE)
+    /* while connectx function is available since macOS 10.11 / iOS 9,
+       it did not have the interface declared correctly until
+       Xcode 9 / macOS SDK 10.13 */
+    if(__builtin_available(macOS 10.11, iOS 9.0, tvOS 9.0, watchOS 2.0, *)) {
+      sa_endpoints_t endpoints;
+      endpoints.sae_srcif = 0;
+      endpoints.sae_srcaddr = NULL;
+      endpoints.sae_srcaddrlen = 0;
+      endpoints.sae_dstaddr = &ctx->addr.sa_addr;
+      endpoints.sae_dstaddrlen = ctx->addr.addrlen;
+
+      rc = connectx(ctx->sock, &endpoints, SAE_ASSOCID_ANY,
+                    CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT,
+                    NULL, 0, NULL, NULL);
+    }
+    else {
+      rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+    }
+#  else
+    rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+#  endif /* HAVE_BUILTIN_AVAILABLE */
+#elif defined(TCP_FASTOPEN_CONNECT) /* Linux >= 4.11 */
+    if(setsockopt(ctx->sock, IPPROTO_TCP, TCP_FASTOPEN_CONNECT,
+                  (void *)&optval, sizeof(optval)) < 0)
+      infof(data, "Failed to enable TCP Fast Open on fd %d", ctx->sock);
+
+    rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+#elif defined(MSG_FASTOPEN) /* old Linux */
+    if(cf->conn->given->flags & PROTOPT_SSL)
+      rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+    else
+      rc = 0; /* Do nothing */
+#endif
+  }
+  else {
+    rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+  }
+  return rc;
+}
+
+static CURLcode cf_tcp_connect(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               bool blocking, bool *done)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_COULDNT_CONNECT;
+  int rc = 0;
+
+  (void)data;
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  /* TODO: need to support blocking connect? */
+  if(blocking)
+    return CURLE_UNSUPPORTED_PROTOCOL;
+
+  *done = FALSE; /* a very negative world view is best */
+  if(ctx->sock == CURL_SOCKET_BAD) {
+
+    result = cf_socket_open(cf, data);
+    if(result)
+      goto out;
+
+    if(cf->connected) {
+      *done = TRUE;
+      return CURLE_OK;
+    }
+
+    /* Connect TCP socket */
+    rc = do_connect(cf, data, cf->conn->bits.tcp_fastopen);
+    if(-1 == rc) {
+      result = Curl_socket_connect_result(data, ctx->r_ip, SOCKERRNO);
+      goto out;
+    }
+  }
+
+#ifdef mpeix
+  /* Call this function once now, and ignore the results. We do this to
+     "clear" the error state on the socket so that we can later read it
+     reliably. This is reported necessary on the MPE/iX operating
+     system. */
+  (void)verifyconnect(ctx->sock, NULL);
+#endif
+  /* check socket for connect */
+  rc = SOCKET_WRITABLE(ctx->sock, 0);
+
+  if(rc == 0) { /* no connection yet */
+    DEBUGF(LOG_CF(data, cf, "not connected yet"));
+    return CURLE_OK;
+  }
+  else if(rc == CURL_CSELECT_OUT || cf->conn->bits.tcp_fastopen) {
+    if(verifyconnect(ctx->sock, &ctx->error)) {
+      /* we are connected with TCP, awesome! */
+      ctx->connected_at = Curl_now();
+      set_local_ip(cf, data);
+      *done = TRUE;
+      cf->connected = TRUE;
+      DEBUGF(LOG_CF(data, cf, "connected"));
+      return CURLE_OK;
+    }
+  }
+  else if(rc & CURL_CSELECT_ERR) {
+    (void)verifyconnect(ctx->sock, &ctx->error);
+    result = CURLE_COULDNT_CONNECT;
+  }
+
+out:
+  if(result) {
+    if(ctx->error) {
+      data->state.os_errno = ctx->error;
+      SET_SOCKERRNO(ctx->error);
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+      {
+        char buffer[STRERROR_LEN];
+        infof(data, "connect to %s port %u failed: %s",
+              ctx->r_ip, ctx->r_port,
+              Curl_strerror(ctx->error, buffer, sizeof(buffer)));
+      }
+#endif
+    }
+    if(ctx->sock != CURL_SOCKET_BAD) {
+      socket_close(data, cf->conn, TRUE, ctx->sock);
+      ctx->sock = CURL_SOCKET_BAD;
+    }
+    *done = FALSE;
+  }
+  return result;
+}
+
+static void cf_socket_get_host(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               const char **phost,
+                               const char **pdisplay_host,
+                               int *pport)
+{
+  (void)data;
+  *phost = cf->conn->host.name;
+  *pdisplay_host = cf->conn->host.dispname;
+  *pport = cf->conn->port;
+}
+
+static int cf_socket_get_select_socks(struct Curl_cfilter *cf,
+                                      struct Curl_easy *data,
+                                      curl_socket_t *socks)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  int rc = GETSOCK_BLANK;
+
+  (void)data;
+  if(!cf->connected && ctx->sock != CURL_SOCKET_BAD) {
+    socks[0] = ctx->sock;
+    rc |= GETSOCK_WRITESOCK(0);
+  }
+
+  return rc;
+}
+
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+
+static CURLcode pre_receive_plain(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  struct io_buffer * const iob = &ctx->recv_buffer;
+
+  /* WinSock will destroy unread received data if send() is
+     failed.
+     To avoid lossage of received data, recv() must be
+     performed before every send() if any incoming data is
+     available. However, skip this, if buffer is already full. */
+  if((cf->conn->handler->protocol&PROTO_FAMILY_HTTP) != 0 &&
+     cf->conn->recv[cf->sockindex] == Curl_conn_recv &&
+     (!iob->bufr || (iob->allc > iob->tail))) {
+    const int readymask = Curl_socket_check(ctx->sock, CURL_SOCKET_BAD,
+                                            CURL_SOCKET_BAD, 0);
+    if(readymask != -1 && (readymask & CURL_CSELECT_IN) != 0) {
+      size_t bytestorecv = iob->allc - iob->tail;
+      ssize_t nread;
+      /* Have some incoming data */
+      if(!iob->bufr) {
+        /* Use buffer double default size for intermediate buffer */
+        iob->allc = 2 * data->set.buffer_size;
+        iob->bufr = malloc(iob->allc);
+        if(!iob->bufr)
+          return CURLE_OUT_OF_MEMORY;
+        iob->tail = 0;
+        iob->head = 0;
+        bytestorecv = iob->allc;
+      }
+
+      nread = sread(ctx->sock, iob->bufr + iob->tail, bytestorecv);
+      if(nread > 0)
+        iob->tail += (size_t)nread;
+    }
+  }
+  return CURLE_OK;
+}
+
+static ssize_t get_pre_recved(struct Curl_cfilter *cf, char *buf, size_t len)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  struct io_buffer * const iob = &ctx->recv_buffer;
+  size_t copysize;
+  if(!iob->bufr)
+    return 0;
+
+  DEBUGASSERT(iob->allc > 0);
+  DEBUGASSERT(iob->tail <= iob->allc);
+  DEBUGASSERT(iob->head <= iob->tail);
+  /* Check and process data that already received and storied in internal
+     intermediate buffer */
+  if(iob->tail > iob->head) {
+    copysize = CURLMIN(len, iob->tail - iob->head);
+    memcpy(buf, iob->bufr + iob->head, copysize);
+    iob->head += copysize;
+  }
+  else
+    copysize = 0; /* buffer was allocated, but nothing was received */
+
+  /* Free intermediate buffer if it has no unprocessed data */
+  if(iob->head == iob->tail)
+    io_buffer_reset(iob);
+
+  return (ssize_t)copysize;
+}
+#endif  /* USE_RECV_BEFORE_SEND_WORKAROUND */
+
+static bool cf_socket_data_pending(struct Curl_cfilter *cf,
+                                   const struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  int readable;
+
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+  if(ctx->recv_buffer.bufr && ctx->recv_buffer.allc &&
+     ctx->recv_buffer.tail > ctx->recv_buffer.head)
+     return TRUE;
+#endif
+
+  (void)data;
+  readable = SOCKET_READABLE(ctx->sock, 0);
+  return (readable > 0 && (readable & CURL_CSELECT_IN));
+}
+
+static ssize_t cf_socket_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+                              const void *buf, size_t len, CURLcode *err)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  curl_socket_t fdsave;
+  ssize_t nwritten;
+
+  *err = CURLE_OK;
+
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+  /* WinSock will destroy unread received data if send() is
+     failed.
+     To avoid lossage of received data, recv() must be
+     performed before every send() if any incoming data is
+     available. */
+  if(pre_receive_plain(cf, data)) {
+    *err = CURLE_OUT_OF_MEMORY;
+    return -1;
+  }
+#endif
+
+  fdsave = cf->conn->sock[cf->sockindex];
+  cf->conn->sock[cf->sockindex] = ctx->sock;
+
+#if defined(MSG_FASTOPEN) && !defined(TCP_FASTOPEN_CONNECT) /* Linux */
+  if(cf->conn->bits.tcp_fastopen) {
+    nwritten = sendto(ctx->sock, buf, len, MSG_FASTOPEN,
+                      &cf->conn->remote_addr->sa_addr,
+                      cf->conn->remote_addr->addrlen);
+    cf->conn->bits.tcp_fastopen = FALSE;
+  }
+  else
+#endif
+    nwritten = swrite(ctx->sock, buf, len);
+
+  if(-1 == nwritten) {
+    int sockerr = SOCKERRNO;
+
+    if(
+#ifdef WSAEWOULDBLOCK
+      /* This is how Windows does it */
+      (WSAEWOULDBLOCK == sockerr)
+#else
+      /* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned
+         due to its inability to send off data without blocking. We therefore
+         treat both error codes the same here */
+      (EWOULDBLOCK == sockerr) || (EAGAIN == sockerr) || (EINTR == sockerr) ||
+      (EINPROGRESS == sockerr)
+#endif
+      ) {
+      /* this is just a case of EWOULDBLOCK */
+      *err = CURLE_AGAIN;
+    }
+    else {
+      char buffer[STRERROR_LEN];
+      failf(data, "Send failure: %s",
+            Curl_strerror(sockerr, buffer, sizeof(buffer)));
+      data->state.os_errno = sockerr;
+      *err = CURLE_SEND_ERROR;
+    }
+  }
+
+  DEBUGF(LOG_CF(data, cf, "send(len=%zu) -> %d, err=%d",
+                len, (int)nwritten, *err));
+  cf->conn->sock[cf->sockindex] = fdsave;
+  return nwritten;
+}
+
+static ssize_t cf_socket_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+                              char *buf, size_t len, CURLcode *err)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  curl_socket_t fdsave;
+  ssize_t nread;
+
+  *err = CURLE_OK;
+
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+  /* Check and return data that already received and storied in internal
+     intermediate buffer */
+  nread = get_pre_recved(cf, buf, len);
+  if(nread > 0) {
+    *err = CURLE_OK;
+    return nread;
+  }
+#endif
+
+  fdsave = cf->conn->sock[cf->sockindex];
+  cf->conn->sock[cf->sockindex] = ctx->sock;
+
+  nread = sread(ctx->sock, buf, len);
+
+  if(-1 == nread) {
+    int sockerr = SOCKERRNO;
+
+    if(
+#ifdef WSAEWOULDBLOCK
+      /* This is how Windows does it */
+      (WSAEWOULDBLOCK == sockerr)
+#else
+      /* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned
+         due to its inability to send off data without blocking. We therefore
+         treat both error codes the same here */
+      (EWOULDBLOCK == sockerr) || (EAGAIN == sockerr) || (EINTR == sockerr)
+#endif
+      ) {
+      /* this is just a case of EWOULDBLOCK */
+      *err = CURLE_AGAIN;
+    }
+    else {
+      char buffer[STRERROR_LEN];
+      failf(data, "Recv failure: %s",
+            Curl_strerror(sockerr, buffer, sizeof(buffer)));
+      data->state.os_errno = sockerr;
+      *err = CURLE_RECV_ERROR;
+    }
+  }
+
+  DEBUGF(LOG_CF(data, cf, "recv(len=%zu) -> %d, err=%d", len, (int)nread,
+                *err));
+  if(nread > 0 && !ctx->got_first_byte) {
+    ctx->first_byte_at = Curl_now();
+    ctx->got_first_byte = TRUE;
+  }
+  cf->conn->sock[cf->sockindex] = fdsave;
+  return nread;
+}
+
+static void conn_set_primary_ip(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+#ifdef HAVE_GETPEERNAME
+  char buffer[STRERROR_LEN];
+  struct Curl_sockaddr_storage ssrem;
+  curl_socklen_t plen;
+  int port;
+
+  plen = sizeof(ssrem);
+  memset(&ssrem, 0, plen);
+  if(getpeername(ctx->sock, (struct sockaddr*) &ssrem, &plen)) {
+    int error = SOCKERRNO;
+    failf(data, "getpeername() failed with errno %d: %s",
+          error, Curl_strerror(error, buffer, sizeof(buffer)));
+    return;
+  }
+  if(!Curl_addr2string((struct sockaddr*)&ssrem, plen,
+                       cf->conn->primary_ip, &port)) {
+    failf(data, "ssrem inet_ntop() failed with errno %d: %s",
+          errno, Curl_strerror(errno, buffer, sizeof(buffer)));
+    return;
+  }
+#else
+  cf->conn->primary_ip[0] = 0;
+  (void)data;
+#endif
+}
+
+static void cf_socket_active(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+
+  /* use this socket from now on */
+  cf->conn->sock[cf->sockindex] = ctx->sock;
+  /* the first socket info gets set at conn and data */
+  if(cf->sockindex == FIRSTSOCKET) {
+    cf->conn->remote_addr = &ctx->addr;
+  #ifdef ENABLE_IPV6
+    cf->conn->bits.ipv6 = (ctx->addr.family == AF_INET6)? TRUE : FALSE;
+  #endif
+    conn_set_primary_ip(cf, data);
+    set_local_ip(cf, data);
+    Curl_persistconninfo(data, cf->conn, ctx->l_ip, ctx->l_port);
+  }
+  ctx->active = TRUE;
+}
+
+static CURLcode cf_socket_cntrl(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int event, int arg1, void *arg2)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+
+  (void)arg1;
+  (void)arg2;
+  switch(event) {
+  case CF_CTRL_CONN_INFO_UPDATE:
+    cf_socket_active(cf, data);
+    break;
+  case CF_CTRL_DATA_SETUP:
+    Curl_persistconninfo(data, cf->conn, ctx->l_ip, ctx->l_port);
+    break;
+  }
+  return CURLE_OK;
+}
+
+static bool cf_socket_conn_is_alive(struct Curl_cfilter *cf,
+                                    struct Curl_easy *data,
+                                    bool *input_pending)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  struct pollfd pfd[1];
+  int r;
+
+  *input_pending = FALSE;
+  (void)data;
+  if(!ctx || ctx->sock == CURL_SOCKET_BAD)
+    return FALSE;
+
+  /* Check with 0 timeout if there are any events pending on the socket */
+  pfd[0].fd = ctx->sock;
+  pfd[0].events = POLLRDNORM|POLLIN|POLLRDBAND|POLLPRI;
+  pfd[0].revents = 0;
+
+  r = Curl_poll(pfd, 1, 0);
+  if(r < 0) {
+    DEBUGF(LOG_CF(data, cf, "is_alive: poll error, assume dead"));
+    return FALSE;
+  }
+  else if(r == 0) {
+    DEBUGF(LOG_CF(data, cf, "is_alive: poll timeout, assume alive"));
+    return TRUE;
+  }
+  else if(pfd[0].revents & (POLLERR|POLLHUP|POLLPRI|POLLNVAL)) {
+    DEBUGF(LOG_CF(data, cf, "is_alive: err/hup/etc events, assume dead"));
+    return FALSE;
+  }
+
+  DEBUGF(LOG_CF(data, cf, "is_alive: valid events, looks alive"));
+  *input_pending = TRUE;
+  return TRUE;
+}
+
+static CURLcode cf_socket_query(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int query, int *pres1, void *pres2)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+
+  switch(query) {
+  case CF_QUERY_SOCKET:
+    DEBUGASSERT(pres2);
+    *((curl_socket_t *)pres2) = ctx->sock;
+    return CURLE_OK;
+  case CF_QUERY_CONNECT_REPLY_MS:
+    if(ctx->got_first_byte) {
+      timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at);
+      *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX;
+    }
+    else
+      *pres1 = -1;
+    return CURLE_OK;
+  case CF_QUERY_TIMER_CONNECT: {
+    struct curltime *when = pres2;
+    switch(ctx->transport) {
+    case TRNSPRT_UDP:
+    case TRNSPRT_QUIC:
+      /* Since UDP connected sockets work different from TCP, we use the
+       * time of the first byte from the peer as the "connect" time. */
+      if(ctx->got_first_byte) {
+        *when = ctx->first_byte_at;
+        break;
+      }
+      /* FALLTHROUGH */
+    default:
+      *when = ctx->connected_at;
+      break;
+    }
+    return CURLE_OK;
+  }
+  default:
+    break;
+  }
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
+}
+
+struct Curl_cftype Curl_cft_tcp = {
+  "TCP",
+  CF_TYPE_IP_CONNECT,
+  CURL_LOG_DEFAULT,
+  cf_socket_destroy,
+  cf_tcp_connect,
+  cf_socket_close,
+  cf_socket_get_host,
+  cf_socket_get_select_socks,
+  cf_socket_data_pending,
+  cf_socket_send,
+  cf_socket_recv,
+  cf_socket_cntrl,
+  cf_socket_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_socket_query,
+};
+
+CURLcode Curl_cf_tcp_create(struct Curl_cfilter **pcf,
+                            struct Curl_easy *data,
+                            struct connectdata *conn,
+                            const struct Curl_addrinfo *ai,
+                            int transport)
+{
+  struct cf_socket_ctx *ctx = NULL;
+  struct Curl_cfilter *cf = NULL;
+  CURLcode result;
+
+  (void)data;
+  (void)conn;
+  DEBUGASSERT(transport == TRNSPRT_TCP);
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  cf_socket_ctx_init(ctx, ai, transport);
+
+  result = Curl_cf_create(&cf, &Curl_cft_tcp, ctx);
+
+out:
+  *pcf = (!result)? cf : NULL;
+  if(result) {
+    Curl_safefree(cf);
+    Curl_safefree(ctx);
+  }
+
+  return result;
+}
+
+static CURLcode cf_udp_setup_quic(struct Curl_cfilter *cf,
+                               struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  int rc;
+
+  /* QUIC needs a connected socket, nonblocking */
+  DEBUGASSERT(ctx->sock != CURL_SOCKET_BAD);
+
+  rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen);
+  if(-1 == rc) {
+    return Curl_socket_connect_result(data, ctx->r_ip, SOCKERRNO);
+  }
+  set_local_ip(cf, data);
+  DEBUGF(LOG_CF(data, cf, "%s socket %d connected: [%s:%d] -> [%s:%d]",
+         (ctx->transport == TRNSPRT_QUIC)? "QUIC" : "UDP",
+         ctx->sock, ctx->l_ip, ctx->l_port, ctx->r_ip, ctx->r_port));
+
+  (void)curlx_nonblock(ctx->sock, TRUE);
+  switch(ctx->addr.family) {
+#if defined(__linux__) && defined(IP_MTU_DISCOVER)
+  case AF_INET: {
+    int val = IP_PMTUDISC_DO;
+    (void)setsockopt(ctx->sock, IPPROTO_IP, IP_MTU_DISCOVER, &val,
+                     sizeof(val));
+    break;
+  }
+#endif
+#if defined(__linux__) && defined(IPV6_MTU_DISCOVER)
+  case AF_INET6: {
+    int val = IPV6_PMTUDISC_DO;
+    (void)setsockopt(ctx->sock, IPPROTO_IPV6, IPV6_MTU_DISCOVER, &val,
+                     sizeof(val));
+    break;
+  }
+#endif
+  }
+  return CURLE_OK;
+}
+
+static CURLcode cf_udp_connect(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               bool blocking, bool *done)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_COULDNT_CONNECT;
+
+  (void)blocking;
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+  *done = FALSE;
+  if(ctx->sock == CURL_SOCKET_BAD) {
+    result = cf_socket_open(cf, data);
+    if(result) {
+      DEBUGF(LOG_CF(data, cf, "cf_udp_connect(), open failed -> %d", result));
+      if(ctx->sock != CURL_SOCKET_BAD) {
+        socket_close(data, cf->conn, TRUE, ctx->sock);
+        ctx->sock = CURL_SOCKET_BAD;
+      }
+      goto out;
+    }
+
+    if(ctx->transport == TRNSPRT_QUIC) {
+      result = cf_udp_setup_quic(cf, data);
+      if(result)
+        goto out;
+      DEBUGF(LOG_CF(data, cf, "cf_udp_connect(), opened socket=%d (%s:%d)",
+                    ctx->sock, ctx->l_ip, ctx->l_port));
+    }
+    else {
+      DEBUGF(LOG_CF(data, cf, "cf_udp_connect(), opened socket=%d "
+                    "(unconnected)", ctx->sock));
+    }
+    *done = TRUE;
+    cf->connected = TRUE;
+  }
+out:
+  return result;
+}
+
+struct Curl_cftype Curl_cft_udp = {
+  "UDP",
+  CF_TYPE_IP_CONNECT,
+  CURL_LOG_DEFAULT,
+  cf_socket_destroy,
+  cf_udp_connect,
+  cf_socket_close,
+  cf_socket_get_host,
+  cf_socket_get_select_socks,
+  cf_socket_data_pending,
+  cf_socket_send,
+  cf_socket_recv,
+  cf_socket_cntrl,
+  cf_socket_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_socket_query,
+};
+
+CURLcode Curl_cf_udp_create(struct Curl_cfilter **pcf,
+                            struct Curl_easy *data,
+                            struct connectdata *conn,
+                            const struct Curl_addrinfo *ai,
+                            int transport)
+{
+  struct cf_socket_ctx *ctx = NULL;
+  struct Curl_cfilter *cf = NULL;
+  CURLcode result;
+
+  (void)data;
+  (void)conn;
+  DEBUGASSERT(transport == TRNSPRT_UDP || transport == TRNSPRT_QUIC);
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  cf_socket_ctx_init(ctx, ai, transport);
+
+  result = Curl_cf_create(&cf, &Curl_cft_udp, ctx);
+
+out:
+  *pcf = (!result)? cf : NULL;
+  if(result) {
+    Curl_safefree(cf);
+    Curl_safefree(ctx);
+  }
+
+  return result;
+}
+
+/* this is the TCP filter which can also handle this case */
+struct Curl_cftype Curl_cft_unix = {
+  "UNIX",
+  CF_TYPE_IP_CONNECT,
+  CURL_LOG_DEFAULT,
+  cf_socket_destroy,
+  cf_tcp_connect,
+  cf_socket_close,
+  cf_socket_get_host,
+  cf_socket_get_select_socks,
+  cf_socket_data_pending,
+  cf_socket_send,
+  cf_socket_recv,
+  cf_socket_cntrl,
+  cf_socket_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_socket_query,
+};
+
+CURLcode Curl_cf_unix_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             struct connectdata *conn,
+                             const struct Curl_addrinfo *ai,
+                             int transport)
+{
+  struct cf_socket_ctx *ctx = NULL;
+  struct Curl_cfilter *cf = NULL;
+  CURLcode result;
+
+  (void)data;
+  (void)conn;
+  DEBUGASSERT(transport == TRNSPRT_UNIX);
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  cf_socket_ctx_init(ctx, ai, transport);
+
+  result = Curl_cf_create(&cf, &Curl_cft_unix, ctx);
+
+out:
+  *pcf = (!result)? cf : NULL;
+  if(result) {
+    Curl_safefree(cf);
+    Curl_safefree(ctx);
+  }
+
+  return result;
+}
+
+static CURLcode cf_tcp_accept_connect(struct Curl_cfilter *cf,
+                                      struct Curl_easy *data,
+                                      bool blocking, bool *done)
+{
+  /* we start accepted, if we ever close, we cannot go on */
+  (void)data;
+  (void)blocking;
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+  return CURLE_FAILED_INIT;
+}
+
+struct Curl_cftype Curl_cft_tcp_accept = {
+  "TCP-ACCEPT",
+  CF_TYPE_IP_CONNECT,
+  CURL_LOG_DEFAULT,
+  cf_socket_destroy,
+  cf_tcp_accept_connect,
+  cf_socket_close,
+  cf_socket_get_host,              /* TODO: not accurate */
+  cf_socket_get_select_socks,
+  cf_socket_data_pending,
+  cf_socket_send,
+  cf_socket_recv,
+  cf_socket_cntrl,
+  cf_socket_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_socket_query,
+};
+
+CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data,
+                                  struct connectdata *conn,
+                                  int sockindex, curl_socket_t *s)
+{
+  CURLcode result;
+  struct Curl_cfilter *cf = NULL;
+  struct cf_socket_ctx *ctx = NULL;
+
+  /* replace any existing */
+  Curl_conn_cf_discard_all(data, conn, sockindex);
+  DEBUGASSERT(conn->sock[sockindex] == CURL_SOCKET_BAD);
+
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  ctx->transport = conn->transport;
+  ctx->sock = *s;
+  ctx->accepted = FALSE;
+  result = Curl_cf_create(&cf, &Curl_cft_tcp_accept, ctx);
+  if(result)
+    goto out;
+  Curl_conn_cf_add(data, conn, sockindex, cf);
+
+  conn->sock[sockindex] = ctx->sock;
+  set_local_ip(cf, data);
+  ctx->active = TRUE;
+  ctx->connected_at = Curl_now();
+  cf->connected = TRUE;
+  DEBUGF(LOG_CF(data, cf, "Curl_conn_tcp_listen_set(%d)", (int)ctx->sock));
+
+out:
+  if(result) {
+    Curl_safefree(cf);
+    Curl_safefree(ctx);
+  }
+  return result;
+}
+
+static void set_accepted_remote_ip(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data)
+{
+  struct cf_socket_ctx *ctx = cf->ctx;
+#ifdef HAVE_GETPEERNAME
+  char buffer[STRERROR_LEN];
+  struct Curl_sockaddr_storage ssrem;
+  curl_socklen_t plen;
+
+  ctx->r_ip[0] = 0;
+  ctx->r_port = 0;
+  plen = sizeof(ssrem);
+  memset(&ssrem, 0, plen);
+  if(getpeername(ctx->sock, (struct sockaddr*) &ssrem, &plen)) {
+    int error = SOCKERRNO;
+    failf(data, "getpeername() failed with errno %d: %s",
+          error, Curl_strerror(error, buffer, sizeof(buffer)));
+    return;
+  }
+  if(!Curl_addr2string((struct sockaddr*)&ssrem, plen,
+                       ctx->r_ip, &ctx->r_port)) {
+    failf(data, "ssrem inet_ntop() failed with errno %d: %s",
+          errno, Curl_strerror(errno, buffer, sizeof(buffer)));
+    return;
+  }
+#else
+  ctx->r_ip[0] = 0;
+  ctx->r_port = 0;
+  (void)data;
+#endif
+}
+
+CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data,
+                                    struct connectdata *conn,
+                                    int sockindex, curl_socket_t *s)
+{
+  struct Curl_cfilter *cf = NULL;
+  struct cf_socket_ctx *ctx = NULL;
+
+  cf = conn->cfilter[sockindex];
+  if(!cf || cf->cft != &Curl_cft_tcp_accept)
+    return CURLE_FAILED_INIT;
+
+  ctx = cf->ctx;
+  /* discard the listen socket */
+  socket_close(data, conn, TRUE, ctx->sock);
+  ctx->sock = *s;
+  conn->sock[sockindex] = ctx->sock;
+  set_accepted_remote_ip(cf, data);
+  set_local_ip(cf, data);
+  ctx->active = TRUE;
+  ctx->accepted = TRUE;
+  ctx->connected_at = Curl_now();
+  cf->connected = TRUE;
+  DEBUGF(LOG_CF(data, cf, "accepted_set(sock=%d, remote=%s port=%d)",
+         (int)ctx->sock, ctx->r_ip, ctx->r_port));
+
+  return CURLE_OK;
+}
+
+bool Curl_cf_is_socket(struct Curl_cfilter *cf)
+{
+  return cf && (cf->cft == &Curl_cft_tcp ||
+                cf->cft == &Curl_cft_udp ||
+                cf->cft == &Curl_cft_unix ||
+                cf->cft == &Curl_cft_tcp_accept);
+}
+
+CURLcode Curl_cf_socket_peek(struct Curl_cfilter *cf,
+                             struct Curl_easy *data,
+                             curl_socket_t *psock,
+                             const struct Curl_sockaddr_ex **paddr,
+                             const char **pr_ip_str, int *pr_port,
+                             const char **pl_ip_str, int *pl_port)
+{
+  if(Curl_cf_is_socket(cf) && cf->ctx) {
+    struct cf_socket_ctx *ctx = cf->ctx;
+
+    if(psock)
+      *psock = ctx->sock;
+    if(paddr)
+      *paddr = &ctx->addr;
+    if(pr_ip_str)
+      *pr_ip_str = ctx->r_ip;
+    if(pr_port)
+      *pr_port = ctx->r_port;
+    if(pl_port ||pl_ip_str) {
+      set_local_ip(cf, data);
+      if(pl_ip_str)
+        *pl_ip_str = ctx->l_ip;
+      if(pl_port)
+        *pl_port = ctx->l_port;
+    }
+    return CURLE_OK;
+  }
+  return CURLE_FAILED_INIT;
+}
+
diff --git a/lib/cf-socket.h b/lib/cf-socket.h
new file mode 100644
index 000000000..0eec61adb
--- /dev/null
+++ b/lib/cf-socket.h
@@ -0,0 +1,185 @@
+#ifndef HEADER_CURL_CF_SOCKET_H
+#define HEADER_CURL_CF_SOCKET_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */
+#include "sockaddr.h"
+
+struct Curl_addrinfo;
+struct Curl_cfilter;
+struct Curl_easy;
+struct connectdata;
+struct Curl_sockaddr_ex;
+
+/*
+ * The Curl_sockaddr_ex structure is basically libcurl's external API
+ * curl_sockaddr structure with enough space available to directly hold any
+ * protocol-specific address structures. The variable declared here will be
+ * used to pass / receive data to/from the fopensocket callback if this has
+ * been set, before that, it is initialized from parameters.
+ */
+struct Curl_sockaddr_ex {
+  int family;
+  int socktype;
+  int protocol;
+  unsigned int addrlen;
+  union {
+    struct sockaddr addr;
+    struct Curl_sockaddr_storage buff;
+  } _sa_ex_u;
+};
+#define sa_addr _sa_ex_u.addr
+
+
+/*
+ * Create a socket based on info from 'conn' and 'ai'.
+ *
+ * Fill in 'addr' and 'sockfd' accordingly if OK is returned. If the open
+ * socket callback is set, used that!
+ *
+ */
+CURLcode Curl_socket_open(struct Curl_easy *data,
+                            const struct Curl_addrinfo *ai,
+                            struct Curl_sockaddr_ex *addr,
+                            int transport,
+                            curl_socket_t *sockfd);
+
+int Curl_socket_close(struct Curl_easy *data, struct connectdata *conn,
+                      curl_socket_t sock);
+
+/**
+ * Determine the curl code for a socket connect() == -1 with errno.
+ */
+CURLcode Curl_socket_connect_result(struct Curl_easy *data,
+                                    const char *ipaddress, int error);
+
+#ifdef USE_WINSOCK
+/* When you run a program that uses the Windows Sockets API, you may
+   experience slow performance when you copy data to a TCP server.
+
+   https://support.microsoft.com/kb/823764
+
+   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
+   Buffer Size
+
+*/
+void Curl_sndbufset(curl_socket_t sockfd);
+#else
+#define Curl_sndbufset(y) Curl_nop_stmt
+#endif
+
+/**
+ * Assign the address `ai` to the Curl_sockaddr_ex `dest` and
+ * set the transport used.
+ */
+void Curl_sock_assign_addr(struct Curl_sockaddr_ex *dest,
+                           const struct Curl_addrinfo *ai,
+                           int transport);
+
+/**
+ * Creates a cfilter that opens a TCP socket to the given address
+ * when calling its `connect` implementation.
+ * The filter will not touch any connection/data flags and can be
+ * used in happy eyeballing. Once selected for use, its `_active()`
+ * method needs to be called.
+ */
+CURLcode Curl_cf_tcp_create(struct Curl_cfilter **pcf,
+                            struct Curl_easy *data,
+                            struct connectdata *conn,
+                            const struct Curl_addrinfo *ai,
+                            int transport);
+
+/**
+ * Creates a cfilter that opens a UDP socket to the given address
+ * when calling its `connect` implementation.
+ * The filter will not touch any connection/data flags and can be
+ * used in happy eyeballing. Once selected for use, its `_active()`
+ * method needs to be called.
+ */
+CURLcode Curl_cf_udp_create(struct Curl_cfilter **pcf,
+                            struct Curl_easy *data,
+                            struct connectdata *conn,
+                            const struct Curl_addrinfo *ai,
+                            int transport);
+
+/**
+ * Creates a cfilter that opens a UNIX socket to the given address
+ * when calling its `connect` implementation.
+ * The filter will not touch any connection/data flags and can be
+ * used in happy eyeballing. Once selected for use, its `_active()`
+ * method needs to be called.
+ */
+CURLcode Curl_cf_unix_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             struct connectdata *conn,
+                             const struct Curl_addrinfo *ai,
+                             int transport);
+
+/**
+ * Creates a cfilter that keeps a listening socket.
+ */
+CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data,
+                                  struct connectdata *conn,
+                                  int sockindex,
+                                  curl_socket_t *s);
+
+/**
+ * Replace the listen socket with the accept()ed one.
+ */
+CURLcode Curl_conn_tcp_accepted_set(struct Curl_easy *data,
+                                    struct connectdata *conn,
+                                    int sockindex,
+                                    curl_socket_t *s);
+
+/**
+ * Return TRUE iff `cf` is a socket filter.
+ */
+bool Curl_cf_is_socket(struct Curl_cfilter *cf);
+
+/**
+ * Peek at the socket and remote ip/port the socket filter is using.
+ * The filter owns all returned values.
+ * @param psock             pointer to hold socket descriptor or NULL
+ * @param paddr             pointer to hold addr reference or NULL
+ * @param pr_ip_str         pointer to hold remote addr as string or NULL
+ * @param pr_port           pointer to hold remote port number or NULL
+ * @param pl_ip_str         pointer to hold local addr as string or NULL
+ * @param pl_port           pointer to hold local port number or NULL
+ * Returns error if the filter is of invalid type.
+ */
+CURLcode Curl_cf_socket_peek(struct Curl_cfilter *cf,
+                             struct Curl_easy *data,
+                             curl_socket_t *psock,
+                             const struct Curl_sockaddr_ex **paddr,
+                             const char **pr_ip_str, int *pr_port,
+                             const char **pl_ip_str, int *pl_port);
+
+extern struct Curl_cftype Curl_cft_tcp;
+extern struct Curl_cftype Curl_cft_udp;
+extern struct Curl_cftype Curl_cft_unix;
+extern struct Curl_cftype Curl_cft_tcp_accept;
+
+#endif /* HEADER_CURL_CF_SOCKET_H */
diff --git a/lib/cfilters.c b/lib/cfilters.c
index bcb33da77..e60d1386e 100644
--- a/lib/cfilters.c
+++ b/lib/cfilters.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -34,9 +34,6 @@
 #include "multiif.h"
 #include "progress.h"
 #include "warnless.h"
-#include "http_proxy.h"
-#include "socks.h"
-#include "vtls/vtls.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -54,89 +51,117 @@ void Curl_cf_def_destroy_this(struct Curl_cfilter *cf, struct Curl_easy *data)
   (void)data;
 }
 
-CURLcode Curl_cf_def_setup(struct Curl_cfilter *cf,
-                           struct Curl_easy *data,
-                           const struct Curl_dns_entry *remotehost)
-{
-  DEBUGASSERT(cf->next);
-  return cf->next->cft->setup(cf->next, data, remotehost);
-}
-
-void     Curl_cf_def_attach_data(struct Curl_cfilter *cf,
-                                 struct Curl_easy *data)
-{
-  (void)cf;
-  (void)data;
-}
-
-void     Curl_cf_def_detach_data(struct Curl_cfilter *cf,
-                                 struct Curl_easy *data)
-{
-  (void)cf;
-  (void)data;
-}
-
 void Curl_cf_def_close(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
-  DEBUGASSERT(cf->next);
   cf->connected = FALSE;
-  cf->next->cft->close(cf->next, data);
+  if(cf->next)
+    cf->next->cft->close(cf->next, data);
 }
 
 CURLcode Curl_cf_def_connect(struct Curl_cfilter *cf,
                              struct Curl_easy *data,
                              bool blocking, bool *done)
 {
-  DEBUGASSERT(cf->next);
-  return cf->next->cft->connect(cf->next, data, blocking, done);
+  CURLcode result;
+
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+  if(cf->next) {
+    result = cf->next->cft->connect(cf->next, data, blocking, done);
+    if(!result && *done) {
+      cf->connected = TRUE;
+    }
+    return result;
+  }
+  *done = FALSE;
+  return CURLE_FAILED_INIT;
 }
 
 void Curl_cf_def_get_host(struct Curl_cfilter *cf, struct Curl_easy *data,
                           const char **phost, const char **pdisplay_host,
                           int *pport)
 {
-  DEBUGASSERT(cf->next);
-  cf->next->cft->get_host(cf->next, data, phost, pdisplay_host, pport);
+  if(cf->next)
+    cf->next->cft->get_host(cf->next, data, phost, pdisplay_host, pport);
+  else {
+    *phost = cf->conn->host.name;
+    *pdisplay_host = cf->conn->host.dispname;
+    *pport = cf->conn->port;
+  }
 }
 
 int Curl_cf_def_get_select_socks(struct Curl_cfilter *cf,
                                  struct Curl_easy *data,
                                  curl_socket_t *socks)
 {
-  DEBUGASSERT(cf->next);
-  return cf->next->cft->get_select_socks(cf->next, data, socks);
+  return cf->next?
+    cf->next->cft->get_select_socks(cf->next, data, socks) : 0;
 }
 
 bool Curl_cf_def_data_pending(struct Curl_cfilter *cf,
                               const struct Curl_easy *data)
 {
-  DEBUGASSERT(cf->next);
-  return cf->next->cft->has_data_pending(cf->next, data);
+  return cf->next?
+    cf->next->cft->has_data_pending(cf->next, data) : FALSE;
 }
 
 ssize_t  Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data,
                           const void *buf, size_t len, CURLcode *err)
 {
-  DEBUGASSERT(cf->next);
-  return cf->next->cft->do_send(cf->next, data, buf, len, err);
+  return cf->next?
+    cf->next->cft->do_send(cf->next, data, buf, len, err) :
+    CURLE_RECV_ERROR;
 }
 
 ssize_t  Curl_cf_def_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
                           char *buf, size_t len, CURLcode *err)
 {
-  DEBUGASSERT(cf->next);
-  return cf->next->cft->do_recv(cf->next, data, buf, len, err);
+  return cf->next?
+    cf->next->cft->do_recv(cf->next, data, buf, len, err) :
+    CURLE_SEND_ERROR;
 }
 
-void Curl_conn_cf_discard_all(struct Curl_easy *data,
-                              struct connectdata *conn, int index)
+bool Curl_cf_def_conn_is_alive(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               bool *input_pending)
 {
-  struct Curl_cfilter *cfn, *cf = conn->cfilter[index];
+  return cf->next?
+    cf->next->cft->is_alive(cf->next, data, input_pending) :
+    FALSE; /* pessimistic in absence of data */
+}
+
+CURLcode Curl_cf_def_conn_keep_alive(struct Curl_cfilter *cf,
+                                     struct Curl_easy *data)
+{
+  return cf->next?
+    cf->next->cft->keep_alive(cf->next, data) :
+    CURLE_OK;
+}
+
+CURLcode Curl_cf_def_query(struct Curl_cfilter *cf,
+                           struct Curl_easy *data,
+                           int query, int *pres1, void *pres2)
+{
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
+}
+
+void Curl_conn_cf_discard_chain(struct Curl_cfilter **pcf,
+                                struct Curl_easy *data)
+{
+  struct Curl_cfilter *cfn, *cf = *pcf;
 
   if(cf) {
-    conn->cfilter[index] = NULL;
+    *pcf = NULL;
     while(cf) {
       cfn = cf->next;
+      /* prevent destroying filter to mess with its sub-chain, since
+       * we have the reference now and will call destroy on it.
+       */
+      cf->next = NULL;
       cf->cft->destroy(cf, data);
       free(cf);
       cf = cfn;
@@ -144,6 +169,12 @@ void Curl_conn_cf_discard_all(struct Curl_easy *data,
   }
 }
 
+void Curl_conn_cf_discard_all(struct Curl_easy *data,
+                              struct connectdata *conn, int index)
+{
+  Curl_conn_cf_discard_chain(&conn->cfilter[index], data);
+}
+
 void Curl_conn_close(struct Curl_easy *data, int index)
 {
   struct Curl_cfilter *cf;
@@ -160,7 +191,6 @@ ssize_t Curl_conn_recv(struct Curl_easy *data, int num, char *buf,
                        size_t len, CURLcode *code)
 {
   struct Curl_cfilter *cf;
-  ssize_t nread;
 
   DEBUGASSERT(data);
   DEBUGASSERT(data->conn);
@@ -169,13 +199,9 @@ ssize_t Curl_conn_recv(struct Curl_easy *data, int num, char *buf,
     cf = cf->next;
   }
   if(cf) {
-    nread = cf->cft->do_recv(cf, data, buf, len, code);
-    /* DEBUGF(infof(data, "Curl_conn_recv(handle=%p, index=%d)"
-           "-> %ld, err=%d", data, num, nread, *code));*/
-    return nread;
+    return cf->cft->do_recv(cf, data, buf, len, code);
   }
-  failf(data, "no filter connected, conn=%ld, sockindex=%d",
-        data->conn->connection_id, num);
+  failf(data, CMSGI(data->conn, num, "recv: no filter connected"));
   *code = CURLE_FAILED_INIT;
   return -1;
 }
@@ -184,7 +210,6 @@ ssize_t Curl_conn_send(struct Curl_easy *data, int num,
                        const void *mem, size_t len, CURLcode *code)
 {
   struct Curl_cfilter *cf;
-  ssize_t nwritten;
 
   DEBUGASSERT(data);
   DEBUGASSERT(data->conn);
@@ -193,13 +218,10 @@ ssize_t Curl_conn_send(struct Curl_easy *data, int num,
     cf = cf->next;
   }
   if(cf) {
-    nwritten = cf->cft->do_send(cf, data, mem, len, code);
-    /* DEBUGF(infof(data, "Curl_conn_send(handle=%p, index=%d, len=%ld)"
-           " -> %ld, err=%d", data, num, len, nwritten, *code));*/
-    return nwritten;
+    return cf->cft->do_send(cf, data, mem, len, code);
   }
-  failf(data, "no filter connected, conn=%ld, sockindex=%d",
-        data->conn->connection_id, num);
+  failf(data, CMSGI(data->conn, num, "send: no filter connected"));
+  DEBUGASSERT(0);
   *code = CURLE_FAILED_INIT;
   return -1;
 }
@@ -234,12 +256,31 @@ void Curl_conn_cf_add(struct Curl_easy *data,
   DEBUGASSERT(!cf->conn);
   DEBUGASSERT(!cf->next);
 
-  DEBUGF(infof(data, CMSGI(conn, index, "cf_add(filter=%s)"),
-               cf->cft->name));
   cf->next = conn->cfilter[index];
   cf->conn = conn;
   cf->sockindex = index;
   conn->cfilter[index] = cf;
+  DEBUGF(LOG_CF(data, cf, "added"));
+}
+
+void Curl_conn_cf_insert_after(struct Curl_cfilter *cf_at,
+                               struct Curl_cfilter *cf_new)
+{
+  struct Curl_cfilter *tail, **pnext;
+
+  DEBUGASSERT(cf_at);
+  DEBUGASSERT(cf_new);
+  DEBUGASSERT(!cf_new->conn);
+
+  tail = cf_at->next;
+  cf_at->next = cf_new;
+  do {
+    cf_new->conn = cf_at->conn;
+    cf_new->sockindex = cf_at->sockindex;
+    pnext = &cf_new->next;
+    cf_new = cf_new->next;
+  } while(cf_new);
+  *pnext = tail;
 }
 
 void Curl_conn_cf_discard(struct Curl_cfilter *cf, struct Curl_easy *data)
@@ -259,97 +300,54 @@ void Curl_conn_cf_discard(struct Curl_cfilter *cf, struct Curl_easy *data)
   free(cf);
 }
 
-ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data,
-                          const void *buf, size_t len, CURLcode *err)
+CURLcode Curl_conn_cf_connect(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              bool blocking, bool *done)
 {
-  return cf->cft->do_send(cf, data, buf, len, err);
+  if(cf)
+    return cf->cft->connect(cf, data, blocking, done);
+  return CURLE_FAILED_INIT;
 }
 
-ssize_t Curl_conn_cf_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
-                          char *buf, size_t len, CURLcode *err)
+void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
-  return cf->cft->do_recv(cf, data, buf, len, err);
+  if(cf)
+    cf->cft->close(cf, data);
 }
 
-CURLcode Curl_conn_setup(struct Curl_easy *data,
-                         struct connectdata *conn,
-                         int sockindex,
-                         const struct Curl_dns_entry *remotehost,
-                         int ssl_mode)
+int Curl_conn_cf_get_select_socks(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  curl_socket_t *socks)
 {
-  struct Curl_cfilter *cf;
-  CURLcode result;
-
-  DEBUGASSERT(data);
-  /* If no filter is set, we have the "default" setup of connection filters.
-   * The filter chain from botton to top will be:
-   * - SOCKET       socket filter for outgoing connection to remotehost
-   * if http_proxy tunneling is engaged:
-   *    - SSL                 if proxytype is CURLPROXY_HTTPS
-   *    - HTTP_PROXY_TUNNEL
-   * otherwise, if socks_proxy is engaged:
-   *    - SOCKS_PROXY_TUNNEL
-   * - SSL          if conn->handler has PROTOPT_SSL
-   */
-  if(!conn->cfilter[sockindex]) {
-    DEBUGF(infof(data, DMSGI(data, sockindex, "setup, init filter chain")));
-    result = Curl_conn_socket_set(data, conn, sockindex);
-    if(result)
-      goto out;
-
-#ifndef CURL_DISABLE_PROXY
-    if(conn->bits.socksproxy) {
-      result = Curl_conn_socks_proxy_add(data, conn, sockindex);
-      if(result)
-        goto out;
-    }
+  if(cf)
+    return cf->cft->get_select_socks(cf, data, socks);
+  return 0;
+}
 
-    if(conn->bits.httpproxy) {
-#ifdef USE_SSL
-      if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
-        result = Curl_ssl_cfilter_proxy_add(data, conn, sockindex);
-        if(result)
-          goto out;
-      }
-#endif /* USE_SSL */
-
-#if !defined(CURL_DISABLE_HTTP)
-      if(conn->bits.tunnel_proxy) {
-        result = Curl_conn_http_proxy_add(data, conn, sockindex);
-        if(result)
-          goto out;
-      }
-#endif /* !CURL_DISABLE_HTTP */
-    }
-#endif /* !CURL_DISABLE_PROXY */
-
-#ifdef USE_SSL
-    if(ssl_mode == CURL_CF_SSL_ENABLE
-      || (ssl_mode != CURL_CF_SSL_DISABLE
-           && conn->handler->flags & PROTOPT_SSL)) {
-      result = Curl_ssl_cfilter_add(data, conn, sockindex);
-      if(result)
-        goto out;
-    }
-#else
-    (void)ssl_mode;
-#endif /* USE_SSL */
-
-#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
-    if(data->set.haproxyprotocol) {
-      result = Curl_conn_haproxy_add(data, conn, sockindex);
-      if(result)
-        goto out;
-    }
-#endif /* !CURL_DISABLE_PROXY && !CURL_DISABLE_HTTP */
+bool Curl_conn_cf_data_pending(struct Curl_cfilter *cf,
+                               const struct Curl_easy *data)
+{
+  if(cf)
+    return cf->cft->has_data_pending(cf, data);
+  return FALSE;
+}
 
-  }
-  DEBUGASSERT(conn->cfilter[sockindex]);
-  cf = data->conn->cfilter[sockindex];
-  result = cf->cft->setup(cf, data, remotehost);
+ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+                          const void *buf, size_t len, CURLcode *err)
+{
+  if(cf)
+    return cf->cft->do_send(cf, data, buf, len, err);
+  *err = CURLE_SEND_ERROR;
+  return -1;
+}
 
-out:
-  return result;
+ssize_t Curl_conn_cf_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+                          char *buf, size_t len, CURLcode *err)
+{
+  if(cf)
+    return cf->cft->do_recv(cf, data, buf, len, err);
+  *err = CURLE_RECV_ERROR;
+  return -1;
 }
 
 CURLcode Curl_conn_connect(struct Curl_easy *data,
@@ -358,16 +356,29 @@ CURLcode Curl_conn_connect(struct Curl_easy *data,
                            bool *done)
 {
   struct Curl_cfilter *cf;
-  CURLcode result;
+  CURLcode result = CURLE_OK;
 
   DEBUGASSERT(data);
+  DEBUGASSERT(data->conn);
 
   cf = data->conn->cfilter[sockindex];
   DEBUGASSERT(cf);
-  result = cf->cft->connect(cf, data, blocking, done);
+  if(!cf)
+    return CURLE_FAILED_INIT;
+
+  *done = cf->connected;
+  if(!*done) {
+    result = cf->cft->connect(cf, data, blocking, done);
+    if(!result && *done) {
+      Curl_conn_ev_update_info(data, data->conn);
+      Curl_conn_report_connect_stats(data, data->conn);
+      data->conn->keepalive = Curl_now();
+    }
+    else if(result) {
+      Curl_conn_report_connect_stats(data, data->conn);
+    }
+  }
 
-  DEBUGF(infof(data, DMSGI(data, sockindex, "connect(block=%d)-> %d, done=%d"),
-         blocking, result, *done));
   return result;
 }
 
@@ -394,11 +405,10 @@ bool Curl_conn_is_ip_connected(struct Curl_easy *data, int sockindex)
   return FALSE;
 }
 
-bool Curl_conn_is_ssl(struct Curl_easy *data, int sockindex)
+bool Curl_conn_is_ssl(struct connectdata *conn, int sockindex)
 {
-  struct Curl_cfilter *cf = data->conn? data->conn->cfilter[sockindex] : NULL;
+  struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL;
 
-  (void)data;
   for(; cf; cf = cf->next) {
     if(cf->cft->flags & CF_TYPE_SSL)
       return TRUE;
@@ -408,6 +418,19 @@ bool Curl_conn_is_ssl(struct Curl_easy *data, int sockindex)
   return FALSE;
 }
 
+bool Curl_conn_is_multiplex(struct connectdata *conn, int sockindex)
+{
+  struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL;
+
+  for(; cf; cf = cf->next) {
+    if(cf->cft->flags & CF_TYPE_MULTIPLEX)
+      return TRUE;
+    if(cf->cft->flags & CF_TYPE_IP_CONNECT
+       || cf->cft->flags & CF_TYPE_SSL)
+      return FALSE;
+  }
+  return FALSE;
+}
 
 bool Curl_conn_data_pending(struct Curl_easy *data, int sockindex)
 {
@@ -416,8 +439,6 @@ bool Curl_conn_data_pending(struct Curl_easy *data, int sockindex)
   (void)data;
   DEBUGASSERT(data);
   DEBUGASSERT(data->conn);
-  if(Curl_recv_has_postponed_data(data->conn, sockindex))
-    return TRUE;
 
   cf = data->conn->cfilter[sockindex];
   while(cf && !cf->connected) {
@@ -437,46 +458,16 @@ int Curl_conn_get_select_socks(struct Curl_easy *data, int sockindex,
   DEBUGASSERT(data);
   DEBUGASSERT(data->conn);
   cf = data->conn->cfilter[sockindex];
+
+  /* if the next one is not yet connected, that's the one we want */
+  while(cf && cf->next && !cf->next->connected)
+    cf = cf->next;
   if(cf) {
     return cf->cft->get_select_socks(cf, data, socks);
   }
   return GETSOCK_BLANK;
 }
 
-void Curl_conn_attach_data(struct connectdata *conn,
-                           struct Curl_easy *data)
-{
-  size_t i;
-  struct Curl_cfilter *cf;
-
-  for(i = 0; i < ARRAYSIZE(conn->cfilter); ++i) {
-    cf = conn->cfilter[i];
-    if(cf) {
-      while(cf) {
-        cf->cft->attach_data(cf, data);
-        cf = cf->next;
-      }
-    }
-  }
-}
-
-void Curl_conn_detach_data(struct connectdata *conn,
-                           struct Curl_easy *data)
-{
-  size_t i;
-  struct Curl_cfilter *cf;
-
-  for(i = 0; i < ARRAYSIZE(conn->cfilter); ++i) {
-    cf = conn->cfilter[i];
-    if(cf) {
-      while(cf) {
-        cf->cft->detach_data(cf, data);
-        cf = cf->next;
-      }
-    }
-  }
-}
-
 void Curl_conn_get_host(struct Curl_easy *data, int sockindex,
                         const char **phost, const char **pdisplay_host,
                         int *pport)
@@ -491,7 +482,7 @@ void Curl_conn_get_host(struct Curl_easy *data, int sockindex,
   else {
     /* Some filter ask during shutdown for this, mainly for debugging
      * purposes. We hand out the defaults, however this is not always
-     * accurate, as the connction might be tunneled, etc. But all that
+     * accurate, as the connection might be tunneled, etc. But all that
      * state is already gone here. */
     *phost = data->conn->host.name;
     *pdisplay_host = data->conn->host.dispname;
@@ -499,4 +490,174 @@ void Curl_conn_get_host(struct Curl_easy *data, int sockindex,
   }
 }
 
+CURLcode Curl_cf_def_cntrl(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int event, int arg1, void *arg2)
+{
+  (void)cf;
+  (void)data;
+  (void)event;
+  (void)arg1;
+  (void)arg2;
+  return CURLE_OK;
+}
+
+CURLcode Curl_conn_cf_cntrl(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            bool ignore_result,
+                            int event, int arg1, void *arg2)
+{
+  CURLcode result = CURLE_OK;
+
+  for(; cf; cf = cf->next) {
+    if(Curl_cf_def_cntrl == cf->cft->cntrl)
+      continue;
+    result = cf->cft->cntrl(cf, data, event, arg1, arg2);
+    if(!ignore_result && result)
+      break;
+  }
+  return result;
+}
+
+curl_socket_t Curl_conn_cf_get_socket(struct Curl_cfilter *cf,
+                                      struct Curl_easy *data)
+{
+  curl_socket_t sock;
+  if(cf && !cf->cft->query(cf, data, CF_QUERY_SOCKET, NULL, &sock))
+    return sock;
+  return CURL_SOCKET_BAD;
+}
+
+curl_socket_t Curl_conn_get_socket(struct Curl_easy *data, int sockindex)
+{
+  struct Curl_cfilter *cf;
+
+  cf = data->conn? data->conn->cfilter[sockindex] : NULL;
+  /* if the top filter has not connected, ask it (and its sub-filters)
+   * for the socket. Otherwise conn->sock[sockindex] should have it.
+   */
+  if(cf && !cf->connected)
+    return Curl_conn_cf_get_socket(cf, data);
+  return data->conn? data->conn->sock[sockindex] : CURL_SOCKET_BAD;
+}
+
+static CURLcode cf_cntrl_all(struct connectdata *conn,
+                             struct Curl_easy *data,
+                             bool ignore_result,
+                             int event, int arg1, void *arg2)
+{
+  CURLcode result = CURLE_OK;
+  size_t i;
+
+  for(i = 0; i < ARRAYSIZE(conn->cfilter); ++i) {
+    result = Curl_conn_cf_cntrl(conn->cfilter[i], data, ignore_result,
+                                event, arg1, arg2);
+    if(!ignore_result && result)
+      break;
+  }
+  return result;
+}
+
+void Curl_conn_ev_data_attach(struct connectdata *conn,
+                              struct Curl_easy *data)
+{
+  cf_cntrl_all(conn, data, TRUE, CF_CTRL_DATA_ATTACH, 0, NULL);
+}
+
+void Curl_conn_ev_data_detach(struct connectdata *conn,
+                              struct Curl_easy *data)
+{
+  cf_cntrl_all(conn, data, TRUE, CF_CTRL_DATA_DETACH, 0, NULL);
+}
+
+CURLcode Curl_conn_ev_data_setup(struct Curl_easy *data)
+{
+  return cf_cntrl_all(data->conn, data, FALSE,
+                      CF_CTRL_DATA_SETUP, 0, NULL);
+}
+
+CURLcode Curl_conn_ev_data_idle(struct Curl_easy *data)
+{
+  return cf_cntrl_all(data->conn, data, FALSE,
+                      CF_CTRL_DATA_IDLE, 0, NULL);
+}
+
+/**
+ * Notify connection filters that the transfer represented by `data`
+ * is donw with sending data (e.g. has uploaded everything).
+ */
+void Curl_conn_ev_data_done_send(struct Curl_easy *data)
+{
+  cf_cntrl_all(data->conn, data, TRUE, CF_CTRL_DATA_DONE_SEND, 0, NULL);
+}
+
+/**
+ * Notify connection filters that the transfer represented by `data`
+ * is finished - eventually premature, e.g. before being complete.
+ */
+void Curl_conn_ev_data_done(struct Curl_easy *data, bool premature)
+{
+  cf_cntrl_all(data->conn, data, TRUE, CF_CTRL_DATA_DONE, premature, NULL);
+}
+
+CURLcode Curl_conn_ev_data_pause(struct Curl_easy *data, bool do_pause)
+{
+  return cf_cntrl_all(data->conn, data, FALSE,
+                      CF_CTRL_DATA_PAUSE, do_pause, NULL);
+}
+
+void Curl_conn_ev_update_info(struct Curl_easy *data,
+                              struct connectdata *conn)
+{
+  cf_cntrl_all(conn, data, TRUE, CF_CTRL_CONN_INFO_UPDATE, 0, NULL);
+}
+
+void Curl_conn_report_connect_stats(struct Curl_easy *data,
+                                    struct connectdata *conn)
+{
+  struct Curl_cfilter *cf = conn->cfilter[FIRSTSOCKET];
+  if(cf) {
+    struct curltime connected;
+    struct curltime appconnected;
+
+    memset(&connected, 0, sizeof(connected));
+    cf->cft->query(cf, data, CF_QUERY_TIMER_CONNECT, NULL, &connected);
+    if(connected.tv_sec || connected.tv_usec)
+      Curl_pgrsTimeWas(data, TIMER_CONNECT, connected);
+
+    memset(&appconnected, 0, sizeof(appconnected));
+    cf->cft->query(cf, data, CF_QUERY_TIMER_APPCONNECT, NULL, &appconnected);
+    if(appconnected.tv_sec || appconnected.tv_usec)
+      Curl_pgrsTimeWas(data, TIMER_APPCONNECT, appconnected);
+  }
+}
+
+bool Curl_conn_is_alive(struct Curl_easy *data, struct connectdata *conn,
+                        bool *input_pending)
+{
+  struct Curl_cfilter *cf = conn->cfilter[FIRSTSOCKET];
+  return cf && !cf->conn->bits.close &&
+         cf->cft->is_alive(cf, data, input_pending);
+}
+
+CURLcode Curl_conn_keep_alive(struct Curl_easy *data,
+                              struct connectdata *conn,
+                              int sockindex)
+{
+  struct Curl_cfilter *cf = conn->cfilter[sockindex];
+  return cf? cf->cft->keep_alive(cf, data) : CURLE_OK;
+}
+
+size_t Curl_conn_get_max_concurrent(struct Curl_easy *data,
+                                     struct connectdata *conn,
+                                     int sockindex)
+{
+  CURLcode result;
+  int n = 0;
+
+  struct Curl_cfilter *cf = conn->cfilter[sockindex];
+  result = cf? cf->cft->query(cf, data, CF_QUERY_MAX_CONCURRENT,
+                              &n, NULL) : CURLE_UNKNOWN_OPTION;
+  return (result || n <= 0)? 1 : (size_t)n;
+}
 
diff --git a/lib/cfilters.h b/lib/cfilters.h
index 4b81b42e6..317f2bb19 100644
--- a/lib/cfilters.h
+++ b/lib/cfilters.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -36,11 +36,6 @@ struct connectdata;
 typedef void     Curl_cft_destroy_this(struct Curl_cfilter *cf,
                                        struct Curl_easy *data);
 
-/* Setup the connection for `data`, using destination `remotehost`.
- */
-typedef CURLcode Curl_cft_setup(struct Curl_cfilter *cf,
-                                struct Curl_easy *data,
-                                const struct Curl_dns_entry *remotehost);
 typedef void     Curl_cft_close(struct Curl_cfilter *cf,
                                 struct Curl_easy *data);
 
@@ -89,29 +84,90 @@ typedef ssize_t  Curl_cft_recv(struct Curl_cfilter *cf,
                                size_t len,             /* amount to read */
                                CURLcode *err);         /* error to return */
 
-typedef void     Curl_cft_attach_data(struct Curl_cfilter *cf,
-                                      struct Curl_easy *data);
-typedef void     Curl_cft_detach_data(struct Curl_cfilter *cf,
-                                      struct Curl_easy *data);
+typedef bool     Curl_cft_conn_is_alive(struct Curl_cfilter *cf,
+                                        struct Curl_easy *data,
+                                        bool *input_pending);
+
+typedef CURLcode Curl_cft_conn_keep_alive(struct Curl_cfilter *cf,
+                                          struct Curl_easy *data);
 
 /**
- * The easy handle `data` is being detached (no longer served)
- * by connection `conn`. All filters are informed to release any resources
- * related to `data`.
- * Note: there may be several `data` attached to a connection at the same
- * time.
+ * Events/controls for connection filters, their arguments and
+ * return code handling. Filter callbacks are invoked "top down".
+ * Return code handling:
+ * "first fail" meaning that the first filter returning != CURLE_OK, will
+ *              abort further event distribution and determine the result.
+ * "ignored" meaning return values are ignored and the event is distributed
+ *           to all filters in the chain. Overall result is always CURLE_OK.
  */
-void Curl_conn_detach(struct connectdata *conn, struct Curl_easy *data);
+/*      data event                          arg1       arg2     return */
+#define CF_CTRL_DATA_ATTACH           1  /* 0          NULL     ignored */
+#define CF_CTRL_DATA_DETACH           2  /* 0          NULL     ignored */
+#define CF_CTRL_DATA_SETUP            4  /* 0          NULL     first fail */
+#define CF_CTRL_DATA_IDLE             5  /* 0          NULL     first fail */
+#define CF_CTRL_DATA_PAUSE            6  /* on/off     NULL     first fail */
+#define CF_CTRL_DATA_DONE             7  /* premature  NULL     ignored */
+#define CF_CTRL_DATA_DONE_SEND        8  /* 0          NULL     ignored */
+/* update conn info at connection and data */
+#define CF_CTRL_CONN_INFO_UPDATE (256+0) /* 0          NULL     ignored */
 
+/**
+ * Handle event/control for the filter.
+ * Implementations MUST NOT chain calls to cf->next.
+ */
+typedef CURLcode Curl_cft_cntrl(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int event, int arg1, void *arg2);
+
+
+/**
+ * Queries to ask via a `Curl_cft_query *query` method on a cfilter chain.
+ * - MAX_CONCURRENT: the maximum number of parallel transfers the filter
+ *                   chain expects to handle at the same time.
+ *                   default: 1 if no filter overrides.
+ * - CONNECT_REPLY_MS: milliseconds until the first indication of a server
+ *                   response was received on a connect. For TCP, this
+ *                   reflects the time until the socket connected. On UDP
+ *                   this gives the time the first bytes from the server
+ *                   were received.
+ *                   -1 if not determined yet.
+ * - CF_QUERY_SOCKET: the socket used by the filter chain
+ */
+/*      query                             res1       res2     */
+#define CF_QUERY_MAX_CONCURRENT     1  /* number     -        */
+#define CF_QUERY_CONNECT_REPLY_MS   2  /* number     -        */
+#define CF_QUERY_SOCKET             3  /* -          curl_socket_t */
+#define CF_QUERY_TIMER_CONNECT      4  /* -          struct curltime */
+#define CF_QUERY_TIMER_APPCONNECT   5  /* -          struct curltime */
+
+/**
+ * Query the cfilter for properties. Filters ignorant of a query will
+ * pass it "down" the filter chain.
+ */
+typedef CURLcode Curl_cft_query(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int query, int *pres1, void *pres2);
+
+/**
+ * Type flags for connection filters. A filter can have none, one or
+ * many of those. Use to evaluate state/capabilities of a filter chain.
+ *
+ * CF_TYPE_IP_CONNECT: provides an IP connection or sth equivalent, like
+ *                     a CONNECT tunnel, a UNIX domain socket, a QUIC
+ *                     connection, etc.
+ * CF_TYPE_SSL:        provide SSL/TLS
+ * CF_TYPE_MULTIPLEX:  provides multiplexing of easy handles
+ */
 #define CF_TYPE_IP_CONNECT  (1 << 0)
 #define CF_TYPE_SSL         (1 << 1)
+#define CF_TYPE_MULTIPLEX   (1 << 2)
 
 /* A connection filter type, e.g. specific implementation. */
 struct Curl_cftype {
   const char *name;                       /* name of the filter type */
-  long flags;                             /* flags of filter type */
+  int flags;                              /* flags of filter type */
+  int log_level;                          /* log level for such filters */
   Curl_cft_destroy_this *destroy;         /* destroy resources of this cf */
-  Curl_cft_setup *setup;                  /* setup for a connection */
   Curl_cft_connect *connect;              /* establish connection */
   Curl_cft_close *close;                  /* close conn */
   Curl_cft_get_host *get_host;            /* host filter talks to */
@@ -119,8 +175,10 @@ struct Curl_cftype {
   Curl_cft_data_pending *has_data_pending;/* conn has data pending */
   Curl_cft_send *do_send;                 /* send data */
   Curl_cft_recv *do_recv;                 /* receive data */
-  Curl_cft_attach_data *attach_data;      /* data is being handled here */
-  Curl_cft_detach_data *detach_data;      /* data is no longer handled here */
+  Curl_cft_cntrl *cntrl;                  /* events/control */
+  Curl_cft_conn_is_alive *is_alive;       /* FALSE if conn is dead, Jim! */
+  Curl_cft_conn_keep_alive *keep_alive;   /* try to keep it alive */
+  Curl_cft_query *query;                  /* query filter chain */
 };
 
 /* A connection filter instance, e.g. registered at a connection */
@@ -129,7 +187,7 @@ struct Curl_cfilter {
   struct Curl_cfilter *next;     /* next filter in chain */
   void *ctx;                     /* filter type specific settings */
   struct connectdata *conn;      /* the connection this filter belongs to */
-  int sockindex;                 /* TODO: like to get rid off this */
+  int sockindex;                 /* the index the filter is installed at */
   BIT(connected);                /* != 0 iff this filter is connected */
 };
 
@@ -139,9 +197,6 @@ void Curl_cf_def_destroy_this(struct Curl_cfilter *cf,
 
 /* Default implementations for the type functions, implementing pass-through
  * the filter chain. */
-CURLcode Curl_cf_def_setup(struct Curl_cfilter *cf,
-                           struct Curl_easy *data,
-                           const struct Curl_dns_entry *remotehost);
 void     Curl_cf_def_close(struct Curl_cfilter *cf, struct Curl_easy *data);
 CURLcode Curl_cf_def_connect(struct Curl_cfilter *cf,
                              struct Curl_easy *data,
@@ -158,16 +213,23 @@ ssize_t  Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data,
                           const void *buf, size_t len, CURLcode *err);
 ssize_t  Curl_cf_def_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
                           char *buf, size_t len, CURLcode *err);
-void     Curl_cf_def_attach_data(struct Curl_cfilter *cf,
-                                 struct Curl_easy *data);
-void     Curl_cf_def_detach_data(struct Curl_cfilter *cf,
-                                 struct Curl_easy *data);
+CURLcode Curl_cf_def_cntrl(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int event, int arg1, void *arg2);
+bool     Curl_cf_def_conn_is_alive(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+                                   bool *input_pending);
+CURLcode Curl_cf_def_conn_keep_alive(struct Curl_cfilter *cf,
+                                     struct Curl_easy *data);
+CURLcode Curl_cf_def_query(struct Curl_cfilter *cf,
+                           struct Curl_easy *data,
+                           int query, int *pres1, void *pres2);
 
 /**
  * Create a new filter instance, unattached to the filter chain.
  * Use Curl_conn_cf_add() to add it to the chain.
  * @param pcf  on success holds the created instance
- * @parm cft   the filter type
+ * @param cft   the filter type
  * @param ctx  the type specific context to use
  */
 CURLcode Curl_cf_create(struct Curl_cfilter **pcf,
@@ -176,7 +238,7 @@ CURLcode Curl_cf_create(struct Curl_cfilter **pcf,
 
 /**
  * Add a filter instance to the `sockindex` filter chain at connection
- * `data->conn`. The filter must not already be attached. It is inserted at
+ * `conn`. The filter must not already be attached. It is inserted at
  * the start of the chain (top).
  */
 void Curl_conn_cf_add(struct Curl_easy *data,
@@ -185,11 +247,11 @@ void Curl_conn_cf_add(struct Curl_easy *data,
                       struct Curl_cfilter *cf);
 
 /**
- * Remove and destroy all filters at chain `sockindex` on connection `conn`.
+ * Insert a filter (chain) after `cf_at`.
+ * `cf_new` must not already be attached.
  */
-void Curl_conn_cf_discard_all(struct Curl_easy *data,
-                              struct connectdata *conn,
-                              int sockindex);
+void Curl_conn_cf_insert_after(struct Curl_cfilter *cf_at,
+                               struct Curl_cfilter *cf_new);
 
 /**
  * Discard, e.g. remove and destroy a specific filter instance.
@@ -198,29 +260,51 @@ void Curl_conn_cf_discard_all(struct Curl_easy *data,
  */
 void Curl_conn_cf_discard(struct Curl_cfilter *cf, struct Curl_easy *data);
 
+/**
+ * Discard all cfilters starting with `*pcf` and clearing it afterwards.
+ */
+void Curl_conn_cf_discard_chain(struct Curl_cfilter **pcf,
+                                struct Curl_easy *data);
+
+/**
+ * Remove and destroy all filters at chain `sockindex` on connection `conn`.
+ */
+void Curl_conn_cf_discard_all(struct Curl_easy *data,
+                              struct connectdata *conn,
+                              int sockindex);
+
 
+CURLcode Curl_conn_cf_connect(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              bool blocking, bool *done);
+void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data);
+int Curl_conn_cf_get_select_socks(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  curl_socket_t *socks);
+bool Curl_conn_cf_data_pending(struct Curl_cfilter *cf,
+                               const struct Curl_easy *data);
 ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data,
                           const void *buf, size_t len, CURLcode *err);
 ssize_t Curl_conn_cf_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
                           char *buf, size_t len, CURLcode *err);
+CURLcode Curl_conn_cf_cntrl(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            bool ignore_result,
+                            int event, int arg1, void *arg2);
+
+/**
+ * Get the socket used by the filter chain starting at `cf`.
+ * Returns CURL_SOCKET_BAD if not available.
+ */
+curl_socket_t Curl_conn_cf_get_socket(struct Curl_cfilter *cf,
+                                      struct Curl_easy *data);
+
 
 #define CURL_CF_SSL_DEFAULT  -1
 #define CURL_CF_SSL_DISABLE  0
 #define CURL_CF_SSL_ENABLE   1
 
 /**
- * Setup the filter chain at `sockindex` in connection `conn`, invoking
- * the instance `setup(remotehost)` methods. If no filter chain is
- * installed yet, inspects the configuration in `data` to install a
- * suitable filter chain.
- */
-CURLcode Curl_conn_setup(struct Curl_easy *data,
-                         struct connectdata *conn,
-                         int sockindex,
-                         const struct Curl_dns_entry *remotehost,
-                         int ssl_mode);
-
-/**
  * Bring the filter chain at `sockindex` for connection `data->conn` into
  * connected state. Which will set `*done` to TRUE.
  * This can be called on an already connected chain with no side effects.
@@ -248,7 +332,12 @@ bool Curl_conn_is_ip_connected(struct Curl_easy *data, int sockindex);
  * (or will be once connected). This will return FALSE, if SSL
  * is only used in proxying and not for the tunnel itself.
  */
-bool Curl_conn_is_ssl(struct Curl_easy *data, int sockindex);
+bool Curl_conn_is_ssl(struct connectdata *conn, int sockindex);
+
+/**
+ * Connection provides multiplexing of easy handles at `socketindex`.
+ */
+bool Curl_conn_is_multiplex(struct connectdata *conn, int sockindex);
 
 /**
  * Close the filter chain at `sockindex` for connection `data->conn`.
@@ -264,6 +353,12 @@ bool Curl_conn_data_pending(struct Curl_easy *data,
                             int sockindex);
 
 /**
+ * Return the socket used on data's connection for the index.
+ * Returns CURL_SOCKET_BAD if not available.
+ */
+curl_socket_t Curl_conn_get_socket(struct Curl_easy *data, int sockindex);
+
+/**
  * Get any select fd flags and the socket filters at chain `sockindex`
  * at connection `conn` might be waiting for.
  */
@@ -289,13 +384,12 @@ ssize_t Curl_conn_send(struct Curl_easy *data, int sockindex,
                        const void *buf, size_t len, CURLcode *code);
 
 /**
- * The easy handle `data` is being attached (served) by connection `conn`.
- * All filters are informed to adapt to handling `data`.
- * Note: there may be several `data` attached to a connection at the same
- * time.
+ * The easy handle `data` is being attached to `conn`. This does
+ * not mean that data will actually do a transfer. Attachment is
+ * also used for temporary actions on the connection.
  */
-void Curl_conn_attach_data(struct connectdata *conn,
-                           struct Curl_easy *data);
+void Curl_conn_ev_data_attach(struct connectdata *conn,
+                              struct Curl_easy *data);
 
 /**
  * The easy handle `data` is being detached (no longer served)
@@ -304,12 +398,142 @@ void Curl_conn_attach_data(struct connectdata *conn,
  * Note: there may be several `data` attached to a connection at the same
  * time.
  */
-void Curl_conn_detach_data(struct connectdata *conn,
-                           struct Curl_easy *data);
+void Curl_conn_ev_data_detach(struct connectdata *conn,
+                              struct Curl_easy *data);
+
+/**
+ * Notify connection filters that they need to setup data for
+ * a transfer.
+ */
+CURLcode Curl_conn_ev_data_setup(struct Curl_easy *data);
+
+/**
+ * Notify connection filters that now would be a good time to
+ * perform any idle, e.g. time related, actions.
+ */
+CURLcode Curl_conn_ev_data_idle(struct Curl_easy *data);
+
+/**
+ * Notify connection filters that the transfer represented by `data`
+ * is donw with sending data (e.g. has uploaded everything).
+ */
+void Curl_conn_ev_data_done_send(struct Curl_easy *data);
+
+/**
+ * Notify connection filters that the transfer represented by `data`
+ * is finished - eventually premature, e.g. before being complete.
+ */
+void Curl_conn_ev_data_done(struct Curl_easy *data, bool premature);
+
+/**
+ * Notify connection filters that the transfer of data is paused/unpaused.
+ */
+CURLcode Curl_conn_ev_data_pause(struct Curl_easy *data, bool do_pause);
+
+/**
+ * Inform connection filters to update their info in `conn`.
+ */
+void Curl_conn_ev_update_info(struct Curl_easy *data,
+                              struct connectdata *conn);
+
+/**
+ * Update connection statistics
+ */
+void Curl_conn_report_connect_stats(struct Curl_easy *data,
+                                    struct connectdata *conn);
+
+/**
+ * Check if FIRSTSOCKET's cfilter chain deems connection alive.
+ */
+bool Curl_conn_is_alive(struct Curl_easy *data, struct connectdata *conn,
+                        bool *input_pending);
+
+/**
+ * Try to upkeep the connection filters at sockindex.
+ */
+CURLcode Curl_conn_keep_alive(struct Curl_easy *data,
+                              struct connectdata *conn,
+                              int sockindex);
 
 void Curl_conn_get_host(struct Curl_easy *data, int sockindex,
                         const char **phost, const char **pdisplay_host,
                         int *pport);
 
+/**
+ * Get the maximum number of parallel transfers the connection
+ * expects to be able to handle at `sockindex`.
+ */
+size_t Curl_conn_get_max_concurrent(struct Curl_easy *data,
+                                    struct connectdata *conn,
+                                    int sockindex);
+
+
+/**
+ * Types and macros used to keep the current easy handle in filter calls,
+ * allowing for nested invocations. See #10336.
+ *
+ * `cf_call_data` is intended to be a member of the cfilter's `ctx` type.
+ * A filter defines the macro `CF_CTX_CALL_DATA` to give access to that.
+ *
+ * With all values 0, the default, this indicates that there is no cfilter
+ * call with `data` ongoing.
+ * Macro `CF_DATA_SAVE` preserves the current `cf_call_data` in a local
+ * variable and sets the `data` given, incrementing the `depth` counter.
+ *
+ * Macro `CF_DATA_RESTORE` restores the old values from the local variable,
+ * while checking that `depth` values are as expected (debug build), catching
+ * cases where a "lower" RESTORE was not called.
+ *
+ * Finally, macro `CF_DATA_CURRENT` gives the easy handle of the current
+ * invocation.
+ */
+struct cf_call_data {
+  struct Curl_easy *data;
+#ifdef DEBUGBUILD
+  int depth;
+#endif
+};
+
+/**
+ * define to access the `struct cf_call_data for a cfilter. Normally
+ * a member in the cfilter's `ctx`.
+ *
+ * #define CF_CTX_CALL_DATA(cf)   -> struct cf_call_data instance
+*/
+
+#ifdef DEBUGBUILD
+
+#define CF_DATA_SAVE(save, cf, data) \
+  do { \
+    (save) = CF_CTX_CALL_DATA(cf); \
+    DEBUGASSERT((save).data == NULL || (save).depth > 0); \
+    CF_CTX_CALL_DATA(cf).depth++;  \
+    CF_CTX_CALL_DATA(cf).data = (struct Curl_easy *)data; \
+  } while(0)
+
+#define CF_DATA_RESTORE(cf, save) \
+  do { \
+    DEBUGASSERT(CF_CTX_CALL_DATA(cf).depth == (save).depth + 1); \
+    DEBUGASSERT((save).data == NULL || (save).depth > 0); \
+    CF_CTX_CALL_DATA(cf) = (save); \
+  } while(0)
+
+#else /* DEBUGBUILD */
+
+#define CF_DATA_SAVE(save, cf, data) \
+  do { \
+    (save) = CF_CTX_CALL_DATA(cf); \
+    CF_CTX_CALL_DATA(cf).data = (struct Curl_easy *)data; \
+  } while(0)
+
+#define CF_DATA_RESTORE(cf, save) \
+  do { \
+    CF_CTX_CALL_DATA(cf) = (save); \
+  } while(0)
+
+#endif /* !DEBUGBUILD */
+
+#define CF_DATA_CURRENT(cf) \
+  ((cf)? (CF_CTX_CALL_DATA(cf).data) : NULL)
 
 #endif /* HEADER_CURL_CFILTERS_H */
diff --git a/lib/config-amigaos.h b/lib/config-amigaos.h
index baf592cb3..e9fa7a4e7 100644
--- a/lib/config-amigaos.h
+++ b/lib/config-amigaos.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/config-dos.h b/lib/config-dos.h
index 9cbb8fc80..8dece8aeb 100644
--- a/lib/config-dos.h
+++ b/lib/config-dos.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/config-mac.h b/lib/config-mac.h
index 2d3eec3cb..8bd2fbd09 100644
--- a/lib/config-mac.h
+++ b/lib/config-mac.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/config-os400.h b/lib/config-os400.h
index 17f7f05f8..8d48955ee 100644
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/config-plan9.h b/lib/config-plan9.h
index 8517591ae..54f89b06c 100644
--- a/lib/config-plan9.h
+++ b/lib/config-plan9.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/config-riscos.h b/lib/config-riscos.h
index a29ea7155..246473194 100644
--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/config-win32.h b/lib/config-win32.h
index 7c9bde610..0879e232a 100644
--- a/lib/config-win32.h
+++ b/lib/config-win32.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,10 +39,18 @@
 #define HAVE_FCNTL_H 1
 
 /* Define to 1 if you have the <inttypes.h> header file. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1800)
+#if defined(__MINGW32__) || \
+    (defined(_MSC_VER) && (_MSC_VER >= 1800))
 #define HAVE_INTTYPES_H 1
 #endif
 
+/* Define to 1 if you have the <stdint.h> header file. */
+#if defined(__MINGW32__) || defined(__POCC__) || \
+    (defined(_MSC_VER) && (_MSC_VER >= 1600)) || \
+    (defined(__BORLANDC__) && (__BORLANDC__ >= 0x0582))
+#define HAVE_STDINT_H 1
+#endif
+
 /* Define if you have the <io.h> header file. */
 #define HAVE_IO_H 1
 
diff --git a/lib/config-win32ce.h b/lib/config-win32ce.h
index 30829b482..825f5e60c 100644
--- a/lib/config-win32ce.h
+++ b/lib/config-win32ce.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/conncache.c b/lib/conncache.c
index a557ac6dc..1c736da60 100644
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -45,13 +45,6 @@
 
 #define HASHKEY_SIZE 128
 
-static void conn_llist_dtor(void *user, void *element)
-{
-  struct connectdata *conn = element;
-  (void)user;
-  conn->bundle = NULL;
-}
-
 static CURLcode bundle_create(struct connectbundle **bundlep)
 {
   DEBUGASSERT(*bundlep == NULL);
@@ -62,17 +55,12 @@ static CURLcode bundle_create(struct connectbundle **bundlep)
   (*bundlep)->num_connections = 0;
   (*bundlep)->multiuse = BUNDLE_UNKNOWN;
 
-  Curl_llist_init(&(*bundlep)->conn_list, (Curl_llist_dtor) conn_llist_dtor);
+  Curl_llist_init(&(*bundlep)->conn_list, NULL);
   return CURLE_OK;
 }
 
 static void bundle_destroy(struct connectbundle *bundle)
 {
-  if(!bundle)
-    return;
-
-  Curl_llist_destroy(&bundle->conn_list, NULL);
-
   free(bundle);
 }
 
diff --git a/lib/conncache.h b/lib/conncache.h
index 94664bc35..959767d59 100644
--- a/lib/conncache.h
+++ b/lib/conncache.h
@@ -7,8 +7,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Linus Nielsen Feltzing, <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/connect.c b/lib/connect.c
index af0413836..10d0c11ae 100644
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -59,106 +59,30 @@
 #include "strerror.h"
 #include "cfilters.h"
 #include "connect.h"
+#include "cf-https-connect.h"
+#include "cf-socket.h"
 #include "select.h"
 #include "url.h" /* for Curl_safefree() */
 #include "multiif.h"
 #include "sockaddr.h" /* required for Curl_sockaddr_storage */
 #include "inet_ntop.h"
 #include "inet_pton.h"
-#include "vtls/vtls.h" /* for Curl_ssl_check_cxn() */
+#include "vtls/vtls.h" /* for vtsl cfilters */
 #include "progress.h"
 #include "warnless.h"
 #include "conncache.h"
 #include "multihandle.h"
 #include "share.h"
 #include "version_win32.h"
-#include "quic.h"
+#include "vquic/vquic.h" /* for quic cfilters */
+#include "http_proxy.h"
+#include "socks.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
 #include "curl_memory.h"
 #include "memdebug.h"
 
-static bool verifyconnect(curl_socket_t sockfd, int *error);
-
-#if defined(__DragonFly__) || defined(HAVE_WINSOCK2_H)
-/* DragonFlyBSD and Windows use millisecond units */
-#define KEEPALIVE_FACTOR(x) (x *= 1000)
-#else
-#define KEEPALIVE_FACTOR(x)
-#endif
-
-#if defined(HAVE_WINSOCK2_H) && !defined(SIO_KEEPALIVE_VALS)
-#define SIO_KEEPALIVE_VALS    _WSAIOW(IOC_VENDOR,4)
-
-struct tcp_keepalive {
-  u_long onoff;
-  u_long keepalivetime;
-  u_long keepaliveinterval;
-};
-#endif
-
-static void
-tcpkeepalive(struct Curl_easy *data,
-             curl_socket_t sockfd)
-{
-  int optval = data->set.tcp_keepalive?1:0;
-
-  /* only set IDLE and INTVL if setting KEEPALIVE is successful */
-  if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE,
-        (void *)&optval, sizeof(optval)) < 0) {
-    infof(data, "Failed to set SO_KEEPALIVE on fd %d", sockfd);
-  }
-  else {
-#if defined(SIO_KEEPALIVE_VALS)
-    struct tcp_keepalive vals;
-    DWORD dummy;
-    vals.onoff = 1;
-    optval = curlx_sltosi(data->set.tcp_keepidle);
-    KEEPALIVE_FACTOR(optval);
-    vals.keepalivetime = optval;
-    optval = curlx_sltosi(data->set.tcp_keepintvl);
-    KEEPALIVE_FACTOR(optval);
-    vals.keepaliveinterval = optval;
-    if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals),
-                NULL, 0, &dummy, NULL, NULL) != 0) {
-      infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd %d: %d",
-            (int)sockfd, WSAGetLastError());
-    }
-#else
-#ifdef TCP_KEEPIDLE
-    optval = curlx_sltosi(data->set.tcp_keepidle);
-    KEEPALIVE_FACTOR(optval);
-    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
-          (void *)&optval, sizeof(optval)) < 0) {
-      infof(data, "Failed to set TCP_KEEPIDLE on fd %d", sockfd);
-    }
-#elif defined(TCP_KEEPALIVE)
-    /* Mac OS X style */
-    optval = curlx_sltosi(data->set.tcp_keepidle);
-    KEEPALIVE_FACTOR(optval);
-    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE,
-      (void *)&optval, sizeof(optval)) < 0) {
-      infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd);
-    }
-#endif
-#ifdef TCP_KEEPINTVL
-    optval = curlx_sltosi(data->set.tcp_keepintvl);
-    KEEPALIVE_FACTOR(optval);
-    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
-          (void *)&optval, sizeof(optval)) < 0) {
-      infof(data, "Failed to set TCP_KEEPINTVL on fd %d", sockfd);
-    }
-#endif
-#endif
-  }
-}
-
-static CURLcode
-singleipconnect(struct Curl_easy *data,
-                struct connectdata *conn,
-                const struct Curl_addrinfo *ai, /* start connecting to this */
-                int tempindex);          /* 0 or 1 among the temp ones */
 
 /*
  * Curl_timeleft() returns the amount of milliseconds left allowed for the
@@ -230,387 +154,6 @@ timediff_t Curl_timeleft(struct Curl_easy *data,
   return timeout_ms;
 }
 
-static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn,
-                          curl_socket_t sockfd, int af, unsigned int scope)
-{
-  struct Curl_sockaddr_storage sa;
-  struct sockaddr *sock = (struct sockaddr *)&sa;  /* bind to this address */
-  curl_socklen_t sizeof_sa = 0; /* size of the data sock points to */
-  struct sockaddr_in *si4 = (struct sockaddr_in *)&sa;
-#ifdef ENABLE_IPV6
-  struct sockaddr_in6 *si6 = (struct sockaddr_in6 *)&sa;
-#endif
-
-  struct Curl_dns_entry *h = NULL;
-  unsigned short port = data->set.localport; /* use this port number, 0 for
-                                                "random" */
-  /* how many port numbers to try to bind to, increasing one at a time */
-  int portnum = data->set.localportrange;
-  const char *dev = data->set.str[STRING_DEVICE];
-  int error;
-#ifdef IP_BIND_ADDRESS_NO_PORT
-  int on = 1;
-#endif
-#ifndef ENABLE_IPV6
-  (void)scope;
-#endif
-
-  /*************************************************************
-   * Select device to bind socket to
-   *************************************************************/
-  if(!dev && !port)
-    /* no local kind of binding was requested */
-    return CURLE_OK;
-
-  memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
-
-  if(dev && (strlen(dev)<255) ) {
-    char myhost[256] = "";
-    int done = 0; /* -1 for error, 1 for address found */
-    bool is_interface = FALSE;
-    bool is_host = FALSE;
-    static const char *if_prefix = "if!";
-    static const char *host_prefix = "host!";
-
-    if(strncmp(if_prefix, dev, strlen(if_prefix)) == 0) {
-      dev += strlen(if_prefix);
-      is_interface = TRUE;
-    }
-    else if(strncmp(host_prefix, dev, strlen(host_prefix)) == 0) {
-      dev += strlen(host_prefix);
-      is_host = TRUE;
-    }
-
-    /* interface */
-    if(!is_host) {
-#ifdef SO_BINDTODEVICE
-      /* I am not sure any other OSs than Linux that provide this feature,
-       * and at the least I cannot test. --Ben
-       *
-       * This feature allows one to tightly bind the local socket to a
-       * particular interface.  This will force even requests to other
-       * local interfaces to go out the external interface.
-       *
-       *
-       * Only bind to the interface when specified as interface, not just
-       * as a hostname or ip address.
-       *
-       * interface might be a VRF, eg: vrf-blue, which means it cannot be
-       * converted to an IP address and would fail Curl_if2ip. Simply try
-       * to use it straight away.
-       */
-      if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
-                    dev, (curl_socklen_t)strlen(dev) + 1) == 0) {
-        /* This is typically "errno 1, error: Operation not permitted" if
-         * you're not running as root or another suitable privileged
-         * user.
-         * If it succeeds it means the parameter was a valid interface and
-         * not an IP address. Return immediately.
-         */
-        return CURLE_OK;
-      }
-#endif
-
-      switch(Curl_if2ip(af,
-#ifdef ENABLE_IPV6
-                        scope, conn->scope_id,
-#endif
-                        dev, myhost, sizeof(myhost))) {
-        case IF2IP_NOT_FOUND:
-          if(is_interface) {
-            /* Do not fall back to treating it as a host name */
-            failf(data, "Couldn't bind to interface '%s'", dev);
-            return CURLE_INTERFACE_FAILED;
-          }
-          break;
-        case IF2IP_AF_NOT_SUPPORTED:
-          /* Signal the caller to try another address family if available */
-          return CURLE_UNSUPPORTED_PROTOCOL;
-        case IF2IP_FOUND:
-          is_interface = TRUE;
-          /*
-           * We now have the numerical IP address in the 'myhost' buffer
-           */
-          infof(data, "Local Interface %s is ip %s using address family %i",
-                dev, myhost, af);
-          done = 1;
-          break;
-      }
-    }
-    if(!is_interface) {
-      /*
-       * This was not an interface, resolve the name as a host name
-       * or IP number
-       *
-       * Temporarily force name resolution to use only the address type
-       * of the connection. The resolve functions should really be changed
-       * to take a type parameter instead.
-       */
-      unsigned char ipver = conn->ip_version;
-      int rc;
-
-      if(af == AF_INET)
-        conn->ip_version = CURL_IPRESOLVE_V4;
-#ifdef ENABLE_IPV6
-      else if(af == AF_INET6)
-        conn->ip_version = CURL_IPRESOLVE_V6;
-#endif
-
-      rc = Curl_resolv(data, dev, 0, FALSE, &h);
-      if(rc == CURLRESOLV_PENDING)
-        (void)Curl_resolver_wait_resolv(data, &h);
-      conn->ip_version = ipver;
-
-      if(h) {
-        /* convert the resolved address, sizeof myhost >= INET_ADDRSTRLEN */
-        Curl_printable_address(h->addr, myhost, sizeof(myhost));
-        infof(data, "Name '%s' family %i resolved to '%s' family %i",
-              dev, af, myhost, h->addr->ai_family);
-        Curl_resolv_unlock(data, h);
-        if(af != h->addr->ai_family) {
-          /* bad IP version combo, signal the caller to try another address
-             family if available */
-          return CURLE_UNSUPPORTED_PROTOCOL;
-        }
-        done = 1;
-      }
-      else {
-        /*
-         * provided dev was no interface (or interfaces are not supported
-         * e.g. solaris) no ip address and no domain we fail here
-         */
-        done = -1;
-      }
-    }
-
-    if(done > 0) {
-#ifdef ENABLE_IPV6
-      /* IPv6 address */
-      if(af == AF_INET6) {
-#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
-        char *scope_ptr = strchr(myhost, '%');
-        if(scope_ptr)
-          *(scope_ptr++) = '\0';
-#endif
-        if(Curl_inet_pton(AF_INET6, myhost, &si6->sin6_addr) > 0) {
-          si6->sin6_family = AF_INET6;
-          si6->sin6_port = htons(port);
-#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
-          if(scope_ptr) {
-            /* The "myhost" string either comes from Curl_if2ip or from
-               Curl_printable_address. The latter returns only numeric scope
-               IDs and the former returns none at all.  So the scope ID, if
-               present, is known to be numeric */
-            unsigned long scope_id = strtoul(scope_ptr, NULL, 10);
-            if(scope_id > UINT_MAX)
-              return CURLE_UNSUPPORTED_PROTOCOL;
-
-            si6->sin6_scope_id = (unsigned int)scope_id;
-          }
-#endif
-        }
-        sizeof_sa = sizeof(struct sockaddr_in6);
-      }
-      else
-#endif
-      /* IPv4 address */
-      if((af == AF_INET) &&
-         (Curl_inet_pton(AF_INET, myhost, &si4->sin_addr) > 0)) {
-        si4->sin_family = AF_INET;
-        si4->sin_port = htons(port);
-        sizeof_sa = sizeof(struct sockaddr_in);
-      }
-    }
-
-    if(done < 1) {
-      /* errorbuf is set false so failf will overwrite any message already in
-         the error buffer, so the user receives this error message instead of a
-         generic resolve error. */
-      data->state.errorbuf = FALSE;
-      failf(data, "Couldn't bind to '%s'", dev);
-      return CURLE_INTERFACE_FAILED;
-    }
-  }
-  else {
-    /* no device was given, prepare sa to match af's needs */
-#ifdef ENABLE_IPV6
-    if(af == AF_INET6) {
-      si6->sin6_family = AF_INET6;
-      si6->sin6_port = htons(port);
-      sizeof_sa = sizeof(struct sockaddr_in6);
-    }
-    else
-#endif
-    if(af == AF_INET) {
-      si4->sin_family = AF_INET;
-      si4->sin_port = htons(port);
-      sizeof_sa = sizeof(struct sockaddr_in);
-    }
-  }
-#ifdef IP_BIND_ADDRESS_NO_PORT
-  (void)setsockopt(sockfd, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &on, sizeof(on));
-#endif
-  for(;;) {
-    if(bind(sockfd, sock, sizeof_sa) >= 0) {
-      /* we succeeded to bind */
-      struct Curl_sockaddr_storage add;
-      curl_socklen_t size = sizeof(add);
-      memset(&add, 0, sizeof(struct Curl_sockaddr_storage));
-      if(getsockname(sockfd, (struct sockaddr *) &add, &size) < 0) {
-        char buffer[STRERROR_LEN];
-        data->state.os_errno = error = SOCKERRNO;
-        failf(data, "getsockname() failed with errno %d: %s",
-              error, Curl_strerror(error, buffer, sizeof(buffer)));
-        return CURLE_INTERFACE_FAILED;
-      }
-      infof(data, "Local port: %hu", port);
-      conn->bits.bound = TRUE;
-      return CURLE_OK;
-    }
-
-    if(--portnum > 0) {
-      port++; /* try next port */
-      if(port == 0)
-        break;
-      infof(data, "Bind to local port %hu failed, trying next", port - 1);
-      /* We re-use/clobber the port variable here below */
-      if(sock->sa_family == AF_INET)
-        si4->sin_port = ntohs(port);
-#ifdef ENABLE_IPV6
-      else
-        si6->sin6_port = ntohs(port);
-#endif
-    }
-    else
-      break;
-  }
-  {
-    char buffer[STRERROR_LEN];
-    data->state.os_errno = error = SOCKERRNO;
-    failf(data, "bind failed with errno %d: %s",
-          error, Curl_strerror(error, buffer, sizeof(buffer)));
-  }
-
-  return CURLE_INTERFACE_FAILED;
-}
-
-/*
- * verifyconnect() returns TRUE if the connect really has happened.
- */
-static bool verifyconnect(curl_socket_t sockfd, int *error)
-{
-  bool rc = TRUE;
-#ifdef SO_ERROR
-  int err = 0;
-  curl_socklen_t errSize = sizeof(err);
-
-#ifdef WIN32
-  /*
-   * In October 2003 we effectively nullified this function on Windows due to
-   * problems with it using all CPU in multi-threaded cases.
-   *
-   * In May 2004, we bring it back to offer more info back on connect failures.
-   * Gisle Vanem could reproduce the former problems with this function, but
-   * could avoid them by adding this SleepEx() call below:
-   *
-   *    "I don't have Rational Quantify, but the hint from his post was
-   *    ntdll::NtRemoveIoCompletion(). So I'd assume the SleepEx (or maybe
-   *    just Sleep(0) would be enough?) would release whatever
-   *    mutex/critical-section the ntdll call is waiting on.
-   *
-   *    Someone got to verify this on Win-NT 4.0, 2000."
-   */
-
-#ifdef _WIN32_WCE
-  Sleep(0);
-#else
-  SleepEx(0, FALSE);
-#endif
-
-#endif
-
-  if(0 != getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void *)&err, &errSize))
-    err = SOCKERRNO;
-#ifdef _WIN32_WCE
-  /* Old WinCE versions don't support SO_ERROR */
-  if(WSAENOPROTOOPT == err) {
-    SET_SOCKERRNO(0);
-    err = 0;
-  }
-#endif
-#if defined(EBADIOCTL) && defined(__minix)
-  /* Minix 3.1.x doesn't support getsockopt on UDP sockets */
-  if(EBADIOCTL == err) {
-    SET_SOCKERRNO(0);
-    err = 0;
-  }
-#endif
-  if((0 == err) || (EISCONN == err))
-    /* we are connected, awesome! */
-    rc = TRUE;
-  else
-    /* This wasn't a successful connect */
-    rc = FALSE;
-  if(error)
-    *error = err;
-#else
-  (void)sockfd;
-  if(error)
-    *error = SOCKERRNO;
-#endif
-  return rc;
-}
-
-/* update tempaddr[tempindex] (to the next entry), makes sure to stick
-   to the correct family */
-static struct Curl_addrinfo *ainext(struct connectdata *conn,
-                                    int tempindex,
-                                    bool next) /* use next entry? */
-{
-  struct Curl_addrinfo *ai = conn->tempaddr[tempindex];
-  if(ai && next)
-    ai = ai->ai_next;
-  while(ai && (ai->ai_family != conn->tempfamily[tempindex]))
-    ai = ai->ai_next;
-  conn->tempaddr[tempindex] = ai;
-  return ai;
-}
-
-/* Used within the multi interface. Try next IP address, returns error if no
-   more address exists or error */
-static CURLcode trynextip(struct Curl_easy *data,
-                          struct connectdata *conn,
-                          int sockindex,
-                          int tempindex)
-{
-  CURLcode result = CURLE_COULDNT_CONNECT;
-
-  /* First clean up after the failed socket.
-     Don't close it yet to ensure that the next IP's socket gets a different
-     file descriptor, which can prevent bugs when the curl_multi_socket_action
-     interface is used with certain select() replacements such as kqueue. */
-  curl_socket_t fd_to_close = conn->tempsock[tempindex];
-  conn->tempsock[tempindex] = CURL_SOCKET_BAD;
-
-  if(sockindex == FIRSTSOCKET) {
-    struct Curl_addrinfo *ai = conn->tempaddr[tempindex];
-
-    while(ai) {
-      result = singleipconnect(data, conn, ai, tempindex);
-      if(result == CURLE_COULDNT_CONNECT) {
-        ai = ainext(conn, tempindex, TRUE);
-        continue;
-      }
-      break;
-    }
-  }
-
-  if(fd_to_close != CURL_SOCKET_BAD)
-    Curl_closesocket(data, conn, fd_to_close);
-
-  return result;
-}
-
 /* Copies connection info into the transfer handle to make it available when
    the transfer handle is no longer associated with the connection. */
 void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn,
@@ -629,6 +172,28 @@ void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn,
   data->info.conn_local_port = local_port;
 }
 
+static const struct Curl_addrinfo *
+addr_first_match(const struct Curl_addrinfo *addr, int family)
+{
+  while(addr) {
+    if(addr->ai_family == family)
+      return addr;
+    addr = addr->ai_next;
+  }
+  return NULL;
+}
+
+static const struct Curl_addrinfo *
+addr_next_match(const struct Curl_addrinfo *addr, int family)
+{
+  while(addr && addr->ai_next) {
+    addr = addr->ai_next;
+    if(addr->ai_family == family)
+      return addr;
+  }
+  return NULL;
+}
+
 /* retrieves ip address and port from a sockaddr structure.
    note it calls Curl_inet_ntop which sets errno on fail, not SOCKERRNO. */
 bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen,
@@ -686,623 +251,493 @@ bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen,
   return FALSE;
 }
 
-/* retrieves the start/end point information of a socket of an established
-   connection */
-void Curl_conninfo_remote(struct Curl_easy *data,
-                          struct connectdata *conn, curl_socket_t sockfd)
-{
-#ifdef HAVE_GETPEERNAME
-  char buffer[STRERROR_LEN];
-  struct Curl_sockaddr_storage ssrem;
-  curl_socklen_t plen;
-  int port;
-  plen = sizeof(struct Curl_sockaddr_storage);
-  memset(&ssrem, 0, sizeof(ssrem));
-  if(getpeername(sockfd, (struct sockaddr*) &ssrem, &plen)) {
-    int error = SOCKERRNO;
-    failf(data, "getpeername() failed with errno %d: %s",
-          error, Curl_strerror(error, buffer, sizeof(buffer)));
-    return;
-  }
-  if(!Curl_addr2string((struct sockaddr*)&ssrem, plen,
-                       conn->primary_ip, &port)) {
-    failf(data, "ssrem inet_ntop() failed with errno %d: %s",
-          errno, Curl_strerror(errno, buffer, sizeof(buffer)));
-    return;
-  }
-#else
-  (void)data;
-  (void)conn;
-  (void)sockfd;
-#endif
-}
+struct connfind {
+  long id_tofind;
+  struct connectdata *found;
+};
 
-/* retrieves the start/end point information of a socket of an established
-   connection */
-void Curl_conninfo_local(struct Curl_easy *data, curl_socket_t sockfd,
-                         char *local_ip, int *local_port)
+static int conn_is_conn(struct Curl_easy *data,
+                        struct connectdata *conn, void *param)
 {
-#ifdef HAVE_GETSOCKNAME
-  char buffer[STRERROR_LEN];
-  struct Curl_sockaddr_storage ssloc;
-  curl_socklen_t slen;
-  slen = sizeof(struct Curl_sockaddr_storage);
-  memset(&ssloc, 0, sizeof(ssloc));
-  if(getsockname(sockfd, (struct sockaddr*) &ssloc, &slen)) {
-    int error = SOCKERRNO;
-    failf(data, "getsockname() failed with errno %d: %s",
-          error, Curl_strerror(error, buffer, sizeof(buffer)));
-    return;
-  }
-  if(!Curl_addr2string((struct sockaddr*)&ssloc, slen,
-                       local_ip, local_port)) {
-    failf(data, "ssloc inet_ntop() failed with errno %d: %s",
-          errno, Curl_strerror(errno, buffer, sizeof(buffer)));
-    return;
-  }
-#else
+  struct connfind *f = (struct connfind *)param;
   (void)data;
-  (void)sockfd;
-  (void)local_ip;
-  (void)local_port;
-#endif
-}
-
-/* retrieves the start/end point information of a socket of an established
-   connection */
-void Curl_updateconninfo(struct Curl_easy *data, struct connectdata *conn,
-                         curl_socket_t sockfd)
-{
-  /* 'local_ip' and 'local_port' get filled with local's numerical
-     ip address and port number whenever an outgoing connection is
-     **established** from the primary socket to a remote address. */
-  char local_ip[MAX_IPADR_LEN] = "";
-  int local_port = -1;
-
-  if(!conn->bits.reuse &&
-     (conn->transport != TRNSPRT_TCP || !conn->bits.tcp_fastopen))
-    Curl_conninfo_remote(data, conn, sockfd);
-  Curl_conninfo_local(data, sockfd, local_ip, &local_port);
-
-  /* persist connection info in session handle */
-  Curl_persistconninfo(data, conn, local_ip, local_port);
-}
-
-/*
- * post_connect() is called after a successful connect to the peer
- */
-static void post_connect(struct Curl_easy *data,
-                       struct connectdata *conn,
-                       int sockindex)
-{
-  Curl_updateconninfo(data, conn, conn->sock[sockindex]);
-  Curl_verboseconnect(data, conn);
-  data->info.numconnects++; /* to track the number of connections made */
+  if(conn->connection_id == f->id_tofind) {
+    f->found = conn;
+    return 1;
+  }
+  return 0;
 }
 
 /*
- * is_connected() checks if the socket has connected.
+ * Used to extract socket and connectdata struct for the most recent
+ * transfer on the given Curl_easy.
+ *
+ * The returned socket will be CURL_SOCKET_BAD in case of failure!
  */
-static CURLcode is_connected(struct Curl_easy *data,
-                             struct connectdata *conn,
-                             int sockindex,
-                             bool *connected)
+curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+                                  struct connectdata **connp)
 {
-  CURLcode result = CURLE_OK;
-  timediff_t allow;
-  int error = 0;
-  struct curltime now;
-  int rc = 0;
-  int i;
-
-  DEBUGASSERT(sockindex >= FIRSTSOCKET && sockindex <= SECONDARYSOCKET);
-
-  *connected = FALSE; /* a very negative world view is best */
-
-  now = Curl_now();
-
-  /* Check if any of the conn->tempsock we use for establishing connections
-   * succeeded and, if so, close any ongoing other ones.
-   * Transfer the successful conn->tempsock to conn->sock[sockindex]
-   * and set conn->tempsock to CURL_SOCKET_BAD.
-   * If transport is QUIC, we need to shutdown the ongoing 'other'
-   * connect attempts in a QUIC appropriate way. */
-  for(i = 0; i<2; i++) {
-    const int other = i ^ 1;
-    if(conn->tempsock[i] == CURL_SOCKET_BAD)
-      continue;
-    error = 0;
-#ifdef ENABLE_QUIC
-    if(conn->transport == TRNSPRT_QUIC) {
-      result = Curl_quic_is_connected(data, conn, i, connected);
-      if(!result && *connected) {
-        /* use this socket from now on */
-        conn->sock[sockindex] = conn->tempsock[i];
-        conn->ip_addr = conn->tempaddr[i];
-        conn->tempsock[i] = CURL_SOCKET_BAD;
-        post_connect(data, conn, sockindex);
-        connkeep(conn, "HTTP/3 default");
-        if(conn->tempsock[other] != CURL_SOCKET_BAD)
-          Curl_quic_disconnect(data, conn, other);
-        return CURLE_OK;
-      }
-      /* When a QUIC connect attempt fails, the better error explanation is in
-         'result' and not in errno */
-      if(result) {
-        conn->tempsock[i] = CURL_SOCKET_BAD;
-        error = SOCKERRNO;
-      }
-    }
-    else
-#endif
-    {
-#ifdef mpeix
-      /* Call this function once now, and ignore the results. We do this to
-         "clear" the error state on the socket so that we can later read it
-         reliably. This is reported necessary on the MPE/iX operating
-         system. */
-      (void)verifyconnect(conn->tempsock[i], NULL);
-#endif
+  DEBUGASSERT(data);
 
-      /* check socket for connect */
-      rc = SOCKET_WRITABLE(conn->tempsock[i], 0);
-    }
+  /* this works for an easy handle:
+   * - that has been used for curl_easy_perform()
+   * - that is associated with a multi handle, and whose connection
+   *   was detached with CURLOPT_CONNECT_ONLY
+   */
+  if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) {
+    struct connectdata *c;
+    struct connfind find;
+    find.id_tofind = data->state.lastconnect_id;
+    find.found = NULL;
 
-    if(rc == 0) { /* no connection yet */
-      if(Curl_timediff(now, conn->connecttime) >=
-         conn->timeoutms_per_addr[i]) {
-        infof(data, "After %" CURL_FORMAT_TIMEDIFF_T
-              "ms connect time, move on!", conn->timeoutms_per_addr[i]);
-        error = ETIMEDOUT;
-      }
+    Curl_conncache_foreach(data,
+                           data->share && (data->share->specifier
+                           & (1<< CURL_LOCK_DATA_CONNECT))?
+                           &data->share->conn_cache:
+                           data->multi_easy?
+                           &data->multi_easy->conn_cache:
+                           &data->multi->conn_cache, &find, conn_is_conn);
 
-      /* should we try another protocol family? */
-      if(i == 0 && !conn->bits.parallel_connect &&
-         (Curl_timediff(now, conn->connecttime) >=
-          data->set.happy_eyeballs_timeout)) {
-        conn->bits.parallel_connect = TRUE; /* starting now */
-        trynextip(data, conn, sockindex, 1);
-      }
+    if(!find.found) {
+      data->state.lastconnect_id = -1;
+      return CURL_SOCKET_BAD;
     }
-    else if(rc == CURL_CSELECT_OUT || conn->bits.tcp_fastopen) {
-      if(verifyconnect(conn->tempsock[i], &error)) {
-        /* we are connected with TCP, awesome! */
-
-        /* use this socket from now on */
-        conn->sock[sockindex] = conn->tempsock[i];
-        conn->ip_addr = conn->tempaddr[i];
-        conn->tempsock[i] = CURL_SOCKET_BAD;
-#ifdef ENABLE_IPV6
-        conn->bits.ipv6 = (conn->ip_addr->ai_family == AF_INET6)?TRUE:FALSE;
-#endif
-
-        /* close the other socket, if open */
-        if(conn->tempsock[other] != CURL_SOCKET_BAD) {
-          Curl_closesocket(data, conn, conn->tempsock[other]);
-          conn->tempsock[other] = CURL_SOCKET_BAD;
-        }
 
-        *connected = TRUE;
-        return CURLE_OK;
-      }
-    }
-    else if(rc & CURL_CSELECT_ERR) {
-      (void)verifyconnect(conn->tempsock[i], &error);
-    }
+    c = find.found;
+    if(connp)
+      /* only store this if the caller cares for it */
+      *connp = c;
+    return c->sock[FIRSTSOCKET];
+  }
+  return CURL_SOCKET_BAD;
+}
 
-    /*
-     * The connection failed here, we should attempt to connect to the "next
-     * address" for the given host. But first remember the latest error.
-     */
-    if(error) {
-      data->state.os_errno = error;
-      SET_SOCKERRNO(error);
-      if(conn->tempaddr[i]) {
-        CURLcode status;
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-        char ipaddress[MAX_IPADR_LEN];
-        char buffer[STRERROR_LEN];
-        Curl_printable_address(conn->tempaddr[i], ipaddress,
-                               sizeof(ipaddress));
-#ifdef ENABLE_QUIC
-        if(conn->transport == TRNSPRT_QUIC) {
-          infof(data, "connect to %s port %u failed: %s",
-                ipaddress, conn->port, curl_easy_strerror(result));
-        }
-        else
+/*
+ * Curl_conncontrol() marks streams or connection for closure.
+ */
+void Curl_conncontrol(struct connectdata *conn,
+                      int ctrl /* see defines in header */
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+                      , const char *reason
 #endif
-        infof(data, "connect to %s port %u failed: %s",
-              ipaddress, conn->port,
-              Curl_strerror(error, buffer, sizeof(buffer)));
+  )
+{
+  /* close if a connection, or a stream that isn't multiplexed. */
+  /* This function will be called both before and after this connection is
+     associated with a transfer. */
+  bool closeit, is_multiplex;
+  DEBUGASSERT(conn);
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+  (void)reason; /* useful for debugging */
 #endif
-
-        allow = Curl_timeleft(data, &now, TRUE);
-        conn->timeoutms_per_addr[i] = conn->tempaddr[i]->ai_next == NULL ?
-          allow : allow / 2;
-        ainext(conn, i, TRUE);
-        status = trynextip(data, conn, sockindex, i);
-        if((status != CURLE_COULDNT_CONNECT) ||
-           conn->tempsock[other] == CURL_SOCKET_BAD) {
-          /* the last attempt failed and no other sockets remain open */
-          if(!result)
-            result = status;
-        }
-      }
-    }
-  }
-
-  /*
-   * Now that we've checked whether we are connected, check whether we've
-   * already timed out.
-   *
-   * First figure out how long time we have left to connect */
-
-  allow = Curl_timeleft(data, &now, TRUE);
-
-  if(allow < 0) {
-    /* time-out, bail out, go home */
-    failf(data, "Connection timeout after %ld ms",
-          Curl_timediff(now, data->progress.t_startsingle));
-    return CURLE_OPERATION_TIMEDOUT;
+  is_multiplex = Curl_conn_is_multiplex(conn, FIRSTSOCKET);
+  closeit = (ctrl == CONNCTRL_CONNECTION) ||
+    ((ctrl == CONNCTRL_STREAM) && !is_multiplex);
+  if((ctrl == CONNCTRL_STREAM) && is_multiplex)
+    ;  /* stream signal on multiplex conn never affects close state */
+  else if((bit)closeit != conn->bits.close) {
+    conn->bits.close = closeit; /* the only place in the source code that
+                                   should assign this bit */
   }
+}
 
-  if(result &&
-     (conn->tempsock[0] == CURL_SOCKET_BAD) &&
-     (conn->tempsock[1] == CURL_SOCKET_BAD)) {
-    /* no more addresses to try */
-    const char *hostname;
-    CURLcode failreason = result;
-
-    /* if the first address family runs out of addresses to try before the
-       happy eyeball timeout, go ahead and try the next family now */
-    result = trynextip(data, conn, sockindex, 1);
-    if(!result)
-      return result;
+/**
+ * job walking the matching addr infos, creating a sub-cfilter with the
+ * provided method `cf_create` and running setup/connect on it.
+ */
+struct eyeballer {
+  const char *name;
+  const struct Curl_addrinfo *addr;  /* List of addresses to try, not owned */
+  int ai_family;                     /* matching address family only */
+  cf_ip_connect_create *cf_create;   /* for creating cf */
+  struct Curl_cfilter *cf;           /* current sub-cfilter connecting */
+  struct eyeballer *primary;         /* eyeballer this one is backup for */
+  timediff_t delay_ms;               /* delay until start */
+  struct curltime started;           /* start of current attempt */
+  timediff_t timeoutms;              /* timeout for current attempt */
+  expire_id timeout_id;              /* ID for Curl_expire() */
+  CURLcode result;
+  int error;
+  BIT(has_started);                  /* attempts have started */
+  BIT(is_done);                      /* out of addresses/time */
+  BIT(connected);                    /* cf has connected */
+};
 
-    result = failreason;
 
-#ifndef CURL_DISABLE_PROXY
-    if(conn->bits.socksproxy)
-      hostname = conn->socks_proxy.host.name;
-    else if(conn->bits.httpproxy)
-      hostname = conn->http_proxy.host.name;
-    else
-#endif
-      if(conn->bits.conn_to_host)
-        hostname = conn->conn_to_host.name;
-    else
-      hostname = conn->host.name;
+typedef enum {
+  SCFST_INIT,
+  SCFST_WAITING,
+  SCFST_DONE
+} cf_connect_state;
 
-    failf(data, "Failed to connect to %s port %u after "
-          "%" CURL_FORMAT_TIMEDIFF_T " ms: %s",
-          hostname, conn->port,
-          Curl_timediff(now, data->progress.t_startsingle),
-          curl_easy_strerror(result));
+struct cf_he_ctx {
+  int transport;
+  cf_ip_connect_create *cf_create;
+  const struct Curl_dns_entry *remotehost;
+  cf_connect_state state;
+  struct eyeballer *baller[2];
+  struct eyeballer *winner;
+  struct curltime started;
+};
 
-    Curl_quic_disconnect(data, conn, 0);
-    Curl_quic_disconnect(data, conn, 1);
+static CURLcode eyeballer_new(struct eyeballer **pballer,
+                              cf_ip_connect_create *cf_create,
+                              const struct Curl_addrinfo *addr,
+                              int ai_family,
+                              struct eyeballer *primary,
+                              timediff_t delay_ms,
+                              timediff_t timeout_ms,
+                              expire_id timeout_id)
+{
+  struct eyeballer *baller;
 
-#ifdef WSAETIMEDOUT
-    if(WSAETIMEDOUT == data->state.os_errno)
-      result = CURLE_OPERATION_TIMEDOUT;
-#elif defined(ETIMEDOUT)
-    if(ETIMEDOUT == data->state.os_errno)
-      result = CURLE_OPERATION_TIMEDOUT;
-#endif
-  }
-  else
-    result = CURLE_OK; /* still trying */
+  *pballer = NULL;
+  baller = calloc(1, sizeof(*baller) + 1000);
+  if(!baller)
+    return CURLE_OUT_OF_MEMORY;
 
-  return result;
+  baller->name = ((ai_family == AF_INET)? "ipv4" : (
+#ifdef ENABLE_IPV6
+                  (ai_family == AF_INET6)? "ipv6" :
+#endif
+                  "ip"));
+  baller->cf_create = cf_create;
+  baller->addr = addr;
+  baller->ai_family = ai_family;
+  baller->primary = primary;
+  baller->delay_ms = delay_ms;
+  baller->timeoutms = addr_next_match(baller->addr, baller->ai_family)?
+                        timeout_ms / 2 : timeout_ms;
+  baller->timeout_id = timeout_id;
+  baller->result = CURLE_COULDNT_CONNECT;
+
+  *pballer = baller;
+  return CURLE_OK;
 }
 
-static void tcpnodelay(struct Curl_easy *data, curl_socket_t sockfd)
+static void baller_close(struct eyeballer *baller,
+                          struct Curl_easy *data)
 {
-#if defined(TCP_NODELAY)
-  curl_socklen_t onoff = (curl_socklen_t) 1;
-  int level = IPPROTO_TCP;
-#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
-  char buffer[STRERROR_LEN];
-#else
-  (void) data;
-#endif
-
-  if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff,
-                sizeof(onoff)) < 0)
-    infof(data, "Could not set TCP_NODELAY: %s",
-          Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
-#else
-  (void)data;
-  (void)sockfd;
-#endif
+  if(baller && baller->cf) {
+    Curl_conn_cf_discard_chain(&baller->cf, data);
+  }
 }
 
-#ifdef SO_NOSIGPIPE
-/* The preferred method on Mac OS X (10.2 and later) to prevent SIGPIPEs when
-   sending data to a dead peer (instead of relying on the 4th argument to send
-   being MSG_NOSIGNAL). Possibly also existing and in use on other BSD
-   systems? */
-static void nosigpipe(struct Curl_easy *data,
-                      curl_socket_t sockfd)
+static void baller_free(struct eyeballer *baller,
+                         struct Curl_easy *data)
 {
-  int onoff = 1;
-  if(setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&onoff,
-                sizeof(onoff)) < 0) {
-#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
-    char buffer[STRERROR_LEN];
-    infof(data, "Could not set SO_NOSIGPIPE: %s",
-          Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
-#endif
+  if(baller) {
+    baller_close(baller, data);
+    free(baller);
   }
 }
-#else
-#define nosigpipe(x,y) Curl_nop_stmt
-#endif
-
-#ifdef USE_WINSOCK
-/* When you run a program that uses the Windows Sockets API, you may
-   experience slow performance when you copy data to a TCP server.
-
-   https://support.microsoft.com/kb/823764
-
-   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
-   Buffer Size
-
-   The problem described in this knowledge-base is applied only to pre-Vista
-   Windows.  Following function trying to detect OS version and skips
-   SO_SNDBUF adjustment for Windows Vista and above.
-*/
-#define DETECT_OS_NONE 0
-#define DETECT_OS_PREVISTA 1
-#define DETECT_OS_VISTA_OR_LATER 2
 
-void Curl_sndbufset(curl_socket_t sockfd)
+static void baller_next_addr(struct eyeballer *baller)
 {
-  int val = CURL_MAX_WRITE_SIZE + 32;
-  int curval = 0;
-  int curlen = sizeof(curval);
-
-  static int detectOsState = DETECT_OS_NONE;
-
-  if(detectOsState == DETECT_OS_NONE) {
-    if(curlx_verify_windows_version(6, 0, 0, PLATFORM_WINNT,
-                                    VERSION_GREATER_THAN_EQUAL))
-      detectOsState = DETECT_OS_VISTA_OR_LATER;
-    else
-      detectOsState = DETECT_OS_PREVISTA;
-  }
-
-  if(detectOsState == DETECT_OS_VISTA_OR_LATER)
-    return;
-
-  if(getsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (char *)&curval, &curlen) == 0)
-    if(curval > val)
-      return;
-
-  setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const char *)&val, sizeof(val));
+  baller->addr = addr_next_match(baller->addr, baller->ai_family);
 }
-#endif
 
 /*
- * singleipconnect()
+ * Initiate a connect attempt walk.
  *
  * Note that even on connect fail it returns CURLE_OK, but with 'sock' set to
  * CURL_SOCKET_BAD. Other errors will however return proper errors.
- *
- * singleipconnect() connects to the given IP only, and it may return without
- * having connected.
  */
-static CURLcode singleipconnect(struct Curl_easy *data,
-                                struct connectdata *conn,
-                                const struct Curl_addrinfo *ai,
-                                int tempindex)
+static void baller_initiate(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            struct eyeballer *baller)
 {
-  struct Curl_sockaddr_ex addr;
-  int rc = -1;
-  int error = 0;
-  bool isconnected = FALSE;
-  curl_socket_t sockfd;
+  struct cf_he_ctx *ctx = cf->ctx;
+  struct Curl_cfilter *cf_prev = baller->cf;
+  struct Curl_cfilter *wcf;
   CURLcode result;
-  char ipaddress[MAX_IPADR_LEN];
-  int port;
-  bool is_tcp;
-#ifdef TCP_FASTOPEN_CONNECT
-  int optval = 1;
-#endif
-  const char *ipmsg;
-  char buffer[STRERROR_LEN];
-  curl_socket_t *sockp = &conn->tempsock[tempindex];
-  *sockp = CURL_SOCKET_BAD;
 
-  result = Curl_socket(data, ai, &addr, &sockfd);
+
+  /* Don't close a previous cfilter yet to ensure that the next IP's
+     socket gets a different file descriptor, which can prevent bugs when
+     the curl_multi_socket_action interface is used with certain select()
+     replacements such as kqueue. */
+  result = baller->cf_create(&baller->cf, data, cf->conn, baller->addr,
+                             ctx->transport);
   if(result)
-    return result;
+    goto out;
 
-  /* store remote address and port used in this connection attempt */
-  if(!Curl_addr2string(&addr.sa_addr, addr.addrlen,
-                       ipaddress, &port)) {
-    /* malformed address or bug in inet_ntop, try next address */
-    failf(data, "sa_addr inet_ntop() failed with errno %d: %s",
-          errno, Curl_strerror(errno, buffer, sizeof(buffer)));
-    Curl_closesocket(data, conn, sockfd);
-    return CURLE_OK;
+  /* the new filter might have sub-filters */
+  for(wcf = baller->cf; wcf; wcf = wcf->next) {
+    wcf->conn = cf->conn;
+    wcf->sockindex = cf->sockindex;
   }
-#ifdef ENABLE_IPV6
-  if(addr.family == AF_INET6)
-    ipmsg = "  Trying [%s]:%d...";
-  else
-#endif
-    ipmsg = "  Trying %s:%d...";
-  infof(data, ipmsg, ipaddress, port);
-
-#ifdef ENABLE_IPV6
-  is_tcp = (addr.family == AF_INET || addr.family == AF_INET6) &&
-    addr.socktype == SOCK_STREAM;
-#else
-  is_tcp = (addr.family == AF_INET) && addr.socktype == SOCK_STREAM;
-#endif
-  if(is_tcp && data->set.tcp_nodelay)
-    tcpnodelay(data, sockfd);
 
-  nosigpipe(data, sockfd);
+  if(addr_next_match(baller->addr, baller->ai_family)) {
+    Curl_expire(data, baller->timeoutms, baller->timeout_id);
+  }
 
-  Curl_sndbufset(sockfd);
+out:
+  if(result) {
+    DEBUGF(LOG_CF(data, cf, "%s failed", baller->name));
+    baller_close(baller, data);
+  }
+  if(cf_prev)
+    Curl_conn_cf_discard_chain(&cf_prev, data);
+  baller->result = result;
+}
 
-  if(is_tcp && data->set.tcp_keepalive)
-    tcpkeepalive(data, sockfd);
+/**
+ * Start a connection attempt on the current baller address.
+ * Will return CURLE_OK on the first address where a socket
+ * could be created and the non-blocking connect started.
+ * Returns error when all remaining addresses have been tried.
+ */
+static CURLcode baller_start(struct Curl_cfilter *cf,
+                             struct Curl_easy *data,
+                             struct eyeballer *baller,
+                             timediff_t timeoutms)
+{
+  baller->error = 0;
+  baller->connected = FALSE;
+  baller->has_started = TRUE;
+
+  while(baller->addr) {
+    baller->started = Curl_now();
+    baller->timeoutms = addr_next_match(baller->addr, baller->ai_family) ?
+                         timeoutms / 2 : timeoutms;
+    baller_initiate(cf, data, baller);
+    if(!baller->result)
+      break;
+    baller_next_addr(baller);
+  }
+  if(!baller->addr) {
+    baller->is_done = TRUE;
+  }
+  return baller->result;
+}
 
-  if(data->set.fsockopt) {
-    /* activate callback for setting socket options */
-    Curl_set_in_callback(data, true);
-    error = data->set.fsockopt(data->set.sockopt_client,
-                               sockfd,
-                               CURLSOCKTYPE_IPCXN);
-    Curl_set_in_callback(data, false);
 
-    if(error == CURL_SOCKOPT_ALREADY_CONNECTED)
-      isconnected = TRUE;
-    else if(error) {
-      Curl_closesocket(data, conn, sockfd); /* close the socket and bail out */
-      return CURLE_ABORTED_BY_CALLBACK;
-    }
+/* Used within the multi interface. Try next IP address, returns error if no
+   more address exists or error */
+static CURLcode baller_start_next(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  struct eyeballer *baller,
+                                  timediff_t timeoutms)
+{
+  if(cf->sockindex == FIRSTSOCKET) {
+    baller_next_addr(baller);
+    baller_start(cf, data, baller, timeoutms);
+  }
+  else {
+    baller->error = 0;
+    baller->connected = FALSE;
+    baller->has_started = TRUE;
+    baller->is_done = TRUE;
+    baller->result = CURLE_COULDNT_CONNECT;
   }
+  return baller->result;
+}
 
-  /* possibly bind the local end to an IP, interface or port */
-  if(addr.family == AF_INET
-#ifdef ENABLE_IPV6
-     || addr.family == AF_INET6
+static CURLcode baller_connect(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               struct eyeballer *baller,
+                               struct curltime *now,
+                               bool *connected)
+{
+  (void)cf;
+  *connected = baller->connected;
+  if(!baller->result &&  !*connected) {
+    /* evaluate again */
+    baller->result = Curl_conn_cf_connect(baller->cf, data, 0, connected);
+
+    if(!baller->result) {
+      if (*connected) {
+        baller->connected = TRUE;
+        baller->is_done = TRUE;
+      }
+      else if(Curl_timediff(*now, baller->started) >= baller->timeoutms) {
+        infof(data, "%s connect timeout after %" CURL_FORMAT_TIMEDIFF_T
+              "ms, move on!", baller->name, baller->timeoutms);
+#if defined(ETIMEDOUT)
+        baller->error = ETIMEDOUT;
 #endif
-    ) {
-    result = bindlocal(data, conn, sockfd, addr.family,
-                       Curl_ipv6_scope(&addr.sa_addr));
-    if(result) {
-      Curl_closesocket(data, conn, sockfd); /* close socket and bail out */
-      if(result == CURLE_UNSUPPORTED_PROTOCOL) {
-        /* The address family is not supported on this interface.
-           We can continue trying addresses */
-        return CURLE_COULDNT_CONNECT;
+        baller->result = CURLE_OPERATION_TIMEDOUT;
       }
-      return result;
     }
   }
+  return baller->result;
+}
 
-  /* set socket non-blocking */
-  (void)curlx_nonblock(sockfd, TRUE);
+/*
+ * is_connected() checks if the socket has connected.
+ */
+static CURLcode is_connected(struct Curl_cfilter *cf,
+                             struct Curl_easy *data,
+                             bool *connected)
+{
+  struct cf_he_ctx *ctx = cf->ctx;
+  struct connectdata *conn = cf->conn;
+  CURLcode result;
+  struct curltime now;
+  size_t i;
+  int ongoing, not_started;
+  const char *hostname;
 
-  conn->connecttime = Curl_now();
-  if(conn->num_addr > 1) {
-    Curl_expire(data, conn->timeoutms_per_addr[0], EXPIRE_DNS_PER_NAME);
-    Curl_expire(data, conn->timeoutms_per_addr[1], EXPIRE_DNS_PER_NAME2);
-  }
+  /* Check if any of the conn->tempsock we use for establishing connections
+   * succeeded and, if so, close any ongoing other ones.
+   * Transfer the successful conn->tempsock to conn->sock[sockindex]
+   * and set conn->tempsock to CURL_SOCKET_BAD.
+   * If transport is QUIC, we need to shutdown the ongoing 'other'
+   * cot ballers in a QUIC appropriate way. */
+evaluate:
+  *connected = FALSE; /* a very negative world view is best */
+  now = Curl_now();
+  ongoing = not_started = 0;
+  for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+    struct eyeballer *baller = ctx->baller[i];
 
-  /* Connect TCP and QUIC sockets */
-  if(!isconnected && (conn->transport != TRNSPRT_UDP)) {
-    if(conn->bits.tcp_fastopen) {
-#if defined(CONNECT_DATA_IDEMPOTENT) /* Darwin */
-#  if defined(HAVE_BUILTIN_AVAILABLE)
-      /* while connectx function is available since macOS 10.11 / iOS 9,
-         it did not have the interface declared correctly until
-         Xcode 9 / macOS SDK 10.13 */
-      if(__builtin_available(macOS 10.11, iOS 9.0, tvOS 9.0, watchOS 2.0, *)) {
-        sa_endpoints_t endpoints;
-        endpoints.sae_srcif = 0;
-        endpoints.sae_srcaddr = NULL;
-        endpoints.sae_srcaddrlen = 0;
-        endpoints.sae_dstaddr = &addr.sa_addr;
-        endpoints.sae_dstaddrlen = addr.addrlen;
-
-        rc = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY,
-                      CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT,
-                      NULL, 0, NULL, NULL);
+    if(!baller || baller->is_done)
+      continue;
+
+    if(!baller->has_started) {
+      ++not_started;
+      continue;
+    }
+    baller->result = baller_connect(cf, data, baller, &now, connected);
+    DEBUGF(LOG_CF(data, cf, "%s connect -> %d, connected=%d",
+                  baller->name, baller->result, *connected));
+
+    if(!baller->result) {
+      if(*connected) {
+        /* connected, declare the winner */
+        ctx->winner = baller;
+        ctx->baller[i] = NULL;
+        break;
       }
-      else {
-        rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+      else { /* still waiting */
+        ++ongoing;
       }
-#  else
-      rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
-#  endif /* HAVE_BUILTIN_AVAILABLE */
-#elif defined(TCP_FASTOPEN_CONNECT) /* Linux >= 4.11 */
-      if(setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT,
-                    (void *)&optval, sizeof(optval)) < 0)
-        infof(data, "Failed to enable TCP Fast Open on fd %d", sockfd);
-
-      rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
-#elif defined(MSG_FASTOPEN) /* old Linux */
-      if(conn->given->flags & PROTOPT_SSL)
-        rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
-      else
-        rc = 0; /* Do nothing */
-#endif
     }
-    else {
-      rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+    else if(!baller->is_done) {
+      /* The baller failed to connect, start its next attempt */
+      if(baller->error) {
+        data->state.os_errno = baller->error;
+        SET_SOCKERRNO(baller->error);
+      }
+      baller_start_next(cf, data, baller, Curl_timeleft(data, &now, TRUE));
+      if(baller->is_done) {
+        DEBUGF(LOG_CF(data, cf, "%s done", baller->name));
+      }
+      else {
+        /* next attempt was started */
+        DEBUGF(LOG_CF(data, cf, "%s trying next", baller->name));
+        ++ongoing;
+      }
     }
+  }
 
-    if(-1 == rc)
-      error = SOCKERRNO;
-#ifdef ENABLE_QUIC
-    else if(conn->transport == TRNSPRT_QUIC) {
-      /* pass in 'sockfd' separately since it hasn't been put into the
-         tempsock array at this point */
-      result = Curl_quic_connect(data, conn, sockfd, tempindex,
-                                 &addr.sa_addr, addr.addrlen);
-      if(result)
-        error = SOCKERRNO;
+  if(ctx->winner) {
+    *connected = TRUE;
+    return CURLE_OK;
+  }
+
+  /* Nothing connected, check the time before we might
+   * start new ballers or return ok. */
+  if((ongoing || not_started) && Curl_timeleft(data, &now, TRUE) < 0) {
+    failf(data, "Connection timeout after %ld ms",
+          Curl_timediff(now, data->progress.t_startsingle));
+    return CURLE_OPERATION_TIMEDOUT;
+  }
+
+  /* Check if we have any waiting ballers to start now. */
+  if(not_started > 0) {
+    int added = 0;
+
+    for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+      struct eyeballer *baller = ctx->baller[i];
+
+      if(!baller || baller->has_started)
+        continue;
+      /* We start its primary baller has failed to connect or if
+       * its start delay_ms have expired */
+      if((baller->primary && baller->primary->is_done) ||
+          Curl_timediff(now, ctx->started) >= baller->delay_ms) {
+        baller_start(cf, data, baller, Curl_timeleft(data, &now, TRUE));
+        if(baller->is_done) {
+          DEBUGF(LOG_CF(data, cf, "%s done", baller->name));
+        }
+        else {
+          DEBUGF(LOG_CF(data, cf, "%s starting (timeout=%ldms)",
+                        baller->name, baller->timeoutms));
+          ++ongoing;
+          ++added;
+        }
+      }
     }
-#endif
+    if(added > 0)
+      goto evaluate;
   }
-  else {
-    *sockp = sockfd;
+
+  if(ongoing > 0) {
+    /* We are still trying, return for more waiting */
+    *connected = FALSE;
     return CURLE_OK;
   }
 
-  if(-1 == rc) {
-    switch(error) {
-    case EINPROGRESS:
-    case EWOULDBLOCK:
-#if defined(EAGAIN)
-#if (EAGAIN) != (EWOULDBLOCK)
-      /* On some platforms EAGAIN and EWOULDBLOCK are the
-       * same value, and on others they are different, hence
-       * the odd #if
-       */
-    case EAGAIN:
-#endif
-#endif
-      result = CURLE_OK;
+  /* all ballers have failed to connect. */
+  DEBUGF(LOG_CF(data, cf, "all eyeballers failed"));
+  result = CURLE_COULDNT_CONNECT;
+  for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+    struct eyeballer *baller = ctx->baller[i];
+    DEBUGF(LOG_CF(data, cf, "%s assess started=%d, result=%d",
+                  baller?baller->name:NULL,
+                  baller?baller->has_started:0,
+                  baller?baller->result:0));
+    if(baller && baller->has_started && baller->result) {
+      result = baller->result;
       break;
-
-    default:
-      /* unknown error, fallthrough and try another address! */
-      infof(data, "Immediate connect fail for %s: %s",
-            ipaddress, Curl_strerror(error, buffer, sizeof(buffer)));
-      data->state.os_errno = error;
-
-      /* connect failed */
-      Curl_closesocket(data, conn, sockfd);
-      result = CURLE_COULDNT_CONNECT;
     }
   }
 
-  if(!result)
-    *sockp = sockfd;
+#ifndef CURL_DISABLE_PROXY
+  if(conn->bits.socksproxy)
+    hostname = conn->socks_proxy.host.name;
+  else if(conn->bits.httpproxy)
+    hostname = conn->http_proxy.host.name;
+  else
+#endif
+    if(conn->bits.conn_to_host)
+      hostname = conn->conn_to_host.name;
+  else
+    hostname = conn->host.name;
+
+  failf(data, "Failed to connect to %s port %u after "
+        "%" CURL_FORMAT_TIMEDIFF_T " ms: %s",
+        hostname, conn->port,
+        Curl_timediff(now, data->progress.t_startsingle),
+        curl_easy_strerror(result));
+
+#ifdef WSAETIMEDOUT
+  if(WSAETIMEDOUT == data->state.os_errno)
+    result = CURLE_OPERATION_TIMEDOUT;
+#elif defined(ETIMEDOUT)
+  if(ETIMEDOUT == data->state.os_errno)
+    result = CURLE_OPERATION_TIMEDOUT;
+#endif
 
   return result;
 }
 
 /*
- * TCP connect to the given host with timeout, proxy or remote doesn't matter.
- * There might be more than one IP address to try out. Fill in the passed
- * pointer with the connected socket.
+ * Connect to the given host with timeout, proxy or remote doesn't matter.
+ * There might be more than one IP address to try out.
  */
-
-CURLcode Curl_connecthost(struct Curl_easy *data,
-                          struct connectdata *conn,  /* context */
-                          const struct Curl_dns_entry *remotehost)
+static CURLcode start_connect(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              const struct Curl_dns_entry *remotehost)
 {
+  struct cf_he_ctx *ctx = cf->ctx;
+  struct connectdata *conn = cf->conn;
   CURLcode result = CURLE_COULDNT_CONNECT;
-  int i;
+  int ai_family0, ai_family1;
   timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
+  const struct Curl_addrinfo *addr0, *addr1;
 
   if(timeout_ms < 0) {
     /* a precaution, no need to continue if time already is up */
@@ -1310,58 +745,76 @@ CURLcode Curl_connecthost(struct Curl_easy *data,
     return CURLE_OPERATION_TIMEDOUT;
   }
 
-  conn->num_addr = Curl_num_addresses(remotehost->addr);
-  conn->tempaddr[0] = conn->tempaddr[1] = remotehost->addr;
-  conn->tempsock[0] = conn->tempsock[1] = CURL_SOCKET_BAD;
-
-  /* Max time for the next connection attempt */
-  conn->timeoutms_per_addr[0] =
-    conn->tempaddr[0]->ai_next == NULL ? timeout_ms : timeout_ms / 2;
-  conn->timeoutms_per_addr[1] =
-    conn->tempaddr[1]->ai_next == NULL ? timeout_ms : timeout_ms / 2;
+  ctx->started = Curl_now();
 
+  /* remotehost->addr is the list of addresses from the resolver, each
+   * with an address family. The list has at least one entry, possibly
+   * many more.
+   * We try at most 2 at a time, until we either get a connection or
+   * run out of addresses to try. Since likelihood of success is tied
+   * to the address family (e.g. IPV6 might not work at all ), we want
+   * the 2 connect attempt ballers to try different families, if possible.
+   *
+   */
   if(conn->ip_version == CURL_IPRESOLVE_WHATEVER) {
     /* any IP version is allowed */
-    conn->tempfamily[0] = conn->tempaddr[0]?
-      conn->tempaddr[0]->ai_family:0;
+    ai_family0 = remotehost->addr?
+      remotehost->addr->ai_family : 0;
 #ifdef ENABLE_IPV6
-    conn->tempfamily[1] = conn->tempfamily[0] == AF_INET6 ?
+    ai_family1 = ai_family0 == AF_INET6 ?
       AF_INET : AF_INET6;
 #else
-    conn->tempfamily[1] = AF_UNSPEC;
+    ai_family1 = AF_UNSPEC;
 #endif
   }
   else {
     /* only one IP version is allowed */
-    conn->tempfamily[0] = (conn->ip_version == CURL_IPRESOLVE_V4) ?
+    ai_family0 = (conn->ip_version == CURL_IPRESOLVE_V4) ?
       AF_INET :
 #ifdef ENABLE_IPV6
       AF_INET6;
 #else
       AF_UNSPEC;
 #endif
-    conn->tempfamily[1] = AF_UNSPEC;
-
-    ainext(conn, 0, FALSE); /* find first address of the right type */
+    ai_family1 = AF_UNSPEC;
   }
 
-  ainext(conn, 1, FALSE); /* assigns conn->tempaddr[1] accordingly */
-
-  DEBUGF(infof(data, "family0 == %s, family1 == %s",
-               conn->tempfamily[0] == AF_INET ? "v4" : "v6",
-               conn->tempfamily[1] == AF_INET ? "v4" : "v6"));
+  /* Get the first address in the list that matches the family,
+   * this might give NULL, if we do not have any matches. */
+  addr0 = addr_first_match(remotehost->addr, ai_family0);
+  addr1 = addr_first_match(remotehost->addr, ai_family1);
+  if(!addr0 && addr1) {
+    /* switch around, so a single baller always uses addr0 */
+    addr0 = addr1;
+    ai_family0 = ai_family1;
+    addr1 = NULL;
+  }
 
-  /* get through the list in family order in case of quick failures */
-  for(i = 0; (i < 2) && result; i++) {
-    while(conn->tempaddr[i]) {
-      result = singleipconnect(data, conn, conn->tempaddr[i], i);
-      if(!result)
-        break;
-      ainext(conn, i, TRUE);
-    }
+  /* We found no address that matches our criteria, we cannot connect */
+  if(!addr0) {
+    return CURLE_COULDNT_CONNECT;
   }
+
+  memset(ctx->baller, 0, sizeof(ctx->baller));
+  result = eyeballer_new(&ctx->baller[0], ctx->cf_create, addr0, ai_family0,
+                          NULL, 0, /* no primary/delay, start now */
+                          timeout_ms,  EXPIRE_DNS_PER_NAME);
   if(result)
     return result;
+  DEBUGF(LOG_CF(data, cf, "created %s (timeout %ldms)",
+                ctx->baller[0]->name, ctx->baller[0]->timeoutms));
+  if(addr1) {
+    /* second one gets a delayed start */
+    result = eyeballer_new(&ctx->baller[1], ctx->cf_create, addr1, ai_family1,
+                            ctx->baller[0], /* wait on that to fail */
+                            /* or start this delayed */
+                            data->set.happy_eyeballs_timeout,
+                            timeout_ms,  EXPIRE_DNS_PER_NAME2);
+    if(result)
+      return result;
+    DEBUGF(LOG_CF(data, cf, "created %s (timeout %ldms)",
+                  ctx->baller[1]->name, ctx->baller[1]->timeoutms));
+  }
 
   Curl_expire(data, data->set.happy_eyeballs_timeout,
               EXPIRE_HAPPY_EYEBALLS);
@@ -1369,310 +822,366 @@ CURLcode Curl_connecthost(struct Curl_easy *data,
   return CURLE_OK;
 }
 
-struct connfind {
-  long id_tofind;
-  struct connectdata *found;
-};
-
-static int conn_is_conn(struct Curl_easy *data,
-                        struct connectdata *conn, void *param)
+static void cf_he_ctx_clear(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
-  struct connfind *f = (struct connfind *)param;
-  (void)data;
-  if(conn->connection_id == f->id_tofind) {
-    f->found = conn;
-    return 1;
+  struct cf_he_ctx *ctx = cf->ctx;
+  size_t i;
+
+  DEBUGASSERT(ctx);
+  DEBUGASSERT(data);
+  for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+    baller_free(ctx->baller[i], data);
+    ctx->baller[i] = NULL;
   }
-  return 0;
+  baller_free(ctx->winner, data);
+  ctx->winner = NULL;
 }
 
-/*
- * Used to extract socket and connectdata struct for the most recent
- * transfer on the given Curl_easy.
- *
- * The returned socket will be CURL_SOCKET_BAD in case of failure!
- */
-curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
-                                  struct connectdata **connp)
+static int cf_he_get_select_socks(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  curl_socket_t *socks)
 {
-  DEBUGASSERT(data);
+  struct cf_he_ctx *ctx = cf->ctx;
+  size_t i, s;
+  int wrc, rc = GETSOCK_BLANK;
+  curl_socket_t wsocks[MAX_SOCKSPEREASYHANDLE];
 
-  /* this works for an easy handle:
-   * - that has been used for curl_easy_perform()
-   * - that is associated with a multi handle, and whose connection
-   *   was detached with CURLOPT_CONNECT_ONLY
-   */
-  if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) {
-    struct connectdata *c;
-    struct connfind find;
-    find.id_tofind = data->state.lastconnect_id;
-    find.found = NULL;
+  if(cf->connected)
+    return cf->next->cft->get_select_socks(cf->next, data, socks);
 
-    Curl_conncache_foreach(data,
-                           data->share && (data->share->specifier
-                           & (1<< CURL_LOCK_DATA_CONNECT))?
-                           &data->share->conn_cache:
-                           data->multi_easy?
-                           &data->multi_easy->conn_cache:
-                           &data->multi->conn_cache, &find, conn_is_conn);
+  for(i = s = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+    struct eyeballer *baller = ctx->baller[i];
+    if(!baller || !baller->cf)
+      continue;
 
-    if(!find.found) {
-      data->state.lastconnect_id = -1;
-      return CURL_SOCKET_BAD;
+    wrc = Curl_conn_cf_get_select_socks(baller->cf, data, wsocks);
+    if(wrc) {
+      /* TODO: we assume we get at most one socket back */
+      socks[s] = wsocks[0];
+      if(wrc & GETSOCK_WRITESOCK(0))
+        rc |= GETSOCK_WRITESOCK(s);
+      if(wrc & GETSOCK_READSOCK(0))
+        rc |= GETSOCK_READSOCK(s);
+      s++;
     }
-
-    c = find.found;
-    if(connp)
-      /* only store this if the caller cares for it */
-      *connp = c;
-    return c->sock[FIRSTSOCKET];
   }
-  return CURL_SOCKET_BAD;
+  return rc;
 }
 
-/*
- * Check if a connection seems to be alive.
- */
-bool Curl_connalive(struct Curl_easy *data, struct connectdata *conn)
+static CURLcode cf_he_connect(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              bool blocking, bool *done)
 {
-  (void)data;
-  /* First determine if ssl */
-  if(Curl_conn_is_ssl(data, FIRSTSOCKET)) {
-    /* use the SSL context */
-    if(!Curl_ssl_check_cxn(data, conn))
-      return false;   /* FIN received */
+  struct cf_he_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
   }
-/* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
-#ifdef MSG_PEEK
-  else if(conn->sock[FIRSTSOCKET] == CURL_SOCKET_BAD)
-    return false;
-  else {
-    /* use the socket */
-    char buf;
-    if(recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
-            (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
-      return false;   /* FIN received */
-    }
+
+  (void)blocking; /* TODO: do we want to support this? */
+  DEBUGASSERT(ctx);
+  *done = FALSE;
+
+  switch(ctx->state) {
+    case SCFST_INIT:
+      DEBUGASSERT(CURL_SOCKET_BAD == Curl_conn_cf_get_socket(cf, data));
+      DEBUGASSERT(!cf->connected);
+      result = start_connect(cf, data, ctx->remotehost);
+      if(result)
+        return result;
+      ctx->state = SCFST_WAITING;
+      /* FALLTHROUGH */
+    case SCFST_WAITING:
+      result = is_connected(cf, data, done);
+      if(!result && *done) {
+        DEBUGASSERT(ctx->winner);
+        DEBUGASSERT(ctx->winner->cf);
+        DEBUGASSERT(ctx->winner->cf->connected);
+        /* we have a winner. Install and activate it.
+         * close/free all others. */
+        ctx->state = SCFST_DONE;
+        cf->connected = TRUE;
+        cf->next = ctx->winner->cf;
+        ctx->winner->cf = NULL;
+        cf_he_ctx_clear(cf, data);
+        Curl_conn_cf_cntrl(cf->next, data, TRUE,
+                           CF_CTRL_CONN_INFO_UPDATE, 0, NULL);
+
+        if(cf->conn->handler->protocol & PROTO_FAMILY_SSH)
+          Curl_pgrsTime(data, TIMER_APPCONNECT); /* we're connected already */
+        Curl_verboseconnect(data, cf->conn);
+        data->info.numconnects++; /* to track the # of connections made */
+      }
+      break;
+    case SCFST_DONE:
+      *done = TRUE;
+      break;
   }
-#endif
-  return true;
+  return result;
 }
 
-/*
- * Close a socket.
- *
- * 'conn' can be NULL, beware!
- */
-int Curl_closesocket(struct Curl_easy *data, struct connectdata *conn,
-                     curl_socket_t sock)
+static void cf_he_close(struct Curl_cfilter *cf,
+                        struct Curl_easy *data)
 {
-  if(conn && conn->fclosesocket) {
-    if((sock == conn->sock[SECONDARYSOCKET]) && conn->bits.sock_accepted)
-      /* if this socket matches the second socket, and that was created with
-         accept, then we MUST NOT call the callback but clear the accepted
-         status */
-      conn->bits.sock_accepted = FALSE;
-    else {
-      int rc;
-      Curl_multi_closed(data, sock);
-      Curl_set_in_callback(data, true);
-      rc = conn->fclosesocket(conn->closesocket_client, sock);
-      Curl_set_in_callback(data, false);
-      return rc;
-    }
-  }
-
-  if(conn)
-    /* tell the multi-socket code about this */
-    Curl_multi_closed(data, sock);
+  struct cf_he_ctx *ctx = cf->ctx;
 
-  sclose(sock);
+  DEBUGF(LOG_CF(data, cf, "close"));
+  cf_he_ctx_clear(cf, data);
+  cf->connected = FALSE;
+  ctx->state = SCFST_INIT;
 
-  return 0;
+  if(cf->next) {
+    cf->next->cft->close(cf->next, data);
+    Curl_conn_cf_discard_chain(&cf->next, data);
+  }
 }
 
-/*
- * Create a socket based on info from 'conn' and 'ai'.
- *
- * 'addr' should be a pointer to the correct struct to get data back, or NULL.
- * 'sockfd' must be a pointer to a socket descriptor.
- *
- * If the open socket callback is set, used that!
- *
- */
-CURLcode Curl_socket(struct Curl_easy *data,
-                     const struct Curl_addrinfo *ai,
-                     struct Curl_sockaddr_ex *addr,
-                     curl_socket_t *sockfd)
+static bool cf_he_data_pending(struct Curl_cfilter *cf,
+                               const struct Curl_easy *data)
 {
-  struct connectdata *conn = data->conn;
-  struct Curl_sockaddr_ex dummy;
-
-  if(!addr)
-    /* if the caller doesn't want info back, use a local temp copy */
-    addr = &dummy;
-
-  /*
-   * The Curl_sockaddr_ex structure is basically libcurl's external API
-   * curl_sockaddr structure with enough space available to directly hold
-   * any protocol-specific address structures. The variable declared here
-   * will be used to pass / receive data to/from the fopensocket callback
-   * if this has been set, before that, it is initialized from parameters.
-   */
+  struct cf_he_ctx *ctx = cf->ctx;
+  size_t i;
 
-  addr->family = ai->ai_family;
-  switch(conn->transport) {
-  case TRNSPRT_TCP:
-    addr->socktype = SOCK_STREAM;
-    addr->protocol = IPPROTO_TCP;
-    break;
-  case TRNSPRT_UNIX:
-    addr->socktype = SOCK_STREAM;
-    addr->protocol = IPPROTO_IP;
-    break;
-  default: /* UDP and QUIC */
-    addr->socktype = SOCK_DGRAM;
-    addr->protocol = IPPROTO_UDP;
-    break;
-  }
-  addr->addrlen = ai->ai_addrlen;
-
-  if(addr->addrlen > sizeof(struct Curl_sockaddr_storage))
-     addr->addrlen = sizeof(struct Curl_sockaddr_storage);
-  memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen);
-
-  if(data->set.fopensocket) {
-   /*
-    * If the opensocket callback is set, all the destination address
-    * information is passed to the callback. Depending on this information the
-    * callback may opt to abort the connection, this is indicated returning
-    * CURL_SOCKET_BAD; otherwise it will return a not-connected socket. When
-    * the callback returns a valid socket the destination address information
-    * might have been changed and this 'new' address will actually be used
-    * here to connect.
-    */
-    Curl_set_in_callback(data, true);
-    *sockfd = data->set.fopensocket(data->set.opensocket_client,
-                                    CURLSOCKTYPE_IPCXN,
-                                    (struct curl_sockaddr *)addr);
-    Curl_set_in_callback(data, false);
+  if(cf->connected)
+    return cf->next->cft->has_data_pending(cf->next, data);
+
+  for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+    struct eyeballer *baller = ctx->baller[i];
+    if(!baller || !baller->cf)
+      continue;
+    if(baller->cf->cft->has_data_pending(baller->cf, data))
+      return TRUE;
   }
-  else
-    /* opensocket callback not set, so simply create the socket now */
-    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+  return FALSE;
+}
 
-  if(*sockfd == CURL_SOCKET_BAD)
-    /* no socket, no connection */
-    return CURLE_COULDNT_CONNECT;
+static struct curltime get_max_baller_time(struct Curl_cfilter *cf,
+                                          struct Curl_easy *data,
+                                          int query)
+{
+  struct cf_he_ctx *ctx = cf->ctx;
+  struct curltime t, tmax;
+  size_t i;
+
+  memset(&tmax, 0, sizeof(tmax));
+  for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+    struct eyeballer *baller = ctx->baller[i];
+
+    memset(&t, 0, sizeof(t));
+    if(baller && baller->cf &&
+       !baller->cf->cft->query(baller->cf, data, query, NULL, &t)) {
+      if((t.tv_sec || t.tv_usec) && Curl_timediff_us(t, tmax) > 0)
+        tmax = t;
+    }
+  }
+  return tmax;
+}
 
-  if(conn->transport == TRNSPRT_QUIC) {
-    /* QUIC sockets need to be nonblocking */
-    (void)curlx_nonblock(*sockfd, TRUE);
-    switch(addr->family) {
-#if defined(__linux__) && defined(IP_MTU_DISCOVER)
-    case AF_INET: {
-      int val = IP_PMTUDISC_DO;
-      (void)setsockopt(*sockfd, IPPROTO_IP, IP_MTU_DISCOVER, &val,
-                       sizeof(val));
-      break;
+static CURLcode cf_he_query(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            int query, int *pres1, void *pres2)
+{
+  struct cf_he_ctx *ctx = cf->ctx;
+
+  if(!cf->connected) {
+    switch(query) {
+    case CF_QUERY_CONNECT_REPLY_MS: {
+      int reply_ms = -1;
+      size_t i;
+
+      for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) {
+        struct eyeballer *baller = ctx->baller[i];
+        int breply_ms;
+
+        if(baller && baller->cf &&
+           !baller->cf->cft->query(baller->cf, data, query,
+                                   &breply_ms, NULL)) {
+          if(breply_ms >= 0 && (reply_ms < 0 || breply_ms < reply_ms))
+            reply_ms = breply_ms;
+        }
+      }
+      *pres1 = reply_ms;
+      DEBUGF(LOG_CF(data, cf, "query connect reply: %dms", *pres1));
+      return CURLE_OK;
     }
-#endif
-#if defined(__linux__) && defined(IPV6_MTU_DISCOVER)
-    case AF_INET6: {
-      int val = IPV6_PMTUDISC_DO;
-      (void)setsockopt(*sockfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, &val,
-                       sizeof(val));
-      break;
+    case CF_QUERY_TIMER_CONNECT: {
+      struct curltime *when = pres2;
+      *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_CONNECT);
+      return CURLE_OK;
     }
-#endif
+    case CF_QUERY_TIMER_APPCONNECT: {
+      struct curltime *when = pres2;
+      *when = get_max_baller_time(cf, data, CF_QUERY_TIMER_APPCONNECT);
+      return CURLE_OK;
+    }
+    default:
+      break;
     }
   }
 
-#if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
-  if(conn->scope_id && (addr->family == AF_INET6)) {
-    struct sockaddr_in6 * const sa6 = (void *)&addr->sa_addr;
-    sa6->sin6_scope_id = conn->scope_id;
-  }
-#endif
-
-  return CURLE_OK;
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
 }
 
-/*
- * Curl_conncontrol() marks streams or connection for closure.
- */
-void Curl_conncontrol(struct connectdata *conn,
-                      int ctrl /* see defines in header */
-#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
-                      , const char *reason
-#endif
-  )
+static void cf_he_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
-  /* close if a connection, or a stream that isn't multiplexed. */
-  /* This function will be called both before and after this connection is
-     associated with a transfer. */
-  bool closeit;
-  DEBUGASSERT(conn);
-#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
-  (void)reason; /* useful for debugging */
-#endif
-  closeit = (ctrl == CONNCTRL_CONNECTION) ||
-    ((ctrl == CONNCTRL_STREAM) && !(conn->handler->flags & PROTOPT_STREAM));
-  if((ctrl == CONNCTRL_STREAM) &&
-     (conn->handler->flags & PROTOPT_STREAM))
-    ;
-  else if((bit)closeit != conn->bits.close) {
-    conn->bits.close = closeit; /* the only place in the source code that
-                                   should assign this bit */
+  struct cf_he_ctx *ctx = cf->ctx;
+
+  DEBUGF(LOG_CF(data, cf, "destroy"));
+  if(ctx) {
+    cf_he_ctx_clear(cf, data);
   }
+  /* release any resources held in state */
+  Curl_safefree(ctx);
 }
 
-typedef enum {
-  SCFST_INIT,
-  SCFST_WAITING,
-  SCFST_DONE
-} cf_connect_state;
-
-struct socket_cf_ctx {
-  const struct Curl_dns_entry *remotehost;
-  cf_connect_state state;
+struct Curl_cftype Curl_cft_happy_eyeballs = {
+  "HAPPY-EYEBALLS",
+  0,
+  CURL_LOG_DEFAULT,
+  cf_he_destroy,
+  cf_he_connect,
+  cf_he_close,
+  Curl_cf_def_get_host,
+  cf_he_get_select_socks,
+  cf_he_data_pending,
+  Curl_cf_def_send,
+  Curl_cf_def_recv,
+  Curl_cf_def_cntrl,
+  Curl_cf_def_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_he_query,
 };
 
-static int socket_cf_get_select_socks(struct Curl_cfilter *cf,
-                                      struct Curl_easy *data,
-                                      curl_socket_t *socks)
+CURLcode Curl_cf_happy_eyeballs_create(struct Curl_cfilter **pcf,
+                                       struct Curl_easy *data,
+                                       struct connectdata *conn,
+                                       cf_ip_connect_create *cf_create,
+                                       const struct Curl_dns_entry *remotehost,
+                                       int transport)
 {
-  struct connectdata *conn = cf->conn;
-  int i, s, rc = GETSOCK_BLANK;
+  struct cf_he_ctx *ctx = NULL;
+  CURLcode result;
 
   (void)data;
-  if(cf->connected) {
-    return rc;
+  (void)conn;
+  *pcf = NULL;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  ctx->transport = transport;
+  ctx->cf_create = cf_create;
+  ctx->remotehost = remotehost;
+
+  result = Curl_cf_create(pcf, &Curl_cft_happy_eyeballs, ctx);
+
+out:
+  if(result) {
+    Curl_safefree(*pcf);
+    Curl_safefree(ctx);
   }
+  return result;
+}
 
-  for(i = s = 0; i<2; i++) {
-    if(conn->tempsock[i] != CURL_SOCKET_BAD) {
-      socks[s] = conn->tempsock[i];
-      rc |= GETSOCK_WRITESOCK(s);
+struct transport_provider {
+  int transport;
+  cf_ip_connect_create *cf_create;
+};
+
+static
+#ifndef DEBUGBUILD
+const
+#endif
+struct transport_provider transport_providers[] = {
+  { TRNSPRT_TCP, Curl_cf_tcp_create },
 #ifdef ENABLE_QUIC
-      if(conn->transport == TRNSPRT_QUIC)
-        /* when connecting QUIC, we want to read the socket too */
-        rc |= GETSOCK_READSOCK(s);
+  { TRNSPRT_QUIC, Curl_cf_quic_create },
 #endif
-      s++;
+  { TRNSPRT_UDP, Curl_cf_udp_create },
+  { TRNSPRT_UNIX, Curl_cf_unix_create },
+};
+
+#ifndef ARRAYSIZE
+#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
+#endif
+
+static cf_ip_connect_create *get_cf_create(int transport)
+{
+  size_t i;
+  for(i = 0; i < ARRAYSIZE(transport_providers); ++i) {
+    if(transport == transport_providers[i].transport)
+      return transport_providers[i].cf_create;
+  }
+  return NULL;
+}
+
+#ifdef DEBUGBUILD
+void Curl_debug_set_transport_provider(int transport,
+                                       cf_ip_connect_create *cf_create)
+{
+  size_t i;
+  for(i = 0; i < ARRAYSIZE(transport_providers); ++i) {
+    if(transport == transport_providers[i].transport) {
+      transport_providers[i].cf_create = cf_create;
+      return;
     }
   }
+}
+#endif /* DEBUGBUILD */
 
-  return rc;
+static CURLcode cf_he_insert_after(struct Curl_cfilter *cf_at,
+                                   struct Curl_easy *data,
+                                   const struct Curl_dns_entry *remotehost,
+                                   int transport)
+{
+  cf_ip_connect_create *cf_create;
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  /* Need to be first */
+  DEBUGASSERT(cf_at);
+  cf_create = get_cf_create(transport);
+  if(!cf_create) {
+    DEBUGF(LOG_CF(data, cf_at, "unsupported transport type %d", transport));
+    return CURLE_UNSUPPORTED_PROTOCOL;
+  }
+  result = Curl_cf_happy_eyeballs_create(&cf, data, cf_at->conn,
+                                         cf_create, remotehost,
+                                         transport);
+  if(result)
+    return result;
+
+  Curl_conn_cf_insert_after(cf_at, cf);
+  return CURLE_OK;
 }
 
-static CURLcode socket_cf_connect(struct Curl_cfilter *cf,
-                                  struct Curl_easy *data,
-                                  bool blocking, bool *done)
+typedef enum {
+  CF_SETUP_INIT,
+  CF_SETUP_CNNCT_EYEBALLS,
+  CF_SETUP_CNNCT_SOCKS,
+  CF_SETUP_CNNCT_HTTP_PROXY,
+  CF_SETUP_CNNCT_HAPROXY,
+  CF_SETUP_CNNCT_SSL,
+  CF_SETUP_DONE
+} cf_setup_state;
+
+struct cf_setup_ctx {
+  cf_setup_state state;
+  const struct Curl_dns_entry *remotehost;
+  int ssl_mode;
+  int transport;
+};
+
+static CURLcode cf_setup_connect(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data,
+                                 bool blocking, bool *done)
 {
-  struct connectdata *conn = cf->conn;
-  int sockindex = cf->sockindex;
-  struct socket_cf_ctx *ctx = cf->ctx;
+  struct cf_setup_ctx *ctx = cf->ctx;
   CURLcode result = CURLE_OK;
 
   if(cf->connected) {
@@ -1680,253 +1189,241 @@ static CURLcode socket_cf_connect(struct Curl_cfilter *cf,
     return CURLE_OK;
   }
 
-  (void)blocking;
-  DEBUGASSERT(ctx);
-  *done = FALSE;
-  switch(ctx->state) {
-    case SCFST_INIT:
-      DEBUGASSERT(CURL_SOCKET_BAD == conn->sock[sockindex]);
-      DEBUGASSERT(!cf->connected);
-      result = Curl_connecthost(data, conn, ctx->remotehost);
-      if(!result)
-        ctx->state = SCFST_WAITING;
-      break;
-    case SCFST_WAITING:
-      result = is_connected(data, conn, sockindex, done);
-      if(!result && *done) {
-        Curl_pgrsTime(data, TIMER_CONNECT);    /* we're connected already */
-        if(Curl_conn_is_ssl(data, FIRSTSOCKET) ||
-           (conn->handler->protocol & PROTO_FAMILY_SSH))
-          Curl_pgrsTime(data, TIMER_APPCONNECT); /* we're connected already */
-        post_connect(data, conn, sockindex);
-        ctx->state = SCFST_DONE;
-        cf->connected = TRUE;
-      }
-      break;
-    case SCFST_DONE:
-      *done = TRUE;
-      break;
+  /* connect current sub-chain */
+connect_sub_chain:
+  if(cf->next && !cf->next->connected) {
+    result = Curl_conn_cf_connect(cf->next, data, blocking, done);
+    if(result || !*done)
+      return result;
   }
-  return result;
-}
 
-static CURLcode socket_cf_setup(struct Curl_cfilter *cf,
-                                struct Curl_easy *data,
-                                const struct Curl_dns_entry *remotehost)
-{
-  struct socket_cf_ctx *ctx = cf->ctx;
+  if(ctx->state < CF_SETUP_CNNCT_EYEBALLS) {
+    result = cf_he_insert_after(cf, data, ctx->remotehost, ctx->transport);
+    if(result)
+      return result;
+    ctx->state = CF_SETUP_CNNCT_EYEBALLS;
+    if(!cf->next || !cf->next->connected)
+      goto connect_sub_chain;
+  }
 
-  (void)data;
-  DEBUGASSERT(ctx);
-  if(ctx->remotehost != remotehost) {
-    if(ctx->remotehost) {
-      /* switching dns entry? TODO: reset? */
-    }
-    ctx->remotehost = remotehost;
+  /* sub-chain connected, do we need to add more? */
+#ifndef CURL_DISABLE_PROXY
+  if(ctx->state < CF_SETUP_CNNCT_SOCKS && cf->conn->bits.socksproxy) {
+    result = Curl_cf_socks_proxy_insert_after(cf, data);
+    if(result)
+      return result;
+    ctx->state = CF_SETUP_CNNCT_SOCKS;
+    if(!cf->next || !cf->next->connected)
+      goto connect_sub_chain;
   }
-  DEBUGF(infof(data, CFMSG(cf, "setup(remotehost=%s)"),
-         cf->conn->hostname_resolve));
-  return CURLE_OK;
-}
 
-static void socket_cf_close(struct Curl_cfilter *cf,
-                            struct Curl_easy *data)
-{
-  int sockindex = cf->sockindex;
-  struct socket_cf_ctx *ctx = cf->ctx;
-
- DEBUGASSERT(ctx);
-   /* close possibly still open sockets */
-  if(CURL_SOCKET_BAD != cf->conn->sock[sockindex]) {
-    Curl_closesocket(data, cf->conn, cf->conn->sock[sockindex]);
-    cf->conn->sock[sockindex] = CURL_SOCKET_BAD;
+  if(ctx->state < CF_SETUP_CNNCT_HTTP_PROXY && cf->conn->bits.httpproxy) {
+#ifdef USE_SSL
+    if(cf->conn->http_proxy.proxytype == CURLPROXY_HTTPS
+       && !Curl_conn_is_ssl(cf->conn, cf->sockindex)) {
+      result = Curl_cf_ssl_proxy_insert_after(cf, data);
+      if(result)
+        return result;
+    }
+#endif /* USE_SSL */
+
+#if !defined(CURL_DISABLE_HTTP)
+    if(cf->conn->bits.tunnel_proxy) {
+      result = Curl_cf_http_proxy_insert_after(cf, data);
+      if(result)
+        return result;
+    }
+#endif /* !CURL_DISABLE_HTTP */
+    ctx->state = CF_SETUP_CNNCT_HTTP_PROXY;
+    if(!cf->next || !cf->next->connected)
+      goto connect_sub_chain;
   }
-  if(CURL_SOCKET_BAD != cf->conn->tempsock[sockindex]) {
-    Curl_closesocket(data, cf->conn, cf->conn->tempsock[sockindex]);
-    cf->conn->tempsock[sockindex] = CURL_SOCKET_BAD;
+#endif /* !CURL_DISABLE_PROXY */
+
+  if(ctx->state < CF_SETUP_CNNCT_HAPROXY) {
+#if !defined(CURL_DISABLE_PROXY)
+    if(data->set.haproxyprotocol) {
+      if(Curl_conn_is_ssl(cf->conn, cf->sockindex)) {
+        failf(data, "haproxy protocol not support with SSL "
+              "encryption in place (QUIC?)");
+        return CURLE_UNSUPPORTED_PROTOCOL;
+      }
+      result = Curl_cf_haproxy_insert_after(cf, data);
+      if(result)
+        return result;
+    }
+#endif /* !CURL_DISABLE_PROXY */
+    ctx->state = CF_SETUP_CNNCT_HAPROXY;
+    if(!cf->next || !cf->next->connected)
+      goto connect_sub_chain;
   }
-  cf->connected = FALSE;
-  ctx->state = SCFST_INIT;
-}
-
-static void socket_cf_get_host(struct Curl_cfilter *cf,
-                               struct Curl_easy *data,
-                               const char **phost,
-                               const char **pdisplay_host,
-                               int *pport)
-{
-  (void)data;
-  *phost = cf->conn->host.name;
-  *pdisplay_host = cf->conn->host.dispname;
-  *pport = cf->conn->port;
-}
 
-static bool socket_cf_data_pending(struct Curl_cfilter *cf,
-                                   const struct Curl_easy *data)
-{
-  int readable;
-  (void)data;
-  DEBUGASSERT(cf);
+  if(ctx->state < CF_SETUP_CNNCT_SSL) {
+#ifdef USE_SSL
+    if((ctx->ssl_mode == CURL_CF_SSL_ENABLE
+        || (ctx->ssl_mode != CURL_CF_SSL_DISABLE
+           && cf->conn->handler->flags & PROTOPT_SSL)) /* we want SSL */
+       && !Curl_conn_is_ssl(cf->conn, cf->sockindex)) { /* it is missing */
+      result = Curl_cf_ssl_insert_after(cf, data);
+      if(result)
+        return result;
+    }
+#endif /* USE_SSL */
+    ctx->state = CF_SETUP_CNNCT_SSL;
+    if(!cf->next || !cf->next->connected)
+      goto connect_sub_chain;
+  }
 
-  readable = SOCKET_READABLE(cf->conn->sock[cf->sockindex], 0);
-  return (readable > 0 && (readable & CURL_CSELECT_IN));
+  ctx->state = CF_SETUP_DONE;
+  cf->connected = TRUE;
+  *done = TRUE;
+  return CURLE_OK;
 }
 
-static ssize_t socket_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data,
-                              const void *buf, size_t len, CURLcode *err)
+static void cf_setup_close(struct Curl_cfilter *cf,
+                           struct Curl_easy *data)
 {
-  ssize_t nwritten;
-  nwritten = Curl_send_plain(data, cf->sockindex, buf, len, err);
-  return nwritten;
-}
+  struct cf_setup_ctx *ctx = cf->ctx;
 
-static ssize_t socket_cf_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
-                              char *buf, size_t len, CURLcode *err)
-{
-  ssize_t nread;
-  nread = Curl_recv_plain(data, cf->sockindex, buf, len, err);
-  return nread;
+  DEBUGF(LOG_CF(data, cf, "close"));
+  cf->connected = FALSE;
+  ctx->state = CF_SETUP_INIT;
+
+  if(cf->next) {
+    cf->next->cft->close(cf->next, data);
+    Curl_conn_cf_discard_chain(&cf->next, data);
+  }
 }
 
-static void socket_cf_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+static void cf_setup_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
-  struct socket_cf_ctx *state = cf->ctx;
+  struct cf_setup_ctx *ctx = cf->ctx;
 
   (void)data;
-  if(cf->connected) {
-    socket_cf_close(cf, data);
-  }
-  /* release any resources held in state */
-  Curl_safefree(state);
+  DEBUGF(LOG_CF(data, cf, "destroy"));
+  Curl_safefree(ctx);
 }
 
-static const struct Curl_cftype cft_socket = {
-  "SOCKET",
-  CF_TYPE_IP_CONNECT,
-  socket_cf_destroy,
-  socket_cf_setup,
-  socket_cf_connect,
-  socket_cf_close,
-  socket_cf_get_host,
-  socket_cf_get_select_socks,
-  socket_cf_data_pending,
-  socket_cf_send,
-  socket_cf_recv,
-  Curl_cf_def_attach_data,
-  Curl_cf_def_detach_data,
+
+struct Curl_cftype Curl_cft_setup = {
+  "SETUP",
+  0,
+  CURL_LOG_DEFAULT,
+  cf_setup_destroy,
+  cf_setup_connect,
+  cf_setup_close,
+  Curl_cf_def_get_host,
+  Curl_cf_def_get_select_socks,
+  Curl_cf_def_data_pending,
+  Curl_cf_def_send,
+  Curl_cf_def_recv,
+  Curl_cf_def_cntrl,
+  Curl_cf_def_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  Curl_cf_def_query,
 };
 
-CURLcode Curl_conn_socket_set(struct Curl_easy *data,
-                              struct connectdata *conn,
-                              int sockindex)
+static CURLcode cf_setup_create(struct Curl_cfilter **pcf,
+                                struct Curl_easy *data,
+                                const struct Curl_dns_entry *remotehost,
+                                int transport,
+                                int ssl_mode)
 {
-  CURLcode result;
   struct Curl_cfilter *cf = NULL;
-  struct socket_cf_ctx *scf_ctx = NULL;
+  struct cf_setup_ctx *ctx;
+  CURLcode result = CURLE_OK;
 
-  /* Need to be first */
-  DEBUGASSERT(conn);
-  DEBUGASSERT(!conn->cfilter[sockindex]);
-  scf_ctx = calloc(sizeof(*scf_ctx), 1);
-  if(!scf_ctx) {
+  (void)data;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
     result = CURLE_OUT_OF_MEMORY;
     goto out;
   }
-  result = Curl_cf_create(&cf, &cft_socket, scf_ctx);
+  ctx->state = CF_SETUP_INIT;
+  ctx->remotehost = remotehost;
+  ctx->ssl_mode = ssl_mode;
+  ctx->transport = transport;
+
+  result = Curl_cf_create(&cf, &Curl_cft_setup, ctx);
   if(result)
     goto out;
-  Curl_conn_cf_add(data, conn, sockindex, cf);
+  ctx = NULL;
 
 out:
-  if(result) {
-    Curl_safefree(cf);
-    Curl_safefree(scf_ctx);
-  }
+  *pcf = result? NULL : cf;
+  free(ctx);
   return result;
 }
 
-static CURLcode socket_accept_cf_connect(struct Curl_cfilter *cf,
-                                         struct Curl_easy *data,
-                                         bool blocking, bool *done)
+CURLcode Curl_cf_setup_add(struct Curl_easy *data,
+                           struct connectdata *conn,
+                           int sockindex,
+                           const struct Curl_dns_entry *remotehost,
+                           int transport,
+                           int ssl_mode)
 {
-  /* we start accepted, if we ever close, we cannot go on */
-  (void)data;
-  (void)blocking;
-  if(cf->connected) {
-    *done = TRUE;
-    return CURLE_OK;
-  }
-  return CURLE_FAILED_INIT;
+  struct Curl_cfilter *cf;
+  CURLcode result = CURLE_OK;
+
+  DEBUGASSERT(data);
+  result = cf_setup_create(&cf, data, remotehost, transport, ssl_mode);
+  if(result)
+    goto out;
+  Curl_conn_cf_add(data, conn, sockindex, cf);
+out:
+  return result;
 }
 
-static CURLcode socket_accept_cf_setup(struct Curl_cfilter *cf,
-                                       struct Curl_easy *data,
-                                       const struct Curl_dns_entry *remotehost)
+CURLcode Curl_cf_setup_insert_after(struct Curl_cfilter *cf_at,
+                                    struct Curl_easy *data,
+                                    const struct Curl_dns_entry *remotehost,
+                                    int transport,
+                                    int ssl_mode)
 {
-  /* we start accepted, if we ever close, we cannot go on */
-  (void)data;
-  (void)remotehost;
-  if(cf->connected) {
-    return CURLE_OK;
-  }
-  return CURLE_FAILED_INIT;
-}
+  struct Curl_cfilter *cf;
+  CURLcode result;
 
-static const struct Curl_cftype cft_socket_accept = {
-  "SOCKET-ACCEPT",
-  CF_TYPE_IP_CONNECT,
-  socket_cf_destroy,
-  socket_accept_cf_setup,
-  socket_accept_cf_connect,
-  socket_cf_close,
-  socket_cf_get_host,              /* TODO: not accurate */
-  Curl_cf_def_get_select_socks,
-  socket_cf_data_pending,
-  socket_cf_send,
-  socket_cf_recv,
-  Curl_cf_def_attach_data,
-  Curl_cf_def_detach_data,
-};
+  DEBUGASSERT(data);
+  result = cf_setup_create(&cf, data, remotehost, transport, ssl_mode);
+  if(result)
+    goto out;
+  Curl_conn_cf_insert_after(cf_at, cf);
+out:
+  return result;
+}
 
-CURLcode Curl_conn_socket_accepted_set(struct Curl_easy *data,
-                                       struct connectdata *conn,
-                                       int sockindex, curl_socket_t *s)
+CURLcode Curl_conn_setup(struct Curl_easy *data,
+                         struct connectdata *conn,
+                         int sockindex,
+                         const struct Curl_dns_entry *remotehost,
+                         int ssl_mode)
 {
-  CURLcode result;
-  struct Curl_cfilter *cf = NULL;
-  struct socket_cf_ctx *scf_ctx = NULL;
+  CURLcode result = CURLE_OK;
 
-  cf = conn->cfilter[sockindex];
-  if(cf && cf->cft == &cft_socket_accept) {
-    /* already an accept filter installed, just replace the socket */
-    scf_ctx = cf->ctx;
-    result = CURLE_OK;
-  }
-  else {
-    /* replace any existing */
-    Curl_conn_cf_discard_all(data, conn, sockindex);
-    scf_ctx = calloc(sizeof(*scf_ctx), 1);
-    if(!scf_ctx) {
-      result = CURLE_OUT_OF_MEMORY;
-      goto out;
-    }
-    result = Curl_cf_create(&cf, &cft_socket_accept, scf_ctx);
+  DEBUGASSERT(data);
+  DEBUGASSERT(conn->handler);
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
+  if(!conn->cfilter[sockindex] &&
+     conn->handler->protocol == CURLPROTO_HTTPS &&
+     (ssl_mode == CURL_CF_SSL_ENABLE || ssl_mode != CURL_CF_SSL_DISABLE)) {
+
+    result = Curl_cf_https_setup(data, conn, sockindex, remotehost);
     if(result)
       goto out;
-    Curl_conn_cf_add(data, conn, sockindex, cf);
   }
+#endif /* !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER) */
 
-   /* close any existing socket and replace */
-  Curl_closesocket(data, conn, conn->sock[sockindex]);
-  conn->sock[sockindex] = *s;
-  conn->bits.sock_accepted = TRUE;
-  cf->connected = TRUE;
-  scf_ctx->state = SCFST_DONE;
+  /* Still no cfilter set, apply default. */
+  if(!conn->cfilter[sockindex]) {
+    result = Curl_cf_setup_add(data, conn, sockindex, remotehost,
+                               conn->transport, ssl_mode);
+    if(result)
+      goto out;
+  }
 
+  DEBUGASSERT(conn->cfilter[sockindex]);
 out:
-  if(result) {
-    Curl_safefree(cf);
-    Curl_safefree(scf_ctx);
-  }
   return result;
 }
+
diff --git a/lib/connect.h b/lib/connect.h
index 1e90a8561..e4fa10c4c 100644
--- a/lib/connect.h
+++ b/lib/connect.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -29,9 +29,7 @@
 #include "sockaddr.h"
 #include "timeval.h"
 
-CURLcode Curl_connecthost(struct Curl_easy *data,
-                          struct connectdata *conn,
-                          const struct Curl_dns_entry *host);
+struct Curl_dns_entry;
 
 /* generic function that returns how much time there's left to run, according
    to the timeouts set */
@@ -53,67 +51,8 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
 bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen,
                       char *addr, int *port);
 
-/*
- * Check if a connection seems to be alive.
- */
-bool Curl_connalive(struct Curl_easy *data, struct connectdata *conn);
-
-#ifdef USE_WINSOCK
-/* When you run a program that uses the Windows Sockets API, you may
-   experience slow performance when you copy data to a TCP server.
-
-   https://support.microsoft.com/kb/823764
-
-   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
-   Buffer Size
-
-*/
-void Curl_sndbufset(curl_socket_t sockfd);
-#else
-#define Curl_sndbufset(y) Curl_nop_stmt
-#endif
-
-void Curl_updateconninfo(struct Curl_easy *data, struct connectdata *conn,
-                         curl_socket_t sockfd);
-void Curl_conninfo_remote(struct Curl_easy *data, struct connectdata *conn,
-                          curl_socket_t sockfd);
-void Curl_conninfo_local(struct Curl_easy *data, curl_socket_t sockfd,
-                         char *local_ip, int *local_port);
 void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn,
                           char *local_ip, int local_port);
-int Curl_closesocket(struct Curl_easy *data, struct connectdata *conn,
-                     curl_socket_t sock);
-
-/*
- * The Curl_sockaddr_ex structure is basically libcurl's external API
- * curl_sockaddr structure with enough space available to directly hold any
- * protocol-specific address structures. The variable declared here will be
- * used to pass / receive data to/from the fopensocket callback if this has
- * been set, before that, it is initialized from parameters.
- */
-struct Curl_sockaddr_ex {
-  int family;
-  int socktype;
-  int protocol;
-  unsigned int addrlen;
-  union {
-    struct sockaddr addr;
-    struct Curl_sockaddr_storage buff;
-  } _sa_ex_u;
-};
-#define sa_addr _sa_ex_u.addr
-
-/*
- * Create a socket based on info from 'conn' and 'ai'.
- *
- * Fill in 'addr' and 'sockfd' accordingly if OK is returned. If the open
- * socket callback is set, used that!
- *
- */
-CURLcode Curl_socket(struct Curl_easy *data,
-                     const struct Curl_addrinfo *ai,
-                     struct Curl_sockaddr_ex *addr,
-                     curl_socket_t *sockfd);
 
 /*
  * Curl_conncontrol() marks the end of a connection/stream. The 'closeit'
@@ -148,13 +87,71 @@ void Curl_conncontrol(struct connectdata *conn,
 #define connkeep(x,y) Curl_conncontrol(x, CONNCTRL_KEEP)
 #endif
 
-CURLcode Curl_conn_socket_set(struct Curl_easy *data,
+/**
+ * Create a cfilter for making an "ip" connection to the
+ * given address, using parameters from `conn`. The "ip" connection
+ * can be a TCP socket, a UDP socket or even a QUIC connection.
+ *
+ * It MUST use only the supplied `ai` for its connection attempt.
+ *
+ * Such a filter may be used in "happy eyeball" scenarios, and its
+ * `connect` implementation needs to support non-blocking. Once connected,
+ * it MAY be installed in the connection filter chain to serve transfers.
+ */
+typedef CURLcode cf_ip_connect_create(struct Curl_cfilter **pcf,
+                                      struct Curl_easy *data,
+                                      struct connectdata *conn,
+                                      const struct Curl_addrinfo *ai,
+                                      int transport);
+
+/**
+ * Create a happy eyeball connection filter that uses the, once resolved,
+ * address information to connect on ip families based on connection
+ * configuration.
+ * @param pcf        output, the created cfilter
+ * @param data       easy handle used in creation
+ * @param conn       connection the filter is created for
+ * @param cf_create  method to create the sub-filters performing the
+ *                   actual connects.
+ */
+CURLcode
+Curl_cf_happy_eyeballs_create(struct Curl_cfilter **pcf,
+                              struct Curl_easy *data,
                               struct connectdata *conn,
-                              int sockindex);
-
-CURLcode Curl_conn_socket_accepted_set(struct Curl_easy *data,
-                                       struct connectdata *conn,
-                                       int sockindex,
-                                       curl_socket_t *s);
+                              cf_ip_connect_create *cf_create,
+                              const struct Curl_dns_entry *remotehost,
+                              int transport);
+
+CURLcode Curl_cf_setup_add(struct Curl_easy *data,
+                           struct connectdata *conn,
+                           int sockindex,
+                           const struct Curl_dns_entry *remotehost,
+                           int transport,
+                           int ssl_mode);
+
+CURLcode Curl_cf_setup_insert_after(struct Curl_cfilter *cf_at,
+                                    struct Curl_easy *data,
+                                    const struct Curl_dns_entry *remotehost,
+                                    int transport,
+                                    int ssl_mode);
+
+/**
+ * Setup the cfilters at `sockindex` in connection `conn`.
+ * If no filter chain is installed yet, inspects the configuration
+ * in `data` and `conn? to install a suitable filter chain.
+ */
+CURLcode Curl_conn_setup(struct Curl_easy *data,
+                         struct connectdata *conn,
+                         int sockindex,
+                         const struct Curl_dns_entry *remotehost,
+                         int ssl_mode);
+
+extern struct Curl_cftype Curl_cft_happy_eyeballs;
+extern struct Curl_cftype Curl_cft_setup;
+
+#ifdef DEBUGBUILD
+void Curl_debug_set_transport_provider(int transport,
+                                       cf_ip_connect_create *cf_create);
+#endif
 
 #endif /* HEADER_CURL_CONNECT_H */
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index bfc13e254..f8524837d 100644
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -33,7 +33,15 @@
 #endif
 
 #ifdef HAVE_BROTLI
+#if defined(__GNUC__)
+/* Ignore -Wvla warnings in brotli headers */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
 #include <brotli/decode.h>
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
 #endif
 
 #ifdef HAVE_ZSTD
@@ -977,7 +985,8 @@ static const struct content_encoding error_encoding = {
 static struct contenc_writer *
 new_unencoding_writer(struct Curl_easy *data,
                       const struct content_encoding *handler,
-                      struct contenc_writer *downstream)
+                      struct contenc_writer *downstream,
+                      int order)
 {
   struct contenc_writer *writer;
 
@@ -987,6 +996,7 @@ new_unencoding_writer(struct Curl_easy *data,
   if(writer) {
     writer->handler = handler;
     writer->downstream = downstream;
+    writer->order = order;
     if(handler->init_writer(data, writer)) {
       free(writer);
       writer = NULL;
@@ -1042,10 +1052,10 @@ static const struct content_encoding *find_encoding(const char *name,
 /* Set-up the unencoding stack from the Content-Encoding header value.
  * See RFC 7231 section 3.1.2.2. */
 CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
-                                     const char *enclist, int maybechunked)
+                                     const char *enclist, int is_transfer)
 {
   struct SingleRequest *k = &data->req;
-  int counter = 0;
+  unsigned int order = is_transfer? 2: 1;
 
   do {
     const char *name;
@@ -1062,7 +1072,7 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
         namelen = enclist - name + 1;
 
     /* Special case: chunked encoding is handled at the reader level. */
-    if(maybechunked && namelen == 7 && strncasecompare(name, "chunked", 7)) {
+    if(is_transfer && namelen == 7 && strncasecompare(name, "chunked", 7)) {
       k->chunk = TRUE;             /* chunks coming our way. */
       Curl_httpchunk_init(data);   /* init our chunky engine. */
     }
@@ -1071,7 +1081,8 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
       struct contenc_writer *writer;
 
       if(!k->writer_stack) {
-        k->writer_stack = new_unencoding_writer(data, &client_encoding, NULL);
+        k->writer_stack = new_unencoding_writer(data, &client_encoding,
+                                                NULL, 0);
 
         if(!k->writer_stack)
           return CURLE_OUT_OF_MEMORY;
@@ -1080,16 +1091,29 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
       if(!encoding)
         encoding = &error_encoding;  /* Defer error at stack use. */
 
-      if(++counter >= MAX_ENCODE_STACK) {
-        failf(data, "Reject response due to %u content encodings",
-              counter);
+      if(k->writer_stack_depth++ >= MAX_ENCODE_STACK) {
+        failf(data, "Reject response due to more than %u content encodings",
+              MAX_ENCODE_STACK);
         return CURLE_BAD_CONTENT_ENCODING;
       }
       /* Stack the unencoding stage. */
-      writer = new_unencoding_writer(data, encoding, k->writer_stack);
-      if(!writer)
-        return CURLE_OUT_OF_MEMORY;
-      k->writer_stack = writer;
+      if(order >= k->writer_stack->order) {
+        writer = new_unencoding_writer(data, encoding,
+                                       k->writer_stack, order);
+        if(!writer)
+          return CURLE_OUT_OF_MEMORY;
+        k->writer_stack = writer;
+      }
+      else {
+        struct contenc_writer *w = k->writer_stack;
+        while(w->downstream && order < w->downstream->order)
+          w = w->downstream;
+        writer = new_unencoding_writer(data, encoding,
+                                       w->downstream, order);
+        if(!writer)
+          return CURLE_OUT_OF_MEMORY;
+        w->downstream = writer;
+      }
     }
   } while(*enclist);
 
@@ -1099,11 +1123,11 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
 #else
 /* Stubs for builds without HTTP. */
 CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
-                                     const char *enclist, int maybechunked)
+                                     const char *enclist, int is_transfer)
 {
   (void) data;
   (void) enclist;
-  (void) maybechunked;
+  (void) is_transfer;
   return CURLE_NOT_BUILT_IN;
 }
 
diff --git a/lib/content_encoding.h b/lib/content_encoding.h
index 3c278cf72..56e7f97f7 100644
--- a/lib/content_encoding.h
+++ b/lib/content_encoding.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -28,6 +28,7 @@
 struct contenc_writer {
   const struct content_encoding *handler;  /* Encoding handler. */
   struct contenc_writer *downstream;  /* Downstream writer. */
+  unsigned int order; /* Ordering within writer stack. */
 };
 
 /* Content encoding writer. */
@@ -46,7 +47,7 @@ struct content_encoding {
 
 
 CURLcode Curl_build_unencoding_stack(struct Curl_easy *data,
-                                     const char *enclist, int maybechunked);
+                                     const char *enclist, int is_transfer);
 CURLcode Curl_unencode_write(struct Curl_easy *data,
                              struct contenc_writer *writer,
                              const char *buf, size_t nbytes);
diff --git a/lib/cookie.c b/lib/cookie.c
index bccf2e888..0c6e0f7cd 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -101,13 +101,14 @@ Example set of cookies:
 #include "parsedate.h"
 #include "rename.h"
 #include "fopen.h"
+#include "strdup.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
 #include "curl_memory.h"
 #include "memdebug.h"
 
-static void strstore(char **str, const char *newstr);
+static void strstore(char **str, const char *newstr, size_t len);
 
 static void freecookie(struct Cookie *co)
 {
@@ -122,15 +123,17 @@ static void freecookie(struct Cookie *co)
   free(co);
 }
 
-static bool tailmatch(const char *cooke_domain, const char *hostname)
+static bool tailmatch(const char *cookie_domain, size_t cookie_domain_len,
+                      const char *hostname)
 {
-  size_t cookie_domain_len = strlen(cooke_domain);
   size_t hostname_len = strlen(hostname);
 
   if(hostname_len < cookie_domain_len)
     return FALSE;
 
-  if(!strcasecompare(cooke_domain, hostname + hostname_len-cookie_domain_len))
+  if(!strncasecompare(cookie_domain,
+                      hostname + hostname_len-cookie_domain_len,
+                      cookie_domain_len))
     return FALSE;
 
   /*
@@ -176,7 +179,7 @@ static bool pathmatch(const char *cookie_path, const char *request_uri)
 
   /* #-fragments are already cut off! */
   if(0 == strlen(uri_path) || uri_path[0] != '/') {
-    strstore(&uri_path, "/");
+    strstore(&uri_path, "/", 1);
     if(!uri_path)
       return FALSE;
   }
@@ -310,7 +313,7 @@ static char *sanitize_cookie_path(const char *cookie_path)
   /* RFC6265 5.2.4 The Path Attribute */
   if(new_path[0] != '/') {
     /* Let cookie-path be the default-path. */
-    strstore(&new_path, "/");
+    strstore(&new_path, "/", 1);
     return new_path;
   }
 
@@ -329,14 +332,13 @@ static char *sanitize_cookie_path(const char *cookie_path)
  */
 void Curl_cookie_loadfiles(struct Curl_easy *data)
 {
-  struct curl_slist *list = data->state.cookielist;
+  struct curl_slist *list = data->set.cookielist;
   if(list) {
     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
     while(list) {
-      struct CookieInfo *newcookies = Curl_cookie_init(data,
-                                        list->data,
-                                        data->cookies,
-                                        data->set.cookiesession);
+      struct CookieInfo *newcookies =
+        Curl_cookie_init(data, list->data, data->cookies,
+                         data->set.cookiesession);
       if(!newcookies)
         /*
          * Failure may be due to OOM or a bad cookie; both are ignored
@@ -347,8 +349,6 @@ void Curl_cookie_loadfiles(struct Curl_easy *data)
         data->cookies = newcookies;
       list = list->next;
     }
-    curl_slist_free_all(data->state.cookielist); /* clean up list */
-    data->state.cookielist = NULL; /* don't do this again! */
     Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
   }
 }
@@ -362,10 +362,14 @@ void Curl_cookie_loadfiles(struct Curl_easy *data)
  * parsing in a last-wins scenario. The caller is responsible for checking
  * for OOM errors.
  */
-static void strstore(char **str, const char *newstr)
+static void strstore(char **str, const char *newstr, size_t len)
 {
+  DEBUGASSERT(newstr);
+  DEBUGASSERT(str);
   free(*str);
-  *str = strdup(newstr);
+  *str = Curl_memdup(newstr, len + 1);
+  if(*str)
+    (*str)[len] = 0;
 }
 
 /*
@@ -427,15 +431,19 @@ static void remove_expired(struct CookieInfo *cookies)
 }
 
 /* Make sure domain contains a dot or is localhost. */
-static bool bad_domain(const char *domain)
+static bool bad_domain(const char *domain, size_t len)
 {
-  if(strcasecompare(domain, "localhost"))
+  if((len == 9) && strncasecompare(domain, "localhost", 9))
     return FALSE;
   else {
     /* there must be a dot present, but that dot must not be a trailing dot */
-    char *dot = strchr(domain, '.');
-    if(dot)
-      return dot[1] ? FALSE : TRUE;
+    char *dot = memchr(domain, '.', len);
+    if(dot) {
+      size_t i = dot - domain;
+      if((len - i) > 1)
+        /* the dot is not the last byte */
+        return FALSE;
+    }
   }
   return TRUE;
 }
@@ -515,10 +523,9 @@ Curl_cookie_add(struct Curl_easy *data,
 
   if(httpheader) {
     /* This line was read off an HTTP-header */
-    char name[MAX_NAME];
-    char what[MAX_NAME];
+    const char *namep;
+    const char *valuep;
     const char *ptr;
-    const char *semiptr;
 
     size_t linelength = strlen(lineptr);
     if(linelength > MAX_COOKIE_LINE) {
@@ -527,73 +534,65 @@ Curl_cookie_add(struct Curl_easy *data,
       return NULL;
     }
 
-    semiptr = strchr(lineptr, ';'); /* first, find a semicolon */
-
-    while(*lineptr && ISBLANK(*lineptr))
-      lineptr++;
-
     ptr = lineptr;
     do {
-      /* we have a <what>=<this> pair or a stand-alone word here */
-      name[0] = what[0] = 0; /* init the buffers */
-      if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\t\r\n=] =%"
-                     MAX_NAME_TXT "[^;\r\n]",
-                     name, what)) {
-        /*
-         * Use strstore() below to properly deal with received cookie
-         * headers that have the same string property set more than once,
-         * and then we use the last one.
-         */
-        const char *whatptr;
+      size_t vlen;
+      size_t nlen;
+
+      while(*ptr && ISBLANK(*ptr))
+        ptr++;
+
+      /* we have a <name>=<value> pair or a stand-alone word here */
+      nlen = strcspn(ptr, ";\t\r\n=");
+      if(nlen) {
         bool done = FALSE;
-        bool sep;
-        size_t len = strlen(what);
-        size_t nlen = strlen(name);
-        const char *endofn = &ptr[ nlen ];
+        bool sep = FALSE;
 
-        /*
-         * Check for too long individual name or contents, or too long
-         * combination of name + contents. Chrome and Firefox support 4095 or
-         * 4096 bytes combo
-         */
-        if(nlen >= (MAX_NAME-1) || len >= (MAX_NAME-1) ||
-           ((nlen + len) > MAX_NAME)) {
-          freecookie(co);
-          infof(data, "oversized cookie dropped, name/val %zu + %zu bytes",
-                nlen, len);
-          return NULL;
-        }
+        namep = ptr;
+        ptr += nlen;
 
-        /* name ends with a '=' ? */
-        sep = (*endofn == '=')?TRUE:FALSE;
+        /* trim trailing spaces and tabs after name */
+        while(nlen && ISBLANK(namep[nlen - 1]))
+          nlen--;
 
-        if(nlen) {
-          endofn--; /* move to the last character */
-          if(ISBLANK(*endofn)) {
-            /* skip trailing spaces in name */
-            while(*endofn && ISBLANK(*endofn) && nlen) {
-              endofn--;
-              nlen--;
-            }
-            name[nlen] = 0; /* new end of name */
+        if(*ptr == '=') {
+          vlen = strcspn(++ptr, ";\r\n");
+          valuep = ptr;
+          sep = TRUE;
+          ptr = &valuep[vlen];
+
+          /* Strip off trailing whitespace from the value */
+          while(vlen && ISBLANK(valuep[vlen-1]))
+            vlen--;
+
+          /* Skip leading whitespace from the value */
+          while(vlen && ISBLANK(*valuep)) {
+            valuep++;
+            vlen--;
           }
-        }
 
-        /* Strip off trailing whitespace from the 'what' */
-        while(len && ISBLANK(what[len-1])) {
-          what[len-1] = 0;
-          len--;
+          /* Reject cookies with a TAB inside the value */
+          if(memchr(valuep, '\t', vlen)) {
+            freecookie(co);
+            infof(data, "cookie contains TAB, dropping");
+            return NULL;
+          }
+        }
+        else {
+          valuep = NULL;
+          vlen = 0;
         }
 
-        /* Skip leading whitespace from the 'what' */
-        whatptr = what;
-        while(*whatptr && ISBLANK(*whatptr))
-          whatptr++;
-
-        /* Reject cookies with a TAB inside the content */
-        if(strchr(whatptr, '\t')) {
+        /*
+         * Check for too long individual name or contents, or too long
+         * combination of name + contents. Chrome and Firefox support 4095 or
+         * 4096 bytes combo
+         */
+        if(nlen >= (MAX_NAME-1) || vlen >= (MAX_NAME-1) ||
+           ((nlen + vlen) > MAX_NAME)) {
           freecookie(co);
-          infof(data, "cookie contains TAB, dropping");
+          infof(data, "oversized cookie dropped, name/val %zu + %zu bytes",
+                nlen, vlen);
           return NULL;
         }
 
@@ -603,13 +602,19 @@ Curl_cookie_add(struct Curl_easy *data,
          * "the rest". Prefixes must start with '__' and end with a '-', so
          * only test for names where that can possibly be true.
          */
-        if(nlen > 3 && name[0] == '_' && name[1] == '_') {
-          if(strncasecompare("__Secure-", name, 9))
+        if(nlen >= 7 && namep[0] == '_' && namep[1] == '_') {
+          if(strncasecompare("__Secure-", namep, 9))
             co->prefix |= COOKIE_PREFIX__SECURE;
-          else if(strncasecompare("__Host-", name, 7))
+          else if(strncasecompare("__Host-", namep, 7))
             co->prefix |= COOKIE_PREFIX__HOST;
         }
 
+        /*
+         * Use strstore() below to properly deal with received cookie
+         * headers that have the same string property set more than once,
+         * and then we use the last one.
+         */
+
         if(!co->name) {
           /* The very first name/value pair is the actual cookie name */
           if(!sep) {
@@ -617,20 +622,20 @@ Curl_cookie_add(struct Curl_easy *data,
             badcookie = TRUE;
             break;
           }
-          co->name = strdup(name);
-          co->value = strdup(whatptr);
+          strstore(&co->name, namep, nlen);
+          strstore(&co->value, valuep, vlen);
           done = TRUE;
           if(!co->name || !co->value) {
             badcookie = TRUE;
             break;
           }
-          if(invalid_octets(whatptr) || invalid_octets(name)) {
+          if(invalid_octets(co->value) || invalid_octets(co->name)) {
             infof(data, "invalid octets in name/value, cookie dropped");
             badcookie = TRUE;
             break;
           }
         }
-        else if(!len) {
+        else if(!vlen) {
           /*
            * this was a "<name>=" with no content, and we must allow
            * 'secure' and 'httponly' specified this weirdly
@@ -641,7 +646,7 @@ Curl_cookie_add(struct Curl_easy *data,
            * using a secure protocol, or when the cookie is being set by
            * reading from file
            */
-          if(strcasecompare("secure", name)) {
+          if((nlen == 6) && strncasecompare("secure", namep, 6)) {
             if(secure || !c->running) {
               co->secure = TRUE;
             }
@@ -650,7 +655,7 @@ Curl_cookie_add(struct Curl_easy *data,
               break;
             }
           }
-          else if(strcasecompare("httponly", name))
+          else if((nlen == 8) && strncasecompare("httponly", namep, 8))
             co->httponly = TRUE;
           else if(sep)
             /* there was a '=' so we're not done parsing this field */
@@ -658,8 +663,8 @@ Curl_cookie_add(struct Curl_easy *data,
         }
         if(done)
           ;
-        else if(strcasecompare("path", name)) {
-          strstore(&co->path, whatptr);
+        else if((nlen == 4) && strncasecompare("path", namep, 4)) {
+          strstore(&co->path, valuep, vlen);
           if(!co->path) {
             badcookie = TRUE; /* out of memory bad */
             break;
@@ -671,7 +676,8 @@ Curl_cookie_add(struct Curl_easy *data,
             break;
           }
         }
-        else if(strcasecompare("domain", name) && whatptr[0]) {
+        else if((nlen == 6) &&
+                strncasecompare("domain", namep, 6) && vlen) {
           bool is_ip;
 
           /*
@@ -679,8 +685,10 @@ Curl_cookie_add(struct Curl_easy *data,
            * the given domain is not valid and thus cannot be set.
            */
 
-          if('.' == whatptr[0])
-            whatptr++; /* ignore preceding dot */
+          if('.' == valuep[0]) {
+            valuep++; /* ignore preceding dot */
+            vlen--;
+          }
 
 #ifndef USE_LIBPSL
           /*
@@ -688,16 +696,17 @@ Curl_cookie_add(struct Curl_easy *data,
            * TLD or otherwise "protected" suffix. To reduce risk, we require a
            * dot OR the exact host name being "localhost".
            */
-          if(bad_domain(whatptr))
+          if(bad_domain(valuep, vlen))
             domain = ":";
 #endif
 
-          is_ip = Curl_host_is_ipnum(domain ? domain : whatptr);
+          is_ip = Curl_host_is_ipnum(domain ? domain : valuep);
 
           if(!domain
-             || (is_ip && !strcmp(whatptr, domain))
-             || (!is_ip && tailmatch(whatptr, domain))) {
-            strstore(&co->domain, whatptr);
+             || (is_ip && !strncmp(valuep, domain, vlen) &&
+                 (vlen == strlen(domain)))
+             || (!is_ip && tailmatch(valuep, vlen, domain))) {
+            strstore(&co->domain, valuep, vlen);
             if(!co->domain) {
               badcookie = TRUE;
               break;
@@ -713,17 +722,17 @@ Curl_cookie_add(struct Curl_easy *data,
              */
             badcookie = TRUE;
             infof(data, "skipped cookie with bad tailmatch domain: %s",
-                  whatptr);
+                  valuep);
           }
         }
-        else if(strcasecompare("version", name)) {
-          strstore(&co->version, whatptr);
+        else if((nlen == 7) && strncasecompare("version", namep, 7)) {
+          strstore(&co->version, valuep, vlen);
           if(!co->version) {
             badcookie = TRUE;
             break;
           }
         }
-        else if(strcasecompare("max-age", name)) {
+        else if((nlen == 7) && strncasecompare("max-age", namep, 7)) {
           /*
            * Defined in RFC2109:
            *
@@ -733,14 +742,14 @@ Curl_cookie_add(struct Curl_easy *data,
            * client should discard the cookie.  A value of zero means the
            * cookie should be discarded immediately.
            */
-          strstore(&co->maxage, whatptr);
+          strstore(&co->maxage, valuep, vlen);
           if(!co->maxage) {
             badcookie = TRUE;
             break;
           }
         }
-        else if(strcasecompare("expires", name)) {
-          strstore(&co->expirestr, whatptr);
+        else if((nlen == 7) && strncasecompare("expires", namep, 7)) {
+          strstore(&co->expirestr, valuep, vlen);
           if(!co->expirestr) {
             badcookie = TRUE;
             break;
@@ -755,24 +764,13 @@ Curl_cookie_add(struct Curl_easy *data,
         /* this is an "illegal" <what>=<this> pair */
       }
 
-      if(!semiptr || !*semiptr) {
-        /* we already know there are no more cookies */
-        semiptr = NULL;
-        continue;
-      }
-
-      ptr = semiptr + 1;
       while(*ptr && ISBLANK(*ptr))
         ptr++;
-      semiptr = strchr(ptr, ';'); /* now, find the next semicolon */
-
-      if(!semiptr && *ptr)
-        /*
-         * There are no more semicolons, but there's a final name=value pair
-         * coming up
-         */
-        semiptr = strchr(ptr, '\0');
-    } while(semiptr);
+      if(*ptr == ';')
+        ptr++;
+      else
+        break;
+    } while(1);
 
     if(co->maxage) {
       CURLofft offt;
@@ -1059,7 +1057,7 @@ Curl_cookie_add(struct Curl_easy *data,
       Curl_psl_release(data);
     }
     else
-      acceptable = !bad_domain(domain);
+      acceptable = !bad_domain(domain, strlen(domain));
 
     if(!acceptable) {
       infof(data, "cookie '%s' dropped, domain '%s' must not "
@@ -1301,7 +1299,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
      */
     remove_expired(c);
 
-    if(fromfile && fp)
+    if(fromfile)
       fclose(fp);
   }
 
@@ -1449,7 +1447,8 @@ struct Cookie *Curl_cookie_getlist(struct Curl_easy *data,
 
       /* now check if the domain is correct */
       if(!co->domain ||
-         (co->tailmatch && !is_ip && tailmatch(co->domain, host)) ||
+         (co->tailmatch && !is_ip &&
+          tailmatch(co->domain, co->domain? strlen(co->domain):0, host)) ||
          ((!co->tailmatch || is_ip) && strcasecompare(host, co->domain)) ) {
         /*
          * the right part of the host matches the domain stuff in the
@@ -1800,13 +1799,6 @@ void Curl_flush_cookies(struct Curl_easy *data, bool cleanup)
   CURLcode res;
 
   if(data->set.str[STRING_COOKIEJAR]) {
-    if(data->state.cookielist) {
-      /* If there is a list of cookie files to read, do it first so that
-         we have all the told files read before we write the new jar.
-         Curl_cookie_loadfiles() LOCKS and UNLOCKS the share itself! */
-      Curl_cookie_loadfiles(data);
-    }
-
     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
 
     /* if we have a destination file for all the cookies to get dumped to */
@@ -1816,12 +1808,6 @@ void Curl_flush_cookies(struct Curl_easy *data, bool cleanup)
             data->set.str[STRING_COOKIEJAR], curl_easy_strerror(res));
   }
   else {
-    if(cleanup && data->state.cookielist) {
-      /* since nothing is written, we can just free the list of cookie file
-         names */
-      curl_slist_free_all(data->state.cookielist); /* clean up list */
-      data->state.cookielist = NULL;
-    }
     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
   }
 
diff --git a/lib/cookie.h b/lib/cookie.h
index abc0a2e8a..39bb08bc4 100644
--- a/lib/cookie.h
+++ b/lib/cookie.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_addrinfo.c b/lib/curl_addrinfo.c
index bcea88356..35a06350d 100644
--- a/lib/curl_addrinfo.c
+++ b/lib/curl_addrinfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_addrinfo.h b/lib/curl_addrinfo.h
index b778121a7..c757c49c5 100644
--- a/lib/curl_addrinfo.h
+++ b/lib/curl_addrinfo.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_base64.h b/lib/curl_base64.h
index 85368a163..806d4431c 100644
--- a/lib/curl_base64.h
+++ b/lib/curl_base64.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_config.h b/lib/curl_config.h
index c46f32ba4..7fbdfd298 100644
--- a/lib/curl_config.h
+++ b/lib/curl_config.h
@@ -43,6 +43,9 @@
 /* to disable Gopher */
 #define CURL_DISABLE_GOPHER 1
 
+/* disable headers-api */
+/* #undef CURL_DISABLE_HEADERS_API */
+
 /* disable alt-svc */
 /* #undef CURL_DISABLE_HSTS */
 
@@ -139,17 +142,14 @@
 /* Define to 1 if you have the alarm function. */
 #define HAVE_ALARM 1
 
-/* Define to 1 if you have the <alloca.h> header file. */
-#define HAVE_ALLOCA_H 1
-
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #define HAVE_ARPA_INET_H 1
 
 /* Define to 1 if you have the <arpa/tftp.h> header file. */
 #define HAVE_ARPA_TFTP_H 1
 
-/* Define to 1 if you have the <assert.h> header file. */
-#define HAVE_ASSERT_H 1
+/* Define to 1 if you have _Atomic support. */
+#define HAVE_ATOMIC 1
 
 /* Define to 1 if you have the basename function. */
 #define HAVE_BASENAME 1
@@ -194,12 +194,12 @@
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #define HAVE_DLFCN_H 1
 
-/* Define to 1 if you have the <errno.h> header file. */
-#define HAVE_ERRNO_H 1
-
 /* Define to 1 if you have the <err.h> header file. */
 /* #undef HAVE_ERR_H */
 
+/* Define to 1 if you have the `fchmod' function. */
+#define HAVE_FCHMOD 1
+
 /* Define to 1 if you have the fcntl function. */
 #define HAVE_FCNTL 1
 
@@ -212,6 +212,9 @@
 /* Define to 1 if you have the `fnmatch' function. */
 #define HAVE_FNMATCH 1
 
+/* Define to 1 if you have the `fork' function. */
+#define HAVE_FORK 1
+
 /* Define to 1 if you have the freeaddrinfo function. */
 #define HAVE_FREEADDRINFO 1
 
@@ -332,9 +335,6 @@
 /* Define to 1 if you have the <inttypes.h> header file. */
 #define HAVE_INTTYPES_H 1
 
-/* Define to 1 if you have the ioctl function. */
-#define HAVE_IOCTL 1
-
 /* Define to 1 if you have the ioctlsocket function. */
 /* #undef HAVE_IOCTLSOCKET */
 
@@ -348,27 +348,15 @@
 /* Define to 1 if you have a working ioctlsocket FIONBIO function. */
 /* #undef HAVE_IOCTLSOCKET_FIONBIO */
 
-/* Define to 1 if you have a working ioctl FIONBIO function. */
-#define HAVE_IOCTL_FIONBIO 1
-
-/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */
-#define HAVE_IOCTL_SIOCGIFADDR 1
-
 /* Define to 1 if you have the <io.h> header file. */
 /* #undef HAVE_IO_H */
 
 /* Define to 1 if you have the lber.h header file. */
 /* #undef HAVE_LBER_H */
 
-/* Define to 1 if you have the ldapssl.h header file. */
-/* #undef HAVE_LDAPSSL_H */
-
 /* Define to 1 if you have the ldap.h header file. */
 /* #undef HAVE_LDAP_H */
 
-/* Define to 1 if you have the `ldap_init_fd' function. */
-/* #undef HAVE_LDAP_INIT_FD */
-
 /* Use LDAPS implementation */
 /* #undef HAVE_LDAP_SSL */
 
@@ -399,12 +387,6 @@
 /* Define to 1 if you have the `ssh2' library (-lssh2). */
 /* #undef HAVE_LIBSSH2 */
 
-/* Define to 1 if you have the <libssh2.h> header file. */
-/* #undef HAVE_LIBSSH2_H */
-
-/* Define to 1 if you have the <libssh/libssh.h> header file. */
-/* #undef HAVE_LIBSSH_LIBSSH_H */
-
 /* Define to 1 if you have the `ssl' library (-lssl). */
 #define HAVE_LIBSSL 1
 
@@ -420,33 +402,24 @@
 /* Define to 1 if you have the <linux/tcp.h> header file. */
 #define HAVE_LINUX_TCP_H 1
 
-/* if your compiler supports LL */
-#define HAVE_LL 1
-
 /* Define to 1 if you have the <locale.h> header file. */
 #define HAVE_LOCALE_H 1
 
-/* Define to 1 if you have a working localtime_r function. */
-#define HAVE_LOCALTIME_R 1
-
 /* Define to 1 if the compiler supports the 'long long' data type. */
 #define HAVE_LONGLONG 1
 
 /* Define to 1 if you have the `mach_absolute_time' function. */
 /* #undef HAVE_MACH_ABSOLUTE_TIME */
 
-/* Define to 1 if you have the malloc.h header file. */
-#define HAVE_MALLOC_H 1
-
-/* Define to 1 if you have the memory.h header file. */
-#define HAVE_MEMORY_H 1
-
 /* Define to 1 if you have the memrchr function or macro. */
 #define HAVE_MEMRCHR 1
 
 /* Define to 1 if you have the MSG_NOSIGNAL flag. */
 #define HAVE_MSG_NOSIGNAL 1
 
+/* Define to 1 if you have the <msh3.h> header file. */
+/* #undef HAVE_MSH3_H */
+
 /* Define to 1 if you have the <netdb.h> header file. */
 #define HAVE_NETDB_H 1
 
@@ -459,6 +432,9 @@
 /* Define to 1 if you have the <netinet/tcp.h> header file. */
 #define HAVE_NETINET_TCP_H 1
 
+/* Define to 1 if you have the <netinet/udp.h> header file. */
+#define HAVE_NETINET_UDP_H 1
+
 /* Define to 1 if you have the <net/if.h> header file. */
 #define HAVE_NET_IF_H 1
 
@@ -493,15 +469,13 @@
 /* Define to 1 if you have the <openssl/rsa.h> header file. */
 #define HAVE_OPENSSL_RSA_H 1
 
-/* if you have the function SRP_Calc_client_key */
+/* if you have the functions SSL_CTX_set_srp_username and
+   SSL_CTX_set_srp_password */
 /* #undef HAVE_OPENSSL_SRP */
 
 /* Define to 1 if you have the <openssl/ssl.h> header file. */
 #define HAVE_OPENSSL_SSL_H 1
 
-/* Define to 1 if you have the `OpenSSL_version' function. */
-#define HAVE_OPENSSL_VERSION 1
-
 /* Define to 1 if you have the <openssl/x509.h> header file. */
 #define HAVE_OPENSSL_X509_H 1
 
@@ -514,9 +488,6 @@
 /* if you have the PK11_CreateManagedGenericObject function */
 /* #undef HAVE_PK11_CREATEMANAGEDGENERICOBJECT */
 
-/* Define to 1 if you have a working poll function. */
-#define HAVE_POLL 1
-
 /* If you have a fine poll */
 #define HAVE_POLL_FINE 1
 
@@ -550,12 +521,18 @@
 /* Define to 1 if you have the <rsa.h> header file. */
 /* #undef HAVE_RSA_H */
 
+/* Define to 1 if you have the `sched_yield' function. */
+#define HAVE_SCHED_YIELD 1
+
 /* Define to 1 if you have the select function. */
 #define HAVE_SELECT 1
 
 /* Define to 1 if you have the send function. */
 #define HAVE_SEND 1
 
+/* Define to 1 if you have the `sendmsg' function. */
+#define HAVE_SENDMSG 1
+
 /* Define to 1 if you have the <setjmp.h> header file. */
 #define HAVE_SETJMP_H 1
 
@@ -568,12 +545,6 @@
 /* Define to 1 if you have the `setrlimit' function. */
 #define HAVE_SETRLIMIT 1
 
-/* Define to 1 if you have the setsockopt function. */
-#define HAVE_SETSOCKOPT 1
-
-/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */
-/* #undef HAVE_SETSOCKOPT_SO_NONBLOCK */
-
 /* Define to 1 if you have the sigaction function. */
 #define HAVE_SIGACTION 1
 
@@ -589,6 +560,9 @@
 /* Define to 1 if you have the sigsetjmp function or macro. */
 /* #undef HAVE_SIGSETJMP */
 
+/* Define to 1 if you have the `snprintf' function. */
+#define HAVE_SNPRINTF 1
+
 /* Define to 1 if struct sockaddr_in6 has the sin6_scope_id member */
 #define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
 
@@ -601,15 +575,18 @@
 /* Define to 1 if you have the <socket.h> header file. */
 /* #undef HAVE_SOCKET_H */
 
-/* Define to 1 if you have the `SSLv2_client_method' function. */
-/* #undef HAVE_SSLV2_CLIENT_METHOD */
-
 /* Define to 1 if you have the `SSL_get_ech_status' function. */
 /* #undef HAVE_SSL_GET_ECH_STATUS */
 
 /* Define to 1 if you have the <ssl.h> header file. */
 /* #undef HAVE_SSL_H */
 
+/* Define to 1 if you have the `SSL_set0_wbio' function. */
+#define HAVE_SSL_SET0_WBIO 1
+
+/* Define to 1 if you have the <stdatomic.h> header file. */
+#define HAVE_STDATOMIC_H 1
+
 /* Define to 1 if you have the <stdbool.h> header file. */
 #define HAVE_STDBOOL_H 1
 
@@ -643,18 +620,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1
 
-/* Define to 1 if you have the strncmpi function. */
-/* #undef HAVE_STRNCMPI */
-
-/* Define to 1 if you have the strnicmp function. */
-/* #undef HAVE_STRNICMP */
-
-/* Define to 1 if you have the <stropts.h> header file. */
-/* #undef HAVE_STROPTS_H */
-
-/* Define to 1 if you have the strstr function. */
-#define HAVE_STRSTR 1
-
 /* Define to 1 if you have the strtok_r function. */
 #define HAVE_STRTOK_R 1
 
@@ -730,9 +695,6 @@
 /* Define to 1 if you have the <unistd.h> header file. */
 #define HAVE_UNISTD_H 1
 
-/* Define to 1 if you have the `usleep' function. */
-#define HAVE_USLEEP 1
-
 /* Define to 1 if you have the `utime' function. */
 #define HAVE_UTIME 1
 
@@ -748,9 +710,6 @@
 /* Define to 1 if compiler supports old gcc variadic macro style. */
 #define HAVE_VARIADIC_MACROS_GCC 1
 
-/* Define to 1 if you have the winber.h header file. */
-/* #undef HAVE_WINBER_H */
-
 /* Define to 1 if you have the wincrypt.h header file. */
 /* #undef HAVE_WINCRYPT_H */
 
@@ -769,6 +728,9 @@
 /* if you have wolfSSL_DES_ecb_encrypt */
 /* #undef HAVE_WOLFSSL_DES_ECB_ENCRYPT */
 
+/* if you have wolfSSL_BIO_set_shutdown */
+/* #undef HAVE_WOLFSSL_FULL_BIO */
+
 /* Define to 1 if you have the `wolfSSL_get_peer_certificate' function. */
 /* #undef HAVE_WOLFSSL_GET_PEER_CERTIFICATE */
 
@@ -776,10 +738,7 @@
 /* #undef HAVE_WOLFSSL_USEALPN */
 
 /* Define this symbol if your OS supports changing the contents of argv */
-/* #undef HAVE_WRITABLE_ARGV */
-
-/* Define to 1 if you have the writev function. */
-#define HAVE_WRITEV 1
+#define HAVE_WRITABLE_ARGV 1
 
 /* Define to 1 if you have the ws2tcpip.h header file. */
 /* #undef HAVE_WS2TCPIP_H */
@@ -787,9 +746,6 @@
 /* Define to 1 if you have the <x509.h> header file. */
 /* #undef HAVE_X509_H */
 
-/* if you have the zlib.h header file */
-#define HAVE_ZLIB_H 1
-
 /* if libzstd is in use */
 /* #undef HAVE_ZSTD */
 
@@ -802,12 +758,6 @@
 /* Define to 1 if you need the lber.h header file even with ldap.h */
 /* #undef NEED_LBER_H */
 
-/* Define to 1 if you need the malloc.h header file even with stdlib.h */
-/* #undef NEED_MALLOC_H */
-
-/* Define to 1 if you need the memory.h header file even with stdlib.h */
-/* #undef NEED_MEMORY_H */
-
 /* Define to 1 if _REENTRANT preprocessor symbol must be defined. */
 /* #undef NEED_REENTRANT */
 
@@ -842,73 +792,34 @@
 #define PACKAGE_VERSION "-"
 
 /* a suitable file to read random data from */
-/* #undef RANDOM_FILE */
-
-/* Define to the type of arg 1 for recv. */
-#define RECV_TYPE_ARG1 int
-
-/* Define to the type of arg 2 for recv. */
-#define RECV_TYPE_ARG2 void *
-
-/* Define to the type of arg 3 for recv. */
-#define RECV_TYPE_ARG3 size_t
-
-/* Define to the type of arg 4 for recv. */
-#define RECV_TYPE_ARG4 int
-
-/* Define to the function return type for recv. */
-#define RECV_TYPE_RETV ssize_t
-
-/* Define to the type qualifier of arg 5 for select. */
-#define SELECT_QUAL_ARG5 
+#define RANDOM_FILE "/dev/urandom"
 
-/* Define to the type of arg 1 for select. */
-#define SELECT_TYPE_ARG1 int
-
-/* Define to the type of args 2, 3 and 4 for select. */
-#define SELECT_TYPE_ARG234 fd_set *
-
-/* Define to the type of arg 5 for select. */
-#define SELECT_TYPE_ARG5 struct timeval *
-
-/* Define to the function return type for select. */
-#define SELECT_TYPE_RETV ssize_t
-
-/* Define to the type qualifier of arg 2 for send. */
-#define SEND_QUAL_ARG2 const
-
-/* Define to the type of arg 1 for send. */
-#define SEND_TYPE_ARG1 int
-
-/* Define to the type of arg 2 for send. */
-#define SEND_TYPE_ARG2 void *
+/* Size of curl_off_t in number of bytes */
+#define SIZEOF_CURL_OFF_T 8
 
-/* Define to the type of arg 3 for send. */
-#define SEND_TYPE_ARG3 size_t
+/* Size of int in number of bytes */
+#define SIZEOF_INT 4
 
-/* Define to the type of arg 4 for send. */
-#define SEND_TYPE_ARG4 int
+/* Size of long in number of bytes */
+/* #undef SIZEOF_LONG_LONG */
 
-/* Define to the function return type for send. */
-#define SEND_TYPE_RETV ssize_t
+/* Size of long long in number of bytes */
+/* #undef SIZEOF_LONG_LONG */
 
-/* The number of bytes in type curl_off_t */
-#define SIZEOF_CURL_OFF_T 8
+/* Size of off_t in number of bytes */
+/* #undef SIZEOF_OFF_T 8 */
 
-/* The number of bytes in type int */
-#define SIZEOF_INT 4
+/* Size of size_t in number of bytes */
+/* #undef SIZEOF_SIZE_T 8 */
 
-/* The number of bytes in type short */
-#define SIZEOF_SHORT 2
+/* Size of time_t in number of bytes */
+/* #undef SIZEOF_TIME_T 8 */
 
 /* Define to 1 if all of the C90 standard headers exist (not just the ones
    required in a freestanding environment). This macro is provided for
    backward compatibility; new code need not use it. */
 #define STDC_HEADERS 1
 
-/* Define to the type of arg 3 for strerror_r. */
-#define STRERROR_R_TYPE_ARG3 size_t
-
 /* if AmiSSL is in use */
 /* #undef USE_AMISSL */
 
@@ -948,8 +859,8 @@
 /* if mbedTLS is enabled */
 /* #undef USE_MBEDTLS */
 
-/* if MesaLink is enabled */
-/* #undef USE_MESALINK */
+/* if msh3 is in use */
+/* #undef USE_MSH3 */
 
 /* if nghttp2 is in use */
 /* #undef USE_NGHTTP2 */
@@ -966,6 +877,9 @@
 /* if ngtcp2_crypto_openssl is in use */
 /* #undef USE_NGTCP2_CRYPTO_OPENSSL */
 
+/* if ngtcp2_crypto_wolfssl is in use */
+/* #undef USE_NGTCP2_CRYPTO_WOLFSSL */
+
 /* if NSS is enabled */
 /* #undef USE_NSS */
 
@@ -999,6 +913,9 @@
 /* Use Unix domain sockets */
 #define USE_UNIX_SOCKETS 1
 
+/* enable websockets support */
+/* #undef USE_WEBSOCKETS */
+
 /* Define to 1 if you are building a Windows target with crypto API support.
    */
 /* #undef USE_WIN32_CRYPTO */
@@ -1029,9 +946,6 @@
 /* Version number of package */
 #define VERSION "-"
 
-/* Define to 1 to provide own prototypes. */
-/* #undef WANT_IDN_PROTOTYPES */
-
 /* Define to 1 if OS is AIX. */
 #ifndef _ALL_SOURCE
 /* #  undef _ALL_SOURCE */
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index 8f8964e64..eca71bdef 100644
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in
index 751f6a4f6..6d274171b 100644
--- a/lib/curl_config.h.in
+++ b/lib/curl_config.h.in
@@ -42,6 +42,9 @@
 /* to disable Gopher */
 #undef CURL_DISABLE_GOPHER
 
+/* disable headers-api */
+#undef CURL_DISABLE_HEADERS_API
+
 /* disable alt-svc */
 #undef CURL_DISABLE_HSTS
 
@@ -138,8 +141,8 @@
 /* Define to 1 if you have the alarm function. */
 #undef HAVE_ALARM
 
-/* Define to 1 if you have the <alloca.h> header file. */
-#undef HAVE_ALLOCA_H
+/* Define to 1 if you have the `arc4random' function. */
+#undef HAVE_ARC4RANDOM
 
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #undef HAVE_ARPA_INET_H
@@ -147,8 +150,8 @@
 /* Define to 1 if you have the <arpa/tftp.h> header file. */
 #undef HAVE_ARPA_TFTP_H
 
-/* Define to 1 if you have the <assert.h> header file. */
-#undef HAVE_ASSERT_H
+/* Define to 1 if you have _Atomic support. */
+#undef HAVE_ATOMIC
 
 /* Define to 1 if you have the basename function. */
 #undef HAVE_BASENAME
@@ -193,12 +196,12 @@
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
-
 /* Define to 1 if you have the <err.h> header file. */
 #undef HAVE_ERR_H
 
+/* Define to 1 if you have the `fchmod' function. */
+#undef HAVE_FCHMOD
+
 /* Define to 1 if you have the fcntl function. */
 #undef HAVE_FCNTL
 
@@ -211,6 +214,9 @@
 /* Define to 1 if you have the `fnmatch' function. */
 #undef HAVE_FNMATCH
 
+/* Define to 1 if you have the `fork' function. */
+#undef HAVE_FORK
+
 /* Define to 1 if you have the freeaddrinfo function. */
 #undef HAVE_FREEADDRINFO
 
@@ -331,9 +337,6 @@
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H
 
-/* Define to 1 if you have the ioctl function. */
-#undef HAVE_IOCTL
-
 /* Define to 1 if you have the ioctlsocket function. */
 #undef HAVE_IOCTLSOCKET
 
@@ -347,27 +350,15 @@
 /* Define to 1 if you have a working ioctlsocket FIONBIO function. */
 #undef HAVE_IOCTLSOCKET_FIONBIO
 
-/* Define to 1 if you have a working ioctl FIONBIO function. */
-#undef HAVE_IOCTL_FIONBIO
-
-/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */
-#undef HAVE_IOCTL_SIOCGIFADDR
-
 /* Define to 1 if you have the <io.h> header file. */
 #undef HAVE_IO_H
 
 /* Define to 1 if you have the lber.h header file. */
 #undef HAVE_LBER_H
 
-/* Define to 1 if you have the ldapssl.h header file. */
-#undef HAVE_LDAPSSL_H
-
 /* Define to 1 if you have the ldap.h header file. */
 #undef HAVE_LDAP_H
 
-/* Define to 1 if you have the `ldap_init_fd' function. */
-#undef HAVE_LDAP_INIT_FD
-
 /* Use LDAPS implementation */
 #undef HAVE_LDAP_SSL
 
@@ -398,12 +389,6 @@
 /* Define to 1 if you have the `ssh2' library (-lssh2). */
 #undef HAVE_LIBSSH2
 
-/* Define to 1 if you have the <libssh2.h> header file. */
-#undef HAVE_LIBSSH2_H
-
-/* Define to 1 if you have the <libssh/libssh.h> header file. */
-#undef HAVE_LIBSSH_LIBSSH_H
-
 /* Define to 1 if you have the `ssl' library (-lssl). */
 #undef HAVE_LIBSSL
 
@@ -419,33 +404,24 @@
 /* Define to 1 if you have the <linux/tcp.h> header file. */
 #undef HAVE_LINUX_TCP_H
 
-/* if your compiler supports LL */
-#undef HAVE_LL
-
 /* Define to 1 if you have the <locale.h> header file. */
 #undef HAVE_LOCALE_H
 
-/* Define to 1 if you have a working localtime_r function. */
-#undef HAVE_LOCALTIME_R
-
 /* Define to 1 if the compiler supports the 'long long' data type. */
 #undef HAVE_LONGLONG
 
 /* Define to 1 if you have the `mach_absolute_time' function. */
 #undef HAVE_MACH_ABSOLUTE_TIME
 
-/* Define to 1 if you have the malloc.h header file. */
-#undef HAVE_MALLOC_H
-
-/* Define to 1 if you have the memory.h header file. */
-#undef HAVE_MEMORY_H
-
 /* Define to 1 if you have the memrchr function or macro. */
 #undef HAVE_MEMRCHR
 
 /* Define to 1 if you have the MSG_NOSIGNAL flag. */
 #undef HAVE_MSG_NOSIGNAL
 
+/* Define to 1 if you have the <msh3.h> header file. */
+#undef HAVE_MSH3_H
+
 /* Define to 1 if you have the <netdb.h> header file. */
 #undef HAVE_NETDB_H
 
@@ -458,6 +434,9 @@
 /* Define to 1 if you have the <netinet/tcp.h> header file. */
 #undef HAVE_NETINET_TCP_H
 
+/* Define to 1 if you have the <netinet/udp.h> header file. */
+#undef HAVE_NETINET_UDP_H
+
 /* Define to 1 if you have the <net/if.h> header file. */
 #undef HAVE_NET_IF_H
 
@@ -492,15 +471,13 @@
 /* Define to 1 if you have the <openssl/rsa.h> header file. */
 #undef HAVE_OPENSSL_RSA_H
 
-/* if you have the function SRP_Calc_client_key */
+/* if you have the functions SSL_CTX_set_srp_username and
+   SSL_CTX_set_srp_password */
 #undef HAVE_OPENSSL_SRP
 
 /* Define to 1 if you have the <openssl/ssl.h> header file. */
 #undef HAVE_OPENSSL_SSL_H
 
-/* Define to 1 if you have the `OpenSSL_version' function. */
-#undef HAVE_OPENSSL_VERSION
-
 /* Define to 1 if you have the <openssl/x509.h> header file. */
 #undef HAVE_OPENSSL_X509_H
 
@@ -513,9 +490,6 @@
 /* if you have the PK11_CreateManagedGenericObject function */
 #undef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
 
-/* Define to 1 if you have a working poll function. */
-#undef HAVE_POLL
-
 /* If you have a fine poll */
 #undef HAVE_POLL_FINE
 
@@ -549,12 +523,18 @@
 /* Define to 1 if you have the <rsa.h> header file. */
 #undef HAVE_RSA_H
 
+/* Define to 1 if you have the `sched_yield' function. */
+#undef HAVE_SCHED_YIELD
+
 /* Define to 1 if you have the select function. */
 #undef HAVE_SELECT
 
 /* Define to 1 if you have the send function. */
 #undef HAVE_SEND
 
+/* Define to 1 if you have the `sendmsg' function. */
+#undef HAVE_SENDMSG
+
 /* Define to 1 if you have the <setjmp.h> header file. */
 #undef HAVE_SETJMP_H
 
@@ -567,12 +547,6 @@
 /* Define to 1 if you have the `setrlimit' function. */
 #undef HAVE_SETRLIMIT
 
-/* Define to 1 if you have the setsockopt function. */
-#undef HAVE_SETSOCKOPT
-
-/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */
-#undef HAVE_SETSOCKOPT_SO_NONBLOCK
-
 /* Define to 1 if you have the sigaction function. */
 #undef HAVE_SIGACTION
 
@@ -588,6 +562,9 @@
 /* Define to 1 if you have the sigsetjmp function or macro. */
 #undef HAVE_SIGSETJMP
 
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
 /* Define to 1 if struct sockaddr_in6 has the sin6_scope_id member */
 #undef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
 
@@ -600,15 +577,18 @@
 /* Define to 1 if you have the <socket.h> header file. */
 #undef HAVE_SOCKET_H
 
-/* Define to 1 if you have the `SSLv2_client_method' function. */
-#undef HAVE_SSLV2_CLIENT_METHOD
-
 /* Define to 1 if you have the `SSL_get_ech_status' function. */
 #undef HAVE_SSL_GET_ECH_STATUS
 
 /* Define to 1 if you have the <ssl.h> header file. */
 #undef HAVE_SSL_H
 
+/* Define to 1 if you have the `SSL_set0_wbio' function. */
+#undef HAVE_SSL_SET0_WBIO
+
+/* Define to 1 if you have the <stdatomic.h> header file. */
+#undef HAVE_STDATOMIC_H
+
 /* Define to 1 if you have the <stdbool.h> header file. */
 #undef HAVE_STDBOOL_H
 
@@ -642,18 +622,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H
 
-/* Define to 1 if you have the strncmpi function. */
-#undef HAVE_STRNCMPI
-
-/* Define to 1 if you have the strnicmp function. */
-#undef HAVE_STRNICMP
-
-/* Define to 1 if you have the <stropts.h> header file. */
-#undef HAVE_STROPTS_H
-
-/* Define to 1 if you have the strstr function. */
-#undef HAVE_STRSTR
-
 /* Define to 1 if you have the strtok_r function. */
 #undef HAVE_STRTOK_R
 
@@ -729,9 +697,6 @@
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 
-/* Define to 1 if you have the `usleep' function. */
-#undef HAVE_USLEEP
-
 /* Define to 1 if you have the `utime' function. */
 #undef HAVE_UTIME
 
@@ -747,9 +712,6 @@
 /* Define to 1 if compiler supports old gcc variadic macro style. */
 #undef HAVE_VARIADIC_MACROS_GCC
 
-/* Define to 1 if you have the winber.h header file. */
-#undef HAVE_WINBER_H
-
 /* Define to 1 if you have the wincrypt.h header file. */
 #undef HAVE_WINCRYPT_H
 
@@ -768,6 +730,9 @@
 /* if you have wolfSSL_DES_ecb_encrypt */
 #undef HAVE_WOLFSSL_DES_ECB_ENCRYPT
 
+/* if you have wolfSSL_BIO_set_shutdown */
+#undef HAVE_WOLFSSL_FULL_BIO
+
 /* Define to 1 if you have the `wolfSSL_get_peer_certificate' function. */
 #undef HAVE_WOLFSSL_GET_PEER_CERTIFICATE
 
@@ -777,18 +742,12 @@
 /* Define this symbol if your OS supports changing the contents of argv */
 #undef HAVE_WRITABLE_ARGV
 
-/* Define to 1 if you have the writev function. */
-#undef HAVE_WRITEV
-
 /* Define to 1 if you have the ws2tcpip.h header file. */
 #undef HAVE_WS2TCPIP_H
 
 /* Define to 1 if you have the <x509.h> header file. */
 #undef HAVE_X509_H
 
-/* if you have the zlib.h header file */
-#undef HAVE_ZLIB_H
-
 /* if libzstd is in use */
 #undef HAVE_ZSTD
 
@@ -801,12 +760,6 @@
 /* Define to 1 if you need the lber.h header file even with ldap.h */
 #undef NEED_LBER_H
 
-/* Define to 1 if you need the malloc.h header file even with stdlib.h */
-#undef NEED_MALLOC_H
-
-/* Define to 1 if you need the memory.h header file even with stdlib.h */
-#undef NEED_MEMORY_H
-
 /* Define to 1 if _REENTRANT preprocessor symbol must be defined. */
 #undef NEED_REENTRANT
 
@@ -846,76 +799,25 @@
 /* a suitable file to read random data from */
 #undef RANDOM_FILE
 
-/* Define to the type of arg 1 for recv. */
-#undef RECV_TYPE_ARG1
-
-/* Define to the type of arg 2 for recv. */
-#undef RECV_TYPE_ARG2
-
-/* Define to the type of arg 3 for recv. */
-#undef RECV_TYPE_ARG3
-
-/* Define to the type of arg 4 for recv. */
-#undef RECV_TYPE_ARG4
-
-/* Define to the function return type for recv. */
-#undef RECV_TYPE_RETV
-
-/* Define to the type qualifier of arg 5 for select. */
-#undef SELECT_QUAL_ARG5
-
-/* Define to the type of arg 1 for select. */
-#undef SELECT_TYPE_ARG1
-
-/* Define to the type of args 2, 3 and 4 for select. */
-#undef SELECT_TYPE_ARG234
-
-/* Define to the type of arg 5 for select. */
-#undef SELECT_TYPE_ARG5
-
-/* Define to the function return type for select. */
-#undef SELECT_TYPE_RETV
-
-/* Define to the type qualifier of arg 2 for send. */
-#undef SEND_QUAL_ARG2
-
-/* Define to the type of arg 1 for send. */
-#undef SEND_TYPE_ARG1
-
-/* Define to the type of arg 2 for send. */
-#undef SEND_TYPE_ARG2
-
-/* Define to the type of arg 3 for send. */
-#undef SEND_TYPE_ARG3
-
-/* Define to the type of arg 4 for send. */
-#undef SEND_TYPE_ARG4
-
-/* Define to the function return type for send. */
-#undef SEND_TYPE_RETV
-
-/* The number of bytes in type curl_off_t */
+/* Size of curl_off_t in number of bytes */
 #undef SIZEOF_CURL_OFF_T
 
-/* The number of bytes in type int */
+/* Size of int in number of bytes */
 #undef SIZEOF_INT
 
-/* The number of bytes in type long */
+/* Size of long in number of bytes */
 #undef SIZEOF_LONG
 
-/* The number of bytes in type long long */
+/* Size of long long in number of bytes */
 #undef SIZEOF_LONG_LONG
 
-/* The number of bytes in type off_t */
+/* Size of off_t in number of bytes */
 #undef SIZEOF_OFF_T
 
-/* The number of bytes in type short */
-#undef SIZEOF_SHORT
-
-/* The number of bytes in type size_t */
+/* Size of size_t in number of bytes */
 #undef SIZEOF_SIZE_T
 
-/* The number of bytes in type time_t */
+/* Size of time_t in number of bytes */
 #undef SIZEOF_TIME_T
 
 /* Define to 1 if all of the C90 standard headers exist (not just the ones
@@ -923,9 +825,6 @@
    backward compatibility; new code need not use it. */
 #undef STDC_HEADERS
 
-/* Define to the type of arg 3 for strerror_r. */
-#undef STRERROR_R_TYPE_ARG3
-
 /* if AmiSSL is in use */
 #undef USE_AMISSL
 
@@ -965,8 +864,8 @@
 /* if mbedTLS is enabled */
 #undef USE_MBEDTLS
 
-/* if MesaLink is enabled */
-#undef USE_MESALINK
+/* if msh3 is in use */
+#undef USE_MSH3
 
 /* if nghttp2 is in use */
 #undef USE_NGHTTP2
@@ -983,6 +882,9 @@
 /* if ngtcp2_crypto_openssl is in use */
 #undef USE_NGTCP2_CRYPTO_OPENSSL
 
+/* if ngtcp2_crypto_wolfssl is in use */
+#undef USE_NGTCP2_CRYPTO_WOLFSSL
+
 /* if NSS is enabled */
 #undef USE_NSS
 
@@ -1016,6 +918,9 @@
 /* Use Unix domain sockets */
 #undef USE_UNIX_SOCKETS
 
+/* enable websockets support */
+#undef USE_WEBSOCKETS
+
 /* Define to 1 if you are building a Windows target with crypto API support.
    */
 #undef USE_WIN32_CRYPTO
@@ -1046,9 +951,6 @@
 /* Version number of package */
 #undef VERSION
 
-/* Define to 1 to provide own prototypes. */
-#undef WANT_IDN_PROTOTYPES
-
 /* Define to 1 if OS is AIX. */
 #ifndef _ALL_SOURCE
 #  undef _ALL_SOURCE
diff --git a/lib/curl_ctype.h b/lib/curl_ctype.h
index dc6b8cab8..1d1d60c28 100644
--- a/lib/curl_ctype.h
+++ b/lib/curl_ctype.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -27,7 +27,7 @@
 #define ISLOWHEXALHA(x) (((x) >= 'a') && ((x) <= 'f'))
 #define ISUPHEXALHA(x) (((x) >= 'A') && ((x) <= 'F'))
 
-#define ISLOWCNTRL(x) ((x) >= 0 && ((x) <= 0x1f))
+#define ISLOWCNTRL(x) ((unsigned char)(x) <= 0x1f)
 #define IS7F(x) ((x) == 0x7f)
 
 #define ISLOWPRINT(x) (((x) >= 9) && ((x) <= 0x0d))
diff --git a/lib/curl_des.c b/lib/curl_des.c
index a2bf648c2..5c623b35b 100644
--- a/lib/curl_des.c
+++ b/lib/curl_des.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_des.h b/lib/curl_des.h
index c1c167471..6ec450acc 100644
--- a/lib/curl_des.h
+++ b/lib/curl_des.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_endian.c b/lib/curl_endian.c
index 3cc7734f3..11c662a4c 100644
--- a/lib/curl_endian.c
+++ b/lib/curl_endian.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_endian.h b/lib/curl_endian.h
index 08d52e7c5..fa283214b 100644
--- a/lib/curl_endian.h
+++ b/lib/curl_endian.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_fnmatch.c b/lib/curl_fnmatch.c
index b8a85a96e..5f9ca4f1b 100644
--- a/lib/curl_fnmatch.c
+++ b/lib/curl_fnmatch.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_fnmatch.h b/lib/curl_fnmatch.h
index 8324be533..595646ff0 100644
--- a/lib/curl_fnmatch.h
+++ b/lib/curl_fnmatch.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_get_line.c b/lib/curl_get_line.c
index 0d8c285a1..686abe751 100644
--- a/lib/curl_get_line.c
+++ b/lib/curl_get_line.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_get_line.h b/lib/curl_get_line.h
index b2a534d00..0ff32c5c2 100644
--- a/lib/curl_get_line.h
+++ b/lib/curl_get_line.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_gethostname.c b/lib/curl_gethostname.c
index 4747e938d..706b2e689 100644
--- a/lib/curl_gethostname.c
+++ b/lib/curl_gethostname.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_gethostname.h b/lib/curl_gethostname.h
index b7360969a..9281d9c24 100644
--- a/lib/curl_gethostname.h
+++ b/lib/curl_gethostname.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_gssapi.c b/lib/curl_gssapi.c
index 01ab48ec3..c6fe1256b 100644
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -34,10 +34,16 @@
 #include "curl_memory.h"
 #include "memdebug.h"
 
-gss_OID_desc Curl_spnego_mech_oid = {
+#if defined(__GNUC__)
+#define CURL_ALIGN8   __attribute__ ((aligned(8)))
+#else
+#define CURL_ALIGN8
+#endif
+
+gss_OID_desc Curl_spnego_mech_oid CURL_ALIGN8 = {
   6, (char *)"\x2b\x06\x01\x05\x05\x02"
 };
-gss_OID_desc Curl_krb5_mech_oid = {
+gss_OID_desc Curl_krb5_mech_oid CURL_ALIGN8 = {
   9, (char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
 };
 
diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h
index b4ed482aa..7b9a534ea 100644
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_hmac.h b/lib/curl_hmac.h
index 36c0bd62e..11625c0cb 100644
--- a/lib/curl_hmac.h
+++ b/lib/curl_hmac.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_krb5.h b/lib/curl_krb5.h
index ccd6f10e3..ccf6b96a8 100644
--- a/lib/curl_krb5.h
+++ b/lib/curl_krb5.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_ldap.h b/lib/curl_ldap.h
index ba3ede426..8a1d807ed 100644
--- a/lib/curl_ldap.h
+++ b/lib/curl_ldap.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_log.c b/lib/curl_log.c
new file mode 100644
index 000000000..2301cff12
--- /dev/null
+++ b/lib/curl_log.c
@@ -0,0 +1,223 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "curl_log.h"
+#include "urldata.h"
+#include "easyif.h"
+#include "cfilters.h"
+#include "timeval.h"
+#include "multiif.h"
+#include "strcase.h"
+
+#include "cf-socket.h"
+#include "connect.h"
+#include "http2.h"
+#include "http_proxy.h"
+#include "cf-https-connect.h"
+#include "socks.h"
+#include "strtok.h"
+#include "vtls/vtls.h"
+#include "vquic/vquic.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+
+void Curl_debug(struct Curl_easy *data, curl_infotype type,
+                char *ptr, size_t size)
+{
+  if(data->set.verbose) {
+    static const char s_infotype[CURLINFO_END][3] = {
+      "* ", "< ", "> ", "{ ", "} ", "{ ", "} " };
+    if(data->set.fdebug) {
+      bool inCallback = Curl_is_in_callback(data);
+      Curl_set_in_callback(data, true);
+      (void)(*data->set.fdebug)(data, type, ptr, size, data->set.debugdata);
+      Curl_set_in_callback(data, inCallback);
+    }
+    else {
+      switch(type) {
+      case CURLINFO_TEXT:
+      case CURLINFO_HEADER_OUT:
+      case CURLINFO_HEADER_IN:
+        fwrite(s_infotype[type], 2, 1, data->set.err);
+        fwrite(ptr, size, 1, data->set.err);
+        break;
+      default: /* nada */
+        break;
+      }
+    }
+  }
+}
+
+
+/* Curl_failf() is for messages stating why we failed.
+ * The message SHALL NOT include any LF or CR.
+ */
+void Curl_failf(struct Curl_easy *data, const char *fmt, ...)
+{
+  DEBUGASSERT(!strchr(fmt, '\n'));
+  if(data->set.verbose || data->set.errorbuffer) {
+    va_list ap;
+    int len;
+    char error[CURL_ERROR_SIZE + 2];
+    va_start(ap, fmt);
+    len = mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap);
+
+    if(data->set.errorbuffer && !data->state.errorbuf) {
+      strcpy(data->set.errorbuffer, error);
+      data->state.errorbuf = TRUE; /* wrote error string */
+    }
+    error[len++] = '\n';
+    error[len] = '\0';
+    Curl_debug(data, CURLINFO_TEXT, error, len);
+    va_end(ap);
+  }
+}
+
+/* Curl_infof() is for info message along the way */
+#define MAXINFO 2048
+
+void Curl_infof(struct Curl_easy *data, const char *fmt, ...)
+{
+  DEBUGASSERT(!strchr(fmt, '\n'));
+  if(data && data->set.verbose) {
+    va_list ap;
+    int len;
+    char buffer[MAXINFO + 2];
+    va_start(ap, fmt);
+    len = mvsnprintf(buffer, MAXINFO, fmt, ap);
+    va_end(ap);
+    buffer[len++] = '\n';
+    buffer[len] = '\0';
+    Curl_debug(data, CURLINFO_TEXT, buffer, len);
+  }
+}
+
+#ifdef DEBUGBUILD
+
+void Curl_log_cf_debug(struct Curl_easy *data, struct Curl_cfilter *cf,
+                       const char *fmt, ...)
+{
+  DEBUGASSERT(cf);
+  if(data && Curl_log_cf_is_debug(cf)) {
+    va_list ap;
+    int len;
+    char buffer[MAXINFO + 2];
+    len = msnprintf(buffer, MAXINFO, "[CONN-%ld%s-%s] ",
+                    cf->conn->connection_id, cf->sockindex? "/2" : "",
+                    cf->cft->name);
+    va_start(ap, fmt);
+    len += mvsnprintf(buffer + len, MAXINFO - len, fmt, ap);
+    va_end(ap);
+    buffer[len++] = '\n';
+    buffer[len] = '\0';
+    Curl_debug(data, CURLINFO_TEXT, buffer, len);
+  }
+}
+
+
+static struct Curl_cftype *cf_types[] = {
+  &Curl_cft_tcp,
+  &Curl_cft_udp,
+  &Curl_cft_unix,
+  &Curl_cft_tcp_accept,
+  &Curl_cft_happy_eyeballs,
+  &Curl_cft_setup,
+#ifdef USE_NGHTTP2
+  &Curl_cft_nghttp2,
+#endif
+#ifdef USE_SSL
+  &Curl_cft_ssl,
+  &Curl_cft_ssl_proxy,
+#endif
+#if !defined(CURL_DISABLE_PROXY)
+#if !defined(CURL_DISABLE_HTTP)
+  &Curl_cft_http_proxy,
+#endif /* !CURL_DISABLE_HTTP */
+  &Curl_cft_haproxy,
+  &Curl_cft_socks_proxy,
+#endif /* !CURL_DISABLE_PROXY */
+#ifdef ENABLE_QUIC
+  &Curl_cft_http3,
+#endif
+#if !defined(CURL_DISABLE_HTTP) && !defined(USE_HYPER)
+  &Curl_cft_http_connect,
+#endif
+  NULL,
+};
+
+#ifndef ARRAYSIZE
+#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
+#endif
+
+CURLcode Curl_log_init(void)
+{
+  const char *setting = getenv("CURL_DEBUG");
+  if(setting) {
+    char *token, *tok_buf, *tmp;
+    size_t i;
+
+    tmp = strdup(setting);
+    if(!tmp)
+      return CURLE_OUT_OF_MEMORY;
+
+    token = strtok_r(tmp, ", ", &tok_buf);
+    while(token) {
+      for(i = 0; cf_types[i]; ++i) {
+        if(strcasecompare(token, cf_types[i]->name)) {
+          cf_types[i]->log_level = CURL_LOG_DEBUG;
+          break;
+        }
+      }
+      token = strtok_r(NULL, ", ", &tok_buf);
+    }
+    free(tmp);
+  }
+  return CURLE_OK;
+}
+#else /* DEBUGBUILD */
+
+CURLcode Curl_log_init(void)
+{
+  return CURLE_OK;
+}
+
+#if !defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L)
+void Curl_log_cf_debug(struct Curl_easy *data, struct Curl_cfilter *cf,
+                       const char *fmt, ...)
+{
+  (void)data;
+  (void)cf;
+  (void)fmt;
+}
+#endif
+
+#endif /* !DEBUGBUILD */
diff --git a/lib/curl_log.h b/lib/curl_log.h
new file mode 100644
index 000000000..ad6143fa9
--- /dev/null
+++ b/lib/curl_log.h
@@ -0,0 +1,138 @@
+#ifndef HEADER_CURL_LOG_H
+#define HEADER_CURL_LOG_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+struct Curl_easy;
+struct Curl_cfilter;
+
+/**
+ * Init logging, return != 0 on failure.
+ */
+CURLcode Curl_log_init(void);
+
+
+void Curl_infof(struct Curl_easy *, const char *fmt, ...);
+void Curl_failf(struct Curl_easy *, const char *fmt, ...);
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+
+#if defined(HAVE_VARIADIC_MACROS_C99)
+#define infof(...)  Curl_nop_stmt
+#elif defined(HAVE_VARIADIC_MACROS_GCC)
+#define infof(x...)  Curl_nop_stmt
+#else
+#error "missing VARIADIC macro define, fix and rebuild!"
+#endif
+
+#else /* CURL_DISABLE_VERBOSE_STRINGS */
+
+#define infof Curl_infof
+
+#endif /* CURL_DISABLE_VERBOSE_STRINGS */
+
+#define failf Curl_failf
+
+
+#define CURL_LOG_DEFAULT  0
+#define CURL_LOG_DEBUG    1
+#define CURL_LOG_TRACE    2
+
+
+/* the function used to output verbose information */
+void Curl_debug(struct Curl_easy *data, curl_infotype type,
+                char *ptr, size_t size);
+
+#ifdef DEBUGBUILD
+
+/* explainer: we have some mix configuration and werror settings
+ * that define HAVE_VARIADIC_MACROS_C99 even though C89 is enforced
+ * on gnuc and some other compiler. Need to treat carefully.
+ */
+#if defined(HAVE_VARIADIC_MACROS_C99) && \
+    defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
+
+#define LOG_CF(data, cf, ...) \
+  do { if(Curl_log_cf_is_debug(cf)) \
+         Curl_log_cf_debug(data, cf, __VA_ARGS__); } while(0)
+#else
+#define LOG_CF Curl_log_cf_debug
+#endif
+
+void Curl_log_cf_debug(struct Curl_easy *data, struct Curl_cfilter *cf,
+#if defined(__GNUC__) && !defined(printf) &&                    \
+  defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
+  !defined(__MINGW32__)
+                       const char *fmt, ...)
+                       __attribute__((format(printf, 3, 4)));
+#else
+                       const char *fmt, ...);
+#endif
+
+#define Curl_log_cf_is_debug(cf) \
+    ((cf) && (cf)->cft->log_level >= CURL_LOG_DEBUG)
+
+#else /* !DEBUGBUILD */
+
+#if defined(HAVE_VARIADIC_MACROS_C99) && \
+    defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
+#define LOG_CF(...)               Curl_nop_stmt
+#define Curl_log_cf_debug(...)    Curl_nop_stmt
+#elif defined(HAVE_VARIADIC_MACROS_GCC) && \
+    defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
+#define LOG_CF(x...)              Curl_nop_stmt
+#define Curl_log_cf_debug(x...)   Curl_nop_stmt
+#else
+#define LOG_CF                    Curl_log_cf_debug
+/* without c99, we seem unable to completely define away this function. */
+void Curl_log_cf_debug(struct Curl_easy *data, struct Curl_cfilter *cf,
+                       const char *fmt, ...);
+#endif
+
+#define Curl_log_cf_is_debug(x)   ((void)(x), FALSE)
+
+#endif  /* !DEBUGBUILD */
+
+#define LOG_CF_IS_DEBUG(x)        Curl_log_cf_is_debug(x)
+
+/* Macros intended for DEBUGF logging, use like:
+ * DEBUGF(infof(data, CFMSG(cf, "this filter %s rocks"), "very much"));
+ * and it will output:
+ * [CONN-1-0][CF-SSL] this filter very much rocks
+ * on connection #1 with sockindex 0 for filter of type "SSL". */
+#define DMSG(d,msg)  \
+  "[CONN-%ld] "msg, (d)->conn->connection_id
+#define DMSGI(d,i,msg)  \
+  "[CONN-%ld-%d] "msg, (d)->conn->connection_id, (i)
+#define CMSG(c,msg)  \
+  "[CONN-%ld] "msg, (c)->connection_id
+#define CMSGI(c,i,msg)  \
+  "[CONN-%ld-%d] "msg, (c)->connection_id, (i)
+#define CFMSG(cf,msg)  \
+  "[CONN-%ld-%d][CF-%s] "msg, (cf)->conn->connection_id, \
+  (cf)->sockindex, (cf)->cft->name
+
+
+
+#endif /* HEADER_CURL_LOG_H */
diff --git a/lib/curl_md4.h b/lib/curl_md4.h
index 8049355cf..03567b991 100644
--- a/lib/curl_md4.h
+++ b/lib/curl_md4.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_md5.h b/lib/curl_md5.h
index 789329654..ec2512f00 100644
--- a/lib/curl_md5.h
+++ b/lib/curl_md5.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_memory.h b/lib/curl_memory.h
index 092fc9f75..7af139196 100644
--- a/lib/curl_memory.h
+++ b/lib/curl_memory.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_memrchr.c b/lib/curl_memrchr.c
index c329a6176..3f3dc6de1 100644
--- a/lib/curl_memrchr.c
+++ b/lib/curl_memrchr.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_memrchr.h b/lib/curl_memrchr.h
index e7654e1d9..a1a4ba092 100644
--- a/lib/curl_memrchr.h
+++ b/lib/curl_memrchr.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_multibyte.c b/lib/curl_multibyte.c
index 309dccbfe..522ea34e8 100644
--- a/lib/curl_multibyte.c
+++ b/lib/curl_multibyte.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_multibyte.h b/lib/curl_multibyte.h
index 929714873..ddac1f638 100644
--- a/lib/curl_multibyte.h
+++ b/lib/curl_multibyte.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index 690f8f767..25d252602 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -36,12 +36,13 @@
 /* Please keep the SSL backend-specific #if branches in this order:
 
    1. USE_OPENSSL
-   2. USE_GNUTLS
-   3. USE_NSS
-   4. USE_MBEDTLS
-   5. USE_SECTRANSP
-   6. USE_OS400CRYPTO
-   7. USE_WIN32_CRYPTO
+   2. USE_WOLFSSL
+   3. USE_GNUTLS
+   4. USE_NSS
+   5. USE_MBEDTLS
+   6. USE_SECTRANSP
+   7. USE_OS400CRYPTO
+   8. USE_WIN32_CRYPTO
 
    This ensures that:
    - the same SSL branch gets activated throughout this source
diff --git a/lib/curl_ntlm_core.h b/lib/curl_ntlm_core.h
index 60444c9dc..33b651f5e 100644
--- a/lib/curl_ntlm_core.h
+++ b/lib/curl_ntlm_core.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,11 +37,11 @@
 #define NTLM_NEEDS_NSS_INIT
 #endif
 
-#ifdef USE_WOLFSSL
+#if defined(USE_OPENSSL)
+#  include <openssl/ssl.h>
+#elif defined(USE_WOLFSSL)
 #  include <wolfssl/options.h>
 #  include <wolfssl/openssl/ssl.h>
-#elif defined(USE_OPENSSL)
-#  include <openssl/ssl.h>
 #endif
 
 /* Helpers to generate function byte arguments in little endian order */
diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c
index fcf507522..a10e2a1b0 100644
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_ntlm_wb.h b/lib/curl_ntlm_wb.h
index 1f04db8c3..37704c0fe 100644
--- a/lib/curl_ntlm_wb.h
+++ b/lib/curl_ntlm_wb.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_path.c b/lib/curl_path.c
index f00e3ee74..977e5336f 100644
--- a/lib/curl_path.c
+++ b/lib/curl_path.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -32,70 +32,65 @@
 #include "escape.h"
 #include "memdebug.h"
 
+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
+
 /* figure out the path to work with in this particular request */
 CURLcode Curl_getworkingpath(struct Curl_easy *data,
                              char *homedir,  /* when SFTP is used */
                              char **path) /* returns the  allocated
                                              real path to work with */
 {
-  char *real_path = NULL;
   char *working_path;
   size_t working_path_len;
+  struct dynbuf npath;
   CURLcode result =
     Curl_urldecode(data->state.up.path, 0, &working_path,
                    &working_path_len, REJECT_ZERO);
   if(result)
     return result;
 
+  /* new path to switch to in case we need to */
+  Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
+
   /* Check for /~/, indicating relative to the user's home directory */
-  if(data->conn->handler->protocol & CURLPROTO_SCP) {
-    real_path = malloc(working_path_len + 1);
-    if(!real_path) {
+  if((data->conn->handler->protocol & CURLPROTO_SCP) &&
+     (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
+    /* It is referenced to the home directory, so strip the leading '/~/' */
+    if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
       free(working_path);
       return CURLE_OUT_OF_MEMORY;
     }
-    if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
-      /* It is referenced to the home directory, so strip the leading '/~/' */
-      memcpy(real_path, working_path + 3, working_path_len - 2);
-    else
-      memcpy(real_path, working_path, 1 + working_path_len);
   }
-  else if(data->conn->handler->protocol & CURLPROTO_SFTP) {
-    if((working_path_len > 1) && (working_path[1] == '~')) {
-      size_t homelen = strlen(homedir);
-      real_path = malloc(homelen + working_path_len + 1);
-      if(!real_path) {
-        free(working_path);
-        return CURLE_OUT_OF_MEMORY;
-      }
-      /* It is referenced to the home directory, so strip the
-         leading '/' */
-      memcpy(real_path, homedir, homelen);
-      /* Only add a trailing '/' if homedir does not end with one */
-      if(homelen == 0 || real_path[homelen - 1] != '/') {
-        real_path[homelen] = '/';
-        homelen++;
-        real_path[homelen] = '\0';
-      }
-      if(working_path_len > 3) {
-        memcpy(real_path + homelen, working_path + 3,
-               1 + working_path_len -3);
-      }
+  else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
+          (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+    size_t len;
+    const char *p;
+    int copyfrom = 3;
+    if(Curl_dyn_add(&npath, homedir)) {
+      free(working_path);
+      return CURLE_OUT_OF_MEMORY;
     }
-    else {
-      real_path = malloc(working_path_len + 1);
-      if(!real_path) {
-        free(working_path);
-        return CURLE_OUT_OF_MEMORY;
-      }
-      memcpy(real_path, working_path, 1 + working_path_len);
+    /* Copy a separating '/' if homedir does not end with one */
+    len = Curl_dyn_len(&npath);
+    p = Curl_dyn_ptr(&npath);
+    if(len && (p[len-1] != '/'))
+      copyfrom = 2;
+
+    if(Curl_dyn_addn(&npath,
+                     &working_path[copyfrom], working_path_len - copyfrom)) {
+      free(working_path);
+      return CURLE_OUT_OF_MEMORY;
     }
   }
 
-  free(working_path);
+  if(Curl_dyn_len(&npath)) {
+    free(working_path);
 
-  /* store the pointer for the caller to receive */
-  *path = real_path;
+    /* store the pointer for the caller to receive */
+    *path = Curl_dyn_ptr(&npath);
+  }
+  else
+    *path = working_path;
 
   return CURLE_OK;
 }
diff --git a/lib/curl_path.h b/lib/curl_path.h
index 98e56eaad..9ed09dea8 100644
--- a/lib/curl_path.h
+++ b/lib/curl_path.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_printf.h b/lib/curl_printf.h
index 3823828cd..6d3d492cc 100644
--- a/lib/curl_printf.h
+++ b/lib/curl_printf.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_range.c b/lib/curl_range.c
index 49999367d..d499953c9 100644
--- a/lib/curl_range.c
+++ b/lib/curl_range.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_range.h b/lib/curl_range.h
index 33570abc2..77679e2b9 100644
--- a/lib/curl_range.h
+++ b/lib/curl_range.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
index 1932cb4ec..2679a2cdc 100644
--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
@@ -5,8 +5,8 @@
  *                | (__| |_| |  _ <| |___
  *                 \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2012, Howard Chu, <hyc@highlandsun.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Howard Chu, <hyc@highlandsun.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_rtmp.h b/lib/curl_rtmp.h
index f856085dc..9b93ee060 100644
--- a/lib/curl_rtmp.h
+++ b/lib/curl_rtmp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2010 - 2022, Howard Chu, <hyc@highlandsun.com>
+ * Copyright (C) Howard Chu, <hyc@highlandsun.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 46ee800a4..119fb9b25 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -36,7 +36,8 @@
 #include "curl_setup.h"
 
 #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
-  !defined(CURL_DISABLE_POP3)
+  !defined(CURL_DISABLE_POP3) || \
+  (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
 
 #include <curl/curl.h>
 #include "urldata.h"
diff --git a/lib/curl_sasl.h b/lib/curl_sasl.h
index c709d56a6..e94e6431a 100644
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -125,9 +125,9 @@ struct SASL {
   unsigned short authmechs;  /* Accepted authentication mechanisms */
   unsigned short prefmech;   /* Preferred authentication mechanism */
   unsigned short authused;   /* Auth mechanism used for the connection */
-  bool resetprefs;           /* For URL auth option parsing. */
-  bool mutual_auth;          /* Mutual authentication enabled (GSSAPI only) */
-  bool force_ir;             /* Protocol always supports initial response */
+  BIT(resetprefs);           /* For URL auth option parsing. */
+  BIT(mutual_auth);          /* Mutual authentication enabled (GSSAPI only) */
+  BIT(force_ir);             /* Protocol always supports initial response */
 };
 
 /* This is used to test whether the line starts with the given mechanism */
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 434b86c34..76fccb81d 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -441,8 +441,8 @@
 #  endif
 #endif
 
-#if (SIZEOF_CURL_OFF_T == 4)
-#  define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF)
+#if (SIZEOF_CURL_OFF_T < 8)
+#error "too small curl_off_t"
 #else
    /* assume SIZEOF_CURL_OFF_T == 8 */
 #  define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
@@ -777,14 +777,16 @@ endings either CRLF or LF so 't' is appropriate.
 #define FOPEN_APPENDTEXT "a"
 #endif
 
-/* WinSock destroys recv() buffer when send() failed.
- * Enabled automatically for Windows and for Cygwin as Cygwin sockets are
- * wrappers for WinSock sockets. https://github.com/curl/curl/issues/657
- * Define DONT_USE_RECV_BEFORE_SEND_WORKAROUND to force disable workaround.
+/* Windows workaround to recv before every send, because apparently Winsock
+ * destroys destroys recv() buffer when send() failed.
+ * This workaround is now disabled by default since it caused hard to fix bugs.
+ * Define USE_RECV_BEFORE_SEND_WORKAROUND to enable it.
+ * https://github.com/curl/curl/issues/657
+ * https://github.com/curl/curl/pull/10409
  */
 #if !defined(DONT_USE_RECV_BEFORE_SEND_WORKAROUND)
 #  if defined(WIN32) || defined(__CYGWIN__)
-#    define USE_RECV_BEFORE_SEND_WORKAROUND
+/* #    define USE_RECV_BEFORE_SEND_WORKAROUND */
 #  endif
 #else  /* DONT_USE_RECV_BEFORE_SEND_WORKAROUND */
 #  ifdef USE_RECV_BEFORE_SEND_WORKAROUND
@@ -836,6 +838,13 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf,
 #define USE_HTTP3
 #endif
 
+/* Certain Windows implementations are not aligned with what curl expects,
+   so always use the local one on this platform. E.g. the mingw-w64
+   implementation can return wrong results for non-ASCII inputs. */
+#if defined(HAVE_BASENAME) && defined(WIN32)
+#undef HAVE_BASENAME
+#endif
+
 #if defined(USE_UNIX_SOCKETS) && defined(WIN32)
 #  if defined(__MINGW32__) && !defined(LUP_SECURE)
      typedef u_short ADDRESS_FAMILY; /* Classic mingw, 11y+ old mingw-w64 */
@@ -853,4 +862,10 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf,
 #  endif
 #endif
 
+/* OpenSSLv3 marks DES, MD5 and ENGINE functions deprecated but we have no
+   replacements (yet) so tell the compiler to not warn for them. */
+#ifdef USE_OPENSSL
+#define OPENSSL_SUPPRESS_DEPRECATED
+#endif
+
 #endif /* HEADER_CURL_SETUP_H */
diff --git a/lib/curl_setup_once.h b/lib/curl_setup_once.h
index ac4a7f1b3..dde7229d2 100644
--- a/lib/curl_setup_once.h
+++ b/lib/curl_setup_once.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -69,6 +69,14 @@
 #include <unistd.h>
 #endif
 
+#ifdef USE_WOLFSSL
+#  if defined(HAVE_STDINT_H)
+#    include <stdint.h>
+#  elif defined(HAVE_INTTYPES_H)
+#    include <inttypes.h>
+#  endif
+#endif
+
 #ifdef __hpux
 #  if !defined(_XOPEN_SOURCE_EXTENDED) || defined(_KERNEL)
 #    ifdef _APP32_64BIT_OFF_T
diff --git a/lib/curl_sha256.h b/lib/curl_sha256.h
index 39523af0c..c5e157bee 100644
--- a/lib/curl_sha256.h
+++ b/lib/curl_sha256.h
@@ -7,8 +7,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com>
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Florin Petriuc, <petriuc.florin@gmail.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_sspi.c b/lib/curl_sspi.c
index 33108c48e..eb21e7e2b 100644
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_sspi.h b/lib/curl_sspi.h
index ad111309c..9816d59c8 100644
--- a/lib/curl_sspi.h
+++ b/lib/curl_sspi.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_threads.c b/lib/curl_threads.c
index dff61676c..e13e2947c 100644
--- a/lib/curl_threads.c
+++ b/lib/curl_threads.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curl_threads.h b/lib/curl_threads.h
index 63392f671..facbc7370 100644
--- a/lib/curl_threads.h
+++ b/lib/curl_threads.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/curlx.h b/lib/curlx.h
index 1796afa00..7a753d682 100644
--- a/lib/curlx.h
+++ b/lib/curlx.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/dict.c b/lib/dict.c
index 993373eca..0ce62a00e 100644
--- a/lib/dict.c
+++ b/lib/dict.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -98,37 +98,27 @@ const struct Curl_handler Curl_handler_dict = {
   PROTOPT_NONE | PROTOPT_NOURLQUERY     /* flags */
 };
 
-static char *unescape_word(const char *inputbuff)
+#define DYN_DICT_WORD 10000
+static char *unescape_word(const char *input)
 {
-  char *newp = NULL;
-  char *dictp;
-  size_t len;
-
-  CURLcode result = Curl_urldecode(inputbuff, 0, &newp, &len,
-                                   REJECT_NADA);
-  if(!newp || result)
-    return NULL;
-
-  dictp = malloc(len*2 + 1); /* add one for terminating zero */
-  if(dictp) {
-    char *ptr;
-    char ch;
-    int olen = 0;
-    /* According to RFC2229 section 2.2, these letters need to be escaped with
-       \[letter] */
-    for(ptr = newp;
-        (ch = *ptr) != 0;
-        ptr++) {
-      if((ch <= 32) || (ch == 127) ||
-          (ch == '\'') || (ch == '\"') || (ch == '\\')) {
-        dictp[olen++] = '\\';
-      }
-      dictp[olen++] = ch;
-    }
-    dictp[olen] = 0;
+  struct dynbuf out;
+  const char *ptr;
+  CURLcode result = CURLE_OK;
+  Curl_dyn_init(&out, DYN_DICT_WORD);
+
+  /* According to RFC2229 section 2.2, these letters need to be escaped with
+     \[letter] */
+  for(ptr = input; *ptr; ptr++) {
+    char ch = *ptr;
+    if((ch <= 32) || (ch == 127) ||
+       (ch == '\'') || (ch == '\"') || (ch == '\\'))
+      result = Curl_dyn_addn(&out, "\\", 1);
+    if(!result)
+      result = Curl_dyn_addn(&out, ptr, 1);
+    if(result)
+      return NULL;
   }
-  free(newp);
-  return dictp;
+  return Curl_dyn_ptr(&out);
 }
 
 /* sendf() sends formatted data to the server */
@@ -178,20 +168,25 @@ static CURLcode sendf(curl_socket_t sockfd, struct Curl_easy *data,
 static CURLcode dict_do(struct Curl_easy *data, bool *done)
 {
   char *word;
-  char *eword;
+  char *eword = NULL;
   char *ppath;
   char *database = NULL;
   char *strategy = NULL;
   char *nthdef = NULL; /* This is not part of the protocol, but required
                           by RFC 2229 */
-  CURLcode result = CURLE_OK;
+  CURLcode result;
   struct connectdata *conn = data->conn;
   curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
 
-  char *path = data->state.up.path;
+  char *path;
 
   *done = TRUE; /* unconditionally */
 
+  /* url-decode path before further evaluation */
+  result = Curl_urldecode(data->state.up.path, 0, &path, NULL, REJECT_CTRL);
+  if(result)
+    return result;
+
   if(strncasecompare(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
      strncasecompare(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
      strncasecompare(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
@@ -225,8 +220,10 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done)
     }
 
     eword = unescape_word(word);
-    if(!eword)
-      return CURLE_OUT_OF_MEMORY;
+    if(!eword) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto error;
+    }
 
     result = sendf(sockfd, data,
                    "CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
@@ -239,11 +236,9 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done)
                    strategy,
                    eword);
 
-    free(eword);
-
     if(result) {
       failf(data, "Failed sending DICT request");
-      return result;
+      goto error;
     }
     Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1); /* no upload */
   }
@@ -273,8 +268,10 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done)
     }
 
     eword = unescape_word(word);
-    if(!eword)
-      return CURLE_OUT_OF_MEMORY;
+    if(!eword) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto error;
+    }
 
     result = sendf(sockfd, data,
                    "CLIENT " LIBCURL_NAME " " LIBCURL_VERSION "\r\n"
@@ -285,11 +282,9 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done)
                    database,
                    eword);
 
-    free(eword);
-
     if(result) {
       failf(data, "Failed sending DICT request");
-      return result;
+      goto error;
     }
     Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1);
   }
@@ -310,13 +305,16 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done)
                      "QUIT\r\n", ppath);
       if(result) {
         failf(data, "Failed sending DICT request");
-        return result;
+        goto error;
       }
 
       Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1);
     }
   }
 
-  return CURLE_OK;
+  error:
+  free(eword);
+  free(path);
+  return result;
 }
 #endif /* CURL_DISABLE_DICT */
diff --git a/lib/dict.h b/lib/dict.h
index b283a0dfc..ba9a92719 100644
--- a/lib/dict.h
+++ b/lib/dict.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/doh.c b/lib/doh.c
index 3b1d5d60e..922d75784 100644
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -396,6 +396,7 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data,
     goto error;
   dohp->pending++;
 
+#ifdef ENABLE_IPV6
   if((conn->ip_version != CURL_IPRESOLVE_V4) && Curl_ipv6works(data)) {
     /* create IPv6 DoH request */
     result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V6],
@@ -405,6 +406,7 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data,
       goto error;
     dohp->pending++;
   }
+#endif
   return NULL;
 
   error:
@@ -950,7 +952,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
         Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
 
       /* we got a response, store it in the cache */
-      dns = Curl_cache_addr(data, ai, dohp->host, dohp->port);
+      dns = Curl_cache_addr(data, ai, dohp->host, 0, dohp->port);
 
       if(data->share)
         Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
diff --git a/lib/doh.h b/lib/doh.h
index 678e807fe..7d7b694f3 100644
--- a/lib/doh.h
+++ b/lib/doh.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/dynbuf.c b/lib/dynbuf.c
index 0b1cf9afd..bd3b9356c 100644
--- a/lib/dynbuf.c
+++ b/lib/dynbuf.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -99,8 +99,7 @@ static CURLcode dyn_nappend(struct dynbuf *s,
        include that as well when it uses this code */
     void *p = realloc(s->bufr, a);
     if(!p) {
-      Curl_safefree(s->bufr);
-      s->leng = s->allc = 0;
+      Curl_dyn_free(s);
       return CURLE_OUT_OF_MEMORY;
     }
     s->bufr = p;
diff --git a/lib/dynbuf.h b/lib/dynbuf.h
index 04a728c77..57ad62b22 100644
--- a/lib/dynbuf.h
+++ b/lib/dynbuf.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/easy.c b/lib/easy.c
index d7f93be1e..27124a72f 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -65,6 +65,7 @@
 #include "easyif.h"
 #include "multiif.h"
 #include "select.h"
+#include "cfilters.h"
 #include "sendf.h" /* for failf function prototype */
 #include "connect.h" /* for Curl_getconnectinfo */
 #include "slist.h"
@@ -113,7 +114,7 @@ static curl_simple_lock s_lock = CURL_SIMPLE_LOCK_INIT;
 #if defined(_WIN32_WCE)
 #define system_strdup _strdup
 #elif !defined(HAVE_STRDUP)
-#define system_strdup curlx_strdup
+#define system_strdup Curl_strdup
 #else
 #define system_strdup strdup
 #endif
@@ -164,6 +165,11 @@ static CURLcode global_init(long flags, bool memoryfuncs)
 #endif
   }
 
+  if(Curl_log_init()) {
+    DEBUGF(fprintf(stderr, "Error: Curl_log_init failed\n"));
+    goto fail;
+  }
+
   if(!Curl_ssl_init()) {
     DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
     goto fail;
@@ -913,11 +919,9 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
       goto fail;
   }
 
-  /* duplicate all values in 'change' */
-  if(data->state.cookielist) {
-    outcurl->state.cookielist =
-      Curl_slist_duplicate(data->state.cookielist);
-    if(!outcurl->state.cookielist)
+  if(data->set.cookielist) {
+    outcurl->set.cookielist = Curl_slist_duplicate(data->set.cookielist);
+    if(!outcurl->set.cookielist)
       goto fail;
   }
 #endif
@@ -1003,8 +1007,8 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
 
   if(outcurl) {
 #ifndef CURL_DISABLE_COOKIES
-    curl_slist_free_all(outcurl->state.cookielist);
-    outcurl->state.cookielist = NULL;
+    curl_slist_free_all(outcurl->set.cookielist);
+    outcurl->set.cookielist = NULL;
 #endif
     Curl_safefree(outcurl->state.buffer);
     Curl_dyn_free(&outcurl->state.headerb);
@@ -1101,7 +1105,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action)
   k->keepon = newstate;
 
   if(!(newstate & KEEP_RECV_PAUSE)) {
-    Curl_http2_stream_pause(data, FALSE);
+    Curl_conn_ev_data_pause(data, FALSE);
 
     if(data->state.tempcount) {
       /* there are buffers for sending that can be delivered as the receive
@@ -1224,7 +1228,6 @@ CURLcode curl_easy_recv(struct Curl_easy *data, void *buffer, size_t buflen,
     return result;
 
   *n = (size_t)n1;
-
   return CURLE_OK;
 }
 
@@ -1294,29 +1297,34 @@ static int conn_upkeep(struct Curl_easy *data,
                        struct connectdata *conn,
                        void *param)
 {
-  /* Param is unused. */
-  (void)param;
+  struct curltime *now = param;
 
-  if(conn->handler->connection_check) {
-    /* briefly attach the connection to this transfer for the purpose of
-       checking it */
-    Curl_attach_connection(data, conn);
+  if(Curl_timediff(*now, conn->keepalive) <= data->set.upkeep_interval_ms)
+    return 0;
 
+  /* briefly attach for action */
+  Curl_attach_connection(data, conn);
+  if(conn->handler->connection_check) {
     /* Do a protocol-specific keepalive check on the connection. */
     conn->handler->connection_check(data, conn, CONNCHECK_KEEPALIVE);
-    /* detach the connection again */
-    Curl_detach_connection(data);
   }
+  else {
+    /* Do the generic action on the FIRSTSOCKE filter chain */
+    Curl_conn_keep_alive(data, conn, FIRSTSOCKET);
+  }
+  Curl_detach_connection(data);
 
+  conn->keepalive = *now;
   return 0; /* continue iteration */
 }
 
 static CURLcode upkeep(struct conncache *conn_cache, void *data)
 {
+  struct curltime now = Curl_now();
   /* Loop over every connection and make connection alive. */
   Curl_conncache_foreach(data,
                          conn_cache,
-                         data,
+                         &now,
                          conn_upkeep);
   return CURLE_OK;
 }
diff --git a/lib/easy_lock.h b/lib/easy_lock.h
index d96e56b8d..5fa9477d0 100644
--- a/lib/easy_lock.h
+++ b/lib/easy_lock.h
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/easygetopt.c b/lib/easygetopt.c
index a639bb375..2b8a521cd 100644
--- a/lib/easygetopt.c
+++ b/lib/easygetopt.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             ___|___/|_| ______|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/easyif.h b/lib/easyif.h
index 205382cd0..570ebef32 100644
--- a/lib/easyif.h
+++ b/lib/easyif.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/easyoptions.c b/lib/easyoptions.c
index 03b814e5a..a9c1efd00 100644
--- a/lib/easyoptions.c
+++ b/lib/easyoptions.c
@@ -1,11 +1,11 @@
 /***************************************************************************
  *                                  _   _ ____  _
- *  Project                     ___| | | |  _ | |
+ *  Project                     ___| | | |  _ \| |
  *                             / __| | | | |_) | |
  *                            | (__| |_| |  _ <| |___
- *                             ___|___/|_| ______|
+ *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/easyoptions.h b/lib/easyoptions.h
index 33f816d6b..24b4cd93e 100644
--- a/lib/easyoptions.h
+++ b/lib/easyoptions.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/escape.c b/lib/escape.c
index ed59838bd..56aa2b398 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -97,7 +97,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string,
     return strdup("");
 
   while(length--) {
-    unsigned char in = *string; /* we need to treat the characters unsigned */
+    unsigned char in = *string++; /* treat the characters unsigned */
 
     if(Curl_isunreserved(in)) {
       /* append this */
@@ -106,15 +106,28 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string,
     }
     else {
       /* encode it */
-      if(Curl_dyn_addf(&d, "%%%02X", in))
+      const char hex[] = "0123456789ABCDEF";
+      char out[3]={'%'};
+      out[1] = hex[in>>4];
+      out[2] = hex[in & 0xf];
+      if(Curl_dyn_addn(&d, out, 3))
         return NULL;
     }
-    string++;
   }
 
   return Curl_dyn_ptr(&d);
 }
 
+static const unsigned char hextable[] = {
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0,       /* 0x30 - 0x3f */
+  0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 0x40 - 0x4f */
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,       /* 0x50 - 0x5f */
+  0, 10, 11, 12, 13, 14, 15                             /* 0x60 - 0x66 */
+};
+
+/* the input is a single hex digit */
+#define onehex2dec(x) hextable[x - '0']
+
 /*
  * Curl_urldecode() URL decodes the given string.
  *
@@ -137,54 +150,47 @@ CURLcode Curl_urldecode(const char *string, size_t length,
 {
   size_t alloc;
   char *ns;
-  size_t strindex = 0;
-  unsigned long hex;
 
   DEBUGASSERT(string);
   DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */
 
-  alloc = (length?length:strlen(string)) + 1;
-  ns = malloc(alloc);
+  alloc = (length?length:strlen(string));
+  ns = malloc(alloc + 1);
 
   if(!ns)
     return CURLE_OUT_OF_MEMORY;
 
-  while(--alloc > 0) {
+  /* store output string */
+  *ostring = ns;
+
+  while(alloc) {
     unsigned char in = *string;
     if(('%' == in) && (alloc > 2) &&
        ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
       /* this is two hexadecimal digits following a '%' */
-      char hexstr[3];
-      char *ptr;
-      hexstr[0] = string[1];
-      hexstr[1] = string[2];
-      hexstr[2] = 0;
-
-      hex = strtoul(hexstr, &ptr, 16);
+      in = (unsigned char)(onehex2dec(string[1]) << 4) | onehex2dec(string[2]);
 
-      in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */
-
-      string += 2;
-      alloc -= 2;
+      string += 3;
+      alloc -= 3;
+    }
+    else {
+      string++;
+      alloc--;
     }
 
     if(((ctrl == REJECT_CTRL) && (in < 0x20)) ||
        ((ctrl == REJECT_ZERO) && (in == 0))) {
-      free(ns);
+      Curl_safefree(*ostring);
       return CURLE_URL_MALFORMAT;
     }
 
-    ns[strindex++] = in;
-    string++;
+    *ns++ = in;
   }
-  ns[strindex] = 0; /* terminate it */
+  *ns = 0; /* terminate it */
 
   if(olen)
     /* store output size */
-    *olen = strindex;
-
-  /* store output string */
-  *ostring = ns;
+    *olen = ns - *ostring;
 
   return CURLE_OK;
 }
diff --git a/lib/escape.h b/lib/escape.h
index 61d4611bf..cdbb712ac 100644
--- a/lib/escape.h
+++ b/lib/escape.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/file.c b/lib/file.c
index 3f642be46..51c5d07ce 100644
--- a/lib/file.c
+++ b/lib/file.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/file.h b/lib/file.h
index 826d45380..456552559 100644
--- a/lib/file.h
+++ b/lib/file.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/fileinfo.c b/lib/fileinfo.c
index 7bbf24bde..409b38fcb 100644
--- a/lib/fileinfo.c
+++ b/lib/fileinfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/fileinfo.h b/lib/fileinfo.h
index 5bad718cc..af4421250 100644
--- a/lib/fileinfo.h
+++ b/lib/fileinfo.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/fopen.c b/lib/fopen.c
index ad3691ba9..f710dbf05 100644
--- a/lib/fopen.c
+++ b/lib/fopen.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -106,7 +106,6 @@ fail:
 
   free(tempstore);
 
-  *tempname = NULL;
   return result;
 }
 
diff --git a/lib/fopen.h b/lib/fopen.h
index 289e55f2a..e3a919d07 100644
--- a/lib/fopen.h
+++ b/lib/fopen.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/formdata.c b/lib/formdata.c
index b30e8deee..2bdb9f26e 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/formdata.h b/lib/formdata.h
index c6c6397cd..caabb6324 100644
--- a/lib/formdata.h
+++ b/lib/formdata.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/ftp.c b/lib/ftp.c
index 8f0ac2e69..caf33d214 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -61,6 +61,7 @@
 #include "strcase.h"
 #include "vtls/vtls.h"
 #include "cfilters.h"
+#include "cf-socket.h"
 #include "connect.h"
 #include "strerror.h"
 #include "inet_ntop.h"
@@ -285,8 +286,8 @@ static CURLcode AcceptServerConnect(struct Curl_easy *data)
   conn->bits.do_more = FALSE;
 
   (void)curlx_nonblock(s, TRUE); /* enable non-blocking */
-  /* Replace any filter on SECONDARY with one listeing on this socket */
-  result = Curl_conn_socket_accepted_set(data, conn, SECONDARYSOCKET, &s);
+  /* Replace any filter on SECONDARY with one listening on this socket */
+  result = Curl_conn_tcp_accepted_set(data, conn, SECONDARYSOCKET, &s);
   if(result)
     return result;
 
@@ -435,6 +436,12 @@ static CURLcode InitiateTransfer(struct Curl_easy *data)
   bool connected;
 
   DEBUGF(infof(data, "ftp InitiateTransfer()"));
+  if(conn->bits.ftp_use_data_ssl && data->set.ftp_use_port &&
+     !Curl_conn_is_ssl(conn, SECONDARYSOCKET)) {
+    result = Curl_ssl_cfilter_add(data, conn, SECONDARYSOCKET);
+    if(result)
+      return result;
+  }
   result = Curl_conn_connect(data, SECONDARYSOCKET, TRUE, &connected);
   if(result || !connected)
     return result;
@@ -819,26 +826,11 @@ static int ftp_domore_getsock(struct Curl_easy *data,
 
   if(FTP_STOP == ftpc->state) {
     int bits = GETSOCK_READSOCK(0);
-    bool any = FALSE;
 
     /* if stopped and still in this state, then we're also waiting for a
        connect on the secondary connection */
     socks[0] = conn->sock[FIRSTSOCKET];
-
-    if(!data->set.ftp_use_port) {
-      int s;
-      int i;
-      /* PORT is used to tell the server to connect to us, and during that we
-         don't do happy eyeballs, but we do if we connect to the server */
-      for(s = 1, i = 0; i<2; i++) {
-        if(conn->tempsock[i] != CURL_SOCKET_BAD) {
-          socks[s] = conn->tempsock[i];
-          bits |= GETSOCK_WRITESOCK(s++);
-          any = TRUE;
-        }
-      }
-    }
-    if(!any) {
+    if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
       socks[1] = conn->sock[SECONDARYSOCKET];
       bits |= GETSOCK_WRITESOCK(1) | GETSOCK_READSOCK(1);
     }
@@ -1024,9 +1016,9 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data,
 
     if(*addr != '\0') {
       /* attempt to get the address of the given interface name */
-      switch(Curl_if2ip(conn->ip_addr->ai_family,
+      switch(Curl_if2ip(conn->remote_addr->family,
 #ifdef ENABLE_IPV6
-                        Curl_ipv6_scope(conn->ip_addr->ai_addr),
+                        Curl_ipv6_scope(&conn->remote_addr->sa_addr),
                         conn->scope_id,
 #endif
                         addr, hbuf, sizeof(hbuf))) {
@@ -1097,7 +1089,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data,
   portsock = CURL_SOCKET_BAD;
   error = 0;
   for(ai = res; ai; ai = ai->ai_next) {
-    if(Curl_socket(data, ai, NULL, &portsock)) {
+    if(Curl_socket_open(data, ai, NULL, conn->transport, &portsock)) {
       error = SOCKERRNO;
       continue;
     }
@@ -1266,9 +1258,8 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data,
   /* store which command was sent */
   ftpc->count1 = fcmd;
 
-  /* Replace any filter on SECONDARY with one listeing on this socket */
-  result = Curl_conn_socket_accepted_set(data, conn, SECONDARYSOCKET,
-                                         &portsock);
+  /* Replace any filter on SECONDARY with one listening on this socket */
+  result = Curl_conn_tcp_listen_set(data, conn, SECONDARYSOCKET, &portsock);
   if(result)
     goto out;
   portsock = CURL_SOCKET_BAD; /* now held in filter */
@@ -1279,7 +1270,7 @@ out:
     state(data, FTP_STOP);
   }
   if(portsock != CURL_SOCKET_BAD)
-    Curl_closesocket(data, conn, portsock);
+    Curl_socket_close(data, conn, portsock);
   free(addr);
   return result;
 }
@@ -1810,6 +1801,29 @@ static char *control_address(struct connectdata *conn)
   return conn->primary_ip;
 }
 
+static bool match_pasv_6nums(const char *p,
+                             unsigned int *array) /* 6 numbers */
+{
+  int i;
+  for(i = 0; i < 6; i++) {
+    unsigned long num;
+    char *endp;
+    if(i) {
+      if(*p != ',')
+        return FALSE;
+      p++;
+    }
+    if(!ISDIGIT(*p))
+      return FALSE;
+    num = strtoul(p, &endp, 10);
+    if(num > 255)
+      return FALSE;
+    array[i] = (unsigned int)num;
+    p = endp;
+  }
+  return TRUE;
+}
+
 static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
                                     int ftpcode)
 {
@@ -1829,27 +1843,18 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
     /* positive EPSV response */
     char *ptr = strchr(str, '(');
     if(ptr) {
-      unsigned int num;
-      char separator[4];
+      char sep;
       ptr++;
-      if(5 == sscanf(ptr, "%c%c%c%u%c",
-                     &separator[0],
-                     &separator[1],
-                     &separator[2],
-                     &num,
-                     &separator[3])) {
-        const char sep1 = separator[0];
-        int i;
-
-        /* The four separators should be identical, or else this is an oddly
-           formatted reply and we bail out immediately. */
-        for(i = 1; i<4; i++) {
-          if(separator[i] != sep1) {
-            ptr = NULL; /* set to NULL to signal error */
-            break;
-          }
-        }
-        if(num > 0xffff) {
+      /* |||12345| */
+      sep = ptr[0];
+      /* the ISDIGIT() check here is because strtoul() accepts leading minus
+         etc */
+      if((ptr[1] == sep) && (ptr[2] == sep) && ISDIGIT(ptr[3])) {
+        char *endp;
+        unsigned long num = strtoul(&ptr[3], &endp, 10);
+        if(*endp != sep)
+          ptr = NULL;
+        else if(num > 0xffff) {
           failf(data, "Illegal port number in EPSV reply");
           return CURLE_FTP_WEIRD_PASV_REPLY;
         }
@@ -1871,8 +1876,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
   else if((ftpc->count1 == 1) &&
           (ftpcode == 227)) {
     /* positive PASV response */
-    unsigned int ip[4] = {0, 0, 0, 0};
-    unsigned int port[2] = {0, 0};
+    unsigned int ip[6];
 
     /*
      * Scan for a sequence of six comma-separated numbers and use them as
@@ -1884,15 +1888,12 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
      * "227 Entering passive mode. 127,0,0,1,4,51"
      */
     while(*str) {
-      if(6 == sscanf(str, "%u,%u,%u,%u,%u,%u",
-                     &ip[0], &ip[1], &ip[2], &ip[3],
-                     &port[0], &port[1]))
+      if(match_pasv_6nums(str, ip))
         break;
       str++;
     }
 
-    if(!*str || (ip[0] > 255) || (ip[1] > 255)  || (ip[2] > 255)  ||
-       (ip[3] > 255) || (port[0] > 255)  || (port[1] > 255) ) {
+    if(!*str) {
       failf(data, "Couldn't interpret the 227-response");
       return CURLE_FTP_WEIRD_227_FORMAT;
     }
@@ -1912,7 +1913,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
     if(!ftpc->newhost)
       return CURLE_OUT_OF_MEMORY;
 
-    ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
+    ftpc->newport = (unsigned short)(((ip[4]<<8) + ip[5]) & 0xffff);
   }
   else if(ftpc->count1 == 0) {
     /* EPSV failed, move on to PASV */
@@ -1954,7 +1955,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
 
     /* postponed address resolution in case of tcp fastopen */
     if(conn->bits.tcp_fastopen && !conn->bits.reuse && !ftpc->newhost[0]) {
-      Curl_conninfo_remote(data, conn, conn->sock[FIRSTSOCKET]);
+      Curl_conn_ev_update_info(data, conn);
       Curl_safefree(ftpc->newhost);
       ftpc->newhost = strdup(control_address(conn));
       if(!ftpc->newhost)
@@ -2047,6 +2048,30 @@ static CURLcode ftp_state_port_resp(struct Curl_easy *data,
   return result;
 }
 
+static int twodigit(const char *p)
+{
+  return (p[0]-'0') * 10 + (p[1]-'0');
+}
+
+static bool ftp_213_date(const char *p, int *year, int *month, int *day,
+                         int *hour, int *minute, int *second)
+{
+  size_t len = strlen(p);
+  if(len < 14)
+    return FALSE;
+  *year = twodigit(&p[0]) * 100 + twodigit(&p[2]);
+  *month = twodigit(&p[4]);
+  *day = twodigit(&p[6]);
+  *hour = twodigit(&p[8]);
+  *minute = twodigit(&p[10]);
+  *second = twodigit(&p[12]);
+
+  if((*month > 12) || (*day > 31) || (*hour > 23) || (*minute > 59) ||
+     (*second > 60))
+    return FALSE;
+  return TRUE;
+}
+
 static CURLcode ftp_state_mdtm_resp(struct Curl_easy *data,
                                     int ftpcode)
 {
@@ -2061,8 +2086,8 @@ static CURLcode ftp_state_mdtm_resp(struct Curl_easy *data,
       /* we got a time. Format should be: "YYYYMMDDHHMMSS[.sss]" where the
          last .sss part is optional and means fractions of a second */
       int year, month, day, hour, minute, second;
-      if(6 == sscanf(&data->state.buffer[4], "%04d%02d%02d%02d%02d%02d",
-                     &year, &month, &day, &hour, &minute, &second)) {
+      if(ftp_213_date(&data->state.buffer[4],
+                      &year, &month, &day, &hour, &minute, &second)) {
         /* we have a time, reformat it */
         char timebuf[24];
         msnprintf(timebuf, sizeof(timebuf),
@@ -2569,13 +2594,11 @@ static CURLcode ftp_state_loggedin(struct Curl_easy *data)
 
 /* for USER and PASS responses */
 static CURLcode ftp_state_user_resp(struct Curl_easy *data,
-                                    int ftpcode,
-                                    ftpstate instate)
+                                    int ftpcode)
 {
   CURLcode result = CURLE_OK;
   struct connectdata *conn = data->conn;
   struct ftp_conn *ftpc = &conn->proto.ftpc;
-  (void)instate; /* no use for this yet */
 
   /* some need password anyway, and others just return 2xx ignored */
   if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
@@ -2652,7 +2675,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
   int ftpcode;
   struct ftp_conn *ftpc = &conn->proto.ftpc;
   struct pingpong *pp = &ftpc->pp;
-  static const char ftpauth[][4]  = { "SSL", "TLS" };
+  static const char * const ftpauth[] = { "SSL", "TLS" };
   size_t nread = 0;
 
   if(pp->sendleft)
@@ -2670,7 +2693,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
         /* 230 User logged in - already! Take as 220 if TLS required. */
         if(data->set.use_ssl <= CURLUSESSL_TRY ||
            conn->bits.ftp_use_control_ssl)
-          return ftp_state_user_resp(data, ftpcode, ftpc->state);
+          return ftp_state_user_resp(data, ftpcode);
       }
       else if(ftpcode != 220) {
         failf(data, "Got a %03d ftp-server response when 220 was expected",
@@ -2742,7 +2765,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
       if((ftpcode == 234) || (ftpcode == 334)) {
         /* this was BLOCKING, keep it so for now */
         bool done;
-        if(!Curl_conn_is_ssl(data, FIRSTSOCKET)) {
+        if(!Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
           result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
           if(result) {
             /* we failed and bail out */
@@ -2775,7 +2798,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
 
     case FTP_USER:
     case FTP_PASS:
-      result = ftp_state_user_resp(data, ftpcode, ftpc->state);
+      result = ftp_state_user_resp(data, ftpcode);
       break;
 
     case FTP_ACCT:
@@ -3238,7 +3261,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status,
   if(data->state.wildcardmatch) {
     if(data->set.chunk_end && ftpc->file) {
       Curl_set_in_callback(data, true);
-      data->set.chunk_end(data->wildcard.customptr);
+      data->set.chunk_end(data->set.wildcardptr);
       Curl_set_in_callback(data, false);
     }
     ftpc->known_filesize = -1;
@@ -3744,7 +3767,7 @@ static CURLcode init_wc_data(struct Curl_easy *data)
   char *last_slash;
   struct FTP *ftp = data->req.p.ftp;
   char *path = ftp->path;
-  struct WildcardData *wildcard = &(data->wildcard);
+  struct WildcardData *wildcard = data->wildcard;
   CURLcode result = CURLE_OK;
   struct ftp_wc *ftpwc = NULL;
 
@@ -3792,7 +3815,7 @@ static CURLcode init_wc_data(struct Curl_easy *data)
     goto fail;
   }
 
-  wildcard->protdata = ftpwc; /* put it to the WildcardData tmp pointer */
+  wildcard->ftpwc = ftpwc; /* put it to the WildcardData tmp pointer */
   wildcard->dtor = wc_data_dtor;
 
   /* wildcard does not support NOCWD option (assert it?) */
@@ -3830,13 +3853,13 @@ static CURLcode init_wc_data(struct Curl_easy *data)
   }
   Curl_safefree(wildcard->pattern);
   wildcard->dtor = ZERO_NULL;
-  wildcard->protdata = NULL;
+  wildcard->ftpwc = NULL;
   return result;
 }
 
 static CURLcode wc_statemach(struct Curl_easy *data)
 {
-  struct WildcardData * const wildcard = &(data->wildcard);
+  struct WildcardData * const wildcard = data->wildcard;
   struct connectdata *conn = data->conn;
   CURLcode result = CURLE_OK;
 
@@ -3853,7 +3876,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
     case CURLWC_MATCHING: {
       /* In this state is LIST response successfully parsed, so lets restore
          previous WRITEFUNCTION callback and WRITEDATA pointer */
-      struct ftp_wc *ftpwc = wildcard->protdata;
+      struct ftp_wc *ftpwc = wildcard->ftpwc;
       data->set.fwrite_func = ftpwc->backup.write_function;
       data->set.out = ftpwc->backup.file_descriptor;
       ftpwc->backup.write_function = ZERO_NULL;
@@ -3892,7 +3915,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
         long userresponse;
         Curl_set_in_callback(data, true);
         userresponse = data->set.chunk_bgn(
-          finfo, wildcard->customptr, (int)wildcard->filelist.size);
+          finfo, data->set.wildcardptr, (int)wildcard->filelist.size);
         Curl_set_in_callback(data, false);
         switch(userresponse) {
         case CURL_CHUNK_BGN_FUNC_SKIP:
@@ -3932,7 +3955,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
     case CURLWC_SKIP: {
       if(data->set.chunk_end) {
         Curl_set_in_callback(data, true);
-        data->set.chunk_end(data->wildcard.customptr);
+        data->set.chunk_end(data->set.wildcardptr);
         Curl_set_in_callback(data, false);
       }
       Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
@@ -3942,7 +3965,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
     }
 
     case CURLWC_CLEAN: {
-      struct ftp_wc *ftpwc = wildcard->protdata;
+      struct ftp_wc *ftpwc = wildcard->ftpwc;
       result = CURLE_OK;
       if(ftpwc)
         result = Curl_ftp_parselist_geterror(ftpwc->parser);
@@ -3955,7 +3978,7 @@ static CURLcode wc_statemach(struct Curl_easy *data)
     case CURLWC_ERROR:
     case CURLWC_CLEAR:
       if(wildcard->dtor)
-        wildcard->dtor(wildcard->protdata);
+        wildcard->dtor(wildcard->ftpwc);
       return result;
     }
   }
@@ -3982,8 +4005,8 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done)
 
   if(data->state.wildcardmatch) {
     result = wc_statemach(data);
-    if(data->wildcard.state == CURLWC_SKIP ||
-      data->wildcard.state == CURLWC_DONE) {
+    if(data->wildcard->state == CURLWC_SKIP ||
+       data->wildcard->state == CURLWC_DONE) {
       /* do not call ftp_regular_transfer */
       return CURLE_OK;
     }
@@ -4069,6 +4092,8 @@ static CURLcode ftp_disconnect(struct Curl_easy *data,
   }
 
   freedirs(ftpc);
+  Curl_safefree(ftpc->account);
+  Curl_safefree(ftpc->alternative_to_user);
   Curl_safefree(ftpc->prevpath);
   Curl_safefree(ftpc->server_os);
   Curl_pp_disconnect(pp);
@@ -4338,11 +4363,31 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
   char *type;
   struct FTP *ftp;
   CURLcode result = CURLE_OK;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
 
-  data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1);
+  ftp = calloc(sizeof(struct FTP), 1);
   if(!ftp)
     return CURLE_OUT_OF_MEMORY;
 
+  /* clone connection related data that is FTP specific */
+  if(data->set.str[STRING_FTP_ACCOUNT]) {
+    ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]);
+    if(!ftpc->account) {
+      free(ftp);
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) {
+    ftpc->alternative_to_user =
+      strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
+    if(!ftpc->alternative_to_user) {
+      Curl_safefree(ftpc->account);
+      free(ftp);
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  data->req.p.ftp = ftp;
+
   ftp->path = &data->state.up.path[1]; /* don't include the initial slash */
 
   /* FTP URLs support an extension like ";type=<typecode>" that
@@ -4377,7 +4422,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data,
   /* get some initial data into the ftp struct */
   ftp->transfer = PPTRANSFER_BODY;
   ftp->downloadsize = 0;
-  conn->proto.ftpc.known_filesize = -1; /* unknown size for now */
+  ftpc->known_filesize = -1; /* unknown size for now */
+  ftpc->use_ssl = data->set.use_ssl;
+  ftpc->ccc = data->set.ftp_ccc;
 
   return result;
 }
diff --git a/lib/ftp.h b/lib/ftp.h
index 7f6f4328d..977fc883b 100644
--- a/lib/ftp.h
+++ b/lib/ftp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -42,7 +42,7 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, ssize_t *nread,
 /****************************************************************************
  * FTP unique setup
  ***************************************************************************/
-typedef enum {
+enum {
   FTP_STOP,    /* do nothing state, stops the state machine */
   FTP_WAIT220, /* waiting for the initial 220 response immediately after
                   a connect */
@@ -80,7 +80,8 @@ typedef enum {
   FTP_STOR, /* generic state for STOR and APPE */
   FTP_QUIT,
   FTP_LAST  /* never used */
-} ftpstate;
+};
+typedef unsigned char ftpstate; /* use the enum values */
 
 struct ftp_parselist_data; /* defined later in ftplistparser.c */
 
@@ -119,41 +120,46 @@ struct FTP {
    struct */
 struct ftp_conn {
   struct pingpong pp;
+  char *account;
+  char *alternative_to_user;
   char *entrypath; /* the PWD reply when we logged on */
   char *file;    /* url-decoded file name (or path) */
   char **dirs;   /* realloc()ed array for path components */
-  int dirdepth;  /* number of entries used in the 'dirs' array */
-  bool dont_check;  /* Set to TRUE to prevent the final (post-transfer)
-                       file size and 226/250 status check. It should still
-                       read the line, just ignore the result. */
-  bool ctl_valid;   /* Tells Curl_ftp_quit() whether or not to do anything. If
-                       the connection has timed out or been closed, this
-                       should be FALSE when it gets to Curl_ftp_quit() */
-  bool cwddone;     /* if it has been determined that the proper CWD combo
-                       already has been done */
-  int cwdcount;     /* number of CWD commands issued */
-  bool cwdfail;     /* set TRUE if a CWD command fails, as then we must prevent
-                       caching the current directory */
-  bool wait_data_conn; /* this is set TRUE if data connection is waited */
-  /* newhost is the (allocated) IP addr or host name to connect the data
-     connection to */
-  unsigned short newport;
   char *newhost;
   char *prevpath;   /* url-decoded conn->path from the previous transfer */
   char transfertype; /* set by ftp_transfertype for use by Curl_client_write()a
                         and others (A/I or zero) */
-  int count1; /* general purpose counter for the state machine */
-  int count2; /* general purpose counter for the state machine */
-  int count3; /* general purpose counter for the state machine */
-  ftpstate state; /* always use ftp.c:state() to change state! */
-  ftpstate state_saved; /* transfer type saved to be reloaded after
-                           data connection is established */
   curl_off_t retr_size_saved; /* Size of retrieved file saved */
   char *server_os;     /* The target server operating system. */
   curl_off_t known_filesize; /* file size is different from -1, if wildcard
                                 LIST parsing was done and wc_statemach set
                                 it */
+  int dirdepth;  /* number of entries used in the 'dirs' array */
+  int cwdcount;     /* number of CWD commands issued */
+  int count1; /* general purpose counter for the state machine */
+  int count2; /* general purpose counter for the state machine */
+  int count3; /* general purpose counter for the state machine */
+  /* newhost is the (allocated) IP addr or host name to connect the data
+     connection to */
+  unsigned short newport;
+  ftpstate state; /* always use ftp.c:state() to change state! */
+  ftpstate state_saved; /* transfer type saved to be reloaded after data
+                           connection is established */
+  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
+                              IMAP or POP3 or others! (type: curl_usessl)*/
+  unsigned char ccc;       /* ccc level for this connection */
   BIT(ftp_trying_alternative);
+  BIT(dont_check);  /* Set to TRUE to prevent the final (post-transfer)
+                       file size and 226/250 status check. It should still
+                       read the line, just ignore the result. */
+  BIT(ctl_valid);   /* Tells Curl_ftp_quit() whether or not to do anything. If
+                       the connection has timed out or been closed, this
+                       should be FALSE when it gets to Curl_ftp_quit() */
+  BIT(cwddone);     /* if it has been determined that the proper CWD combo
+                       already has been done */
+  BIT(cwdfail);     /* set TRUE if a CWD command fails, as then we must prevent
+                       caching the current directory */
+  BIT(wait_data_conn); /* this is set TRUE if data connection is waited */
 };
 
 #define DEFAULT_ACCEPT_TIMEOUT   60000 /* milliseconds == one minute */
diff --git a/lib/ftplistparser.c b/lib/ftplistparser.c
index 3d529ef23..39001e3f6 100644
--- a/lib/ftplistparser.c
+++ b/lib/ftplistparser.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -181,6 +181,43 @@ struct ftp_parselist_data {
   } offsets;
 };
 
+static void fileinfo_dtor(void *user, void *element)
+{
+  (void)user;
+  Curl_fileinfo_cleanup(element);
+}
+
+CURLcode Curl_wildcard_init(struct WildcardData *wc)
+{
+  Curl_llist_init(&wc->filelist, fileinfo_dtor);
+  wc->state = CURLWC_INIT;
+
+  return CURLE_OK;
+}
+
+void Curl_wildcard_dtor(struct WildcardData **wcp)
+{
+  struct WildcardData *wc = *wcp;
+  if(!wc)
+    return;
+
+  if(wc->dtor) {
+    wc->dtor(wc->ftpwc);
+    wc->dtor = ZERO_NULL;
+    wc->ftpwc = NULL;
+  }
+  DEBUGASSERT(wc->ftpwc == NULL);
+
+  Curl_llist_destroy(&wc->filelist, NULL);
+  free(wc->path);
+  wc->path = NULL;
+  free(wc->pattern);
+  wc->pattern = NULL;
+  wc->state = CURLWC_INIT;
+  free(wc);
+  *wcp = NULL;
+}
+
 struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void)
 {
   return calloc(1, sizeof(struct ftp_parselist_data));
@@ -274,8 +311,8 @@ static CURLcode ftp_pl_insert_finfo(struct Curl_easy *data,
                                     struct fileinfo *infop)
 {
   curl_fnmatch_callback compare;
-  struct WildcardData *wc = &data->wildcard;
-  struct ftp_wc *ftpwc = wc->protdata;
+  struct WildcardData *wc = data->wildcard;
+  struct ftp_wc *ftpwc = wc->ftpwc;
   struct Curl_llist *llist = &wc->filelist;
   struct ftp_parselist_data *parser = ftpwc->parser;
   bool add = TRUE;
@@ -330,7 +367,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
 {
   size_t bufflen = size*nmemb;
   struct Curl_easy *data = (struct Curl_easy *)connptr;
-  struct ftp_wc *ftpwc = data->wildcard.protdata;
+  struct ftp_wc *ftpwc = data->wildcard->ftpwc;
   struct ftp_parselist_data *parser = ftpwc->parser;
   struct fileinfo *infop;
   struct curl_fileinfo *finfo;
diff --git a/lib/ftplistparser.h b/lib/ftplistparser.h
index 0a8054341..5ba1f6a97 100644
--- a/lib/ftplistparser.h
+++ b/lib/ftplistparser.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,5 +39,39 @@ struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void);
 
 void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data);
 
+/* list of wildcard process states */
+typedef enum {
+  CURLWC_CLEAR = 0,
+  CURLWC_INIT = 1,
+  CURLWC_MATCHING, /* library is trying to get list of addresses for
+                      downloading */
+  CURLWC_DOWNLOADING,
+  CURLWC_CLEAN, /* deallocate resources and reset settings */
+  CURLWC_SKIP,  /* skip over concrete file */
+  CURLWC_ERROR, /* error cases */
+  CURLWC_DONE   /* if is wildcard->state == CURLWC_DONE wildcard loop
+                   will end */
+} wildcard_states;
+
+typedef void (*wildcard_dtor)(void *ptr);
+
+/* struct keeping information about wildcard download process */
+struct WildcardData {
+  char *path; /* path to the directory, where we trying wildcard-match */
+  char *pattern; /* wildcard pattern */
+  struct Curl_llist filelist; /* llist with struct Curl_fileinfo */
+  struct ftp_wc *ftpwc; /* pointer to FTP wildcard data */
+  wildcard_dtor dtor;
+  unsigned char state; /* wildcard_states */
+};
+
+CURLcode Curl_wildcard_init(struct WildcardData *wc);
+void Curl_wildcard_dtor(struct WildcardData **wcp);
+
+struct Curl_easy;
+
+#else
+/* FTP is disabled */
+#define Curl_wildcard_dtor(x)
 #endif /* CURL_DISABLE_FTP */
 #endif /* HEADER_CURL_FTPLISTPARSER_H */
diff --git a/lib/functypes.h b/lib/functypes.h
index 8891b1d5d..075c02e54 100644
--- a/lib/functypes.h
+++ b/lib/functypes.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/getenv.c b/lib/getenv.c
index 5f00fd13a..806978472 100644
--- a/lib/getenv.c
+++ b/lib/getenv.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/getinfo.c b/lib/getinfo.c
index 3a24c6529..826ffd0b0 100644
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/getinfo.h b/lib/getinfo.h
index 1b5e8c20f..56bb440b4 100644
--- a/lib/getinfo.h
+++ b/lib/getinfo.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/gopher.c b/lib/gopher.c
index 6fbb7de32..4a11d9364 100644
--- a/lib/gopher.c
+++ b/lib/gopher.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/gopher.h b/lib/gopher.h
index 4ea269d2b..9e3365b71 100644
--- a/lib/gopher.h
+++ b/lib/gopher.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/h2h3.c b/lib/h2h3.c
index 3a9288df5..3b21699c3 100644
--- a/lib/h2h3.c
+++ b/lib/h2h3.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -118,6 +118,7 @@ static header_instruction inspect_header(const char *name, size_t namelen,
 CURLcode Curl_pseudo_headers(struct Curl_easy *data,
                              const char *mem, /* the request */
                              const size_t len /* size of request */,
+                             size_t* hdrlen /* opt size of headers read */,
                              struct h2h3req **hp)
 {
   struct connectdata *conn = data->conn;
@@ -291,6 +292,12 @@ CURLcode Curl_pseudo_headers(struct Curl_easy *data,
     }
   }
 
+  if(hdrlen) {
+    /* Skip trailing CRLF */
+    end += 4;
+    *hdrlen = end - mem;
+  }
+
   hreq->entries = nheader;
   *hp = hreq;
 
diff --git a/lib/h2h3.h b/lib/h2h3.h
index c35b7061f..396c12c62 100644
--- a/lib/h2h3.h
+++ b/lib/h2h3.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -51,6 +51,7 @@ struct h2h3req {
 CURLcode Curl_pseudo_headers(struct Curl_easy *data,
                              const char *request,
                              const size_t len,
+                             size_t* hdrlen /* optional */,
                              struct h2h3req **hp);
 
 /*
diff --git a/lib/hash.c b/lib/hash.c
index b6a2a33c7..06ce92cbd 100644
--- a/lib/hash.c
+++ b/lib/hash.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/hash.h b/lib/hash.h
index 5b59bf111..9cfffc25b 100644
--- a/lib/hash.h
+++ b/lib/hash.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/headers.c b/lib/headers.c
index 978c918f4..6cd7e3170 100644
--- a/lib/headers.c
+++ b/lib/headers.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -38,14 +38,13 @@
 
 /* Generate the curl_header struct for the user. This function MUST assign all
    struct fields in the output struct. */
-static void copy_header_external(struct Curl_easy *data,
-                                 struct Curl_header_store *hs,
+static void copy_header_external(struct Curl_header_store *hs,
                                  size_t index,
                                  size_t amount,
                                  struct Curl_llist_element *e,
-                                 struct curl_header **hout)
+                                 struct curl_header *hout)
 {
-  struct curl_header *h = *hout = &data->state.headerout;
+  struct curl_header *h = hout;
   h->name = hs->name;
   h->value = hs->value;
   h->amount = amount;
@@ -118,7 +117,9 @@ CURLHcode curl_easy_header(CURL *easy,
       return CURLHE_MISSING;
   }
   /* this is the name we want */
-  copy_header_external(data, hs, nameindex, amount, e_pick, hout);
+  copy_header_external(hs, nameindex, amount, e_pick,
+                       &data->state.headerout[0]);
+  *hout = &data->state.headerout[0];
   return CURLHE_OK;
 }
 
@@ -132,7 +133,6 @@ struct curl_header *curl_easy_nextheader(CURL *easy,
   struct Curl_llist_element *pick;
   struct Curl_llist_element *e;
   struct Curl_header_store *hs;
-  struct curl_header *hout;
   size_t amount = 0;
   size_t index = 0;
 
@@ -179,8 +179,9 @@ struct curl_header *curl_easy_nextheader(CURL *easy,
       index = amount - 1;
   }
 
-  copy_header_external(data, hs, index, amount, pick, &hout);
-  return hout;
+  copy_header_external(hs, index, amount, pick,
+                       &data->state.headerout[1]);
+  return &data->state.headerout[1];
 }
 
 static CURLcode namevalue(char *header, size_t hlen, unsigned int type,
diff --git a/lib/headers.h b/lib/headers.h
index 96332dbd0..a5229ea22 100644
--- a/lib/headers.h
+++ b/lib/headers.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/hmac.c b/lib/hmac.c
index dfb0db575..8d8de1757 100644
--- a/lib/hmac.c
+++ b/lib/hmac.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/hostasyn.c b/lib/hostasyn.c
index df50d13e1..2f6762ca4 100644
--- a/lib/hostasyn.c
+++ b/lib/hostasyn.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -78,7 +78,7 @@ CURLcode Curl_addrinfo_callback(struct Curl_easy *data,
         Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
 
       dns = Curl_cache_addr(data, ai,
-                            data->state.async.hostname,
+                            data->state.async.hostname, 0,
                             data->state.async.port);
       if(data->share)
         Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
diff --git a/lib/hostip.c b/lib/hostip.c
index dd427a2c6..d0dc2e8d5 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -167,18 +167,25 @@ void Curl_printable_address(const struct Curl_addrinfo *ai, char *buf,
 
 /*
  * Create a hostcache id string for the provided host + port, to be used by
- * the DNS caching. Without alloc.
+ * the DNS caching. Without alloc. Return length of the id string.
  */
-static void
-create_hostcache_id(const char *name, int port, char *ptr, size_t buflen)
+static size_t
+create_hostcache_id(const char *name,
+                    size_t nlen, /* 0 or actual name length */
+                    int port, char *ptr, size_t buflen)
 {
-  size_t len = strlen(name);
+  size_t len = nlen ? nlen : strlen(name);
+  size_t olen = 0;
+  DEBUGASSERT(buflen >= MAX_HOSTCACHE_LEN);
   if(len > (buflen - 7))
     len = buflen - 7;
   /* store and lower case the name */
-  while(len--)
+  while(len--) {
     *ptr++ = Curl_raw_tolower(*name++);
-  msnprintf(ptr, 7, ":%u", port);
+    olen++;
+  }
+  olen += msnprintf(ptr, 7, ":%u", port);
+  return olen;
 }
 
 struct hostcache_prune_data {
@@ -260,20 +267,18 @@ static struct Curl_dns_entry *fetch_addr(struct Curl_easy *data,
                                          int port)
 {
   struct Curl_dns_entry *dns = NULL;
-  size_t entry_len;
   char entry_id[MAX_HOSTCACHE_LEN];
 
   /* Create an entry id, based upon the hostname and port */
-  create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
-  entry_len = strlen(entry_id);
+  size_t entry_len = create_hostcache_id(hostname, 0, port,
+                                         entry_id, sizeof(entry_id));
 
   /* See if its already in our dns cache */
   dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
 
   /* No entry found in cache, check if we might have a wildcard entry */
   if(!dns && data->state.wildcard_resolve) {
-    create_hostcache_id("*", port, entry_id, sizeof(entry_id));
-    entry_len = strlen(entry_id);
+    entry_len = create_hostcache_id("*", 1, port, entry_id, sizeof(entry_id));
 
     /* See if it's already in our dns cache */
     dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
@@ -438,6 +443,7 @@ struct Curl_dns_entry *
 Curl_cache_addr(struct Curl_easy *data,
                 struct Curl_addrinfo *addr,
                 const char *hostname,
+                size_t hostlen, /* length or zero */
                 int port)
 {
   char entry_id[MAX_HOSTCACHE_LEN];
@@ -461,8 +467,8 @@ Curl_cache_addr(struct Curl_easy *data,
   }
 
   /* Create an entry id, based upon the hostname and port */
-  create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
-  entry_len = strlen(entry_id);
+  entry_len = create_hostcache_id(hostname, hostlen, port,
+                                  entry_id, sizeof(entry_id));
 
   dns->inuse = 1;   /* the cache has the first reference */
   dns->addr = addr; /* this is the address(es) */
@@ -791,7 +797,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
         Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
 
       /* we got a response, store it in the cache */
-      dns = Curl_cache_addr(data, addr, hostname, port);
+      dns = Curl_cache_addr(data, addr, hostname, 0, port);
 
       if(data->share)
         Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
@@ -1059,8 +1065,7 @@ void Curl_hostcache_clean(struct Curl_easy *data,
 CURLcode Curl_loadhostpairs(struct Curl_easy *data)
 {
   struct curl_slist *hostp;
-  char hostname[256];
-  int port = 0;
+  char *host_end;
 
   /* Default is no wildcard found */
   data->state.wildcard_resolve = false;
@@ -1070,18 +1075,25 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
     if(!hostp->data)
       continue;
     if(hostp->data[0] == '-') {
+      unsigned long num = 0;
       size_t entry_len;
-
-      if(2 != sscanf(hostp->data + 1, "%255[^:]:%d", hostname, &port)) {
-        infof(data, "Couldn't parse CURLOPT_RESOLVE removal entry '%s'",
+      size_t hlen = 0;
+      host_end = strchr(&hostp->data[1], ':');
+
+      if(host_end) {
+        hlen = host_end - &hostp->data[1];
+        num = strtoul(++host_end, NULL, 10);
+        if(!hlen || (num > 0xffff))
+          host_end = NULL;
+      }
+      if(!host_end) {
+        infof(data, "Bad syntax CURLOPT_RESOLVE removal entry '%s'",
               hostp->data);
         continue;
       }
-
       /* Create an entry id, based upon the hostname and port */
-      create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
-      entry_len = strlen(entry_id);
-
+      entry_len = create_hostcache_id(&hostp->data[1], hlen, (int)num,
+                                      entry_id, sizeof(entry_id));
       if(data->share)
         Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
 
@@ -1102,25 +1114,22 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
       char *addr_begin;
       char *addr_end;
       char *port_ptr;
+      int port = 0;
       char *end_ptr;
       bool permanent = TRUE;
-      char *host_begin;
-      char *host_end;
       unsigned long tmp_port;
       bool error = true;
+      char *host_begin = hostp->data;
+      size_t hlen = 0;
 
-      host_begin = hostp->data;
       if(host_begin[0] == '+') {
         host_begin++;
         permanent = FALSE;
       }
       host_end = strchr(host_begin, ':');
-      if(!host_end ||
-         ((host_end - host_begin) >= (ptrdiff_t)sizeof(hostname)))
+      if(!host_end)
         goto err;
-
-      memcpy(hostname, host_begin, host_end - host_begin);
-      hostname[host_end - host_begin] = '\0';
+      hlen = host_end - host_begin;
 
       port_ptr = host_end + 1;
       tmp_port = strtoul(port_ptr, &end_ptr, 10);
@@ -1196,8 +1205,8 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
       }
 
       /* Create an entry id, based upon the hostname and port */
-      create_hostcache_id(hostname, port, entry_id, sizeof(entry_id));
-      entry_len = strlen(entry_id);
+      entry_len = create_hostcache_id(host_begin, hlen, port,
+                                      entry_id, sizeof(entry_id));
 
       if(data->share)
         Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
@@ -1206,8 +1215,8 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
       dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
 
       if(dns) {
-        infof(data, "RESOLVE %s:%d is - old addresses discarded",
-              hostname, port);
+        infof(data, "RESOLVE %.*s:%d is - old addresses discarded",
+              (int)hlen, host_begin, port);
         /* delete old entry, there are two reasons for this
          1. old entry may have different addresses.
          2. even if entry with correct addresses is already in the cache,
@@ -1223,7 +1232,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
       }
 
       /* put this new host in the cache */
-      dns = Curl_cache_addr(data, head, hostname, port);
+      dns = Curl_cache_addr(data, head, host_begin, hlen, port);
       if(dns) {
         if(permanent)
           dns->timestamp = 0; /* mark as permanent */
@@ -1239,13 +1248,13 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data)
         Curl_freeaddrinfo(head);
         return CURLE_OUT_OF_MEMORY;
       }
-      infof(data, "Added %s:%d:%s to DNS cache%s",
-            hostname, port, addresses, permanent ? "" : " (non-permanent)");
+      infof(data, "Added %.*s:%d:%s to DNS cache%s",
+            (int)hlen, host_begin, port, addresses,
+            permanent ? "" : " (non-permanent)");
 
       /* Wildcard hostname */
-      if(hostname[0] == '*' && hostname[1] == '\0') {
-        infof(data, "RESOLVE %s:%d is wildcard, enabling wildcard checks",
-              hostname, port);
+      if((hlen == 1) && (host_begin[0] == '*')) {
+        infof(data, "RESOLVE *:%d using wildcard", port);
         data->state.wildcard_resolve = true;
       }
     }
diff --git a/lib/hostip.h b/lib/hostip.h
index 3b1d814da..4b5481f65 100644
--- a/lib/hostip.h
+++ b/lib/hostip.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -178,7 +178,7 @@ Curl_fetch_addr(struct Curl_easy *data,
  */
 struct Curl_dns_entry *
 Curl_cache_addr(struct Curl_easy *data, struct Curl_addrinfo *addr,
-                const char *hostname, int port);
+                const char *hostname, size_t hostlen, int port);
 
 #ifndef INADDR_NONE
 #define CURL_INADDR_NONE (in_addr_t) ~0
diff --git a/lib/hostip4.c b/lib/hostip4.c
index 109bd1e5e..9140180ff 100644
--- a/lib/hostip4.c
+++ b/lib/hostip4.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/hostip6.c b/lib/hostip6.c
index af8bc2302..6b0ba55e9 100644
--- a/lib/hostip6.c
+++ b/lib/hostip6.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/hostsyn.c b/lib/hostsyn.c
index 73d1e5056..ca8b0758c 100644
--- a/lib/hostsyn.c
+++ b/lib/hostsyn.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/hsts.c b/lib/hsts.c
index c449120f3..64cbae10c 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,6 +39,7 @@
 #include "parsedate.h"
 #include "fopen.h"
 #include "rename.h"
+#include "share.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -425,14 +426,23 @@ static CURLcode hsts_add(struct hsts *h, char *line)
   if(2 == rc) {
     time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
       TIME_T_MAX;
-    CURLcode result;
+    CURLcode result = CURLE_OK;
     char *p = host;
     bool subdomain = FALSE;
+    struct stsentry *e;
     if(p[0] == '.') {
       p++;
       subdomain = TRUE;
     }
-    result = hsts_create(h, p, subdomain, expires);
+    /* only add it if not already present */
+    e = Curl_hsts(h, p, subdomain);
+    if(!e)
+      result = hsts_create(h, p, subdomain, expires);
+    else {
+      /* the same host name, use the largest expire time */
+      if(expires > e->expires)
+        e->expires = expires;
+    }
     if(result)
       return result;
   }
@@ -551,4 +561,18 @@ CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
   return CURLE_OK;
 }
 
+void Curl_hsts_loadfiles(struct Curl_easy *data)
+{
+  struct curl_slist *l = data->set.hstslist;
+  if(l) {
+    Curl_share_lock(data, CURL_LOCK_DATA_HSTS, CURL_LOCK_ACCESS_SINGLE);
+
+    while(l) {
+      (void)Curl_hsts_loadfile(data, data->hsts, l->data);
+      l = l->next;
+    }
+    Curl_share_unlock(data, CURL_LOCK_DATA_HSTS);
+  }
+}
+
 #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
diff --git a/lib/hsts.h b/lib/hsts.h
index 0e36a7756..d3431a5d7 100644
--- a/lib/hsts.h
+++ b/lib/hsts.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -59,9 +59,11 @@ CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
                             struct hsts *h, const char *file);
 CURLcode Curl_hsts_loadcb(struct Curl_easy *data,
                           struct hsts *h);
+void Curl_hsts_loadfiles(struct Curl_easy *data);
 #else
 #define Curl_hsts_cleanup(x)
 #define Curl_hsts_loadcb(x,y) CURLE_OK
 #define Curl_hsts_save(x,y,z)
+#define Curl_hsts_loadfiles(x)
 #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
 #endif /* HEADER_CURL_HSTS_H */
diff --git a/lib/http.c b/lib/http.c
index 1b7502280..faa486cc6 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -62,6 +62,7 @@
 #include "cookie.h"
 #include "vauth/vauth.h"
 #include "vtls/vtls.h"
+#include "vquic/vquic.h"
 #include "http_digest.h"
 #include "http_ntlm.h"
 #include "curl_ntlm_wb.h"
@@ -87,6 +88,7 @@
 #include "hsts.h"
 #include "ws.h"
 #include "c-hyper.h"
+#include "curl_ctype.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -150,7 +152,7 @@ const struct Curl_handler Curl_handler_ws = {
   http_getsock_do,                      /* doing_getsock */
   ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
-  ZERO_NULL,                            /* disconnect */
+  Curl_ws_disconnect,                   /* disconnect */
   ZERO_NULL,                            /* readwrite */
   ZERO_NULL,                            /* connection_check */
   ZERO_NULL,                            /* attach connection */
@@ -204,7 +206,7 @@ const struct Curl_handler Curl_handler_wss = {
   http_getsock_do,                      /* doing_getsock */
   ZERO_NULL,                            /* domore_getsock */
   ZERO_NULL,                            /* perform_getsock */
-  ZERO_NULL,                            /* disconnect */
+  Curl_ws_disconnect,                   /* disconnect */
   ZERO_NULL,                            /* readwrite */
   ZERO_NULL,                            /* connection_check */
   ZERO_NULL,                            /* attach connection */
@@ -218,41 +220,6 @@ const struct Curl_handler Curl_handler_wss = {
 
 #endif
 
-static CURLcode h3_setup_conn(struct Curl_easy *data,
-                              struct connectdata *conn)
-{
-#ifdef ENABLE_QUIC
-  /* We want HTTP/3 directly, setup the filter chain ourself,
-   * overriding the default behaviour. */
-  DEBUGASSERT(conn->transport == TRNSPRT_QUIC);
-
-  if(!(conn->handler->flags & PROTOPT_SSL)) {
-    failf(data, "HTTP/3 requested for non-HTTPS URL");
-    return CURLE_URL_MALFORMAT;
-  }
-#ifndef CURL_DISABLE_PROXY
-  if(conn->bits.socksproxy) {
-    failf(data, "HTTP/3 is not supported over a SOCKS proxy");
-    return CURLE_URL_MALFORMAT;
-  }
-  if(conn->bits.httpproxy && conn->bits.tunnel_proxy) {
-    failf(data, "HTTP/3 is not supported over a HTTP proxy");
-    return CURLE_URL_MALFORMAT;
-  }
-#endif
-
-  DEBUGF(infof(data, "HTTP/3 direct conn setup(conn #%ld, index=%d)",
-         conn->connection_id, FIRSTSOCKET));
-  return Curl_conn_socket_set(data, conn, FIRSTSOCKET);
-
-#else /* ENABLE_QUIC */
-  (void)conn;
-  (void)data;
-  DEBUGF(infof(data, "QUIC is not supported in this build"));
-  return CURLE_NOT_BUILT_IN;
-#endif /* !ENABLE_QUIC */
-}
-
 static CURLcode http_setup_conn(struct Curl_easy *data,
                                 struct connectdata *conn)
 {
@@ -267,20 +234,14 @@ static CURLcode http_setup_conn(struct Curl_easy *data,
 
   Curl_mime_initpart(&http->form);
   data->req.p.http = http;
+  connkeep(conn, "HTTP default");
 
-  if(data->state.httpwant == CURL_HTTP_VERSION_3) {
-    conn->transport = TRNSPRT_QUIC;
+  if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) {
+    CURLcode result = Curl_conn_may_http3(data, conn);
+    if(result)
+      return result;
   }
 
-  if(conn->transport == TRNSPRT_QUIC) {
-    return h3_setup_conn(data, conn);
-  }
-  else {
-    if(!CONN_INUSE(conn))
-      /* if not already multi-using, setup connection details */
-      Curl_http2_setup_conn(conn);
-    Curl_http2_setup_req(data);
-  }
   return CURLE_OK;
 }
 
@@ -1256,8 +1217,8 @@ static size_t readmoredata(char *buffer,
                            size_t nitems,
                            void *userp)
 {
-  struct Curl_easy *data = (struct Curl_easy *)userp;
-  struct HTTP *http = data->req.p.http;
+  struct HTTP *http = (struct HTTP *)userp;
+  struct Curl_easy *data = http->backup.data;
   size_t fullsize = size * nitems;
 
   if(!http->postsize)
@@ -1309,6 +1270,7 @@ static size_t readmoredata(char *buffer,
  */
 CURLcode Curl_buffer_send(struct dynbuf *in,
                           struct Curl_easy *data,
+                          struct HTTP *http,
                           /* add the number of sent bytes to this
                              counter */
                           curl_off_t *bytes_written,
@@ -1321,14 +1283,13 @@ CURLcode Curl_buffer_send(struct dynbuf *in,
   char *ptr;
   size_t size;
   struct connectdata *conn = data->conn;
-  struct HTTP *http = data->req.p.http;
   size_t sendsize;
   curl_socket_t sockfd;
   size_t headersize;
 
   DEBUGASSERT(socketindex <= SECONDARYSOCKET);
 
-  sockfd = conn->sock[socketindex];
+  sockfd = Curl_conn_get_socket(data, socketindex);
 
   /* The looping below is required since we use non-blocking sockets, but due
      to the circumstances we will just loop and try again and again etc */
@@ -1456,10 +1417,11 @@ CURLcode Curl_buffer_send(struct dynbuf *in,
         http->backup.fread_in = data->state.in;
         http->backup.postdata = http->postdata;
         http->backup.postsize = http->postsize;
+        http->backup.data = data;
 
         /* set the new pointers for the request-sending */
         data->state.fread_func = (curl_read_callback)readmoredata;
-        data->state.in = (void *)data;
+        data->state.in = (void *)http;
         http->postdata = ptr;
         http->postsize = (curl_off_t)size;
 
@@ -1468,7 +1430,6 @@ CURLcode Curl_buffer_send(struct dynbuf *in,
 
         http->send_buffer = *in; /* copy the whole struct */
         http->sending = HTTPSEND_REQUEST;
-
         return CURLE_OK;
       }
       http->sending = HTTPSEND_BODY;
@@ -1579,8 +1540,8 @@ static int http_getsock_do(struct Curl_easy *data,
                            curl_socket_t *socks)
 {
   /* write mode */
-  (void)data;
-  socks[0] = conn->sock[FIRSTSOCKET];
+  (void)conn;
+  socks[0] = Curl_conn_get_socket(data, FIRSTSOCKET);
   return GETSOCK_WRITESOCK(0);
 }
 
@@ -1610,8 +1571,6 @@ CURLcode Curl_http_done(struct Curl_easy *data,
     return CURLE_OK;
 
   Curl_dyn_free(&http->send_buffer);
-  Curl_http2_done(data, premature);
-  Curl_quic_done(data, premature);
   Curl_mime_cleanpart(&http->form);
   Curl_dyn_reset(&data->state.headerb);
   Curl_hyper_done(data);
@@ -1664,17 +1623,10 @@ bool Curl_use_http_1_1plus(const struct Curl_easy *data,
 static const char *get_http_string(const struct Curl_easy *data,
                                    const struct connectdata *conn)
 {
-#ifdef ENABLE_QUIC
-  if((data->state.httpwant == CURL_HTTP_VERSION_3) ||
-     (conn->httpversion == 30))
+  if(Curl_conn_is_http3(data, conn, FIRSTSOCKET))
     return "3";
-#endif
-
-#ifdef USE_NGHTTP2
-  if(conn->proto.httpc.h2)
+  if(Curl_conn_is_http2(data, conn, FIRSTSOCKET))
     return "2";
-#endif
-
   if(Curl_use_http_1_1plus(data, conn))
     return "1.1";
 
@@ -2359,7 +2311,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
   curl_off_t included_body = 0;
 #else
   /* from this point down, this function should not be used */
-#define Curl_buffer_send(a,b,c,d,e) CURLE_OK
+#define Curl_buffer_send(a,b,c,d,e,f) CURLE_OK
 #endif
   CURLcode result = CURLE_OK;
   struct HTTP *http = data->req.p.http;
@@ -2388,7 +2340,16 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
         return result;
     }
 
-    if(http->postsize) {
+    /* For really small puts we don't use Expect: headers at all, and for
+       the somewhat bigger ones we allow the app to disable it. Just make
+       sure that the expect100header is always set to the preferred value
+       here. */
+    ptr = Curl_checkheaders(data, STRCONST("Expect"));
+    if(ptr) {
+      data->state.expect100header =
+        Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue"));
+    }
+    else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) {
       result = expect100(data, conn, r);
       if(result)
         return result;
@@ -2403,7 +2364,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
     Curl_pgrsSetUploadSize(data, http->postsize);
 
     /* this sends the buffer and frees all the buffer resources */
-    result = Curl_buffer_send(r, data, &data->info.request_size, 0,
+    result = Curl_buffer_send(r, data, data->req.p.http,
+                              &data->info.request_size, 0,
                               FIRSTSOCKET);
     if(result)
       failf(data, "Failed sending PUT request");
@@ -2424,7 +2386,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
       if(result)
         return result;
 
-      result = Curl_buffer_send(r, data, &data->info.request_size, 0,
+      result = Curl_buffer_send(r, data, data->req.p.http,
+                                &data->info.request_size, 0,
                                 FIRSTSOCKET);
       if(result)
         failf(data, "Failed sending POST request");
@@ -2440,8 +2403,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
        we don't upload data chunked, as RFC2616 forbids us to set both
        kinds of headers (Transfer-Encoding: chunked and Content-Length) */
     if(http->postsize != -1 && !data->req.upload_chunky &&
-       (conn->bits.authneg ||
-        !Curl_checkheaders(data, STRCONST("Content-Length")))) {
+       (!Curl_checkheaders(data, STRCONST("Content-Length")))) {
       /* we allow replacing this header if not during auth negotiation,
          although it isn't very wise to actually set your own */
       result = Curl_dyn_addf(r,
@@ -2495,7 +2457,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
     http->sending = HTTPSEND_BODY;
 
     /* this sends the buffer and frees all the buffer resources */
-    result = Curl_buffer_send(r, data, &data->info.request_size, 0,
+    result = Curl_buffer_send(r, data, data->req.p.http,
+                              &data->info.request_size, 0,
                               FIRSTSOCKET);
     if(result)
       failf(data, "Failed sending POST request");
@@ -2561,7 +2524,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
 
       /* In HTTP2, we send request body in DATA frame regardless of
          its size. */
-      if(conn->httpversion != 20 &&
+      if(conn->httpversion < 20 &&
          !data->state.expect100header &&
          (http->postsize < MAX_INITIAL_POST_SIZE)) {
         /* if we don't use expect: 100  AND
@@ -2612,11 +2575,10 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
       else {
         /* A huge POST coming up, do data separate from the request */
         http->postdata = data->set.postfields;
-
         http->sending = HTTPSEND_BODY;
-
+        http->backup.data = data;
         data->state.fread_func = (curl_read_callback)readmoredata;
-        data->state.in = (void *)data;
+        data->state.in = (void *)http;
 
         /* set the upload size to the progress meter */
         Curl_pgrsSetUploadSize(data, http->postsize);
@@ -2655,7 +2617,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
       }
     }
     /* issue the request */
-    result = Curl_buffer_send(r, data, &data->info.request_size, included_body,
+    result = Curl_buffer_send(r, data, data->req.p.http,
+                              &data->info.request_size, included_body,
                               FIRSTSOCKET);
 
     if(result)
@@ -2671,7 +2634,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn,
       return result;
 
     /* issue the request */
-    result = Curl_buffer_send(r, data, &data->info.request_size, 0,
+    result = Curl_buffer_send(r, data, data->req.p.http,
+                              &data->info.request_size, 0,
                               FIRSTSOCKET);
     if(result)
       failf(data, "Failed sending HTTP request");
@@ -3021,50 +2985,27 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
      the rest of the request in the PERFORM phase. */
   *done = TRUE;
 
-  if(conn->transport != TRNSPRT_QUIC) {
-    if(conn->httpversion < 20) { /* unless the connection is re-used and
-                                    already http2 */
-      switch(conn->alpn) {
-      case CURL_HTTP_VERSION_2:
-        conn->httpversion = 20; /* we know we're on HTTP/2 now */
-
-        result = Curl_http2_switched(data, NULL, 0);
-        if(result)
-          return result;
-        break;
-      case CURL_HTTP_VERSION_1_1:
-        /* continue with HTTP/1.1 when explicitly requested */
-        break;
-      default:
-        /* Check if user wants to use HTTP/2 with clear TCP */
-#ifdef USE_NGHTTP2
-        if(data->state.httpwant == CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) {
-#ifndef CURL_DISABLE_PROXY
-          if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
-            /* We don't support HTTP/2 proxies yet. Also it's debatable
-               whether or not this setting should apply to HTTP/2 proxies. */
-            infof(data, "Ignoring HTTP/2 prior knowledge due to proxy");
-            break;
-          }
-#endif
-          DEBUGF(infof(data, "HTTP/2 over clean TCP"));
-          conn->httpversion = 20;
-
-          result = Curl_http2_switched(data, NULL, 0);
-          if(result)
-            return result;
-        }
-#endif
-        break;
-      }
-    }
-    else {
-      /* prepare for an http2 request */
-      result = Curl_http2_setup(data, conn);
+  switch(conn->alpn) {
+  case CURL_HTTP_VERSION_3:
+    DEBUGASSERT(Curl_conn_is_http3(data, conn, FIRSTSOCKET));
+    break;
+  case CURL_HTTP_VERSION_2:
+    DEBUGASSERT(Curl_conn_is_http2(data, conn, FIRSTSOCKET));
+    break;
+  case CURL_HTTP_VERSION_1_1:
+    /* continue with HTTP/1.1 when explicitly requested */
+    break;
+  default:
+    /* Check if user wants to use HTTP/2 with clear TCP */
+    if(Curl_http2_may_switch(data, conn, FIRSTSOCKET)) {
+      DEBUGF(infof(data, "HTTP/2 over clean TCP"));
+      result = Curl_http2_switch(data, conn, FIRSTSOCKET);
       if(result)
         return result;
     }
+    break;
   }
+
   http = data->req.p.http;
   DEBUGASSERT(http);
 
@@ -3224,7 +3165,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
   }
 
   if(!(conn->handler->flags&PROTOPT_SSL) &&
-     conn->httpversion != 20 &&
+     conn->httpversion < 20 &&
      (data->state.httpwant == CURL_HTTP_VERSION_2)) {
     /* append HTTP2 upgrade magic stuff to the HTTP request if it isn't done
        over SSL */
@@ -3236,8 +3177,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
   }
 
   result = Curl_http_cookies(data, conn, &req);
+#ifdef USE_WEBSOCKETS
   if(!result && conn->handler->protocol&(CURLPROTO_WS|CURLPROTO_WSS))
     result = Curl_ws_request(data, &req);
+#endif
   if(!result)
     result = Curl_add_timecondition(data, &req);
   if(!result)
@@ -3282,7 +3225,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
     }
   }
 
-  if((conn->httpversion == 20) && data->req.upload_chunky)
+  if((conn->httpversion >= 20) && data->req.upload_chunky)
     /* upload_chunky was set above to set up the request in a chunky fashion,
        but is disabled here again to avoid that the chunked encoded version is
        actually used when sending the request body over h2 */
@@ -3669,7 +3612,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
 #endif
             )) {
     /* the ALPN of the current request */
-    enum alpnid id = (conn->httpversion == 20) ? ALPN_h2 : ALPN_h1;
+    enum alpnid id = (conn->httpversion == 30)? ALPN_h3 :
+                       (conn->httpversion == 20) ? ALPN_h2 : ALPN_h1;
     result = Curl_altsvc_parse(data, data->asi,
                                headp + strlen("Alt-Svc:"),
                                id, conn->host.name,
@@ -3963,7 +3907,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
 
             /* switch to http2 now. The bytes after response headers
                are also processed here, otherwise they are lost. */
-            result = Curl_http2_switched(data, k->str, *nread);
+            result = Curl_http2_upgrade(data, conn, FIRSTSOCKET,
+                                        k->str, *nread);
             if(result)
               return result;
             *nread = 0;
@@ -3971,7 +3916,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
 #ifdef USE_WEBSOCKETS
           else if(k->upgr101 == UPGR101_WS) {
             /* verify the response */
-            result = Curl_ws_accept(data);
+            result = Curl_ws_accept(data, k->str, *nread);
             if(result)
               return result;
             k->header = FALSE; /* no more header to parse! */
@@ -4191,11 +4136,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
            stream.  In order to do this, we keep reading until we
            close the stream. */
         if(0 == k->maxdownload
-#if defined(USE_NGHTTP2)
-           && !((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
-                conn->httpversion == 20)
-#endif
-           )
+           && !Curl_conn_is_http2(data, conn, FIRSTSOCKET)
+           && !Curl_conn_is_http3(data, conn, FIRSTSOCKET))
           *stop_reading = TRUE;
 
         if(*stop_reading) {
@@ -4220,11 +4162,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
     if(!k->headerline++) {
       /* This is the first header, it MUST be the error code line
          or else we consider this to be the body right away! */
-      int httpversion_major;
-      int rtspversion_major;
-      int nc = 0;
-#define HEADER1 headp /* no conversion needed, just use headp */
-
+      bool fine_statusline = FALSE;
       if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
         /*
          * https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2
@@ -4233,39 +4171,60 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
          * says. We allow any three-digit number here, but we cannot make
          * guarantees on future behaviors since it isn't within the protocol.
          */
-        char separator;
-        char twoorthree[2];
         int httpversion = 0;
-        char digit4 = 0;
-        nc = sscanf(HEADER1,
-                    " HTTP/%1d.%1d%c%3d%c",
-                    &httpversion_major,
-                    &httpversion,
-                    &separator,
-                    &k->httpcode,
-                    &digit4);
-
-        if(nc == 1 && httpversion_major >= 2 &&
-           2 == sscanf(HEADER1, " HTTP/%1[23] %d", twoorthree, &k->httpcode)) {
-          conn->httpversion = 0;
-          nc = 4;
-          separator = ' ';
-        }
-
-        /* There can only be a 4th response code digit stored in 'digit4' if
-           all the other fields were parsed and stored first, so nc is 5 when
-           digit4 a digit.
-
-           The sscanf() line above will also allow zero-prefixed and negative
-           numbers, so we check for that too here.
-        */
-        else if(ISDIGIT(digit4) || (nc >= 4 && k->httpcode < 100)) {
-          failf(data, "Unsupported response code in HTTP response");
-          return CURLE_UNSUPPORTED_PROTOCOL;
+        char *p = headp;
+
+        while(*p && ISBLANK(*p))
+          p++;
+        if(!strncmp(p, "HTTP/", 5)) {
+          p += 5;
+          switch(*p) {
+          case '1':
+            p++;
+            if((p[0] == '.') && (p[1] == '0' || p[1] == '1')) {
+              if(ISBLANK(p[2])) {
+                httpversion = 10 + (p[1] - '0');
+                p += 3;
+                if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
+                  k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 +
+                    (p[2] - '0');
+                  p += 3;
+                  if(ISSPACE(*p))
+                    fine_statusline = TRUE;
+                }
+              }
+            }
+            if(!fine_statusline) {
+              failf(data, "Unsupported HTTP/1 subversion in response");
+              return CURLE_UNSUPPORTED_PROTOCOL;
+            }
+            break;
+          case '2':
+          case '3':
+            if(!ISBLANK(p[1]))
+              break;
+            httpversion = (*p - '0') * 10;
+            p += 2;
+            if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
+              k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 +
+                (p[2] - '0');
+              p += 3;
+              if(!ISSPACE(*p))
+                break;
+              fine_statusline = TRUE;
+            }
+            break;
+          default: /* unsupported */
+            failf(data, "Unsupported HTTP version in response");
+            return CURLE_UNSUPPORTED_PROTOCOL;
+          }
         }
 
-        if((nc >= 4) && (' ' == separator)) {
-          httpversion += 10 * httpversion_major;
+        if(fine_statusline) {
+          if(k->httpcode < 100) {
+            failf(data, "Unsupported response code in HTTP response");
+            return CURLE_UNSUPPORTED_PROTOCOL;
+          }
           switch(httpversion) {
           case 10:
           case 11:
@@ -4290,54 +4249,52 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
           }
           if(conn->httpversion < 20) {
             conn->bundle->multiuse = BUNDLE_NO_MULTIUSE;
-            infof(data, "Mark bundle as not supporting multiuse");
           }
         }
-        else if(!nc) {
-          /* this is the real world, not a Nirvana
-             NCSA 1.5.x returns this crap when asked for HTTP/1.1
-          */
-          nc = sscanf(HEADER1, " HTTP %3d", &k->httpcode);
-          conn->httpversion = 10;
-
+        else {
           /* If user has set option HTTP200ALIASES,
              compare header line against list of aliases
           */
-          if(!nc) {
-            statusline check =
-              checkhttpprefix(data,
-                              Curl_dyn_ptr(&data->state.headerb),
-                              Curl_dyn_len(&data->state.headerb));
-            if(check == STATUS_DONE) {
-              nc = 1;
-              k->httpcode = 200;
-              conn->httpversion = 10;
-            }
+          statusline check =
+            checkhttpprefix(data,
+                            Curl_dyn_ptr(&data->state.headerb),
+                            Curl_dyn_len(&data->state.headerb));
+          if(check == STATUS_DONE) {
+            fine_statusline = TRUE;
+            k->httpcode = 200;
+            conn->httpversion = 10;
           }
         }
-        else {
-          failf(data, "Unsupported HTTP version in response");
-          return CURLE_UNSUPPORTED_PROTOCOL;
-        }
       }
       else if(conn->handler->protocol & CURLPROTO_RTSP) {
-        char separator;
-        int rtspversion;
-        nc = sscanf(HEADER1,
-                    " RTSP/%1d.%1d%c%3d",
-                    &rtspversion_major,
-                    &rtspversion,
-                    &separator,
-                    &k->httpcode);
-        if((nc == 4) && (' ' == separator)) {
-          conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */
-        }
-        else {
-          nc = 0;
+        char *p = headp;
+        while(*p && ISBLANK(*p))
+          p++;
+        if(!strncmp(p, "RTSP/", 5)) {
+          p += 5;
+          if(ISDIGIT(*p)) {
+            p++;
+            if((p[0] == '.') && ISDIGIT(p[1])) {
+              if(ISBLANK(p[2])) {
+                p += 3;
+                if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) {
+                  k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 +
+                    (p[2] - '0');
+                  p += 3;
+                  if(ISSPACE(*p)) {
+                    fine_statusline = TRUE;
+                    conn->httpversion = 11; /* RTSP acts like HTTP 1.1 */
+                  }
+                }
+              }
+            }
+          }
+          if(!fine_statusline)
+            return CURLE_WEIRD_SERVER_REPLY;
         }
       }
 
-      if(nc) {
+      if(fine_statusline) {
         result = Curl_http_statusline(data, conn);
         if(result)
           return result;
diff --git a/lib/http.h b/lib/http.h
index ecfe4eed0..444abc0be 100644
--- a/lib/http.h
+++ b/lib/http.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,6 +24,11 @@
  *
  ***************************************************************************/
 #include "curl_setup.h"
+
+#if defined(USE_MSH3) && !defined(_WIN32)
+#include <pthread.h>
+#endif
+
 #include "ws.h"
 
 typedef enum {
@@ -37,11 +42,7 @@ typedef enum {
 
 #ifndef CURL_DISABLE_HTTP
 
-#ifdef USE_NGHTTP2
-#include <nghttp2/nghttp2.h>
-#endif
-
-#if defined(_WIN32) && defined(ENABLE_QUIC)
+#if defined(ENABLE_QUIC) || defined(USE_NGHTTP2)
 #include <stdint.h>
 #endif
 
@@ -73,8 +74,10 @@ char *Curl_checkProxyheaders(struct Curl_easy *data,
                              const struct connectdata *conn,
                              const char *thisheader,
                              const size_t thislen);
+struct HTTP; /* see below */
 CURLcode Curl_buffer_send(struct dynbuf *in,
                           struct Curl_easy *data,
+                          struct HTTP *http,
                           curl_off_t *bytes_written,
                           curl_off_t included_body_bytes,
                           int socketindex);
@@ -179,29 +182,6 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data);
 struct h3out; /* see ngtcp2 */
 #endif
 
-#ifdef USE_MSH3
-#ifdef _WIN32
-#define msh3_lock CRITICAL_SECTION
-#define msh3_lock_initialize(lock) InitializeCriticalSection(lock)
-#define msh3_lock_uninitialize(lock) DeleteCriticalSection(lock)
-#define msh3_lock_acquire(lock) EnterCriticalSection(lock)
-#define msh3_lock_release(lock) LeaveCriticalSection(lock)
-#else /* !_WIN32 */
-#include <pthread.h>
-#define msh3_lock pthread_mutex_t
-#define msh3_lock_initialize(lock) { \
-  pthread_mutexattr_t attr; \
-  pthread_mutexattr_init(&attr); \
-  pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); \
-  pthread_mutex_init(lock, &attr); \
-  pthread_mutexattr_destroy(&attr); \
-}
-#define msh3_lock_uninitialize(lock) pthread_mutex_destroy(lock)
-#define msh3_lock_acquire(lock) pthread_mutex_lock(lock)
-#define msh3_lock_release(lock) pthread_mutex_unlock(lock)
-#endif /* _WIN32 */
-#endif /* USE_MSH3 */
-
 /****************************************************************************
  * HTTP unique setup
  ***************************************************************************/
@@ -220,6 +200,7 @@ struct HTTP {
     void *fread_in;           /* backup storage for fread_in pointer */
     const char *postdata;
     curl_off_t postsize;
+    struct Curl_easy *data;
   } backup;
 
   enum {
@@ -258,7 +239,6 @@ struct HTTP {
 #if defined(USE_NGHTTP2) || defined(USE_NGHTTP3)
   bool bodystarted;
   int status_code; /* HTTP status code */
-  bool closed; /* TRUE on HTTP2 stream close */
   char *mem;     /* points to a buffer in memory to store received data */
   size_t len;    /* size of the buffer 'mem' points to */
   size_t memlen; /* size of data copied to mem */
@@ -268,6 +248,8 @@ struct HTTP {
   const uint8_t *upload_mem; /* points to a buffer to read from */
   size_t upload_len; /* size of the buffer 'upload_mem' points to */
   curl_off_t upload_left; /* number of bytes left to upload */
+  bool closed; /* TRUE on stream close */
+  bool reset;  /* TRUE on stream reset */
 #endif
 
 #ifdef ENABLE_QUIC
@@ -278,20 +260,25 @@ struct HTTP {
   bool firstheader;  /* FALSE until headers arrive */
   bool firstbody;  /* FALSE until body arrives */
   bool h3req;    /* FALSE until request is issued */
-#endif
+#endif /* !USE_MSH3 */
   bool upload_done;
-#endif
+#endif /* ENABLE_QUIC */
 #ifdef USE_NGHTTP3
-  size_t unacked_window;
+  size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */
   struct h3out *h3out; /* per-stream buffers for upload */
   struct dynbuf overflow; /* excess data received during a single Curl_read */
-#endif
+#endif /* USE_NGHTTP3 */
 #ifdef USE_MSH3
   struct MSH3_REQUEST *req;
-  msh3_lock recv_lock;
+#ifdef _WIN32
+  CRITICAL_SECTION recv_lock;
+#else /* !_WIN32 */
+  pthread_mutex_t recv_lock;
+#endif /* _WIN32 */
   /* Receive Buffer (Headers and Data) */
   uint8_t* recv_buf;
   size_t recv_buf_alloc;
+  size_t recv_buf_max;
   /* Receive Headers */
   size_t recv_header_len;
   bool recv_header_complete;
@@ -300,53 +287,13 @@ struct HTTP {
   bool recv_data_complete;
   /* General Receive Error */
   CURLcode recv_error;
-#endif
-};
-
-#ifdef USE_NGHTTP2
-/* h2 settings for this connection */
-struct h2settings {
-  uint32_t max_concurrent_streams;
-  bool enable_push;
-};
-#endif
-
-struct http_conn {
-#ifdef USE_NGHTTP2
-#define H2_BINSETTINGS_LEN 80
-  uint8_t binsettings[H2_BINSETTINGS_LEN];
-  size_t  binlen; /* length of the binsettings data */
-
-  /* We associate the connectdata struct with the connection, but we need to
-     make sure we can identify the current "driving" transfer. This is a
-     work-around for the lack of nghttp2_session_set_user_data() in older
-     nghttp2 versions that we want to support. (Added in 1.31.0) */
-  struct Curl_easy *trnsfr;
-
-  nghttp2_session *h2;
-  Curl_send *send_underlying; /* underlying send Curl_send callback */
-  Curl_recv *recv_underlying; /* underlying recv Curl_recv callback */
-  char *inbuf; /* buffer to receive data from underlying socket */
-  size_t inbuflen; /* number of bytes filled in inbuf */
-  size_t nread_inbuf; /* number of bytes read from in inbuf */
-  /* We need separate buffer for transmission and reception because we
-     may call nghttp2_session_send() after the
-     nghttp2_session_mem_recv() but mem buffer is still not full. In
-     this case, we wrongly sends the content of mem buffer if we share
-     them for both cases. */
-  int32_t pause_stream_id; /* stream ID which paused
-                              nghttp2_session_mem_recv */
-  size_t drain_total; /* sum of all stream's UrlState.drain */
-
-  /* this is a hash of all individual streams (Curl_easy structs) */
-  struct h2settings settings;
-
-  /* list of settings that will be sent */
-  nghttp2_settings_entry local_settings[3];
-  size_t local_settings_num;
-#else
-  int unused; /* prevent a compiler warning */
-#endif
+#endif /* USE_MSH3 */
+#ifdef USE_QUICHE
+  bool h3_got_header; /* TRUE when h3 stream has recvd some HEADER */
+  bool h3_recving_data; /* TRUE when h3 stream is reading DATA */
+  bool h3_body_pending; /* TRUE when h3 stream may have more body DATA */
+  struct h3_event_node *pending;
+#endif /* USE_QUICHE */
 };
 
 CURLcode Curl_http_size(struct Curl_easy *data);
diff --git a/lib/http2.c b/lib/http2.c
index b9d3245cf..b0ce87d98 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -35,6 +35,7 @@
 #include "strcase.h"
 #include "multiif.h"
 #include "url.h"
+#include "cfilters.h"
 #include "connect.h"
 #include "strtoofft.h"
 #include "strdup.h"
@@ -63,302 +64,388 @@
 
 #define HTTP2_HUGE_WINDOW_SIZE (32 * 1024 * 1024) /* 32 MB */
 
-#ifdef DEBUG_HTTP2
-#define H2BUGF(x) x
-#else
-#define H2BUGF(x) do { } while(0)
-#endif
 
-static ssize_t http2_recv(struct Curl_easy *data, int sockindex,
-                          char *mem, size_t len, CURLcode *err);
-static bool http2_connisdead(struct Curl_easy *data,
-                             struct connectdata *conn);
-static int h2_session_send(struct Curl_easy *data,
-                           nghttp2_session *h2);
-static int h2_process_pending_input(struct Curl_easy *data,
-                                    struct http_conn *httpc,
-                                    CURLcode *err);
+#define H2_SETTINGS_IV_LEN  3
+#define H2_BINSETTINGS_LEN 80
 
-/*
- * Curl_http2_init_state() is called when the easy handle is created and
- * allows for HTTP/2 specific init of state.
- */
-void Curl_http2_init_state(struct UrlState *state)
+static int populate_settings(nghttp2_settings_entry *iv,
+                             struct Curl_easy *data)
 {
-  state->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
+  iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
+  iv[0].value = Curl_multi_max_concurrent_streams(data->multi);
+
+  iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
+  iv[1].value = HTTP2_HUGE_WINDOW_SIZE;
+
+  iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
+  iv[2].value = data->multi->push_cb != NULL;
+
+  return 3;
 }
 
-/*
- * Curl_http2_init_userset() is called when the easy handle is created and
- * allows for HTTP/2 specific user-set fields.
- */
-void Curl_http2_init_userset(struct UserDefined *set)
+static size_t populate_binsettings(uint8_t *binsettings,
+                                   struct Curl_easy *data)
 {
-  set->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
+  nghttp2_settings_entry iv[H2_SETTINGS_IV_LEN];
+  int ivlen;
+
+  ivlen = populate_settings(iv, data);
+  /* this returns number of bytes it wrote */
+  return nghttp2_pack_settings_payload(binsettings, H2_BINSETTINGS_LEN,
+                                       iv, ivlen);
 }
 
-static int http2_getsock(struct Curl_easy *data,
-                         struct connectdata *conn,
-                         curl_socket_t *sock)
-{
-  const struct http_conn *c = &conn->proto.httpc;
-  struct SingleRequest *k = &data->req;
-  int bitmap = GETSOCK_BLANK;
-  struct HTTP *stream = data->req.p.http;
+struct cf_h2_ctx {
+  nghttp2_session *h2;
+  uint32_t max_concurrent_streams;
+  /* The easy handle used in the current filter call, cleared at return */
+  struct cf_call_data call_data;
+
+  char *inbuf; /* buffer to receive data from underlying socket */
+  size_t inbuflen; /* number of bytes filled in inbuf */
+  size_t nread_inbuf; /* number of bytes read from in inbuf */
+
+  struct dynbuf outbuf;
+
+  /* We need separate buffer for transmission and reception because we
+     may call nghttp2_session_send() after the
+     nghttp2_session_mem_recv() but mem buffer is still not full. In
+     this case, we wrongly sends the content of mem buffer if we share
+     them for both cases. */
+  int32_t pause_stream_id; /* stream ID which paused
+                              nghttp2_session_mem_recv */
+  size_t drain_total; /* sum of all stream's UrlState.drain */
+  int32_t goaway_error;
+  int32_t last_stream_id;
+  BIT(goaway);
+  BIT(enable_push);
+};
 
-  sock[0] = conn->sock[FIRSTSOCKET];
+/* How to access `call_data` from a cf_h2 filter */
+#define CF_CTX_CALL_DATA(cf)  \
+  ((struct cf_h2_ctx *)(cf)->ctx)->call_data
 
-  if(!(k->keepon & KEEP_RECV_PAUSE))
-    /* Unless paused - in an HTTP/2 connection we can basically always get a
-       frame so we should always be ready for one */
-    bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
 
-  /* we're (still uploading OR the HTTP/2 layer wants to send data) AND
-     there's a window to send data in */
-  if((((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) ||
-      nghttp2_session_want_write(c->h2)) &&
-     (nghttp2_session_get_remote_window_size(c->h2) &&
-      nghttp2_session_get_stream_remote_window_size(c->h2,
-                                                    stream->stream_id)))
-    bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
+static void cf_h2_ctx_clear(struct cf_h2_ctx *ctx)
+{
+  struct cf_call_data save = ctx->call_data;
 
-  return bitmap;
+  if(ctx->h2) {
+    nghttp2_session_del(ctx->h2);
+  }
+  free(ctx->inbuf);
+  Curl_dyn_free(&ctx->outbuf);
+  memset(ctx, 0, sizeof(*ctx));
+  ctx->call_data = save;
 }
 
-/*
- * http2_stream_free() free HTTP2 stream related data
- */
-static void http2_stream_free(struct HTTP *http)
+static void cf_h2_ctx_free(struct cf_h2_ctx *ctx)
 {
-  if(http) {
-    Curl_dyn_free(&http->header_recvbuf);
-    for(; http->push_headers_used > 0; --http->push_headers_used) {
-      free(http->push_headers[http->push_headers_used - 1]);
-    }
-    free(http->push_headers);
-    http->push_headers = NULL;
+  if(ctx) {
+    cf_h2_ctx_clear(ctx);
+    free(ctx);
   }
 }
 
+static int h2_client_new(struct Curl_cfilter *cf,
+                         nghttp2_session_callbacks *cbs)
+{
+  struct cf_h2_ctx *ctx = cf->ctx;
+
+#if NGHTTP2_VERSION_NUM < 0x013200
+  /* before 1.50.0 */
+  return nghttp2_session_client_new(&ctx->h2, cbs, cf);
+#else
+  nghttp2_option *o;
+  int rc = nghttp2_option_new(&o);
+  if(rc)
+    return rc;
+  /* turn off RFC 9113 leading and trailing white spaces validation against
+     HTTP field value. */
+  nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation(o, 1);
+  rc = nghttp2_session_client_new2(&ctx->h2, cbs, cf, o);
+  nghttp2_option_del(o);
+  return rc;
+#endif
+}
+
+static ssize_t send_callback(nghttp2_session *h2,
+                             const uint8_t *mem, size_t length, int flags,
+                             void *userp);
+static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
+                         void *userp);
+static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+                              int32_t stream_id,
+                              const uint8_t *mem, size_t len, void *userp);
+static int on_stream_close(nghttp2_session *session, int32_t stream_id,
+                           uint32_t error_code, void *userp);
+static int on_begin_headers(nghttp2_session *session,
+                            const nghttp2_frame *frame, void *userp);
+static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+                     const uint8_t *name, size_t namelen,
+                     const uint8_t *value, size_t valuelen,
+                     uint8_t flags,
+                     void *userp);
+static int error_callback(nghttp2_session *session, const char *msg,
+                          size_t len, void *userp);
+
 /*
- * Disconnects *a* connection used for HTTP/2. It might be an old one from the
- * connection cache and not the "main" one. Don't touch the easy handle!
+ * multi_connchanged() is called to tell that there is a connection in
+ * this multi handle that has changed state (multiplexing become possible, the
+ * number of allowed streams changed or similar), and a subsequent use of this
+ * multi handle should move CONNECT_PEND handles back to CONNECT to have them
+ * retry.
  */
+static void multi_connchanged(struct Curl_multi *multi)
+{
+  multi->recheckstate = TRUE;
+}
 
-static CURLcode http2_disconnect(struct Curl_easy *data,
-                                 struct connectdata *conn,
-                                 bool dead_connection)
+static CURLcode http2_data_setup(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data)
 {
-  struct http_conn *c = &conn->proto.httpc;
-  (void)dead_connection;
-#ifndef DEBUG_HTTP2
-  (void)data;
-#endif
+  struct HTTP *stream = data->req.p.http;
 
-  H2BUGF(infof(data, "HTTP/2 DISCONNECT starts now"));
+  (void)cf;
+  DEBUGASSERT(stream);
+  DEBUGASSERT(data->state.buffer);
 
-  nghttp2_session_del(c->h2);
-  Curl_safefree(c->inbuf);
+  stream->stream_id = -1;
 
-  H2BUGF(infof(data, "HTTP/2 DISCONNECT done"));
+  Curl_dyn_init(&stream->header_recvbuf, DYN_H2_HEADERS);
+  Curl_dyn_init(&stream->trailer_recvbuf, DYN_H2_TRAILERS);
+
+  stream->bodystarted = FALSE;
+  stream->status_code = -1;
+  stream->pausedata = NULL;
+  stream->pauselen = 0;
+  stream->closed = FALSE;
+  stream->close_handled = FALSE;
+  stream->memlen = 0;
+  stream->error = NGHTTP2_NO_ERROR;
+  stream->upload_left = 0;
+  stream->upload_mem = NULL;
+  stream->upload_len = 0;
+  stream->mem = data->state.buffer;
+  stream->len = data->set.buffer_size;
 
   return CURLE_OK;
 }
 
 /*
- * The server may send us data at any point (e.g. PING frames). Therefore,
- * we cannot assume that an HTTP/2 socket is dead just because it is readable.
- *
- * Instead, if it is readable, run Curl_connalive() to peek at the socket
- * and distinguish between closed and data.
+ * Initialize the cfilter context
  */
-static bool http2_connisdead(struct Curl_easy *data, struct connectdata *conn)
+static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               bool via_h1_upgrade)
 {
-  int sval;
-  bool dead = TRUE;
+  struct cf_h2_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  CURLcode result = CURLE_OUT_OF_MEMORY;
+  int rc;
+  nghttp2_session_callbacks *cbs = NULL;
+
+  DEBUGASSERT(!ctx->h2);
+  ctx->inbuf = malloc(H2_BUFSIZE);
+  if(!ctx->inbuf)
+      goto out;
+  /* we want to aggregate small frames, SETTINGS, PRIO, UPDATES */
+  Curl_dyn_init(&ctx->outbuf, 4*1024);
+
+  rc = nghttp2_session_callbacks_new(&cbs);
+  if(rc) {
+    failf(data, "Couldn't initialize nghttp2 callbacks");
+    goto out;
+  }
+
+  nghttp2_session_callbacks_set_send_callback(cbs, send_callback);
+  nghttp2_session_callbacks_set_on_frame_recv_callback(cbs, on_frame_recv);
+  nghttp2_session_callbacks_set_on_data_chunk_recv_callback(
+    cbs, on_data_chunk_recv);
+  nghttp2_session_callbacks_set_on_stream_close_callback(cbs, on_stream_close);
+  nghttp2_session_callbacks_set_on_begin_headers_callback(
+    cbs, on_begin_headers);
+  nghttp2_session_callbacks_set_on_header_callback(cbs, on_header);
+  nghttp2_session_callbacks_set_error_callback(cbs, error_callback);
+
+  /* The nghttp2 session is not yet setup, do it */
+  rc = h2_client_new(cf, cbs);
+  if(rc) {
+    failf(data, "Couldn't initialize nghttp2");
+    goto out;
+  }
+  ctx->max_concurrent_streams = DEFAULT_MAX_CONCURRENT_STREAMS;
+
+  result = http2_data_setup(cf, data);
+  if(result)
+    goto out;
 
-  if(conn->bits.close)
-    return TRUE;
+  if(via_h1_upgrade) {
+    /* HTTP/1.1 Upgrade issued. H2 Settings have already been submitted
+     * in the H1 request and we upgrade from there. This stream
+     * is opened implicitly as #1. */
+    uint8_t binsettings[H2_BINSETTINGS_LEN];
+    size_t  binlen; /* length of the binsettings data */
 
-  sval = SOCKET_READABLE(conn->sock[FIRSTSOCKET], 0);
-  if(sval == 0) {
-    /* timeout */
-    dead = FALSE;
-  }
-  else if(sval & CURL_CSELECT_ERR) {
-    /* socket is in an error state */
-    dead = TRUE;
-  }
-  else if(sval & CURL_CSELECT_IN) {
-    /* readable with no error. could still be closed */
-    dead = !Curl_connalive(data, conn);
-    if(!dead) {
-      /* This happens before we've sent off a request and the connection is
-         not in use by any other transfer, there shouldn't be any data here,
-         only "protocol frames" */
-      CURLcode result;
-      struct http_conn *httpc = &conn->proto.httpc;
-      ssize_t nread = -1;
-      if(httpc->recv_underlying)
-        /* if called "too early", this pointer isn't setup yet! */
-        nread = ((Curl_recv *)httpc->recv_underlying)(
-          data, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result);
-      if(nread != -1) {
-        H2BUGF(infof(data,
-                     "%d bytes stray data read before trying h2 connection",
-                     (int)nread));
-        httpc->nread_inbuf = 0;
-        httpc->inbuflen = nread;
-        if(h2_process_pending_input(data, httpc, &result) < 0)
-          /* immediate error, considered dead */
-          dead = TRUE;
-      }
-      else
-        /* the read failed so let's say this is dead anyway */
-        dead = TRUE;
+    binlen = populate_binsettings(binsettings, data);
+
+    stream->stream_id = 1;
+    /* queue SETTINGS frame (again) */
+    rc = nghttp2_session_upgrade2(ctx->h2, binsettings, binlen,
+                                  data->state.httpreq == HTTPREQ_HEAD,
+                                  NULL);
+    if(rc) {
+      failf(data, "nghttp2_session_upgrade2() failed: %s(%d)",
+            nghttp2_strerror(rc), rc);
+      result = CURLE_HTTP2;
+      goto out;
+    }
+
+    rc = nghttp2_session_set_stream_user_data(ctx->h2, stream->stream_id,
+                                              data);
+    if(rc) {
+      infof(data, "http/2: failed to set user_data for stream %u",
+            stream->stream_id);
+      DEBUGASSERT(0);
+    }
+  }
+  else {
+    nghttp2_settings_entry iv[H2_SETTINGS_IV_LEN];
+    int ivlen;
+
+    /* H2 Settings need to be submitted. Stream is not open yet. */
+    DEBUGASSERT(stream->stream_id == -1);
+
+    ivlen = populate_settings(iv, data);
+    rc = nghttp2_submit_settings(ctx->h2, NGHTTP2_FLAG_NONE,
+                                 iv, ivlen);
+    if(rc) {
+      failf(data, "nghttp2_submit_settings() failed: %s(%d)",
+            nghttp2_strerror(rc), rc);
+      result = CURLE_HTTP2;
+      goto out;
     }
   }
 
-  return dead;
+  rc = nghttp2_session_set_local_window_size(ctx->h2, NGHTTP2_FLAG_NONE, 0,
+                                             HTTP2_HUGE_WINDOW_SIZE);
+  if(rc) {
+    failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)",
+          nghttp2_strerror(rc), rc);
+    result = CURLE_HTTP2;
+    goto out;
+  }
+
+  /* all set, traffic will be send on connect */
+  result = CURLE_OK;
+
+out:
+  if(cbs)
+    nghttp2_session_callbacks_del(cbs);
+  return result;
 }
 
+static CURLcode  h2_session_send(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data);
+static int h2_process_pending_input(struct Curl_cfilter *cf,
+                                    struct Curl_easy *data,
+                                    CURLcode *err);
+
 /*
- * Set the transfer that is currently using this HTTP/2 connection.
+ * http2_stream_free() free HTTP2 stream related data
  */
-static void set_transfer(struct http_conn *c,
-                         struct Curl_easy *data)
+static void http2_stream_free(struct HTTP *stream)
 {
-  c->trnsfr = data;
+  if(stream) {
+    Curl_dyn_free(&stream->header_recvbuf);
+    for(; stream->push_headers_used > 0; --stream->push_headers_used) {
+      free(stream->push_headers[stream->push_headers_used - 1]);
+    }
+    free(stream->push_headers);
+    stream->push_headers = NULL;
+  }
 }
 
 /*
- * Get the transfer that is currently using this HTTP/2 connection.
+ * Returns nonzero if current HTTP/2 session should be closed.
  */
-static struct Curl_easy *get_transfer(struct http_conn *c)
+static int should_close_session(struct cf_h2_ctx *ctx)
 {
-  DEBUGASSERT(c && c->trnsfr);
-  return c->trnsfr;
+  return ctx->drain_total == 0 && !nghttp2_session_want_read(ctx->h2) &&
+    !nghttp2_session_want_write(ctx->h2);
 }
 
-static unsigned int http2_conncheck(struct Curl_easy *data,
-                                    struct connectdata *conn,
-                                    unsigned int checks_to_perform)
+/*
+ * The server may send us data at any point (e.g. PING frames). Therefore,
+ * we cannot assume that an HTTP/2 socket is dead just because it is readable.
+ *
+ * Check the lower filters first and, if successful, peek at the socket
+ * and distinguish between closed and data.
+ */
+static bool http2_connisalive(struct Curl_cfilter *cf, struct Curl_easy *data,
+                              bool *input_pending)
 {
-  unsigned int ret_val = CONNRESULT_NONE;
-  struct http_conn *c = &conn->proto.httpc;
-  int rc;
-  bool send_frames = false;
-
-  if(checks_to_perform & CONNCHECK_ISDEAD) {
-    if(http2_connisdead(data, conn))
-      ret_val |= CONNRESULT_DEAD;
-  }
-
-  if(checks_to_perform & CONNCHECK_KEEPALIVE) {
-    struct curltime now = Curl_now();
-    timediff_t elapsed = Curl_timediff(now, conn->keepalive);
-
-    if(elapsed > data->set.upkeep_interval_ms) {
-      /* Perform an HTTP/2 PING */
-      rc = nghttp2_submit_ping(c->h2, 0, ZERO_NULL);
-      if(!rc) {
-        /* Successfully added a PING frame to the session. Need to flag this
-           so the frame is sent. */
-        send_frames = true;
-      }
+  struct cf_h2_ctx *ctx = cf->ctx;
+  bool alive = TRUE;
+
+  *input_pending = FALSE;
+  if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
+    return FALSE;
+
+  if(*input_pending) {
+    /* This happens before we've sent off a request and the connection is
+       not in use by any other transfer, there shouldn't be any data here,
+       only "protocol frames" */
+    CURLcode result;
+    ssize_t nread = -1;
+
+    *input_pending = FALSE;
+    Curl_attach_connection(data, cf->conn);
+    nread = Curl_conn_cf_recv(cf->next, data,
+                              ctx->inbuf, H2_BUFSIZE, &result);
+    if(nread != -1) {
+      DEBUGF(LOG_CF(data, cf, "%d bytes stray data read before trying "
+                    "h2 connection", (int)nread));
+      ctx->nread_inbuf = 0;
+      ctx->inbuflen = nread;
+      if(h2_process_pending_input(cf, data, &result) < 0)
+        /* immediate error, considered dead */
+        alive = FALSE;
       else {
-       failf(data, "nghttp2_submit_ping() failed: %s(%d)",
-             nghttp2_strerror(rc), rc);
+        alive = !should_close_session(ctx);
       }
-
-      conn->keepalive = now;
     }
+    else {
+      /* the read failed so let's say this is dead anyway */
+      alive = FALSE;
+    }
+    Curl_detach_connection(data);
   }
 
-  if(send_frames) {
-    set_transfer(c, data); /* set the transfer */
-    rc = nghttp2_session_send(c->h2);
-    if(rc)
-      failf(data, "nghttp2_session_send() failed: %s(%d)",
-            nghttp2_strerror(rc), rc);
-  }
-
-  return ret_val;
+  return alive;
 }
 
-/* called from http_setup_conn */
-void Curl_http2_setup_req(struct Curl_easy *data)
+static CURLcode http2_send_ping(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
 {
-  struct HTTP *http = data->req.p.http;
-  http->bodystarted = FALSE;
-  http->status_code = -1;
-  http->pausedata = NULL;
-  http->pauselen = 0;
-  http->closed = FALSE;
-  http->close_handled = FALSE;
-  http->mem = NULL;
-  http->len = 0;
-  http->memlen = 0;
-  http->error = NGHTTP2_NO_ERROR;
-}
-
-/* called from http_setup_conn */
-void Curl_http2_setup_conn(struct connectdata *conn)
-{
-  conn->proto.httpc.settings.max_concurrent_streams =
-    DEFAULT_MAX_CONCURRENT_STREAMS;
-}
+  struct cf_h2_ctx *ctx = cf->ctx;
+  int rc;
 
-/*
- * HTTP2 handler interface. This isn't added to the general list of protocols
- * but will be used at run-time when the protocol is dynamically switched from
- * HTTP to HTTP2.
- */
-static const struct Curl_handler Curl_handler_http2 = {
-  "HTTP",                               /* scheme */
-  ZERO_NULL,                            /* setup_connection */
-  Curl_http,                            /* do_it */
-  Curl_http_done,                       /* done */
-  ZERO_NULL,                            /* do_more */
-  ZERO_NULL,                            /* connect_it */
-  ZERO_NULL,                            /* connecting */
-  ZERO_NULL,                            /* doing */
-  http2_getsock,                        /* proto_getsock */
-  http2_getsock,                        /* doing_getsock */
-  ZERO_NULL,                            /* domore_getsock */
-  http2_getsock,                        /* perform_getsock */
-  http2_disconnect,                     /* disconnect */
-  ZERO_NULL,                            /* readwrite */
-  http2_conncheck,                      /* connection_check */
-  ZERO_NULL,                            /* attach connection */
-  PORT_HTTP,                            /* defport */
-  CURLPROTO_HTTP,                       /* protocol */
-  CURLPROTO_HTTP,                       /* family */
-  PROTOPT_STREAM                        /* flags */
-};
+  rc = nghttp2_submit_ping(ctx->h2, 0, ZERO_NULL);
+  if(rc) {
+    failf(data, "nghttp2_submit_ping() failed: %s(%d)",
+          nghttp2_strerror(rc), rc);
+   return CURLE_HTTP2;
+  }
 
-static const struct Curl_handler Curl_handler_http2_ssl = {
-  "HTTPS",                              /* scheme */
-  ZERO_NULL,                            /* setup_connection */
-  Curl_http,                            /* do_it */
-  Curl_http_done,                       /* done */
-  ZERO_NULL,                            /* do_more */
-  ZERO_NULL,                            /* connect_it */
-  ZERO_NULL,                            /* connecting */
-  ZERO_NULL,                            /* doing */
-  http2_getsock,                        /* proto_getsock */
-  http2_getsock,                        /* doing_getsock */
-  ZERO_NULL,                            /* domore_getsock */
-  http2_getsock,                        /* perform_getsock */
-  http2_disconnect,                     /* disconnect */
-  ZERO_NULL,                            /* readwrite */
-  http2_conncheck,                      /* connection_check */
-  ZERO_NULL,                            /* attach connection */
-  PORT_HTTP,                            /* defport */
-  CURLPROTO_HTTPS,                      /* protocol */
-  CURLPROTO_HTTP,                       /* family */
-  PROTOPT_SSL | PROTOPT_STREAM          /* flags */
-};
+  rc = nghttp2_session_send(ctx->h2);
+  if(rc) {
+    failf(data, "nghttp2_session_send() failed: %s(%d)",
+          nghttp2_strerror(rc), rc);
+    return CURLE_SEND_ERROR;
+  }
+  return CURLE_OK;
+}
 
 /*
  * Store nghttp2 version info in this buffer.
@@ -369,31 +456,75 @@ void Curl_http2_ver(char *p, size_t len)
   (void)msnprintf(p, len, "nghttp2/%s", h2->version_str);
 }
 
+static CURLcode flush_output(struct Curl_cfilter *cf,
+                             struct Curl_easy *data)
+{
+  struct cf_h2_ctx *ctx = cf->ctx;
+  size_t buflen = Curl_dyn_len(&ctx->outbuf);
+  ssize_t written;
+  CURLcode result;
+
+  if(!buflen)
+    return CURLE_OK;
+
+  DEBUGF(LOG_CF(data, cf, "h2 conn flush %zu bytes", buflen));
+  written = Curl_conn_cf_send(cf->next, data, Curl_dyn_ptr(&ctx->outbuf),
+                              buflen, &result);
+  if(written < 0) {
+    return result;
+  }
+  if((size_t)written < buflen) {
+    Curl_dyn_tail(&ctx->outbuf, buflen - (size_t)written);
+    return CURLE_AGAIN;
+  }
+  else {
+    Curl_dyn_reset(&ctx->outbuf);
+  }
+  return CURLE_OK;
+}
+
 /*
  * The implementation of nghttp2_send_callback type. Here we write |data| with
  * size |length| to the network and return the number of bytes actually
  * written. See the documentation of nghttp2_send_callback for the details.
  */
 static ssize_t send_callback(nghttp2_session *h2,
-                             const uint8_t *mem, size_t length, int flags,
+                             const uint8_t *buf, size_t blen, int flags,
                              void *userp)
 {
-  struct connectdata *conn = (struct connectdata *)userp;
-  struct http_conn *c = &conn->proto.httpc;
-  struct Curl_easy *data = get_transfer(c);
+  struct Curl_cfilter *cf = userp;
+  struct cf_h2_ctx *ctx = cf->ctx;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t written;
   CURLcode result = CURLE_OK;
+  size_t buflen = Curl_dyn_len(&ctx->outbuf);
 
   (void)h2;
   (void)flags;
+  DEBUGASSERT(data);
 
-  if(!c->send_underlying)
-    /* called before setup properly! */
-    return NGHTTP2_ERR_CALLBACK_FAILURE;
-
-  written = ((Curl_send*)c->send_underlying)(data, FIRSTSOCKET,
-                                             mem, length, &result);
+  if(blen < 1024 && (buflen + blen + 1 < ctx->outbuf.toobig)) {
+    result = Curl_dyn_addn(&ctx->outbuf, buf, blen);
+    if(result) {
+      failf(data, "Failed to add data to output buffer");
+      return NGHTTP2_ERR_CALLBACK_FAILURE;
+    }
+    return blen;
+  }
+  if(buflen) {
+    /* not adding, flush buffer */
+    result = flush_output(cf, data);
+    if(result) {
+      if(result == CURLE_AGAIN) {
+        return NGHTTP2_ERR_WOULDBLOCK;
+      }
+      failf(data, "Failed sending HTTP2 data");
+      return NGHTTP2_ERR_CALLBACK_FAILURE;
+    }
+  }
 
+  DEBUGF(LOG_CF(data, cf, "h2 conn send %zu bytes", blen));
+  written = Curl_conn_cf_send(cf->next, data, buf, blen, &result);
   if(result == CURLE_AGAIN) {
     return NGHTTP2_ERR_WOULDBLOCK;
   }
@@ -467,26 +598,33 @@ char *curl_pushheader_byname(struct curl_pushheaders *h, const char *header)
 /*
  * This specific transfer on this connection has been "drained".
  */
-static void drained_transfer(struct Curl_easy *data,
-                             struct http_conn *httpc)
+static void drained_transfer(struct Curl_cfilter *cf,
+                             struct Curl_easy *data)
 {
-  DEBUGASSERT(httpc->drain_total >= data->state.drain);
-  httpc->drain_total -= data->state.drain;
-  data->state.drain = 0;
+  if(data->state.drain) {
+    struct cf_h2_ctx *ctx = cf->ctx;
+    DEBUGASSERT(ctx->drain_total > 0);
+    ctx->drain_total--;
+    data->state.drain = 0;
+  }
 }
 
 /*
  * Mark this transfer to get "drained".
  */
-static void drain_this(struct Curl_easy *data,
-                       struct http_conn *httpc)
+static void drain_this(struct Curl_cfilter *cf,
+                       struct Curl_easy *data)
 {
-  data->state.drain++;
-  httpc->drain_total++;
-  DEBUGASSERT(httpc->drain_total >= data->state.drain);
+  if(!data->state.drain) {
+    struct cf_h2_ctx *ctx = cf->ctx;
+    data->state.drain = 1;
+    ctx->drain_total++;
+    DEBUGASSERT(ctx->drain_total > 0);
+  }
 }
 
-static struct Curl_easy *duphandle(struct Curl_easy *data)
+static struct Curl_easy *h2_duphandle(struct Curl_cfilter *cf,
+                                      struct Curl_easy *data)
 {
   struct Curl_easy *second = curl_easy_duphandle(data);
   if(second) {
@@ -497,9 +635,8 @@ static struct Curl_easy *duphandle(struct Curl_easy *data)
     }
     else {
       second->req.p.http = http;
-      Curl_dyn_init(&http->header_recvbuf, DYN_H2_HEADERS);
-      Curl_http2_setup_req(second);
-      second->state.stream_weight = data->state.stream_weight;
+      http2_data_setup(cf, second);
+      second->state.priority.weight = data->state.priority.weight;
     }
   }
   return second;
@@ -559,22 +696,23 @@ static int set_transfer_url(struct Curl_easy *data,
   return 0;
 }
 
-static int push_promise(struct Curl_easy *data,
-                        struct connectdata *conn,
+static int push_promise(struct Curl_cfilter *cf,
+                        struct Curl_easy *data,
                         const nghttp2_push_promise *frame)
 {
+  struct cf_h2_ctx *ctx = cf->ctx;
   int rv; /* one of the CURL_PUSH_* defines */
-  H2BUGF(infof(data, "PUSH_PROMISE received, stream %u",
-               frame->promised_stream_id));
+
+  DEBUGF(LOG_CF(data, cf, "[h2sid=%u] PUSH_PROMISE received",
+                frame->promised_stream_id));
   if(data->multi->push_cb) {
     struct HTTP *stream;
     struct HTTP *newstream;
     struct curl_pushheaders heads;
     CURLMcode rc;
-    struct http_conn *httpc;
     size_t i;
     /* clone the parent */
-    struct Curl_easy *newhandle = duphandle(data);
+    struct Curl_easy *newhandle = h2_duphandle(cf, data);
     if(!newhandle) {
       infof(data, "failed to duplicate handle");
       rv = CURL_PUSH_DENY; /* FAIL HARD */
@@ -584,7 +722,7 @@ static int push_promise(struct Curl_easy *data,
     heads.data = data;
     heads.frame = frame;
     /* ask the application */
-    H2BUGF(infof(data, "Got PUSH_PROMISE, ask application"));
+    DEBUGF(LOG_CF(data, cf, "Got PUSH_PROMISE, ask application"));
 
     stream = data->req.p.http;
     if(!stream) {
@@ -630,7 +768,7 @@ static int push_promise(struct Curl_easy *data,
 
     /* approved, add to the multi handle and immediately switch to PERFORM
        state with the given connection !*/
-    rc = Curl_multi_add_perform(data->multi, newhandle, conn);
+    rc = Curl_multi_add_perform(data->multi, newhandle, cf->conn);
     if(rc) {
       infof(data, "failed to add handle to multi");
       http2_stream_free(newhandle->req.p.http);
@@ -640,8 +778,7 @@ static int push_promise(struct Curl_easy *data,
       goto fail;
     }
 
-    httpc = &conn->proto.httpc;
-    rv = nghttp2_session_set_stream_user_data(httpc->h2,
+    rv = nghttp2_session_set_stream_user_data(ctx->h2,
                                               frame->promised_stream_id,
                                               newhandle);
     if(rv) {
@@ -655,84 +792,85 @@ static int push_promise(struct Curl_easy *data,
     Curl_dyn_init(&newstream->trailer_recvbuf, DYN_H2_TRAILERS);
   }
   else {
-    H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it"));
+    DEBUGF(LOG_CF(data, cf, "Got PUSH_PROMISE, ignore it"));
     rv = CURL_PUSH_DENY;
   }
   fail:
   return rv;
 }
 
-/*
- * multi_connchanged() is called to tell that there is a connection in
- * this multi handle that has changed state (multiplexing become possible, the
- * number of allowed streams changed or similar), and a subsequent use of this
- * multi handle should move CONNECT_PEND handles back to CONNECT to have them
- * retry.
- */
-static void multi_connchanged(struct Curl_multi *multi)
-{
-  multi->recheckstate = TRUE;
-}
-
 static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
                          void *userp)
 {
-  struct connectdata *conn = (struct connectdata *)userp;
-  struct http_conn *httpc = &conn->proto.httpc;
+  struct Curl_cfilter *cf = userp;
+  struct cf_h2_ctx *ctx = cf->ctx;
   struct Curl_easy *data_s = NULL;
   struct HTTP *stream = NULL;
-  struct Curl_easy *data = get_transfer(httpc);
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   int rv;
   size_t left, ncopy;
   int32_t stream_id = frame->hd.stream_id;
   CURLcode result;
 
+  DEBUGASSERT(data);
   if(!stream_id) {
     /* stream ID zero is for connection-oriented stuff */
-    if(frame->hd.type == NGHTTP2_SETTINGS) {
-      uint32_t max_conn = httpc->settings.max_concurrent_streams;
-      H2BUGF(infof(data, "Got SETTINGS"));
-      httpc->settings.max_concurrent_streams =
-        nghttp2_session_get_remote_settings(
+    DEBUGASSERT(data);
+    switch(frame->hd.type) {
+    case NGHTTP2_SETTINGS: {
+      uint32_t max_conn = ctx->max_concurrent_streams;
+      DEBUGF(LOG_CF(data, cf, "recv frame SETTINGS"));
+      ctx->max_concurrent_streams = nghttp2_session_get_remote_settings(
           session, NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
-      httpc->settings.enable_push =
-        nghttp2_session_get_remote_settings(
-          session, NGHTTP2_SETTINGS_ENABLE_PUSH);
-      H2BUGF(infof(data, "MAX_CONCURRENT_STREAMS == %d",
-                   httpc->settings.max_concurrent_streams));
-      H2BUGF(infof(data, "ENABLE_PUSH == %s",
-                   httpc->settings.enable_push?"TRUE":"false"));
-      if(max_conn != httpc->settings.max_concurrent_streams) {
+      ctx->enable_push = nghttp2_session_get_remote_settings(
+          session, NGHTTP2_SETTINGS_ENABLE_PUSH) != 0;
+      DEBUGF(LOG_CF(data, cf, "MAX_CONCURRENT_STREAMS == %d",
+                    ctx->max_concurrent_streams));
+      DEBUGF(LOG_CF(data, cf, "ENABLE_PUSH == %s",
+                    ctx->enable_push ? "TRUE" : "false"));
+      if(data && max_conn != ctx->max_concurrent_streams) {
         /* only signal change if the value actually changed */
-        infof(data,
-              "Connection state changed (MAX_CONCURRENT_STREAMS == %u)!",
-              httpc->settings.max_concurrent_streams);
+        DEBUGF(LOG_CF(data, cf, "MAX_CONCURRENT_STREAMS now %u",
+                      ctx->max_concurrent_streams));
+        multi_connchanged(data->multi);
+      }
+      break;
+    }
+    case NGHTTP2_GOAWAY:
+      ctx->goaway = TRUE;
+      ctx->goaway_error = frame->goaway.error_code;
+      ctx->last_stream_id = frame->goaway.last_stream_id;
+      if(data) {
+        infof(data, "recveived GOAWAY, error=%d, last_stream=%u",
+                    ctx->goaway_error, ctx->last_stream_id);
         multi_connchanged(data->multi);
       }
+      break;
+    case NGHTTP2_WINDOW_UPDATE:
+      DEBUGF(LOG_CF(data, cf, "recv frame WINDOW_UPDATE"));
+      break;
+    default:
+      DEBUGF(LOG_CF(data, cf, "recv frame %x on 0", frame->hd.type));
     }
     return 0;
   }
   data_s = nghttp2_session_get_stream_user_data(session, stream_id);
   if(!data_s) {
-    H2BUGF(infof(data,
-                 "No Curl_easy associated with stream: %u",
-                 stream_id));
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] No Curl_easy associated",
+                  stream_id));
     return 0;
   }
 
   stream = data_s->req.p.http;
   if(!stream) {
-    H2BUGF(infof(data_s, "No proto pointer for stream: %u",
-                 stream_id));
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] No proto pointer", stream_id));
     return NGHTTP2_ERR_CALLBACK_FAILURE;
   }
 
-  H2BUGF(infof(data_s, "on_frame_recv() header %x stream %u",
-               frame->hd.type, stream_id));
-
   switch(frame->hd.type) {
   case NGHTTP2_DATA:
-    /* If body started on this stream, then receiving DATA is illegal. */
+    /* If !body started on this stream, then receiving DATA is illegal. */
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame DATA", stream_id));
     if(!stream->bodystarted) {
       rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
                                      stream_id, NGHTTP2_PROTOCOL_ERROR);
@@ -741,8 +879,17 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
         return NGHTTP2_ERR_CALLBACK_FAILURE;
       }
     }
+    if(frame->hd.flags & NGHTTP2_FLAG_END_STREAM) {
+      /* Stream has ended. If there is pending data, ensure that read
+         will occur to consume it. */
+      if(!data->state.drain && stream->memlen) {
+        drain_this(cf, data_s);
+        Curl_expire(data, 0, EXPIRE_RUN_NOW);
+      }
+    }
     break;
   case NGHTTP2_HEADERS:
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame HEADERS", stream_id));
     if(stream->bodystarted) {
       /* Only valid HEADERS after body started is trailer HEADERS.  We
          buffer them in on_header callback. */
@@ -776,19 +923,18 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
     stream->nread_header_recvbuf += ncopy;
 
     DEBUGASSERT(stream->mem);
-    H2BUGF(infof(data_s, "Store %zu bytes headers from stream %u at %p",
-                 ncopy, stream_id, stream->mem));
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] %zu header bytes, at %p",
+                  stream_id, ncopy, (void *)stream->mem));
 
     stream->len -= ncopy;
     stream->memlen += ncopy;
 
-    drain_this(data_s, httpc);
-    /* if we receive data for another handle, wake that up */
-    if(get_transfer(httpc) != data_s)
-      Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+    drain_this(cf, data_s);
+    Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
     break;
   case NGHTTP2_PUSH_PROMISE:
-    rv = push_promise(data_s, conn, &frame->push_promise);
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv PUSH_PROMISE", stream_id));
+    rv = push_promise(cf, data_s, &frame->push_promise);
     if(rv) { /* deny! */
       int h2;
       DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT));
@@ -798,14 +944,32 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
       if(nghttp2_is_fatal(h2))
         return NGHTTP2_ERR_CALLBACK_FAILURE;
       else if(rv == CURL_PUSH_ERROROUT) {
-        DEBUGF(infof(data_s, "Fail the parent stream (too)"));
+        DEBUGF(LOG_CF(data_s, cf, "Fail the parent stream (too)"));
         return NGHTTP2_ERR_CALLBACK_FAILURE;
       }
     }
     break;
+  case NGHTTP2_RST_STREAM:
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv RST", stream_id));
+    stream->closed = TRUE;
+    stream->reset = TRUE;
+    drain_this(cf, data);
+    Curl_expire(data, 0, EXPIRE_RUN_NOW);
+    break;
+  case NGHTTP2_WINDOW_UPDATE:
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv WINDOW_UPDATE", stream_id));
+    if((data_s->req.keepon & KEEP_SEND_HOLD) &&
+       (data_s->req.keepon & KEEP_SEND)) {
+      data_s->req.keepon &= ~KEEP_SEND_HOLD;
+      drain_this(cf, data_s);
+      Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+      DEBUGF(LOG_CF(data, cf, "[h2sid=%u] un-holding after win update",
+                    stream_id));
+    }
+    break;
   default:
-    H2BUGF(infof(data_s, "Got frame type %x for stream %u",
-                 frame->hd.type, stream_id));
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] recv frame %x",
+                  stream_id, frame->hd.type));
     break;
   }
   return 0;
@@ -815,15 +979,15 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
                               int32_t stream_id,
                               const uint8_t *mem, size_t len, void *userp)
 {
+  struct Curl_cfilter *cf = userp;
+  struct cf_h2_ctx *ctx = cf->ctx;
   struct HTTP *stream;
   struct Curl_easy *data_s;
   size_t nread;
-  struct connectdata *conn = (struct connectdata *)userp;
-  struct http_conn *httpc = &conn->proto.httpc;
-  (void)session;
   (void)flags;
 
   DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
+  DEBUGASSERT(CF_DATA_CURRENT(cf));
 
   /* get the stream from the hash based on Stream ID */
   data_s = nghttp2_session_get_stream_user_data(session, stream_id);
@@ -831,8 +995,8 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
     /* Receiving a Stream ID not in the hash should not happen - unless
        we have aborted a transfer artificially and there were more data
        in the pipeline. Silently ignore. */
-    H2BUGF(fprintf(stderr, "Data for stream %u but it doesn't exist\n",
-                   stream_id));
+    DEBUGF(LOG_CF(CF_DATA_CURRENT(cf), cf, "[h2sid=%u] Data for unknown",
+                  stream_id));
     return 0;
   }
 
@@ -846,34 +1010,24 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
   stream->len -= nread;
   stream->memlen += nread;
 
-  drain_this(data_s, &conn->proto.httpc);
-
   /* if we receive data for another handle, wake that up */
-  if(get_transfer(httpc) != data_s)
+  if(CF_DATA_CURRENT(cf) != data_s) {
+    drain_this(cf, data_s);
     Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+  }
 
-  H2BUGF(infof(data_s, "%zu data received for stream %u "
-               "(%zu left in buffer %p, total %zu)",
-               nread, stream_id,
-               stream->len, stream->mem,
-               stream->memlen));
+  DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] %zu DATA recvd, "
+                "(buffer now holds %zu, %zu still free in %p)",
+                stream_id, nread,
+                stream->memlen, stream->len, (void *)stream->mem));
 
   if(nread < len) {
     stream->pausedata = mem + nread;
     stream->pauselen = len - nread;
-    H2BUGF(infof(data_s, "NGHTTP2_ERR_PAUSE - %zu bytes out of buffer"
-                 ", stream %u",
-                 len - nread, stream_id));
-    data_s->conn->proto.httpc.pause_stream_id = stream_id;
-
-    return NGHTTP2_ERR_PAUSE;
-  }
-
-  /* pause execution of nghttp2 if we received data for another handle
-     in order to process them first. */
-  if(get_transfer(httpc) != data_s) {
-    data_s->conn->proto.httpc.pause_stream_id = stream_id;
-
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] %zu not recvd -> NGHTTP2_ERR_PAUSE",
+                  stream_id, len - nread));
+    ctx->pause_stream_id = stream_id;
+    drain_this(cf, data_s);
     return NGHTTP2_ERR_PAUSE;
   }
 
@@ -883,65 +1037,66 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
 static int on_stream_close(nghttp2_session *session, int32_t stream_id,
                            uint32_t error_code, void *userp)
 {
+  struct Curl_cfilter *cf = userp;
+  struct cf_h2_ctx *ctx = cf->ctx;
   struct Curl_easy *data_s;
   struct HTTP *stream;
-  struct connectdata *conn = (struct connectdata *)userp;
   int rv;
   (void)session;
-  (void)stream_id;
 
-  if(stream_id) {
-    struct http_conn *httpc;
-    /* get the stream from the hash based on Stream ID, stream ID zero is for
-       connection-oriented stuff */
-    data_s = nghttp2_session_get_stream_user_data(session, stream_id);
-    if(!data_s) {
-      /* We could get stream ID not in the hash.  For example, if we
-         decided to reject stream (e.g., PUSH_PROMISE). */
-      return 0;
-    }
-    H2BUGF(infof(data_s, "on_stream_close(), %s (err %d), stream %u",
-                 nghttp2_http2_strerror(error_code), error_code, stream_id));
-    stream = data_s->req.p.http;
-    if(!stream)
-      return NGHTTP2_ERR_CALLBACK_FAILURE;
+  /* get the stream from the hash based on Stream ID, stream ID zero is for
+     connection-oriented stuff */
+  data_s = stream_id?
+             nghttp2_session_get_stream_user_data(session, stream_id) : NULL;
+  if(!data_s) {
+    return 0;
+  }
+  stream = data_s->req.p.http;
+  DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] on_stream_close(), %s (err %d)",
+                stream_id, nghttp2_http2_strerror(error_code), error_code));
+  if(!stream)
+    return NGHTTP2_ERR_CALLBACK_FAILURE;
 
-    stream->closed = TRUE;
-    httpc = &conn->proto.httpc;
-    drain_this(data_s, httpc);
+  stream->closed = TRUE;
+  stream->error = error_code;
+  if(stream->error)
+    stream->reset = TRUE;
+
+  if(CF_DATA_CURRENT(cf) != data_s) {
+    drain_this(cf, data_s);
     Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
-    stream->error = error_code;
+  }
 
-    /* remove the entry from the hash as the stream is now gone */
-    rv = nghttp2_session_set_stream_user_data(session, stream_id, 0);
-    if(rv) {
-      infof(data_s, "http/2: failed to clear user_data for stream %u",
-            stream_id);
-      DEBUGASSERT(0);
-    }
-    if(stream_id == httpc->pause_stream_id) {
-      H2BUGF(infof(data_s, "Stopped the pause stream"));
-      httpc->pause_stream_id = 0;
-    }
-    H2BUGF(infof(data_s, "Removed stream %u hash", stream_id));
-    stream->stream_id = 0; /* cleared */
+  /* remove `data_s` from the nghttp2 stream */
+  rv = nghttp2_session_set_stream_user_data(session, stream_id, 0);
+  if(rv) {
+    infof(data_s, "http/2: failed to clear user_data for stream %u",
+          stream_id);
+    DEBUGASSERT(0);
+  }
+  if(stream_id == ctx->pause_stream_id) {
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] closed the pause stream",
+                  stream_id));
+    ctx->pause_stream_id = 0;
   }
+  DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] closed now", stream_id));
   return 0;
 }
 
 static int on_begin_headers(nghttp2_session *session,
                             const nghttp2_frame *frame, void *userp)
 {
+  struct Curl_cfilter *cf = userp;
   struct HTTP *stream;
   struct Curl_easy *data_s = NULL;
-  (void)userp;
 
+  (void)cf;
   data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
   if(!data_s) {
     return 0;
   }
 
-  H2BUGF(infof(data_s, "on_begin_headers() was called"));
+  DEBUGF(LOG_CF(data_s, cf, "on_begin_headers() was called"));
 
   if(frame->hd.type != NGHTTP2_HEADERS) {
     return 0;
@@ -989,11 +1144,10 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
                      uint8_t flags,
                      void *userp)
 {
+  struct Curl_cfilter *cf = userp;
   struct HTTP *stream;
   struct Curl_easy *data_s;
   int32_t stream_id = frame->hd.stream_id;
-  struct connectdata *conn = (struct connectdata *)userp;
-  struct http_conn *httpc = &conn->proto.httpc;
   CURLcode result;
   (void)flags;
 
@@ -1020,13 +1174,14 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
     if(!strcmp(H2H3_PSEUDO_AUTHORITY, (const char *)name)) {
       /* pseudo headers are lower case */
       int rc = 0;
-      char *check = aprintf("%s:%d", conn->host.name, conn->remote_port);
+      char *check = aprintf("%s:%d", cf->conn->host.name,
+                            cf->conn->remote_port);
       if(!check)
         /* no memory */
         return NGHTTP2_ERR_CALLBACK_FAILURE;
       if(!strcasecompare(check, (const char *)value) &&
-         ((conn->remote_port != conn->given->defport) ||
-          !strcasecompare(conn->host.name, (const char *)value))) {
+         ((cf->conn->remote_port != cf->conn->given->defport) ||
+          !strcasecompare(cf->conn->host.name, (const char *)value))) {
         /* This is push is not for the same authority that was asked for in
          * the URL. RFC 7540 section 8.2 says: "A client MUST treat a
          * PUSH_PROMISE for which the server is not authoritative as a stream
@@ -1075,11 +1230,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
 
   if(stream->bodystarted) {
     /* This is a trailer */
-    H2BUGF(infof(data_s, "h2 trailer: %.*s: %.*s", namelen, name, valuelen,
-                 value));
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] trailer: %.*s: %.*s",
+                  stream->stream_id,
+                  (int)namelen, name,
+                  (int)valuelen, value));
     result = Curl_dyn_addf(&stream->trailer_recvbuf,
-                           "%.*s: %.*s\r\n", namelen, name,
-                           valuelen, value);
+                           "%.*s: %.*s\r\n", (int)namelen, name,
+                           (int)valuelen, value);
     if(result)
       return NGHTTP2_ERR_CALLBACK_FAILURE;
 
@@ -1110,11 +1267,11 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
     if(result)
       return NGHTTP2_ERR_CALLBACK_FAILURE;
     /* if we receive data for another handle, wake that up */
-    if(get_transfer(httpc) != data_s)
+    if(CF_DATA_CURRENT(cf) != data_s)
       Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
 
-    H2BUGF(infof(data_s, "h2 status: HTTP/2 %03d (easy %p)",
-                 stream->status_code, data_s));
+    DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] status: HTTP/2 %03d",
+                  stream->stream_id, stream->status_code));
     return 0;
   }
 
@@ -1134,11 +1291,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
   if(result)
     return NGHTTP2_ERR_CALLBACK_FAILURE;
   /* if we receive data for another handle, wake that up */
-  if(get_transfer(httpc) != data_s)
+  if(CF_DATA_CURRENT(cf) != data_s)
     Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
 
-  H2BUGF(infof(data_s, "h2 header: %.*s: %.*s", namelen, name, valuelen,
-               value));
+  DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] header: %.*s: %.*s",
+                stream->stream_id,
+                (int)namelen, name,
+                (int)valuelen, value));
 
   return 0; /* 0 is successful */
 }
@@ -1150,12 +1309,13 @@ static ssize_t data_source_read_callback(nghttp2_session *session,
                                          nghttp2_data_source *source,
                                          void *userp)
 {
+  struct Curl_cfilter *cf = userp;
   struct Curl_easy *data_s;
   struct HTTP *stream = NULL;
   size_t nread;
   (void)source;
-  (void)userp;
 
+  (void)cf;
   if(stream_id) {
     /* get the stream from the hash based on Stream ID, stream ID zero is for
        connection-oriented stuff */
@@ -1186,9 +1346,8 @@ static ssize_t data_source_read_callback(nghttp2_session *session,
   else if(nread == 0)
     return NGHTTP2_ERR_DEFERRED;
 
-  H2BUGF(infof(data_s, "data_source_read_callback: "
-               "returns %zu bytes stream %u",
-               nread, stream_id));
+  DEBUGF(LOG_CF(data_s, cf, "[h2sid=%u] data_source_read_callback: "
+                "returns %zu bytes", stream_id, nread));
 
   return nread;
 }
@@ -1207,147 +1366,57 @@ static int error_callback(nghttp2_session *session,
 }
 #endif
 
-static void populate_settings(struct Curl_easy *data,
-                              struct http_conn *httpc)
+static void http2_data_done(struct Curl_cfilter *cf,
+                            struct Curl_easy *data, bool premature)
 {
-  nghttp2_settings_entry *iv = httpc->local_settings;
-
-  iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
-  iv[0].value = Curl_multi_max_concurrent_streams(data->multi);
-
-  iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
-  iv[1].value = HTTP2_HUGE_WINDOW_SIZE;
-
-  iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
-  iv[2].value = data->multi->push_cb != NULL;
-
-  httpc->local_settings_num = 3;
-}
-
-void Curl_http2_done(struct Curl_easy *data, bool premature)
-{
-  struct HTTP *http = data->req.p.http;
-  struct http_conn *httpc = &data->conn->proto.httpc;
+  struct cf_h2_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
 
   /* there might be allocated resources done before this got the 'h2' pointer
      setup */
-  Curl_dyn_free(&http->header_recvbuf);
-  Curl_dyn_free(&http->trailer_recvbuf);
-  if(http->push_headers) {
+  Curl_dyn_free(&stream->header_recvbuf);
+  Curl_dyn_free(&stream->trailer_recvbuf);
+  if(stream->push_headers) {
     /* if they weren't used and then freed before */
-    for(; http->push_headers_used > 0; --http->push_headers_used) {
-      free(http->push_headers[http->push_headers_used - 1]);
+    for(; stream->push_headers_used > 0; --stream->push_headers_used) {
+      free(stream->push_headers[stream->push_headers_used - 1]);
     }
-    free(http->push_headers);
-    http->push_headers = NULL;
+    free(stream->push_headers);
+    stream->push_headers = NULL;
   }
 
-  if(!(data->conn->handler->protocol&PROTO_FAMILY_HTTP) ||
-     !httpc->h2) /* not HTTP/2 ? */
+  if(!ctx || !ctx->h2)
     return;
 
   /* do this before the reset handling, as that might clear ->stream_id */
-  if(http->stream_id == httpc->pause_stream_id) {
-    H2BUGF(infof(data, "DONE the pause stream (%u)", http->stream_id));
-    httpc->pause_stream_id = 0;
+  if(stream->stream_id && stream->stream_id == ctx->pause_stream_id) {
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] DONE, the pause stream",
+                  stream->stream_id));
+    ctx->pause_stream_id = 0;
   }
-  if(premature || (!http->closed && http->stream_id)) {
+
+  (void)premature;
+  if(!stream->closed && stream->stream_id) {
     /* RST_STREAM */
-    set_transfer(httpc, data); /* set the transfer */
-    H2BUGF(infof(data, "RST stream %u", http->stream_id));
-    if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE,
-                                  http->stream_id, NGHTTP2_STREAM_CLOSED))
-      (void)nghttp2_session_send(httpc->h2);
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] RST", stream->stream_id));
+    if(!nghttp2_submit_rst_stream(ctx->h2, NGHTTP2_FLAG_NONE,
+                                  stream->stream_id, NGHTTP2_STREAM_CLOSED))
+      (void)nghttp2_session_send(ctx->h2);
   }
 
   if(data->state.drain)
-    drained_transfer(data, httpc);
+    drained_transfer(cf, data);
 
   /* -1 means unassigned and 0 means cleared */
-  if(http->stream_id > 0) {
-    int rv = nghttp2_session_set_stream_user_data(httpc->h2,
-                                                  http->stream_id, 0);
+  if(nghttp2_session_get_stream_user_data(ctx->h2, stream->stream_id)) {
+    int rv = nghttp2_session_set_stream_user_data(ctx->h2,
+                                                  stream->stream_id, 0);
     if(rv) {
       infof(data, "http/2: failed to clear user_data for stream %u",
-            http->stream_id);
+            stream->stream_id);
       DEBUGASSERT(0);
     }
-    set_transfer(httpc, NULL);
-    http->stream_id = 0;
-  }
-}
-
-static int client_new(struct connectdata *conn,
-                      nghttp2_session_callbacks *callbacks)
-{
-#if NGHTTP2_VERSION_NUM < 0x013200
-  /* before 1.50.0 */
-  return nghttp2_session_client_new(&conn->proto.httpc.h2, callbacks, conn);
-#else
-  nghttp2_option *o;
-  int rc = nghttp2_option_new(&o);
-  if(rc)
-    return rc;
-  /* turn off RFC 9113 leading and trailing white spaces validation against
-     HTTP field value. */
-  nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation(o, 1);
-  rc = nghttp2_session_client_new2(&conn->proto.httpc.h2, callbacks, conn,
-                                   o);
-  nghttp2_option_del(o);
-  return rc;
-#endif
-}
-
-/*
- * Initialize nghttp2 for a Curl connection
- */
-static CURLcode http2_init(struct Curl_easy *data, struct connectdata *conn)
-{
-  if(!conn->proto.httpc.h2) {
-    int rc;
-    nghttp2_session_callbacks *callbacks;
-
-    conn->proto.httpc.inbuf = malloc(H2_BUFSIZE);
-    if(!conn->proto.httpc.inbuf)
-      return CURLE_OUT_OF_MEMORY;
-
-    rc = nghttp2_session_callbacks_new(&callbacks);
-
-    if(rc) {
-      failf(data, "Couldn't initialize nghttp2 callbacks");
-      return CURLE_OUT_OF_MEMORY; /* most likely at least */
-    }
-
-    /* nghttp2_send_callback */
-    nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
-    /* nghttp2_on_frame_recv_callback */
-    nghttp2_session_callbacks_set_on_frame_recv_callback
-      (callbacks, on_frame_recv);
-    /* nghttp2_on_data_chunk_recv_callback */
-    nghttp2_session_callbacks_set_on_data_chunk_recv_callback
-      (callbacks, on_data_chunk_recv);
-    /* nghttp2_on_stream_close_callback */
-    nghttp2_session_callbacks_set_on_stream_close_callback
-      (callbacks, on_stream_close);
-    /* nghttp2_on_begin_headers_callback */
-    nghttp2_session_callbacks_set_on_begin_headers_callback
-      (callbacks, on_begin_headers);
-    /* nghttp2_on_header_callback */
-    nghttp2_session_callbacks_set_on_header_callback(callbacks, on_header);
-
-    nghttp2_session_callbacks_set_error_callback(callbacks, error_callback);
-
-    /* The nghttp2 session is not yet setup, do it */
-    rc = client_new(conn, callbacks);
-
-    nghttp2_session_callbacks_del(callbacks);
-
-    if(rc) {
-      failf(data, "Couldn't initialize nghttp2");
-      return CURLE_OUT_OF_MEMORY; /* most likely at least */
-    }
   }
-  return CURLE_OK;
 }
 
 /*
@@ -1357,26 +1426,18 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req,
                                     struct Curl_easy *data)
 {
   CURLcode result;
-  ssize_t binlen;
   char *base64;
   size_t blen;
-  struct connectdata *conn = data->conn;
   struct SingleRequest *k = &data->req;
-  uint8_t *binsettings = conn->proto.httpc.binsettings;
-  struct http_conn *httpc = &conn->proto.httpc;
-
-  populate_settings(data, httpc);
+  uint8_t binsettings[H2_BINSETTINGS_LEN];
+  size_t  binlen; /* length of the binsettings data */
 
-  /* this returns number of bytes it wrote */
-  binlen = nghttp2_pack_settings_payload(binsettings, H2_BINSETTINGS_LEN,
-                                         httpc->local_settings,
-                                         httpc->local_settings_num);
+  binlen = populate_binsettings(binsettings, data);
   if(binlen <= 0) {
     failf(data, "nghttp2 unexpectedly failed on pack_settings_payload");
     Curl_dyn_free(req);
     return CURLE_FAILED_INIT;
   }
-  conn->proto.httpc.binlen = binlen;
 
   result = Curl_base64url_encode((const char *)binsettings, binlen,
                                  &base64, &blen);
@@ -1398,79 +1459,70 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req,
 }
 
 /*
- * Returns nonzero if current HTTP/2 session should be closed.
- */
-static int should_close_session(struct http_conn *httpc)
-{
-  return httpc->drain_total == 0 && !nghttp2_session_want_read(httpc->h2) &&
-    !nghttp2_session_want_write(httpc->h2);
-}
-
-/*
  * h2_process_pending_input() processes pending input left in
  * httpc->inbuf.  Then, call h2_session_send() to send pending data.
  * This function returns 0 if it succeeds, or -1 and error code will
  * be assigned to *err.
  */
-static int h2_process_pending_input(struct Curl_easy *data,
-                                    struct http_conn *httpc,
+static int h2_process_pending_input(struct Curl_cfilter *cf,
+                                    struct Curl_easy *data,
                                     CURLcode *err)
 {
+  struct cf_h2_ctx *ctx = cf->ctx;
   ssize_t nread;
-  char *inbuf;
   ssize_t rv;
 
-  nread = httpc->inbuflen - httpc->nread_inbuf;
-  inbuf = httpc->inbuf + httpc->nread_inbuf;
+  nread = ctx->inbuflen - ctx->nread_inbuf;
+  if(nread) {
+    char *inbuf = ctx->inbuf + ctx->nread_inbuf;
 
-  set_transfer(httpc, data); /* set the transfer */
-  rv = nghttp2_session_mem_recv(httpc->h2, (const uint8_t *)inbuf, nread);
-  if(rv < 0) {
-    failf(data,
-          "h2_process_pending_input: nghttp2_session_mem_recv() returned "
-          "%zd:%s", rv, nghttp2_strerror((int)rv));
-    *err = CURLE_RECV_ERROR;
-    return -1;
-  }
+    rv = nghttp2_session_mem_recv(ctx->h2, (const uint8_t *)inbuf, nread);
+    if(rv < 0) {
+      failf(data,
+            "h2_process_pending_input: nghttp2_session_mem_recv() returned "
+            "%zd:%s", rv, nghttp2_strerror((int)rv));
+      *err = CURLE_RECV_ERROR;
+      return -1;
+    }
 
-  if(nread == rv) {
-    H2BUGF(infof(data,
-                 "h2_process_pending_input: All data in connection buffer "
-                 "processed"));
-    httpc->inbuflen = 0;
-    httpc->nread_inbuf = 0;
-  }
-  else {
-    httpc->nread_inbuf += rv;
-    H2BUGF(infof(data,
-                 "h2_process_pending_input: %zu bytes left in connection "
-                 "buffer",
-                 httpc->inbuflen - httpc->nread_inbuf));
+    if(nread == rv) {
+      DEBUGF(LOG_CF(data, cf, "all data in connection buffer processed"));
+      ctx->inbuflen = 0;
+      ctx->nread_inbuf = 0;
+    }
+    else {
+      ctx->nread_inbuf += rv;
+      DEBUGF(LOG_CF(data, cf, "h2_process_pending_input: %zu bytes left "
+                    "in connection buffer",
+                   ctx->inbuflen - ctx->nread_inbuf));
+    }
   }
 
-  rv = h2_session_send(data, httpc->h2);
+  rv = h2_session_send(cf, data);
   if(rv) {
     *err = CURLE_SEND_ERROR;
     return -1;
   }
 
-  if(nghttp2_session_check_request_allowed(httpc->h2) == 0) {
+  if(nghttp2_session_check_request_allowed(ctx->h2) == 0) {
     /* No more requests are allowed in the current session, so
        the connection may not be reused. This is set when a
        GOAWAY frame has been received or when the limit of stream
        identifiers has been reached. */
-    connclose(data->conn, "http/2: No new requests allowed");
+    connclose(cf->conn, "http/2: No new requests allowed");
   }
 
-  if(should_close_session(httpc)) {
+  if(should_close_session(ctx)) {
     struct HTTP *stream = data->req.p.http;
-    H2BUGF(infof(data,
+    DEBUGF(LOG_CF(data, cf,
                  "h2_process_pending_input: nothing to do in this session"));
-    if(stream->error)
+    if(stream->reset)
+      *err = CURLE_PARTIAL_FILE;
+    else if(stream->error)
       *err = CURLE_HTTP2;
     else {
       /* not an error per se, but should still close the connection */
-      connclose(data->conn, "GOAWAY received");
+      connclose(cf->conn, "GOAWAY received");
       *err = CURLE_OK;
     }
     return -1;
@@ -1478,79 +1530,70 @@ static int h2_process_pending_input(struct Curl_easy *data,
   return 0;
 }
 
-/*
- * Called from transfer.c:done_sending when we stop uploading.
- */
-CURLcode Curl_http2_done_sending(struct Curl_easy *data,
-                                 struct connectdata *conn)
+static CURLcode http2_data_done_send(struct Curl_cfilter *cf,
+                                     struct Curl_easy *data)
 {
+  struct cf_h2_ctx *ctx = cf->ctx;
   CURLcode result = CURLE_OK;
+  struct HTTP *stream = data->req.p.http;
 
-  if((conn->handler == &Curl_handler_http2_ssl) ||
-     (conn->handler == &Curl_handler_http2)) {
-    /* make sure this is only attempted for HTTP/2 transfers */
-    struct HTTP *stream = data->req.p.http;
-    struct http_conn *httpc = &conn->proto.httpc;
-    nghttp2_session *h2 = httpc->h2;
-
-    if(stream->upload_left) {
-      /* If the stream still thinks there's data left to upload. */
+  if(!ctx || !ctx->h2)
+    goto out;
 
-      stream->upload_left = 0; /* DONE! */
+  if(stream->upload_left) {
+    /* If the stream still thinks there's data left to upload. */
+    stream->upload_left = 0; /* DONE! */
 
-      /* resume sending here to trigger the callback to get called again so
-         that it can signal EOF to nghttp2 */
-      (void)nghttp2_session_resume_data(h2, stream->stream_id);
-      (void)h2_process_pending_input(data, httpc, &result);
-    }
+    /* resume sending here to trigger the callback to get called again so
+       that it can signal EOF to nghttp2 */
+    (void)nghttp2_session_resume_data(ctx->h2, stream->stream_id);
+    (void)h2_process_pending_input(cf, data, &result);
+  }
 
-    /* If nghttp2 still has pending frames unsent */
-    if(nghttp2_session_want_write(h2)) {
-      struct SingleRequest *k = &data->req;
-      int rv;
+  /* If nghttp2 still has pending frames unsent */
+  if(nghttp2_session_want_write(ctx->h2)) {
+    struct SingleRequest *k = &data->req;
+    int rv;
 
-      H2BUGF(infof(data, "HTTP/2 still wants to send data (easy %p)", data));
+    DEBUGF(LOG_CF(data, cf, "HTTP/2 still wants to send data"));
 
-      /* and attempt to send the pending frames */
-      rv = h2_session_send(data, h2);
-      if(rv)
-        result = CURLE_SEND_ERROR;
+    /* and attempt to send the pending frames */
+    rv = h2_session_send(cf, data);
+    if(rv)
+      result = CURLE_SEND_ERROR;
 
-      if(nghttp2_session_want_write(h2)) {
-         /* re-set KEEP_SEND to make sure we are called again */
-         k->keepon |= KEEP_SEND;
-      }
+    if(nghttp2_session_want_write(ctx->h2)) {
+       /* re-set KEEP_SEND to make sure we are called again */
+       k->keepon |= KEEP_SEND;
     }
   }
+
+out:
   return result;
 }
 
-static ssize_t http2_handle_stream_close(struct connectdata *conn,
+static ssize_t http2_handle_stream_close(struct Curl_cfilter *cf,
                                          struct Curl_easy *data,
                                          struct HTTP *stream, CURLcode *err)
 {
-  struct http_conn *httpc = &conn->proto.httpc;
+  struct cf_h2_ctx *ctx = cf->ctx;
 
-  if(httpc->pause_stream_id == stream->stream_id) {
-    httpc->pause_stream_id = 0;
+  if(ctx->pause_stream_id == stream->stream_id) {
+    ctx->pause_stream_id = 0;
   }
 
-  drained_transfer(data, httpc);
+  drained_transfer(cf, data);
 
-  if(httpc->pause_stream_id == 0) {
-    if(h2_process_pending_input(data, httpc, err) != 0) {
+  if(ctx->pause_stream_id == 0) {
+    if(h2_process_pending_input(cf, data, err) != 0) {
       return -1;
     }
   }
 
-  DEBUGASSERT(data->state.drain == 0);
-
-  /* Reset to FALSE to prevent infinite loop in readwrite_data function. */
-  stream->closed = FALSE;
   if(stream->error == NGHTTP2_REFUSED_STREAM) {
-    H2BUGF(infof(data, "REFUSED_STREAM (%u), try again on a new connection",
-                 stream->stream_id));
-    connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] REFUSED_STREAM, try again on a new "
+                  "connection", stream->stream_id));
+    connclose(cf->conn, "REFUSED_STREAM"); /* don't use this anymore */
     data->state.refused_stream = TRUE;
     *err = CURLE_RECV_ERROR; /* trigger Curl_retry_request() later */
     return -1;
@@ -1562,6 +1605,11 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn,
     *err = CURLE_HTTP2_STREAM;
     return -1;
   }
+  else if(stream->reset) {
+    failf(data, "HTTP/2 stream %u was reset", stream->stream_id);
+    *err = stream->bodystarted? CURLE_PARTIAL_FILE : CURLE_RECV_ERROR;
+    return -1;
+  }
 
   if(!stream->bodystarted) {
     failf(data, "HTTP/2 stream %u was closed cleanly, but before getting "
@@ -1597,10 +1645,24 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn,
 
   stream->close_handled = TRUE;
 
-  H2BUGF(infof(data, "http2_recv returns 0, http2_handle_stream_close"));
+  DEBUGF(LOG_CF(data, cf, "[h2sid=%u] closed cleanly", stream->stream_id));
   return 0;
 }
 
+static int sweight_wanted(const struct Curl_easy *data)
+{
+  /* 0 weight is not set by user and we take the nghttp2 default one */
+  return data->set.priority.weight?
+    data->set.priority.weight : NGHTTP2_DEFAULT_WEIGHT;
+}
+
+static int sweight_in_effect(const struct Curl_easy *data)
+{
+  /* 0 weight is not set by user and we take the nghttp2 default one */
+  return data->state.priority.weight?
+    data->state.priority.weight : NGHTTP2_DEFAULT_WEIGHT;
+}
+
 /*
  * h2_pri_spec() fills in the pri_spec struct, used by nghttp2 to send weight
  * and dependency to the peer. It also stores the updated values in the state
@@ -1610,14 +1672,14 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn,
 static void h2_pri_spec(struct Curl_easy *data,
                         nghttp2_priority_spec *pri_spec)
 {
-  struct HTTP *depstream = (data->set.stream_depends_on?
-                            data->set.stream_depends_on->req.p.http:NULL);
+  struct Curl_data_priority *prio = &data->set.priority;
+  struct HTTP *depstream = (prio->parent?
+                            prio->parent->req.p.http:NULL);
   int32_t depstream_id = depstream? depstream->stream_id:0;
-  nghttp2_priority_spec_init(pri_spec, depstream_id, data->set.stream_weight,
-                             data->set.stream_depends_e);
-  data->state.stream_weight = data->set.stream_weight;
-  data->state.stream_depends_e = data->set.stream_depends_e;
-  data->state.stream_depends_on = data->set.stream_depends_on;
+  nghttp2_priority_spec_init(pri_spec, depstream_id,
+                             sweight_wanted(data),
+                             data->set.priority.exclusive);
+  data->state.priority = *prio;
 }
 
 /*
@@ -1625,53 +1687,81 @@ static void h2_pri_spec(struct Curl_easy *data,
  * dependency settings and if so it submits a PRIORITY frame with the updated
  * info.
  */
-static int h2_session_send(struct Curl_easy *data,
-                           nghttp2_session *h2)
+static CURLcode h2_session_send(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
 {
+  struct cf_h2_ctx *ctx = cf->ctx;
   struct HTTP *stream = data->req.p.http;
-  struct http_conn *httpc = &data->conn->proto.httpc;
-  set_transfer(httpc, data);
-  if((data->set.stream_weight != data->state.stream_weight) ||
-     (data->set.stream_depends_e != data->state.stream_depends_e) ||
-     (data->set.stream_depends_on != data->state.stream_depends_on) ) {
+  int rv = 0;
+
+  if((sweight_wanted(data) != sweight_in_effect(data)) ||
+     (data->set.priority.exclusive != data->state.priority.exclusive) ||
+     (data->set.priority.parent != data->state.priority.parent) ) {
     /* send new weight and/or dependency */
     nghttp2_priority_spec pri_spec;
-    int rv;
 
     h2_pri_spec(data, &pri_spec);
-
-    H2BUGF(infof(data, "Queuing PRIORITY on stream %u (easy %p)",
-                 stream->stream_id, data));
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] Queuing PRIORITY",
+                  stream->stream_id));
     DEBUGASSERT(stream->stream_id != -1);
-    rv = nghttp2_submit_priority(h2, NGHTTP2_FLAG_NONE, stream->stream_id,
-                                 &pri_spec);
+    rv = nghttp2_submit_priority(ctx->h2, NGHTTP2_FLAG_NONE,
+                                 stream->stream_id, &pri_spec);
     if(rv)
-      return rv;
+      goto out;
   }
 
-  return nghttp2_session_send(h2);
+  rv = nghttp2_session_send(ctx->h2);
+out:
+  if(nghttp2_is_fatal(rv)) {
+    DEBUGF(LOG_CF(data, cf, "nghttp2_session_send error (%s)%d",
+                  nghttp2_strerror(rv), rv));
+    return CURLE_SEND_ERROR;
+  }
+  return flush_output(cf, data);
 }
 
-static ssize_t http2_recv(struct Curl_easy *data, int sockindex,
-                          char *mem, size_t len, CURLcode *err)
+static ssize_t cf_h2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+                          char *buf, size_t len, CURLcode *err)
 {
-  ssize_t nread;
-  struct connectdata *conn = data->conn;
-  struct http_conn *httpc = &conn->proto.httpc;
+  struct cf_h2_ctx *ctx = cf->ctx;
   struct HTTP *stream = data->req.p.http;
-
-  (void)sockindex; /* we always do HTTP2 on sockindex 0 */
-
-  if(should_close_session(httpc)) {
-    H2BUGF(infof(data,
-                 "http2_recv: nothing to do in this session"));
-    if(conn->bits.close) {
+  ssize_t nread = -1;
+  struct cf_call_data save;
+  bool conn_is_closed = FALSE;
+
+  CF_DATA_SAVE(save, cf, data);
+
+  /* If the h2 session has told us to GOAWAY with an error AND
+   * indicated the highest stream id it has processes AND
+   * the stream we are trying to read has a higher id, this
+   * means we will most likely not receive any more for it.
+   * Treat this as if the server explicitly had RST the stream */
+  if((ctx->goaway && ctx->goaway_error &&
+      ctx->last_stream_id > 0 &&
+      ctx->last_stream_id < stream->stream_id)) {
+    stream->reset = TRUE;
+  }
+
+  /* If a stream is RST, it does not matter what state the h2 session
+   * is in, our answer to receiving data is always the same. */
+  if(stream->reset) {
+    *err = stream->bodystarted? CURLE_PARTIAL_FILE : CURLE_RECV_ERROR;
+    nread = -1;
+    goto out;
+  }
+
+  if(should_close_session(ctx)) {
+    DEBUGF(LOG_CF(data, cf, "http2_recv: nothing to do in this session"));
+    if(cf->conn->bits.close) {
       /* already marked for closure, return OK and we're done */
+      drained_transfer(cf, data);
       *err = CURLE_OK;
-      return 0;
+      nread = 0;
+      goto out;
     }
     *err = CURLE_HTTP2;
-    return -1;
+    nread = -1;
+    goto out;
   }
 
   /* Nullify here because we call nghttp2_session_send() and they
@@ -1690,74 +1780,67 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex,
     size_t left =
       Curl_dyn_len(&stream->header_recvbuf) - stream->nread_header_recvbuf;
     size_t ncopy = CURLMIN(len, left);
-    memcpy(mem, Curl_dyn_ptr(&stream->header_recvbuf) +
+    memcpy(buf, Curl_dyn_ptr(&stream->header_recvbuf) +
            stream->nread_header_recvbuf, ncopy);
     stream->nread_header_recvbuf += ncopy;
 
-    H2BUGF(infof(data, "http2_recv: Got %d bytes from header_recvbuf",
-                 (int)ncopy));
-    return ncopy;
+    DEBUGF(LOG_CF(data, cf, "recv: Got %d bytes from header_recvbuf",
+                  (int)ncopy));
+    nread = ncopy;
+    goto out;
   }
 
-  H2BUGF(infof(data, "http2_recv: easy %p (stream %u) win %u/%u",
-               data, stream->stream_id,
-               nghttp2_session_get_local_window_size(httpc->h2),
-               nghttp2_session_get_stream_local_window_size(httpc->h2,
-                                                            stream->stream_id)
+  DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_recv: win %u/%u",
+                stream->stream_id,
+                nghttp2_session_get_local_window_size(ctx->h2),
+                nghttp2_session_get_stream_local_window_size(ctx->h2,
+                                                             stream->stream_id)
            ));
 
-  if((data->state.drain) && stream->memlen) {
-    H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u (%p => %p)",
-                 stream->memlen, stream->stream_id,
-                 stream->mem, mem));
-    if(mem != stream->mem) {
+  if(stream->memlen) {
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv: DRAIN %zu bytes (%p => %p)",
+                  stream->stream_id, stream->memlen,
+                  (void *)stream->mem, (void *)buf));
+    if(buf != stream->mem) {
       /* if we didn't get the same buffer this time, we must move the data to
          the beginning */
-      memmove(mem, stream->mem, stream->memlen);
+      memmove(buf, stream->mem, stream->memlen);
       stream->len = len - stream->memlen;
-      stream->mem = mem;
+      stream->mem = buf;
     }
-    if(httpc->pause_stream_id == stream->stream_id && !stream->pausedata) {
+
+    if(ctx->pause_stream_id == stream->stream_id && !stream->pausedata) {
       /* We have paused nghttp2, but we have no pause data (see
          on_data_chunk_recv). */
-      httpc->pause_stream_id = 0;
-      if(h2_process_pending_input(data, httpc, err) != 0) {
-        return -1;
+      ctx->pause_stream_id = 0;
+      if(h2_process_pending_input(cf, data, err) != 0) {
+        nread = -1;
+        goto out;
       }
     }
   }
   else if(stream->pausedata) {
-    DEBUGASSERT(httpc->pause_stream_id == stream->stream_id);
+    DEBUGASSERT(ctx->pause_stream_id == stream->stream_id);
     nread = CURLMIN(len, stream->pauselen);
-    memcpy(mem, stream->pausedata, nread);
+    memcpy(buf, stream->pausedata, nread);
 
     stream->pausedata += nread;
     stream->pauselen -= nread;
+    drain_this(cf, data);
 
     if(stream->pauselen == 0) {
-      H2BUGF(infof(data, "Unpaused by stream %u", stream->stream_id));
-      DEBUGASSERT(httpc->pause_stream_id == stream->stream_id);
-      httpc->pause_stream_id = 0;
+      DEBUGF(LOG_CF(data, cf, "[h2sid=%u] Unpaused", stream->stream_id));
+      DEBUGASSERT(ctx->pause_stream_id == stream->stream_id);
+      ctx->pause_stream_id = 0;
 
       stream->pausedata = NULL;
       stream->pauselen = 0;
-
-      /* When NGHTTP2_ERR_PAUSE is returned from
-         data_source_read_callback, we might not process DATA frame
-         fully.  Calling nghttp2_session_mem_recv() again will
-         continue to process DATA frame, but if there is no incoming
-         frames, then we have to call it again with 0-length data.
-         Without this, on_stream_close callback will not be called,
-         and stream could be hanged. */
-      if(h2_process_pending_input(data, httpc, err) != 0) {
-        return -1;
-      }
     }
-    H2BUGF(infof(data, "http2_recv: returns unpaused %zd bytes on stream %u",
-                 nread, stream->stream_id));
-    return nread;
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] recv: returns unpaused %zd bytes",
+                  stream->stream_id, nread));
+    goto out;
   }
-  else if(httpc->pause_stream_id) {
+  else if(ctx->pause_stream_id) {
     /* If a stream paused nghttp2_session_mem_recv previously, and has
        not processed all data, it still refers to the buffer in
        nghttp2_session.  If we call nghttp2_session_mem_recv(), we may
@@ -1766,156 +1849,192 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex,
        socket is not read.  But it seems that usually streams are
        notified with its drain property, and socket is read again
        quickly. */
-    if(stream->closed)
+    if(stream->closed) {
       /* closed overrides paused */
-      return 0;
-    H2BUGF(infof(data, "stream %u is paused, pause id: %u",
-                 stream->stream_id, httpc->pause_stream_id));
+      drained_transfer(cf, data);
+      nread = 0;
+      goto out;
+    }
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] is paused, pause h2sid: %u",
+                  stream->stream_id, ctx->pause_stream_id));
     *err = CURLE_AGAIN;
-    return -1;
+    nread = -1;
+    goto out;
   }
   else {
-    /* remember where to store incoming data for this stream and how big the
-       buffer is */
-    stream->mem = mem;
+    /* We have nothing buffered for `data` and no other stream paused
+     * the processing of incoming data, we can therefore read new data
+     * from the network.
+     * If DATA is coming for this stream, we want to store it ad the
+     * `buf` passed in right away - saving us a copy.
+     */
+    stream->mem = buf;
     stream->len = len;
     stream->memlen = 0;
 
-    if(httpc->inbuflen == 0) {
-      nread = ((Curl_recv *)httpc->recv_underlying)(
-        data, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, err);
-
-      if(nread == -1) {
-        if(*err != CURLE_AGAIN)
-          failf(data, "Failed receiving HTTP2 data");
-        else if(stream->closed)
-          /* received when the stream was already closed! */
-          return http2_handle_stream_close(conn, data, stream, err);
-
+    if(ctx->inbuflen > 0) {
+      DEBUGF(LOG_CF(data, cf, "[h2sid=%u] %zd bytes in inbuf",
+                    stream->stream_id, ctx->inbuflen - ctx->nread_inbuf));
+      if(h2_process_pending_input(cf, data, err))
         return -1;
-      }
+    }
 
-      if(nread == 0) {
-        if(!stream->closed) {
-          /* This will happen when the server or proxy server is SIGKILLed
-             during data transfer. We should emit an error since our data
-             received may be incomplete. */
-          failf(data, "HTTP/2 stream %u was not closed cleanly before"
-                " end of the underlying stream",
-                stream->stream_id);
-          *err = CURLE_HTTP2_STREAM;
-          return -1;
+    while(stream->memlen == 0 &&       /* have no data for this stream */
+          !stream->closed &&           /* and it is not closed/reset */
+          !ctx->pause_stream_id &&     /* we are not paused either */
+          ctx->inbuflen == 0 &&       /* and out input buffer is empty */
+          !conn_is_closed) {          /* and connection is not closed */
+      /* Receive data from the "lower" filters */
+      nread = Curl_conn_cf_recv(cf->next, data, ctx->inbuf, H2_BUFSIZE, err);
+      if(nread < 0) {
+        DEBUGASSERT(*err);
+        if(*err == CURLE_AGAIN) {
+          break;
         }
-
-        H2BUGF(infof(data, "end of stream"));
-        *err = CURLE_OK;
-        return 0;
+        failf(data, "Failed receiving HTTP2 data");
+        conn_is_closed = TRUE;
+      }
+      else if(nread == 0) {
+        DEBUGF(LOG_CF(data, cf, "[h2sid=%u] underlying connection is closed",
+                      stream->stream_id));
+        conn_is_closed = TRUE;
+      }
+      else {
+        DEBUGF(LOG_CF(data, cf, "[h2sid=%u] read %zd from connection",
+                      stream->stream_id, nread));
+        ctx->inbuflen = nread;
+        DEBUGASSERT(ctx->nread_inbuf == 0);
+        if(h2_process_pending_input(cf, data, err))
+          return -1;
       }
-
-      H2BUGF(infof(data, "nread=%zd", nread));
-
-      httpc->inbuflen = nread;
-
-      DEBUGASSERT(httpc->nread_inbuf == 0);
-    }
-    else {
-      nread = httpc->inbuflen - httpc->nread_inbuf;
-      (void)nread;  /* silence warning, used in debug */
-      H2BUGF(infof(data, "Use data left in connection buffer, nread=%zd",
-                   nread));
     }
 
-    if(h2_process_pending_input(data, httpc, err))
-      return -1;
   }
+
   if(stream->memlen) {
     ssize_t retlen = stream->memlen;
-    H2BUGF(infof(data, "http2_recv: returns %zd for stream %u",
-                 retlen, stream->stream_id));
+
+    /* TODO: all this buffer handling is very brittle */
+    stream->len += stream->memlen;
     stream->memlen = 0;
 
-    if(httpc->pause_stream_id == stream->stream_id) {
+    if(ctx->pause_stream_id == stream->stream_id) {
       /* data for this stream is returned now, but this stream caused a pause
          already so we need it called again asap */
-      H2BUGF(infof(data, "Data returned for PAUSED stream %u",
-                   stream->stream_id));
-    }
-    else if(!stream->closed) {
-      drained_transfer(data, httpc);
+      DEBUGF(LOG_CF(data, cf, "[h2sid=%u] Data returned for PAUSED stream",
+                    stream->stream_id));
+      drain_this(cf, data);
+      Curl_expire(data, 0, EXPIRE_RUN_NOW);
     }
-    else
+    else if(stream->closed) {
+      if(stream->reset || stream->error) {
+        nread = http2_handle_stream_close(cf, data, stream, err);
+        goto out;
+      }
       /* this stream is closed, trigger a another read ASAP to detect that */
+      DEBUGF(LOG_CF(data, cf, "[h2sid=%u] is closed now, run again",
+                    stream->stream_id));
+      drain_this(cf, data);
       Curl_expire(data, 0, EXPIRE_RUN_NOW);
+    }
+    else {
+      drained_transfer(cf, data);
+    }
 
-    return retlen;
+    *err = CURLE_OK;
+    nread = retlen;
+    goto out;
+  }
+
+  if(conn_is_closed && !stream->closed) {
+    /* underlying connection is closed and we have nothing for the stream.
+     * Treat this as a RST */
+    stream->closed = stream->reset = TRUE;
+      failf(data, "HTTP/2 stream %u was not closed cleanly before"
+            " end of the underlying connection",
+            stream->stream_id);
+  }
+
+  if(stream->closed) {
+    nread = http2_handle_stream_close(cf, data, stream, err);
+    goto out;
+  }
+
+  if(!data->state.drain && Curl_conn_cf_data_pending(cf->next, data)) {
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] pending data, set drain",
+                  stream->stream_id));
+    drain_this(cf, data);
   }
-  if(stream->closed)
-    return http2_handle_stream_close(conn, data, stream, err);
   *err = CURLE_AGAIN;
-  H2BUGF(infof(data, "http2_recv returns AGAIN for stream %u",
-               stream->stream_id));
-  return -1;
+  nread = -1;
+out:
+  DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_recv -> %zd, %d",
+                stream->stream_id, nread, *err));
+  CF_DATA_RESTORE(cf, save);
+  return nread;
 }
 
-static ssize_t http2_send(struct Curl_easy *data, int sockindex,
-                          const void *mem, size_t len, CURLcode *err)
+static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+                          const void *buf, size_t len, CURLcode *err)
 {
   /*
    * Currently, we send request in this function, but this function is also
    * used to send request body. It would be nice to add dedicated function for
    * request.
    */
+  struct cf_h2_ctx *ctx = cf->ctx;
   int rv;
-  struct connectdata *conn = data->conn;
-  struct http_conn *httpc = &conn->proto.httpc;
   struct HTTP *stream = data->req.p.http;
   nghttp2_nv *nva = NULL;
   size_t nheader;
   nghttp2_data_provider data_prd;
   int32_t stream_id;
-  nghttp2_session *h2 = httpc->h2;
   nghttp2_priority_spec pri_spec;
   CURLcode result;
   struct h2h3req *hreq;
+  struct cf_call_data save;
+  ssize_t nwritten;
 
-  (void)sockindex;
-
-  H2BUGF(infof(data, "http2_send len=%zu", len));
+  CF_DATA_SAVE(save, cf, data);
+  DEBUGF(LOG_CF(data, cf, "cf_send(len=%zu) start", len));
 
   if(stream->stream_id != -1) {
     if(stream->close_handled) {
       infof(data, "stream %u closed", stream->stream_id);
       *err = CURLE_HTTP2_STREAM;
-      return -1;
+      nwritten = -1;
+      goto out;
     }
     else if(stream->closed) {
-      return http2_handle_stream_close(conn, data, stream, err);
+      nwritten = http2_handle_stream_close(cf, data, stream, err);
+      goto out;
     }
     /* If stream_id != -1, we have dispatched request HEADERS, and now
        are going to send or sending request body in DATA frame */
-    stream->upload_mem = mem;
+    stream->upload_mem = buf;
     stream->upload_len = len;
-    rv = nghttp2_session_resume_data(h2, stream->stream_id);
+    rv = nghttp2_session_resume_data(ctx->h2, stream->stream_id);
     if(nghttp2_is_fatal(rv)) {
       *err = CURLE_SEND_ERROR;
-      return -1;
+      nwritten = -1;
+      goto out;
     }
-    rv = h2_session_send(data, h2);
-    if(nghttp2_is_fatal(rv)) {
-      *err = CURLE_SEND_ERROR;
-      return -1;
+    result = h2_session_send(cf, data);
+    if(result) {
+      *err = result;
+      nwritten = -1;
+      goto out;
     }
-    len -= stream->upload_len;
 
-    /* Nullify here because we call nghttp2_session_send() and they
-       might refer to the old buffer. */
+    nwritten = (ssize_t)len - (ssize_t)stream->upload_len;
     stream->upload_mem = NULL;
     stream->upload_len = 0;
 
-    if(should_close_session(httpc)) {
-      H2BUGF(infof(data, "http2_send: nothing to do in this session"));
+    if(should_close_session(ctx)) {
+      DEBUGF(LOG_CF(data, cf, "send: nothing to do in this session"));
       *err = CURLE_HTTP2;
-      return -1;
+      nwritten = -1;
+      goto out;
     }
 
     if(stream->upload_left) {
@@ -1923,29 +2042,40 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
          following API will make nghttp2_session_want_write() return
          nonzero if remote window allows it, which then libcurl checks
          socket is writable or not.  See http2_perform_getsock(). */
-      nghttp2_session_resume_data(h2, stream->stream_id);
+      nghttp2_session_resume_data(ctx->h2, stream->stream_id);
     }
 
-#ifdef DEBUG_HTTP2
-    if(!len) {
-      infof(data, "http2_send: easy %p (stream %u) win %u/%u",
-            data, stream->stream_id,
-            nghttp2_session_get_remote_window_size(httpc->h2),
-            nghttp2_session_get_stream_remote_window_size(httpc->h2,
-                                                          stream->stream_id)
-        );
-
+    if(!nwritten) {
+      size_t rwin = nghttp2_session_get_stream_remote_window_size(ctx->h2,
+                                                          stream->stream_id);
+      DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_send: win %u/%zu",
+             stream->stream_id,
+             nghttp2_session_get_remote_window_size(ctx->h2), rwin));
+        if(rwin == 0) {
+          /* We cannot upload more as the stream's remote window size
+           * is 0. We need to receive WIN_UPDATEs before we can continue.
+           */
+          data->req.keepon |= KEEP_SEND_HOLD;
+          DEBUGF(LOG_CF(data, cf, "[h2sid=%u] holding send as remote flow "
+                 "window is exhausted", stream->stream_id));
+        }
     }
-    infof(data, "http2_send returns %zu for stream %u", len,
-          stream->stream_id);
-#endif
-    return len;
-  }
-
-  result = Curl_pseudo_headers(data, mem, len, &hreq);
+    DEBUGF(LOG_CF(data, cf, "[h2sid=%u] cf_send returns %zd ",
+           stream->stream_id, nwritten));
+
+    /* handled writing BODY for open stream. */
+    goto out;
+  }
+  /* Stream has not been opened yet. `buf` is expected to contain
+   * request headers. */
+  /* TODO: this assumes that the `buf` and `len` we are called with
+   * is *all* HEADERs and no body. We have no way to determine here
+   * if that is indeed the case. */
+  result = Curl_pseudo_headers(data, buf, len, NULL, &hreq);
   if(result) {
     *err = result;
-    return -1;
+    nwritten = -1;
+    goto out;
   }
   nheader = hreq->entries;
 
@@ -1953,7 +2083,8 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
   if(!nva) {
     Curl_pseudo_free(hreq);
     *err = CURLE_OUT_OF_MEMORY;
-    return -1;
+    nwritten = -1;
+    goto out;
   }
   else {
     unsigned int i;
@@ -1969,8 +2100,8 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
 
   h2_pri_spec(data, &pri_spec);
 
-  H2BUGF(infof(data, "http2_send request allowed %d (easy handle %p)",
-               nghttp2_session_check_request_allowed(h2), (void *)data));
+  DEBUGF(LOG_CF(data, cf, "send request allowed %d (easy handle %p)",
+                nghttp2_session_check_request_allowed(ctx->h2), (void *)data));
 
   switch(data->state.httpreq) {
   case HTTPREQ_POST:
@@ -1985,42 +2116,43 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
 
     data_prd.read_callback = data_source_read_callback;
     data_prd.source.ptr = NULL;
-    stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
+    stream_id = nghttp2_submit_request(ctx->h2, &pri_spec, nva, nheader,
                                        &data_prd, data);
     break;
   default:
-    stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
+    stream_id = nghttp2_submit_request(ctx->h2, &pri_spec, nva, nheader,
                                        NULL, data);
   }
 
   Curl_safefree(nva);
 
   if(stream_id < 0) {
-    H2BUGF(infof(data,
-                 "http2_send() nghttp2_submit_request error (%s)%u",
-                 nghttp2_strerror(stream_id), stream_id));
+    DEBUGF(LOG_CF(data, cf, "send: nghttp2_submit_request error (%s)%u",
+                  nghttp2_strerror(stream_id), stream_id));
     *err = CURLE_SEND_ERROR;
-    return -1;
+    nwritten = -1;
+    goto out;
   }
 
   infof(data, "Using Stream ID: %u (easy handle %p)",
         stream_id, (void *)data);
   stream->stream_id = stream_id;
+  /* See TODO above. We assume that the whole buf was consumed by
+   * generating the request headers. */
+  nwritten = len;
 
-  rv = h2_session_send(data, h2);
-  if(rv) {
-    H2BUGF(infof(data,
-                 "http2_send() nghttp2_session_send error (%s)%d",
-                 nghttp2_strerror(rv), rv));
-
-    *err = CURLE_SEND_ERROR;
-    return -1;
+  result = h2_session_send(cf, data);
+  if(result) {
+    *err = result;
+    nwritten = -1;
+    goto out;
   }
 
-  if(should_close_session(httpc)) {
-    H2BUGF(infof(data, "http2_send: nothing to do in this session"));
+  if(should_close_session(ctx)) {
+    DEBUGF(LOG_CF(data, cf, "send: nothing to do in this session"));
     *err = CURLE_HTTP2;
-    return -1;
+    nwritten = -1;
+    goto out;
   }
 
   /* If whole HEADERS frame was sent off to the underlying socket, the nghttp2
@@ -2030,169 +2162,126 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
      results that no writable socket check is performed. To workaround this,
      we issue nghttp2_session_resume_data() here to bring back DATA
      transmission from deferred state. */
-  nghttp2_session_resume_data(h2, stream->stream_id);
+  nghttp2_session_resume_data(ctx->h2, stream->stream_id);
 
-  return len;
+out:
+  CF_DATA_RESTORE(cf, save);
+  return nwritten;
 }
 
-CURLcode Curl_http2_setup(struct Curl_easy *data,
-                          struct connectdata *conn)
+static int cf_h2_get_select_socks(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  curl_socket_t *sock)
 {
-  CURLcode result;
-  struct http_conn *httpc = &conn->proto.httpc;
+  struct cf_h2_ctx *ctx = cf->ctx;
+  struct SingleRequest *k = &data->req;
   struct HTTP *stream = data->req.p.http;
+  int bitmap = GETSOCK_BLANK;
+  struct cf_call_data save;
 
-  DEBUGASSERT(data->state.buffer);
+  CF_DATA_SAVE(save, cf, data);
+  sock[0] = Curl_conn_cf_get_socket(cf, data);
 
-  stream->stream_id = -1;
+  if(!(k->keepon & KEEP_RECV_PAUSE))
+    /* Unless paused - in an HTTP/2 connection we can basically always get a
+       frame so we should always be ready for one */
+    bitmap |= GETSOCK_READSOCK(0);
 
-  Curl_dyn_init(&stream->header_recvbuf, DYN_H2_HEADERS);
-  Curl_dyn_init(&stream->trailer_recvbuf, DYN_H2_TRAILERS);
+  /* we're (still uploading OR the HTTP/2 layer wants to send data) AND
+     there's a window to send data in */
+  if((((k->keepon & KEEP_SENDBITS) == KEEP_SEND) ||
+      nghttp2_session_want_write(ctx->h2)) &&
+     (nghttp2_session_get_remote_window_size(ctx->h2) &&
+      nghttp2_session_get_stream_remote_window_size(ctx->h2,
+                                                    stream->stream_id)))
+    bitmap |= GETSOCK_WRITESOCK(0);
 
-  stream->upload_left = 0;
-  stream->upload_mem = NULL;
-  stream->upload_len = 0;
-  stream->mem = data->state.buffer;
-  stream->len = data->set.buffer_size;
+  CF_DATA_RESTORE(cf, save);
+  return bitmap;
+}
 
-  multi_connchanged(data->multi);
-  /* below this point only connection related inits are done, which only needs
-     to be done once per connection */
 
-  if((conn->handler == &Curl_handler_http2_ssl) ||
-     (conn->handler == &Curl_handler_http2))
-    return CURLE_OK; /* already done */
+static CURLcode cf_h2_connect(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              bool blocking, bool *done)
+{
+  struct cf_h2_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+  struct cf_call_data save;
 
-  if(conn->handler->flags & PROTOPT_SSL)
-    conn->handler = &Curl_handler_http2_ssl;
-  else
-    conn->handler = &Curl_handler_http2;
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
 
-  result = http2_init(data, conn);
-  if(result) {
-    Curl_dyn_free(&stream->header_recvbuf);
-    return result;
+  /* Connect the lower filters first */
+  if(!cf->next->connected) {
+    result = Curl_conn_cf_connect(cf->next, data, blocking, done);
+    if(result || !*done)
+      return result;
   }
 
-  infof(data, "Using HTTP2, server supports multiplexing");
+  *done = FALSE;
 
-  conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
-  conn->httpversion = 20;
-  conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+  CF_DATA_SAVE(save, cf, data);
+  if(!ctx->h2) {
+    result = cf_h2_ctx_init(cf, data, FALSE);
+    if(result)
+      goto out;
+  }
 
-  httpc->inbuflen = 0;
-  httpc->nread_inbuf = 0;
+  if(-1 == h2_process_pending_input(cf, data, &result)) {
+    result = CURLE_HTTP2;
+    goto out;
+  }
 
-  httpc->pause_stream_id = 0;
-  httpc->drain_total = 0;
+  *done = TRUE;
+  cf->connected = TRUE;
+  result = CURLE_OK;
 
-  return CURLE_OK;
+out:
+  CF_DATA_RESTORE(cf, save);
+  return result;
 }
 
-CURLcode Curl_http2_switched(struct Curl_easy *data,
-                             const char *mem, size_t nread)
+static void cf_h2_close(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
-  CURLcode result;
-  struct connectdata *conn = data->conn;
-  struct http_conn *httpc = &conn->proto.httpc;
-  int rv;
-  struct HTTP *stream = data->req.p.http;
-
-  result = Curl_http2_setup(data, conn);
-  if(result)
-    return result;
+  struct cf_h2_ctx *ctx = cf->ctx;
 
-  httpc->recv_underlying = conn->recv[FIRSTSOCKET];
-  httpc->send_underlying = conn->send[FIRSTSOCKET];
-  conn->recv[FIRSTSOCKET] = http2_recv;
-  conn->send[FIRSTSOCKET] = http2_send;
+  if(ctx) {
+    struct cf_call_data save;
 
-  if(data->req.upgr101 == UPGR101_RECEIVED) {
-    /* stream 1 is opened implicitly on upgrade */
-    stream->stream_id = 1;
-    /* queue SETTINGS frame (again) */
-    rv = nghttp2_session_upgrade2(httpc->h2, httpc->binsettings, httpc->binlen,
-                                  data->state.httpreq == HTTPREQ_HEAD, NULL);
-    if(rv) {
-      failf(data, "nghttp2_session_upgrade2() failed: %s(%d)",
-            nghttp2_strerror(rv), rv);
-      return CURLE_HTTP2;
-    }
-
-    rv = nghttp2_session_set_stream_user_data(httpc->h2,
-                                              stream->stream_id,
-                                              data);
-    if(rv) {
-      infof(data, "http/2: failed to set user_data for stream %u",
-            stream->stream_id);
-      DEBUGASSERT(0);
-    }
-  }
-  else {
-    populate_settings(data, httpc);
-
-    /* stream ID is unknown at this point */
-    stream->stream_id = -1;
-    rv = nghttp2_submit_settings(httpc->h2, NGHTTP2_FLAG_NONE,
-                                 httpc->local_settings,
-                                 httpc->local_settings_num);
-    if(rv) {
-      failf(data, "nghttp2_submit_settings() failed: %s(%d)",
-            nghttp2_strerror(rv), rv);
-      return CURLE_HTTP2;
-    }
+    CF_DATA_SAVE(save, cf, data);
+    cf_h2_ctx_clear(ctx);
+    CF_DATA_RESTORE(cf, save);
   }
+}
 
-  rv = nghttp2_session_set_local_window_size(httpc->h2, NGHTTP2_FLAG_NONE, 0,
-                                             HTTP2_HUGE_WINDOW_SIZE);
-  if(rv) {
-    failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)",
-          nghttp2_strerror(rv), rv);
-    return CURLE_HTTP2;
-  }
+static void cf_h2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_h2_ctx *ctx = cf->ctx;
 
-  /* we are going to copy mem to httpc->inbuf.  This is required since
-     mem is part of buffer pointed by stream->mem, and callbacks
-     called by nghttp2_session_mem_recv() will write stream specific
-     data into stream->mem, overwriting data already there. */
-  if(H2_BUFSIZE < nread) {
-    failf(data, "connection buffer size is too small to store data following "
-          "HTTP Upgrade response header: buflen=%d, datalen=%zu",
-          H2_BUFSIZE, nread);
-    return CURLE_HTTP2;
+  (void)data;
+  if(ctx) {
+    cf_h2_ctx_free(ctx);
+    cf->ctx = NULL;
   }
-
-  infof(data, "Copying HTTP/2 data in stream buffer to connection buffer"
-        " after upgrade: len=%zu",
-        nread);
-
-  if(nread)
-    memcpy(httpc->inbuf, mem, nread);
-
-  httpc->inbuflen = nread;
-
-  DEBUGASSERT(httpc->nread_inbuf == 0);
-
-  if(-1 == h2_process_pending_input(data, httpc, &result))
-    return CURLE_HTTP2;
-
-  return CURLE_OK;
 }
 
-CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
+static CURLcode http2_data_pause(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data,
+                                 bool pause)
 {
+  struct cf_h2_ctx *ctx = cf->ctx;
+
   DEBUGASSERT(data);
-  DEBUGASSERT(data->conn);
-  /* if it isn't HTTP/2, we're done */
-  if(!(data->conn->handler->protocol & PROTO_FAMILY_HTTP) ||
-     !data->conn->proto.httpc.h2)
-    return CURLE_OK;
 #ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
-  else {
+  if(ctx && ctx->h2) {
     struct HTTP *stream = data->req.p.http;
-    struct http_conn *httpc = &data->conn->proto.httpc;
     uint32_t window = !pause * HTTP2_HUGE_WINDOW_SIZE;
-    int rv = nghttp2_session_set_local_window_size(httpc->h2,
+    CURLcode result;
+
+    int rv = nghttp2_session_set_local_window_size(ctx->h2,
                                                    NGHTTP2_FLAG_NONE,
                                                    stream->stream_id,
                                                    window);
@@ -2203,9 +2292,9 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
     }
 
     /* make sure the window update gets sent */
-    rv = h2_session_send(data, httpc->h2);
-    if(rv)
-      return CURLE_SEND_ERROR;
+    result = h2_session_send(cf, data);
+    if(result)
+      return result;
 
     DEBUGF(infof(data, "Set HTTP/2 window size to %u for stream %u",
                  window, stream->stream_id));
@@ -2214,7 +2303,7 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
     {
       /* read out the stream local window again */
       uint32_t window2 =
-        nghttp2_session_get_stream_local_window_size(httpc->h2,
+        nghttp2_session_get_stream_local_window_size(ctx->h2,
                                                      stream->stream_id);
       DEBUGF(infof(data, "HTTP/2 window size is now %u for stream %u",
                    window2, stream->stream_id));
@@ -2225,86 +2314,327 @@ CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause)
   return CURLE_OK;
 }
 
-CURLcode Curl_http2_add_child(struct Curl_easy *parent,
-                              struct Curl_easy *child,
-                              bool exclusive)
+static CURLcode cf_h2_cntrl(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            int event, int arg1, void *arg2)
 {
-  if(parent) {
-    struct Curl_http2_dep **tail;
-    struct Curl_http2_dep *dep = calloc(1, sizeof(struct Curl_http2_dep));
-    if(!dep)
-      return CURLE_OUT_OF_MEMORY;
-    dep->data = child;
-
-    if(parent->set.stream_dependents && exclusive) {
-      struct Curl_http2_dep *node = parent->set.stream_dependents;
-      while(node) {
-        node->data->set.stream_depends_on = child;
-        node = node->next;
-      }
+  CURLcode result = CURLE_OK;
+  struct cf_call_data save;
 
-      tail = &child->set.stream_dependents;
-      while(*tail)
-        tail = &(*tail)->next;
+  (void)arg2;
 
-      DEBUGASSERT(!*tail);
-      *tail = parent->set.stream_dependents;
-      parent->set.stream_dependents = 0;
-    }
+  CF_DATA_SAVE(save, cf, data);
+  switch(event) {
+  case CF_CTRL_DATA_SETUP: {
+    result = http2_data_setup(cf, data);
+    break;
+  }
+  case CF_CTRL_DATA_PAUSE: {
+    result = http2_data_pause(cf, data, (arg1 != 0));
+    break;
+  }
+  case CF_CTRL_DATA_DONE_SEND: {
+    result = http2_data_done_send(cf, data);
+    break;
+  }
+  case CF_CTRL_DATA_DONE: {
+    http2_data_done(cf, data, arg1 != 0);
+    break;
+  }
+  default:
+    break;
+  }
+  CF_DATA_RESTORE(cf, save);
+  return result;
+}
 
-    tail = &parent->set.stream_dependents;
-    while(*tail) {
-      (*tail)->data->set.stream_depends_e = FALSE;
-      tail = &(*tail)->next;
-    }
+static bool cf_h2_data_pending(struct Curl_cfilter *cf,
+                               const struct Curl_easy *data)
+{
+  struct cf_h2_ctx *ctx = cf->ctx;
+  if(ctx && ctx->inbuflen > 0 && ctx->nread_inbuf > ctx->inbuflen)
+    return TRUE;
+  return cf->next? cf->next->cft->has_data_pending(cf->next, data) : FALSE;
+}
+
+static bool cf_h2_is_alive(struct Curl_cfilter *cf,
+                           struct Curl_easy *data,
+                           bool *input_pending)
+{
+  struct cf_h2_ctx *ctx = cf->ctx;
+  CURLcode result;
+  struct cf_call_data save;
 
-    DEBUGASSERT(!*tail);
-    *tail = dep;
+  CF_DATA_SAVE(save, cf, data);
+  result = (ctx && ctx->h2 && http2_connisalive(cf, data, input_pending));
+  DEBUGF(LOG_CF(data, cf, "conn alive -> %d, input_pending=%d",
+         result, *input_pending));
+  CF_DATA_RESTORE(cf, save);
+  return result;
+}
+
+static CURLcode cf_h2_keep_alive(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data)
+{
+  CURLcode result;
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
+  result = http2_send_ping(cf, data);
+  CF_DATA_RESTORE(cf, save);
+  return result;
+}
+
+static CURLcode cf_h2_query(struct Curl_cfilter *cf,
+                            struct Curl_easy *data,
+                            int query, int *pres1, void *pres2)
+{
+  struct cf_h2_ctx *ctx = cf->ctx;
+  struct cf_call_data save;
+  size_t effective_max;
+
+  switch(query) {
+  case CF_QUERY_MAX_CONCURRENT:
+    DEBUGASSERT(pres1);
+
+    CF_DATA_SAVE(save, cf, data);
+    if(nghttp2_session_check_request_allowed(ctx->h2) == 0) {
+      /* the limit is what we have in use right now */
+      effective_max = CONN_INUSE(cf->conn);
+    }
+    else {
+      effective_max = ctx->max_concurrent_streams;
+    }
+    *pres1 = (effective_max > INT_MAX)? INT_MAX : (int)effective_max;
+    CF_DATA_RESTORE(cf, save);
+    return CURLE_OK;
+  default:
+    break;
   }
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
+}
 
-  child->set.stream_depends_on = parent;
-  child->set.stream_depends_e = exclusive;
-  return CURLE_OK;
+struct Curl_cftype Curl_cft_nghttp2 = {
+  "HTTP/2",
+  CF_TYPE_MULTIPLEX,
+  CURL_LOG_DEFAULT,
+  cf_h2_destroy,
+  cf_h2_connect,
+  cf_h2_close,
+  Curl_cf_def_get_host,
+  cf_h2_get_select_socks,
+  cf_h2_data_pending,
+  cf_h2_send,
+  cf_h2_recv,
+  cf_h2_cntrl,
+  cf_h2_is_alive,
+  cf_h2_keep_alive,
+  cf_h2_query,
+};
+
+static CURLcode http2_cfilter_add(struct Curl_cfilter **pcf,
+                                  struct Curl_easy *data,
+                                  struct connectdata *conn,
+                                  int sockindex)
+{
+  struct Curl_cfilter *cf = NULL;
+  struct cf_h2_ctx *ctx;
+  CURLcode result = CURLE_OUT_OF_MEMORY;
+
+  DEBUGASSERT(data->conn);
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx)
+    goto out;
+
+  result = Curl_cf_create(&cf, &Curl_cft_nghttp2, ctx);
+  if(result)
+    goto out;
+
+  Curl_conn_cf_add(data, conn, sockindex, cf);
+  result = CURLE_OK;
+
+out:
+  if(result)
+    cf_h2_ctx_free(ctx);
+  *pcf = result? NULL : cf;
+  return result;
 }
 
-void Curl_http2_remove_child(struct Curl_easy *parent, struct Curl_easy *child)
+static CURLcode http2_cfilter_insert_after(struct Curl_cfilter *cf,
+                                           struct Curl_easy *data)
 {
-  struct Curl_http2_dep *last = 0;
-  struct Curl_http2_dep *data = parent->set.stream_dependents;
-  DEBUGASSERT(child->set.stream_depends_on == parent);
+  struct Curl_cfilter *cf_h2 = NULL;
+  struct cf_h2_ctx *ctx;
+  CURLcode result = CURLE_OUT_OF_MEMORY;
+
+  (void)data;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx)
+    goto out;
+
+  result = Curl_cf_create(&cf_h2, &Curl_cft_nghttp2, ctx);
+  if(result)
+    goto out;
+
+  Curl_conn_cf_insert_after(cf, cf_h2);
+  result = CURLE_OK;
 
-  while(data && data->data != child) {
-    last = data;
-    data = data->next;
+out:
+  if(result)
+    cf_h2_ctx_free(ctx);
+  return result;
+}
+
+bool Curl_cf_is_http2(struct Curl_cfilter *cf, const struct Curl_easy *data)
+{
+  (void)data;
+  for(; cf; cf = cf->next) {
+    if(cf->cft == &Curl_cft_nghttp2)
+      return TRUE;
+    if(cf->cft->flags & CF_TYPE_IP_CONNECT)
+      return FALSE;
   }
+  return FALSE;
+}
 
-  DEBUGASSERT(data);
+bool Curl_conn_is_http2(const struct Curl_easy *data,
+                        const struct connectdata *conn,
+                        int sockindex)
+{
+  return conn? Curl_cf_is_http2(conn->cfilter[sockindex], data) : FALSE;
+}
 
-  if(data) {
-    if(last) {
-      last->next = data->next;
-    }
-    else {
-      parent->set.stream_dependents = data->next;
+bool Curl_http2_may_switch(struct Curl_easy *data,
+                           struct connectdata *conn,
+                           int sockindex)
+{
+  (void)sockindex;
+  if(!Curl_conn_is_http2(data, conn, sockindex) &&
+     data->state.httpwant == CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) {
+#ifndef CURL_DISABLE_PROXY
+    if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
+      /* We don't support HTTP/2 proxies yet. Also it's debatable
+         whether or not this setting should apply to HTTP/2 proxies. */
+      infof(data, "Ignoring HTTP/2 prior knowledge due to proxy");
+      return FALSE;
     }
-    free(data);
+#endif
+    return TRUE;
+  }
+  return FALSE;
+}
+
+CURLcode Curl_http2_switch(struct Curl_easy *data,
+                           struct connectdata *conn, int sockindex)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  DEBUGASSERT(!Curl_conn_is_http2(data, conn, sockindex));
+  DEBUGF(infof(data, DMSGI(data, sockindex, "switching to HTTP/2")));
+
+  result = http2_cfilter_add(&cf, data, conn, sockindex);
+  if(result)
+    return result;
+
+  result = cf_h2_ctx_init(cf, data, FALSE);
+  if(result)
+    return result;
+
+  conn->httpversion = 20; /* we know we're on HTTP/2 now */
+  conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+  conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+  multi_connchanged(data->multi);
+
+  if(cf->next) {
+    bool done;
+    return Curl_conn_cf_connect(cf, data, FALSE, &done);
   }
+  return CURLE_OK;
+}
+
+CURLcode Curl_http2_switch_at(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct Curl_cfilter *cf_h2;
+  CURLcode result;
+
+  DEBUGASSERT(!Curl_cf_is_http2(cf, data));
 
-  child->set.stream_depends_on = 0;
-  child->set.stream_depends_e = FALSE;
+  result = http2_cfilter_insert_after(cf, data);
+  if(result)
+    return result;
+
+  cf_h2 = cf->next;
+  result = cf_h2_ctx_init(cf_h2, data, FALSE);
+  if(result)
+    return result;
+
+  cf->conn->httpversion = 20; /* we know we're on HTTP/2 now */
+  cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+  cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+  multi_connchanged(data->multi);
+
+  if(cf_h2->next) {
+    bool done;
+    return Curl_conn_cf_connect(cf_h2, data, FALSE, &done);
+  }
+  return CURLE_OK;
 }
 
-void Curl_http2_cleanup_dependencies(struct Curl_easy *data)
+CURLcode Curl_http2_upgrade(struct Curl_easy *data,
+                            struct connectdata *conn, int sockindex,
+                            const char *mem, size_t nread)
 {
-  while(data->set.stream_dependents) {
-    struct Curl_easy *tmp = data->set.stream_dependents->data;
-    Curl_http2_remove_child(data, tmp);
-    if(data->set.stream_depends_on)
-      Curl_http2_add_child(data->set.stream_depends_on, tmp, FALSE);
+  struct Curl_cfilter *cf;
+  struct cf_h2_ctx *ctx;
+  CURLcode result;
+
+  DEBUGASSERT(!Curl_conn_is_http2(data, conn, sockindex));
+  DEBUGF(infof(data, DMSGI(data, sockindex, "upgrading to HTTP/2")));
+  DEBUGASSERT(data->req.upgr101 == UPGR101_RECEIVED);
+
+  result = http2_cfilter_add(&cf, data, conn, sockindex);
+  if(result)
+    return result;
+
+  DEBUGASSERT(cf->cft == &Curl_cft_nghttp2);
+  ctx = cf->ctx;
+
+  result = cf_h2_ctx_init(cf, data, TRUE);
+  if(result)
+    return result;
+
+  if(nread) {
+    /* we are going to copy mem to httpc->inbuf.  This is required since
+       mem is part of buffer pointed by stream->mem, and callbacks
+       called by nghttp2_session_mem_recv() will write stream specific
+       data into stream->mem, overwriting data already there. */
+    if(H2_BUFSIZE < nread) {
+      failf(data, "connection buffer size is too small to store data "
+            "following HTTP Upgrade response header: buflen=%d, datalen=%zu",
+            H2_BUFSIZE, nread);
+      return CURLE_HTTP2;
+    }
+
+    infof(data, "Copying HTTP/2 data in stream buffer to connection buffer"
+          " after upgrade: len=%zu", nread);
+    DEBUGASSERT(ctx->nread_inbuf == 0);
+    memcpy(ctx->inbuf, mem, nread);
+    ctx->inbuflen = nread;
   }
 
-  if(data->set.stream_depends_on)
-    Curl_http2_remove_child(data->set.stream_depends_on, data);
+  conn->httpversion = 20; /* we know we're on HTTP/2 now */
+  conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+  conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+  multi_connchanged(data->multi);
+
+  if(cf->next) {
+    bool done;
+    return Curl_conn_cf_connect(cf, data, FALSE, &done);
+  }
+  return CURLE_OK;
 }
 
 /* Only call this function for a transfer that already got an HTTP/2
@@ -2312,7 +2642,7 @@ void Curl_http2_cleanup_dependencies(struct Curl_easy *data)
 bool Curl_h2_http_1_1_error(struct Curl_easy *data)
 {
   struct HTTP *stream = data->req.p.http;
-  return (stream->error == NGHTTP2_HTTP_1_1_REQUIRED);
+  return (stream && stream->error == NGHTTP2_HTTP_1_1_REQUIRED);
 }
 
 #else /* !USE_NGHTTP2 */
diff --git a/lib/http2.h b/lib/http2.h
index 966bf75da..f78fbf04e 100644
--- a/lib/http2.h
+++ b/lib/http2.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -40,44 +40,41 @@ void Curl_http2_ver(char *p, size_t len);
 
 const char *Curl_http2_strerror(uint32_t err);
 
-CURLcode Curl_http2_init(struct connectdata *conn);
-void Curl_http2_init_state(struct UrlState *state);
-void Curl_http2_init_userset(struct UserDefined *set);
 CURLcode Curl_http2_request_upgrade(struct dynbuf *req,
                                     struct Curl_easy *data);
-CURLcode Curl_http2_setup(struct Curl_easy *data, struct connectdata *conn);
-CURLcode Curl_http2_switched(struct Curl_easy *data,
-                             const char *ptr, size_t nread);
-/* called from http_setup_conn */
-void Curl_http2_setup_conn(struct connectdata *conn);
-void Curl_http2_setup_req(struct Curl_easy *data);
-void Curl_http2_done(struct Curl_easy *data, bool premature);
-CURLcode Curl_http2_done_sending(struct Curl_easy *data,
-                                 struct connectdata *conn);
-CURLcode Curl_http2_add_child(struct Curl_easy *parent,
-                              struct Curl_easy *child,
-                              bool exclusive);
-void Curl_http2_remove_child(struct Curl_easy *parent,
-                             struct Curl_easy *child);
-void Curl_http2_cleanup_dependencies(struct Curl_easy *data);
-CURLcode Curl_http2_stream_pause(struct Curl_easy *data, bool pause);
 
 /* returns true if the HTTP/2 stream error was HTTP_1_1_REQUIRED */
 bool Curl_h2_http_1_1_error(struct Curl_easy *data);
+
+bool Curl_conn_is_http2(const struct Curl_easy *data,
+                        const struct connectdata *conn,
+                        int sockindex);
+bool Curl_cf_is_http2(struct Curl_cfilter *cf, const struct Curl_easy *data);
+
+bool Curl_http2_may_switch(struct Curl_easy *data,
+                           struct connectdata *conn,
+                           int sockindex);
+
+CURLcode Curl_http2_switch(struct Curl_easy *data,
+                           struct connectdata *conn, int sockindex);
+
+CURLcode Curl_http2_switch_at(struct Curl_cfilter *cf, struct Curl_easy *data);
+
+CURLcode Curl_http2_upgrade(struct Curl_easy *data,
+                            struct connectdata *conn, int sockindex,
+                            const char *ptr, size_t nread);
+
+extern struct Curl_cftype Curl_cft_nghttp2;
+
 #else /* USE_NGHTTP2 */
+
+#define Curl_cf_is_http2(a,b) FALSE
+#define Curl_conn_is_http2(a,b,c) FALSE
+#define Curl_http2_may_switch(a,b,c) FALSE
+
 #define Curl_http2_request_upgrade(x,y) CURLE_UNSUPPORTED_PROTOCOL
-#define Curl_http2_setup(x,y) CURLE_UNSUPPORTED_PROTOCOL
-#define Curl_http2_switched(x,y,z) CURLE_UNSUPPORTED_PROTOCOL
-#define Curl_http2_setup_conn(x) Curl_nop_stmt
-#define Curl_http2_setup_req(x)
-#define Curl_http2_init_state(x)
-#define Curl_http2_init_userset(x)
-#define Curl_http2_done(x,y)
-#define Curl_http2_done_sending(x,y) (void)y
-#define Curl_http2_add_child(x, y, z)
-#define Curl_http2_remove_child(x, y)
-#define Curl_http2_cleanup_dependencies(x)
-#define Curl_http2_stream_pause(x, y)
+#define Curl_http2_switch(a,b,c)        CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_upgrade(a,b,c,d,e)   CURLE_UNSUPPORTED_PROTOCOL
 #define Curl_h2_http_1_1_error(x) 0
 #endif
 
diff --git a/lib/http_aws_sigv4.c b/lib/http_aws_sigv4.c
index 8c6d1c9dc..7d50cfff8 100644
--- a/lib/http_aws_sigv4.c
+++ b/lib/http_aws_sigv4.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -48,9 +48,9 @@
   do {                                      \
     ret = Curl_hmacit(Curl_HMAC_SHA256,     \
                       (unsigned char *)k,   \
-                      (unsigned int)kl,     \
+                      kl,                   \
                       (unsigned char *)d,   \
-                      (unsigned int)dl, o); \
+                      dl, o);               \
     if(ret) {                               \
       goto fail;                            \
     }                                       \
@@ -58,13 +58,15 @@
 
 #define TIMESTAMP_SIZE 17
 
-static void sha256_to_hex(char *dst, unsigned char *sha, size_t dst_l)
+/* hex-encoded with trailing null */
+#define SHA256_HEX_LENGTH (2 * SHA256_DIGEST_LENGTH + 1)
+
+static void sha256_to_hex(char *dst, unsigned char *sha)
 {
   int i;
 
-  DEBUGASSERT(dst_l >= 65);
-  for(i = 0; i < 32; ++i) {
-    msnprintf(dst + (i * 2), dst_l - (i * 2), "%02x", sha[i]);
+  for(i = 0; i < SHA256_DIGEST_LENGTH; ++i) {
+    msnprintf(dst + (i * 2), SHA256_HEX_LENGTH - (i * 2), "%02x", sha[i]);
   }
 }
 
@@ -135,6 +137,7 @@ static CURLcode make_headers(struct Curl_easy *data,
                              char *timestamp,
                              char *provider1,
                              char **date_header,
+                             char *content_sha256_header,
                              struct dynbuf *canonical_headers,
                              struct dynbuf *signed_headers)
 {
@@ -189,6 +192,13 @@ static CURLcode make_headers(struct Curl_easy *data,
   }
 
 
+  if (*content_sha256_header) {
+    tmp_head = curl_slist_append(head, content_sha256_header);
+    if(!tmp_head)
+      goto fail;
+    head = tmp_head;
+  }
+
   for(l = data->set.headers; l; l = l->next) {
     tmp_head = curl_slist_append(head, l->data);
     if(!tmp_head)
@@ -267,6 +277,9 @@ fail:
 }
 
 #define CONTENT_SHA256_KEY_LEN (MAX_SIGV4_LEN + sizeof("X--Content-Sha256"))
+/* add 2 for ": " between header name and value */
+#define CONTENT_SHA256_HDR_LEN (CONTENT_SHA256_KEY_LEN + 2 + \
+                                SHA256_HEX_LENGTH)
 
 /* try to parse a payload hash from the content-sha256 header */
 static char *parse_content_sha_hdr(struct Curl_easy *data,
@@ -300,6 +313,63 @@ static char *parse_content_sha_hdr(struct Curl_easy *data,
   return value;
 }
 
+static CURLcode calc_payload_hash(struct Curl_easy *data,
+                                  unsigned char *sha_hash, char *sha_hex)
+{
+  const char *post_data = data->set.postfields;
+  size_t post_data_len = 0;
+  CURLcode result;
+
+  if(post_data) {
+    if(data->set.postfieldsize < 0)
+      post_data_len = strlen(post_data);
+    else
+      post_data_len = (size_t)data->set.postfieldsize;
+  }
+  result = Curl_sha256it(sha_hash, (const unsigned char *) post_data,
+                         post_data_len);
+  if(!result)
+    sha256_to_hex(sha_hex, sha_hash);
+  return result;
+}
+
+#define S3_UNSIGNED_PAYLOAD "UNSIGNED-PAYLOAD"
+
+static CURLcode calc_s3_payload_hash(struct Curl_easy *data,
+                                     Curl_HttpReq httpreq, char *provider1,
+                                     unsigned char *sha_hash,
+                                     char *sha_hex, char *header)
+{
+  bool empty_method = (httpreq == HTTPREQ_GET || httpreq == HTTPREQ_HEAD);
+  /* The request method or filesize indicate no request payload */
+  bool empty_payload = (empty_method || data->set.filesize == 0);
+  /* The POST payload is in memory */
+  bool post_payload = (httpreq == HTTPREQ_POST && data->set.postfields);
+  CURLcode ret = CURLE_OUT_OF_MEMORY;
+
+  if(empty_payload || post_payload) {
+    /* Calculate a real hash when we know the request payload */
+    ret = calc_payload_hash(data, sha_hash, sha_hex);
+    if(ret)
+      goto fail;
+  }
+  else {
+    /* Fall back to s3's UNSIGNED-PAYLOAD */
+    size_t len = sizeof(S3_UNSIGNED_PAYLOAD) - 1;
+    DEBUGASSERT(len < SHA256_HEX_LENGTH); /* 16 < 65 */
+    memcpy(sha_hex, S3_UNSIGNED_PAYLOAD, len);
+    sha_hex[len] = 0;
+  }
+
+  /* format the required content-sha256 header */
+  msnprintf(header, CONTENT_SHA256_HDR_LEN,
+            "x-%s-content-sha256: %s", provider1, sha_hex);
+
+  ret = CURLE_OK;
+fail:
+  return ret;
+}
+
 CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
 {
   CURLcode ret = CURLE_OUT_OF_MEMORY;
@@ -310,6 +380,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
   char provider1[MAX_SIGV4_LEN + 1]="";
   char region[MAX_SIGV4_LEN + 1]="";
   char service[MAX_SIGV4_LEN + 1]="";
+  bool sign_as_s3 = false;
   const char *hostname = conn->host.name;
   time_t clock;
   struct tm tm;
@@ -318,20 +389,21 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
   struct dynbuf canonical_headers;
   struct dynbuf signed_headers;
   char *date_header = NULL;
+  Curl_HttpReq httpreq;
+  const char *method = NULL;
   char *payload_hash = NULL;
   size_t payload_hash_len = 0;
-  const char *post_data = data->set.postfields;
-  size_t post_data_len = 0;
-  unsigned char sha_hash[32];
-  char sha_hex[65];
+  unsigned char sha_hash[SHA256_DIGEST_LENGTH];
+  char sha_hex[SHA256_HEX_LENGTH];
+  char content_sha256_hdr[CONTENT_SHA256_HDR_LEN + 2] = ""; /* add \r\n */
   char *canonical_request = NULL;
   char *request_type = NULL;
   char *credential_scope = NULL;
   char *str_to_sign = NULL;
   const char *user = data->state.aptr.user ? data->state.aptr.user : "";
   char *secret = NULL;
-  unsigned char sign0[32] = {0};
-  unsigned char sign1[32] = {0};
+  unsigned char sign0[SHA256_DIGEST_LENGTH] = {0};
+  unsigned char sign1[SHA256_DIGEST_LENGTH] = {0};
   char *auth_headers = NULL;
 
   DEBUGASSERT(!proxy);
@@ -408,6 +480,29 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
     }
   }
 
+  Curl_http_method(data, conn, &method, &httpreq);
+
+  /* AWS S3 requires a x-amz-content-sha256 header, and supports special
+   * values like UNSIGNED-PAYLOAD */
+  sign_as_s3 = (strcasecompare(provider0, "aws") &&
+                strcasecompare(service, "s3"));
+
+  payload_hash = parse_content_sha_hdr(data, provider1, &payload_hash_len);
+
+  if(!payload_hash) {
+    if(sign_as_s3)
+      ret = calc_s3_payload_hash(data, httpreq, provider1, sha_hash,
+                                 sha_hex, content_sha256_hdr);
+    else
+      ret = calc_payload_hash(data, sha_hash, sha_hex);
+    if(ret)
+      goto fail;
+
+    payload_hash = sha_hex;
+    /* may be shorter than SHA256_HEX_LENGTH, like S3_UNSIGNED_PAYLOAD */
+    payload_hash_len = strlen(sha_hex);
+  }
+
 #ifdef DEBUGBUILD
   {
     char *force_timestamp = getenv("CURL_FORCETIME");
@@ -429,54 +524,37 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
   }
 
   ret = make_headers(data, hostname, timestamp, provider1,
-                     &date_header, &canonical_headers, &signed_headers);
+                     &date_header, content_sha256_hdr,
+                     &canonical_headers, &signed_headers);
   if(ret)
     goto fail;
   ret = CURLE_OUT_OF_MEMORY;
 
+  if(*content_sha256_hdr) {
+    /* make_headers() needed this without the \r\n for canonicalization */
+    size_t hdrlen = strlen(content_sha256_hdr);
+    DEBUGASSERT(hdrlen + 3 < sizeof(content_sha256_hdr));
+    memcpy(content_sha256_hdr + hdrlen, "\r\n", 3);
+  }
+
   memcpy(date, timestamp, sizeof(date));
   date[sizeof(date) - 1] = 0;
 
-  payload_hash = parse_content_sha_hdr(data, provider1, &payload_hash_len);
-
-  if(!payload_hash) {
-    if(post_data) {
-      if(data->set.postfieldsize < 0)
-        post_data_len = strlen(post_data);
-      else
-        post_data_len = (size_t)data->set.postfieldsize;
-    }
-    if(Curl_sha256it(sha_hash, (const unsigned char *) post_data,
-                     post_data_len))
-      goto fail;
-
-    sha256_to_hex(sha_hex, sha_hash, sizeof(sha_hex));
-    payload_hash = sha_hex;
-    payload_hash_len = strlen(sha_hex);
-  }
-
-  {
-    Curl_HttpReq httpreq;
-    const char *method;
-
-    Curl_http_method(data, conn, &method, &httpreq);
-
-    canonical_request =
-      curl_maprintf("%s\n" /* HTTPRequestMethod */
-                    "%s\n" /* CanonicalURI */
-                    "%s\n" /* CanonicalQueryString */
-                    "%s\n" /* CanonicalHeaders */
-                    "%s\n" /* SignedHeaders */
-                    "%.*s",  /* HashedRequestPayload in hex */
-                    method,
-                    data->state.up.path,
-                    data->state.up.query ? data->state.up.query : "",
-                    Curl_dyn_ptr(&canonical_headers),
-                    Curl_dyn_ptr(&signed_headers),
-                    (int)payload_hash_len, payload_hash);
-    if(!canonical_request)
-      goto fail;
-  }
+  canonical_request =
+    curl_maprintf("%s\n" /* HTTPRequestMethod */
+                  "%s\n" /* CanonicalURI */
+                  "%s\n" /* CanonicalQueryString */
+                  "%s\n" /* CanonicalHeaders */
+                  "%s\n" /* SignedHeaders */
+                  "%.*s",  /* HashedRequestPayload in hex */
+                  method,
+                  data->state.up.path,
+                  data->state.up.query ? data->state.up.query : "",
+                  Curl_dyn_ptr(&canonical_headers),
+                  Curl_dyn_ptr(&signed_headers),
+                  (int)payload_hash_len, payload_hash);
+  if(!canonical_request)
+    goto fail;
 
   /* provider 0 lowercase */
   Curl_strntolower(provider0, provider0, strlen(provider0));
@@ -493,7 +571,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
                    strlen(canonical_request)))
     goto fail;
 
-  sha256_to_hex(sha_hex, sha_hash, sizeof(sha_hex));
+  sha256_to_hex(sha_hex, sha_hash);
 
   /* provider 0 uppercase */
   Curl_strntoupper(provider0, provider0, strlen(provider0));
@@ -527,20 +605,22 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
   HMAC_SHA256(sign0, sizeof(sign0), request_type, strlen(request_type), sign1);
   HMAC_SHA256(sign1, sizeof(sign1), str_to_sign, strlen(str_to_sign), sign0);
 
-  sha256_to_hex(sha_hex, sign0, sizeof(sha_hex));
+  sha256_to_hex(sha_hex, sign0);
 
   /* provider 0 uppercase */
   auth_headers = curl_maprintf("Authorization: %s4-HMAC-SHA256 "
                                "Credential=%s/%s, "
                                "SignedHeaders=%s, "
                                "Signature=%s\r\n"
-                               "%s\r\n",
+                               "%s\r\n"
+                               "%s", /* optional sha256 header includes \r\n */
                                provider0,
                                user,
                                credential_scope,
                                Curl_dyn_ptr(&signed_headers),
                                sha_hex,
-                               date_header);
+                               date_header,
+                               content_sha256_hdr);
   if(!auth_headers) {
     goto fail;
   }
diff --git a/lib/http_aws_sigv4.h b/lib/http_aws_sigv4.h
index 85755e937..57cc5706e 100644
--- a/lib/http_aws_sigv4.h
+++ b/lib/http_aws_sigv4.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_chunks.c b/lib/http_chunks.c
index c344e6d39..bda00d383 100644
--- a/lib/http_chunks.c
+++ b/lib/http_chunks.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_chunks.h b/lib/http_chunks.h
index 2cf5507c2..ed5071316 100644
--- a/lib/http_chunks.h
+++ b/lib/http_chunks.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_digest.c b/lib/http_digest.c
index f015f78d9..8daad99e3 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_digest.h b/lib/http_digest.h
index eea90b743..7d5cfc1bf 100644
--- a/lib/http_digest.h
+++ b/lib/http_digest.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 5909f85b0..153e3d4ab 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_negotiate.h b/lib/http_negotiate.h
index 6e2096c69..76d835613 100644
--- a/lib/http_negotiate.h
+++ b/lib/http_negotiate.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index a19cc0d58..b845ddf37 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_ntlm.h b/lib/http_ntlm.h
index cec63b82c..f37572bae 100644
--- a/lib/http_ntlm.h
+++ b/lib/http_ntlm.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index e30730aca..9f214a305 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,7 +26,7 @@
 
 #include "http_proxy.h"
 
-#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
+#if !defined(CURL_DISABLE_PROXY)
 
 #include <curl/curl.h>
 #ifdef USE_HYPER
@@ -49,6 +49,9 @@
 #include "curl_memory.h"
 #include "memdebug.h"
 
+
+#if !defined(CURL_DISABLE_HTTP)
+
 typedef enum {
     TUNNEL_INIT,     /* init/default/no tunnel state */
     TUNNEL_CONNECT,  /* CONNECT request is being send */
@@ -63,8 +66,7 @@ struct tunnel_state {
   int sockindex;
   const char *hostname;
   int remote_port;
-  struct HTTP http_proxy;
-  struct HTTP *prot_save;
+  struct HTTP CONNECT;
   struct dynbuf rcvbuf;
   struct dynbuf req;
   size_t nsend;
@@ -149,17 +151,6 @@ static CURLcode tunnel_init(struct tunnel_state **pts,
   Curl_dyn_init(&ts->rcvbuf, DYN_PROXY_CONNECT_HEADERS);
   Curl_dyn_init(&ts->req, DYN_HTTP_REQUEST);
 
-  /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
-   * member conn->proto.http; we want [protocol] through HTTP and we have
-   * to change the member temporarily for connecting to the HTTP
-   * proxy. After Curl_proxyCONNECT we have to set back the member to the
-   * original pointer
-   *
-   * This function might be called several times in the multi interface case
-   * if the proxy's CONNECT response is not instant.
-   */
-  ts->prot_save = data->req.p.http;
-  data->req.p.http = &ts->http_proxy;
   *pts =  ts;
   connkeep(conn, "HTTP proxy CONNECT");
   return tunnel_reinit(ts, conn, data);
@@ -183,34 +174,39 @@ static void tunnel_go_state(struct Curl_cfilter *cf,
   /* entering this one */
   switch(new_state) {
   case TUNNEL_INIT:
+    DEBUGF(LOG_CF(data, cf, "new tunnel state 'init'"));
     tunnel_reinit(ts, cf->conn, data);
     break;
 
   case TUNNEL_CONNECT:
+    DEBUGF(LOG_CF(data, cf, "new tunnel state 'connect'"));
     ts->tunnel_state = TUNNEL_CONNECT;
     ts->keepon = KEEPON_CONNECT;
     Curl_dyn_reset(&ts->rcvbuf);
     break;
 
   case TUNNEL_RECEIVE:
+    DEBUGF(LOG_CF(data, cf, "new tunnel state 'receive'"));
     ts->tunnel_state = TUNNEL_RECEIVE;
     break;
 
   case TUNNEL_RESPONSE:
+    DEBUGF(LOG_CF(data, cf, "new tunnel state 'response'"));
     ts->tunnel_state = TUNNEL_RESPONSE;
     break;
 
   case TUNNEL_ESTABLISHED:
+    DEBUGF(LOG_CF(data, cf, "new tunnel state 'established'"));
     infof(data, "CONNECT phase completed");
     data->state.authproxy.done = TRUE;
     data->state.authproxy.multipass = FALSE;
     /* FALLTHROUGH */
   case TUNNEL_FAILED:
+    DEBUGF(LOG_CF(data, cf, "new tunnel state 'failed'"));
     ts->tunnel_state = new_state;
     Curl_dyn_reset(&ts->rcvbuf);
     Curl_dyn_reset(&ts->req);
     /* restore the protocol pointer */
-    data->req.p.http = ts->prot_save;
     data->info.httpcode = 0; /* clear it as it might've been used for the
                                 proxy */
     /* If a proxy-authorization header was used for the proxy, then we should
@@ -271,10 +267,11 @@ static CURLcode CONNECT_host(struct Curl_easy *data,
 }
 
 #ifndef USE_HYPER
-static CURLcode start_CONNECT(struct Curl_easy *data,
-                              struct connectdata *conn,
+static CURLcode start_CONNECT(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
                               struct tunnel_state *ts)
 {
+  struct connectdata *conn = cf->conn;
   char *hostheader = NULL;
   char *host = NULL;
   const char *httpv;
@@ -338,7 +335,8 @@ static CURLcode start_CONNECT(struct Curl_easy *data,
     goto out;
 
   /* Send the connect request to the proxy */
-  result = Curl_buffer_send(&ts->req, data, &data->info.request_size, 0,
+  result = Curl_buffer_send(&ts->req, data, &ts->CONNECT,
+                            &data->info.request_size, 0,
                             ts->sockindex);
   ts->headerlines = 0;
 
@@ -356,7 +354,7 @@ static CURLcode send_CONNECT(struct Curl_easy *data,
                              bool *done)
 {
   struct SingleRequest *k = &data->req;
-  struct HTTP *http = data->req.p.http;
+  struct HTTP *http = &ts->CONNECT;
   CURLcode result = CURLE_OK;
 
   if(http->sending != HTTPSEND_REQUEST)
@@ -377,7 +375,7 @@ static CURLcode send_CONNECT(struct Curl_easy *data,
     result = Curl_write(data,
                         conn->writesockfd,  /* socket to send to */
                         k->upload_fromhere, /* buffer pointer */
-                        ts->nsend,           /* buffer size */
+                        ts->nsend,          /* buffer size */
                         &bytes_written);    /* actually sent */
     if(result)
       goto out;
@@ -398,13 +396,14 @@ out:
   return result;
 }
 
-static CURLcode on_resp_header(struct Curl_easy *data,
+static CURLcode on_resp_header(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
                                struct tunnel_state *ts,
                                const char *header)
 {
   CURLcode result = CURLE_OK;
   struct SingleRequest *k = &data->req;
-  int subversion = 0;
+  (void)cf;
 
   if((checkprefix("WWW-Authenticate:", header) &&
       (401 == k->httpcode)) ||
@@ -416,8 +415,7 @@ static CURLcode on_resp_header(struct Curl_easy *data,
     if(!auth)
       return CURLE_OUT_OF_MEMORY;
 
-    DEBUGF(infof(data, "CONNECT: fwd auth header '%s'",
-           header));
+    DEBUGF(LOG_CF(data, cf, "CONNECT: fwd auth header '%s'", header));
     result = Curl_http_input_auth(data, proxy, auth);
 
     free(auth);
@@ -462,23 +460,26 @@ static CURLcode on_resp_header(struct Curl_easy *data,
                              STRCONST("Proxy-Connection:"),
                              STRCONST("close")))
     ts->close_connection = TRUE;
-  else if(2 == sscanf(header, "HTTP/1.%d %d",
-                      &subversion,
-                      &k->httpcode)) {
+  else if(!strncmp(header, "HTTP/1.", 7) &&
+          ((header[7] == '0') || (header[7] == '1')) &&
+          (header[8] == ' ') &&
+          ISDIGIT(header[9]) && ISDIGIT(header[10]) && ISDIGIT(header[11]) &&
+          !ISDIGIT(header[12])) {
     /* store the HTTP code from the proxy */
-    data->info.httpproxycode = k->httpcode;
+    data->info.httpproxycode =  k->httpcode = (header[9] - '0') * 100 +
+      (header[10] - '0') * 10 + (header[11] - '0');
   }
   return result;
 }
 
-static CURLcode recv_CONNECT_resp(struct Curl_easy *data,
-                                  struct connectdata *conn,
+static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
                                   struct tunnel_state *ts,
                                   bool *done)
 {
   CURLcode result = CURLE_OK;
   struct SingleRequest *k = &data->req;
-  curl_socket_t tunnelsocket = conn->sock[ts->sockindex];
+  curl_socket_t tunnelsocket = Curl_conn_cf_get_socket(cf, data);
   char *linep;
   size_t perline;
   int error;
@@ -634,7 +635,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_easy *data,
           /* without content-length or chunked encoding, we
              can't keep the connection alive since the close is
              the end signal so we bail out at once instead */
-          DEBUGF(infof(data, "CONNECT: no content-length or chunked"));
+          DEBUGF(LOG_CF(data, cf, "CONNECT: no content-length or chunked"));
           ts->keepon = KEEPON_DONE;
         }
       }
@@ -647,7 +648,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_easy *data,
       continue;
     }
 
-    result = on_resp_header(data, ts, linep);
+    result = on_resp_header(cf, data, ts, linep);
     if(result)
       return result;
 
@@ -667,12 +668,13 @@ static CURLcode recv_CONNECT_resp(struct Curl_easy *data,
 
 #else /* USE_HYPER */
 /* The Hyper version of CONNECT */
-static CURLcode start_CONNECT(struct Curl_easy *data,
-                              struct connectdata *conn,
+static CURLcode start_CONNECT(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
                               struct tunnel_state *ts)
 {
+  struct connectdata *conn = cf->conn;
   struct hyptransfer *h = &data->hyp;
-  curl_socket_t tunnelsocket = conn->sock[ts->sockindex];
+  curl_socket_t tunnelsocket = Curl_conn_cf_get_socket(cf, data);
   hyper_io *io = NULL;
   hyper_request *req = NULL;
   hyper_headers *headers = NULL;
@@ -914,8 +916,8 @@ error:
   return result;
 }
 
-static CURLcode recv_CONNECT_resp(struct Curl_easy *data,
-                                  struct connectdata *conn,
+static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
                                   struct tunnel_state *ts,
                                   bool *done)
 {
@@ -925,7 +927,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_easy *data,
 
   (void)ts;
   *done = FALSE;
-  result = Curl_hyper_stream(data, conn, &didwhat, done,
+  result = Curl_hyper_stream(data, cf->conn, &didwhat, done,
                              CURL_CSELECT_IN | CURL_CSELECT_OUT);
   if(result || !*done)
     return result;
@@ -972,7 +974,8 @@ static CURLcode CONNECT(struct Curl_cfilter *cf,
     switch(ts->tunnel_state) {
     case TUNNEL_INIT:
       /* Prepare the CONNECT request and make a first attempt to send. */
-      result = start_CONNECT(data, cf->conn, ts);
+      DEBUGF(LOG_CF(data, cf, "CONNECT start"));
+      result = start_CONNECT(cf, data, ts);
       if(result)
         goto out;
       tunnel_go_state(cf, ts, TUNNEL_CONNECT, data);
@@ -980,6 +983,7 @@ static CURLcode CONNECT(struct Curl_cfilter *cf,
 
     case TUNNEL_CONNECT:
       /* see that the request is completely sent */
+      DEBUGF(LOG_CF(data, cf, "CONNECT send"));
       result = send_CONNECT(data, cf->conn, ts, &done);
       if(result || !done)
         goto out;
@@ -988,7 +992,8 @@ static CURLcode CONNECT(struct Curl_cfilter *cf,
 
     case TUNNEL_RECEIVE:
       /* read what is there */
-      result = recv_CONNECT_resp(data, cf->conn, ts, &done);
+      DEBUGF(LOG_CF(data, cf, "CONNECT receive"));
+      result = recv_CONNECT_resp(cf, data, ts, &done);
       if(Curl_pgrsUpdate(data)) {
         result = CURLE_ABORTED_BY_CALLBACK;
         goto out;
@@ -1001,24 +1006,29 @@ static CURLcode CONNECT(struct Curl_cfilter *cf,
       /* FALLTHROUGH */
 
     case TUNNEL_RESPONSE:
+      DEBUGF(LOG_CF(data, cf, "CONNECT response"));
       if(data->req.newurl) {
         /* not the "final" response, we need to do a follow up request.
          * If the other side indicated a connection close, or if someone
-         * else told us to close this connection, do so now. */
+         * else told us to close this connection, do so now.
+         */
         if(ts->close_connection || conn->bits.close) {
-          /* Close the filter chain and trigger connect, non-blocking
-           * again, so the process is ongoing. This will
-           * a) the close resets our tunnel state
-           * b) the connect makes sure that there will be a socket
-           *    to select on again.
-           * We return and expect to be called again. */
+          /* Close this filter and the sub-chain, re-connect the
+           * sub-chain and continue. Closing this filter will
+           * reset our tunnel state. To avoid recursion, we return
+           * and expect to be called again.
+           */
+          DEBUGF(LOG_CF(data, cf, "CONNECT need to close+open"));
           infof(data, "Connect me again please");
-          Curl_conn_close(data, cf->sockindex);
-          result = cf->next->cft->connect(cf->next, data, FALSE, &done);
+          Curl_conn_cf_close(cf, data);
+          connkeep(conn, "HTTP proxy CONNECT");
+          result = Curl_conn_cf_connect(cf->next, data, FALSE, &done);
           goto out;
         }
-        /* staying on this connection, reset state */
-        tunnel_go_state(cf, ts, TUNNEL_INIT, data);
+        else {
+          /* staying on this connection, reset state */
+          tunnel_go_state(cf, ts, TUNNEL_INIT, data);
+        }
       }
       break;
 
@@ -1063,10 +1073,12 @@ static CURLcode http_proxy_cf_connect(struct Curl_cfilter *cf,
     return CURLE_OK;
   }
 
+  DEBUGF(LOG_CF(data, cf, "connect"));
   result = cf->next->cft->connect(cf->next, data, blocking, done);
   if(result || !*done)
     return result;
 
+  DEBUGF(LOG_CF(data, cf, "subchain is connected"));
   /* TODO: can we do blocking? */
   /* We want "seamless" operations through HTTP proxy tunnel */
 
@@ -1117,22 +1129,21 @@ static int http_proxy_cf_get_select_socks(struct Curl_cfilter *cf,
                                           curl_socket_t *socks)
 {
   struct tunnel_state *ts = cf->ctx;
-  struct connectdata *conn = cf->conn;
   int fds;
 
-  DEBUGASSERT(conn);
   fds = cf->next->cft->get_select_socks(cf->next, data, socks);
   if(!fds && cf->next->connected && !cf->connected) {
     /* If we are not connected, but the filter "below" is
      * and not waiting on something, we are tunneling. */
-    socks[0] = conn->sock[cf->sockindex];
+    socks[0] = Curl_conn_cf_get_socket(cf, data);
     if(ts) {
       /* when we've sent a CONNECT to a proxy, we should rather either
          wait for the socket to become readable to be able to get the
          response headers or if we're still sending the request, wait
          for write. */
-      if(ts->http_proxy.sending == HTTPSEND_REQUEST)
+      if(ts->CONNECT.sending == HTTPSEND_REQUEST) {
         return GETSOCK_WRITESOCK(0);
+      }
       return GETSOCK_READSOCK(0);
     }
     return GETSOCK_WRITESOCK(0);
@@ -1140,24 +1151,18 @@ static int http_proxy_cf_get_select_socks(struct Curl_cfilter *cf,
   return fds;
 }
 
-static void http_proxy_cf_detach_data(struct Curl_cfilter *cf,
-                                      struct Curl_easy *data)
-{
-  if(cf->ctx) {
-    tunnel_free(cf, data);
-  }
-}
-
 static void http_proxy_cf_destroy(struct Curl_cfilter *cf,
                                   struct Curl_easy *data)
 {
-  http_proxy_cf_detach_data(cf, data);
+  DEBUGF(LOG_CF(data, cf, "destroy"));
+  tunnel_free(cf, data);
 }
 
 static void http_proxy_cf_close(struct Curl_cfilter *cf,
                                 struct Curl_easy *data)
 {
   DEBUGASSERT(cf->next);
+  DEBUGF(LOG_CF(data, cf, "close"));
   cf->connected = FALSE;
   cf->next->cft->close(cf->next, data);
   if(cf->ctx) {
@@ -1166,11 +1171,11 @@ static void http_proxy_cf_close(struct Curl_cfilter *cf,
 }
 
 
-static const struct Curl_cftype cft_http_proxy = {
+struct Curl_cftype Curl_cft_http_proxy = {
   "HTTP-PROXY",
   CF_TYPE_IP_CONNECT,
+  0,
   http_proxy_cf_destroy,
-  Curl_cf_def_setup,
   http_proxy_cf_connect,
   http_proxy_cf_close,
   http_proxy_cf_get_host,
@@ -1178,8 +1183,10 @@ static const struct Curl_cftype cft_http_proxy = {
   Curl_cf_def_data_pending,
   Curl_cf_def_send,
   Curl_cf_def_recv,
-  Curl_cf_def_attach_data,
-  http_proxy_cf_detach_data,
+  Curl_cf_def_cntrl,
+  Curl_cf_def_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  Curl_cf_def_query,
 };
 
 CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
@@ -1189,31 +1196,73 @@ CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
   struct Curl_cfilter *cf;
   CURLcode result;
 
-  result = Curl_cf_create(&cf, &cft_http_proxy, NULL);
+  result = Curl_cf_create(&cf, &Curl_cft_http_proxy, NULL);
   if(!result)
     Curl_conn_cf_add(data, conn, sockindex, cf);
   return result;
 }
 
+CURLcode Curl_cf_http_proxy_insert_after(struct Curl_cfilter *cf_at,
+                                         struct Curl_easy *data)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  (void)data;
+  result = Curl_cf_create(&cf, &Curl_cft_http_proxy, NULL);
+  if(!result)
+    Curl_conn_cf_insert_after(cf_at, cf);
+  return result;
+}
+
+#endif /* ! CURL_DISABLE_HTTP */
 
-static CURLcode send_haproxy_header(struct Curl_cfilter*cf,
-                                    struct Curl_easy *data)
+
+typedef enum {
+    HAPROXY_INIT,     /* init/default/no tunnel state */
+    HAPROXY_SEND,     /* data_out being sent */
+    HAPROXY_DONE      /* all work done */
+} haproxy_state;
+
+struct cf_haproxy_ctx {
+  int state;
+  struct dynbuf data_out;
+};
+
+static void cf_haproxy_ctx_reset(struct cf_haproxy_ctx *ctx)
 {
-  struct dynbuf req;
+  DEBUGASSERT(ctx);
+  ctx->state = HAPROXY_INIT;
+  Curl_dyn_reset(&ctx->data_out);
+}
+
+static void cf_haproxy_ctx_free(struct cf_haproxy_ctx *ctx)
+{
+  if(ctx) {
+    Curl_dyn_free(&ctx->data_out);
+    free(ctx);
+  }
+}
+
+static CURLcode cf_haproxy_date_out_set(struct Curl_cfilter*cf,
+                                        struct Curl_easy *data)
+{
+  struct cf_haproxy_ctx *ctx = cf->ctx;
   CURLcode result;
   const char *tcp_version;
-  Curl_dyn_init(&req, DYN_HAXPROXY);
 
+  DEBUGASSERT(ctx);
+  DEBUGASSERT(ctx->state == HAPROXY_INIT);
 #ifdef USE_UNIX_SOCKETS
   if(cf->conn->unix_domain_socket)
     /* the buffer is large enough to hold this! */
-    result = Curl_dyn_addn(&req, STRCONST("PROXY UNKNOWN\r\n"));
+    result = Curl_dyn_addn(&ctx->data_out, STRCONST("PROXY UNKNOWN\r\n"));
   else {
 #endif /* USE_UNIX_SOCKETS */
   /* Emit the correct prefix for IPv6 */
   tcp_version = cf->conn->bits.ipv6 ? "TCP6" : "TCP4";
 
-  result = Curl_dyn_addf(&req, "PROXY %s %s %s %i %i\r\n",
+  result = Curl_dyn_addf(&ctx->data_out, "PROXY %s %s %s %i %i\r\n",
                          tcp_version,
                          data->info.conn_local_ip,
                          data->info.conn_primary_ip,
@@ -1223,19 +1272,18 @@ static CURLcode send_haproxy_header(struct Curl_cfilter*cf,
 #ifdef USE_UNIX_SOCKETS
   }
 #endif /* USE_UNIX_SOCKETS */
-
-  if(!result)
-    result = Curl_buffer_send(&req, data, &data->info.request_size,
-                              0, FIRSTSOCKET);
   return result;
 }
 
-static CURLcode haproxy_cf_connect(struct Curl_cfilter *cf,
+static CURLcode cf_haproxy_connect(struct Curl_cfilter *cf,
                                    struct Curl_easy *data,
                                    bool blocking, bool *done)
 {
+  struct cf_haproxy_ctx *ctx = cf->ctx;
   CURLcode result;
+  size_t len;
 
+  DEBUGASSERT(ctx);
   if(cf->connected) {
     *done = TRUE;
     return CURLE_OK;
@@ -1245,28 +1293,120 @@ static CURLcode haproxy_cf_connect(struct Curl_cfilter *cf,
   if(result || !*done)
     return result;
 
-  result = send_haproxy_header(cf, data);
-  *done = (!result);
+  switch(ctx->state) {
+  case HAPROXY_INIT:
+    result = cf_haproxy_date_out_set(cf, data);
+    if(result)
+      goto out;
+    ctx->state = HAPROXY_SEND;
+    /* FALLTHROUGH */
+  case HAPROXY_SEND:
+    len = Curl_dyn_len(&ctx->data_out);
+    if(len > 0) {
+      ssize_t written = Curl_conn_send(data, cf->sockindex,
+                                       Curl_dyn_ptr(&ctx->data_out),
+                                       len, &result);
+      if(written < 0)
+        goto out;
+      Curl_dyn_tail(&ctx->data_out, len - (size_t)written);
+      if(Curl_dyn_len(&ctx->data_out) > 0) {
+        result = CURLE_OK;
+        goto out;
+      }
+    }
+    ctx->state = HAPROXY_DONE;
+    /* FALLTHROUGH */
+  default:
+    Curl_dyn_free(&ctx->data_out);
+    break;
+  }
+
+out:
+  *done = (!result) && (ctx->state == HAPROXY_DONE);
   cf->connected = *done;
   return result;
 }
 
-static const struct Curl_cftype cft_haproxy = {
+static void cf_haproxy_destroy(struct Curl_cfilter *cf,
+                               struct Curl_easy *data)
+{
+  (void)data;
+  DEBUGF(LOG_CF(data, cf, "destroy"));
+  cf_haproxy_ctx_free(cf->ctx);
+}
+
+static void cf_haproxy_close(struct Curl_cfilter *cf,
+                             struct Curl_easy *data)
+{
+  DEBUGF(LOG_CF(data, cf, "close"));
+  cf->connected = FALSE;
+  cf_haproxy_ctx_reset(cf->ctx);
+  if(cf->next)
+    cf->next->cft->close(cf->next, data);
+}
+
+static int cf_haproxy_get_select_socks(struct Curl_cfilter *cf,
+                                       struct Curl_easy *data,
+                                       curl_socket_t *socks)
+{
+  int fds;
+
+  fds = cf->next->cft->get_select_socks(cf->next, data, socks);
+  if(!fds && cf->next->connected && !cf->connected) {
+    /* If we are not connected, but the filter "below" is
+     * and not waiting on something, we are sending. */
+    socks[0] = Curl_conn_cf_get_socket(cf, data);
+    return GETSOCK_WRITESOCK(0);
+  }
+  return fds;
+}
+
+
+struct Curl_cftype Curl_cft_haproxy = {
   "HAPROXY",
   0,
-  Curl_cf_def_destroy_this,
-  Curl_cf_def_setup,
-  haproxy_cf_connect,
-  Curl_cf_def_close,
+  0,
+  cf_haproxy_destroy,
+  cf_haproxy_connect,
+  cf_haproxy_close,
   Curl_cf_def_get_host,
-  Curl_cf_def_get_select_socks,
+  cf_haproxy_get_select_socks,
   Curl_cf_def_data_pending,
   Curl_cf_def_send,
   Curl_cf_def_recv,
-  Curl_cf_def_attach_data,
-  Curl_cf_def_detach_data,
+  Curl_cf_def_cntrl,
+  Curl_cf_def_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  Curl_cf_def_query,
 };
 
+static CURLcode cf_haproxy_create(struct Curl_cfilter **pcf,
+                                  struct Curl_easy *data)
+{
+  struct Curl_cfilter *cf = NULL;
+  struct cf_haproxy_ctx *ctx;
+  CURLcode result;
+
+  (void)data;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  ctx->state = HAPROXY_INIT;
+  Curl_dyn_init(&ctx->data_out, DYN_HAXPROXY);
+
+  result = Curl_cf_create(&cf, &Curl_cft_haproxy, ctx);
+  if(result)
+    goto out;
+  ctx = NULL;
+
+out:
+  cf_haproxy_ctx_free(ctx);
+  *pcf = result? NULL : cf;
+  return result;
+}
+
 CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
                                struct connectdata *conn,
                                int sockindex)
@@ -1274,10 +1414,28 @@ CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
   struct Curl_cfilter *cf;
   CURLcode result;
 
-  result = Curl_cf_create(&cf, &cft_haproxy, NULL);
-  if(!result)
-    Curl_conn_cf_add(data, conn, sockindex, cf);
+  result = cf_haproxy_create(&cf, data);
+  if(result)
+    goto out;
+  Curl_conn_cf_add(data, conn, sockindex, cf);
+
+out:
+  return result;
+}
+
+CURLcode Curl_cf_haproxy_insert_after(struct Curl_cfilter *cf_at,
+                                      struct Curl_easy *data)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  result = cf_haproxy_create(&cf, data);
+  if(result)
+    goto out;
+  Curl_conn_cf_insert_after(cf_at, cf);
+
+out:
   return result;
 }
 
-#endif /* !CURL_DISABLE_PROXY &6 ! CURL_DISABLE_HTTP */
+#endif /* !CURL_DISABLE_PROXY */
diff --git a/lib/http_proxy.h b/lib/http_proxy.h
index dfdc0e72b..f573da273 100644
--- a/lib/http_proxy.h
+++ b/lib/http_proxy.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -27,8 +27,9 @@
 #include "curl_setup.h"
 #include "urldata.h"
 
-#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
+#if !defined(CURL_DISABLE_PROXY)
 
+#if !defined(CURL_DISABLE_HTTP)
 /* Default proxy timeout in milliseconds */
 #define PROXY_TIMEOUT (3600*1000)
 
@@ -36,10 +37,22 @@ CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
                                   struct connectdata *conn,
                                   int sockindex);
 
+CURLcode Curl_cf_http_proxy_insert_after(struct Curl_cfilter *cf_at,
+                                         struct Curl_easy *data);
+
+extern struct Curl_cftype Curl_cft_http_proxy;
+
+#endif /* !CURL_DISABLE_HTTP */
+
 CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
                                struct connectdata *conn,
                                int sockindex);
 
-#endif /* !CURL_DISABLE_PROXY && !CURL_DISABLE_HTTP */
+CURLcode Curl_cf_haproxy_insert_after(struct Curl_cfilter *cf_at,
+                                      struct Curl_easy *data);
+
+extern struct Curl_cftype Curl_cft_haproxy;
+
+#endif /* !CURL_DISABLE_PROXY */
 
 #endif /* HEADER_CURL_HTTP_PROXY_H */
diff --git a/lib/idn.c b/lib/idn.c
index 6255221ae..5f4b07e01 100644
--- a/lib/idn.c
+++ b/lib/idn.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -116,7 +116,7 @@ bool Curl_is_ASCII_name(const char *hostname)
  * Curl_idn_decode() returns an allocated IDN decoded string if it was
  * possible. NULL on error.
  */
-static char *Curl_idn_decode(const char *input)
+static char *idn_decode(const char *input)
 {
   char *decoded = NULL;
 #ifdef USE_LIBIDN2
@@ -144,24 +144,29 @@ static char *Curl_idn_decode(const char *input)
   return decoded;
 }
 
+char *Curl_idn_decode(const char *input)
+{
+  char *d = idn_decode(input);
+#ifdef USE_LIBIDN2
+  if(d) {
+    char *c = strdup(d);
+    idn2_free(d);
+    d = c;
+  }
+#endif
+  return d;
+}
+
 /*
  * Frees data allocated by idnconvert_hostname()
  */
 void Curl_free_idnconverted_hostname(struct hostname *host)
 {
-#if defined(USE_LIBIDN2)
   if(host->encalloc) {
-    idn2_free(host->encalloc); /* must be freed with idn2_free() since this was
-                                  allocated by libidn */
+    /* must be freed with idn2_free() if allocated by libidn */
+    Curl_idn_free(host->encalloc);
     host->encalloc = NULL;
   }
-#elif defined(USE_WIN32_IDN)
-  free(host->encalloc); /* must be freed with free() since this was
-                           allocated by Curl_win32_idn_to_ascii */
-  host->encalloc = NULL;
-#else
-  (void)host;
-#endif
 }
 
 #endif /* USE_IDN */
@@ -177,8 +182,13 @@ CURLcode Curl_idnconvert_hostname(struct hostname *host)
 #ifdef USE_IDN
   /* Check name for non-ASCII and convert hostname if we can */
   if(!Curl_is_ASCII_name(host->name)) {
-    char *decoded = Curl_idn_decode(host->name);
+    char *decoded = idn_decode(host->name);
     if(decoded) {
+      if(!*decoded) {
+        /* zero length is a bad host name */
+        Curl_idn_free(decoded);
+        return CURLE_URL_MALFORMAT;
+      }
       /* successful */
       host->encalloc = decoded;
       /* change the name pointer to point to the encoded hostname */
@@ -190,4 +200,3 @@ CURLcode Curl_idnconvert_hostname(struct hostname *host)
 #endif
   return CURLE_OK;
 }
-
diff --git a/lib/idn.h b/lib/idn.h
index 2d04efcdf..6c0bbb710 100644
--- a/lib/idn.h
+++ b/lib/idn.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -32,7 +32,15 @@ CURLcode Curl_idnconvert_hostname(struct hostname *host);
 #if defined(USE_LIBIDN2) || defined(USE_WIN32_IDN)
 #define USE_IDN
 void Curl_free_idnconverted_hostname(struct hostname *host);
+char *Curl_idn_decode(const char *input);
+#ifdef USE_LIBIDN2
+#define Curl_idn_free(x) idn2_free(x)
+#else
+#define Curl_idn_free(x) free(x)
+#endif
+
 #else
 #define Curl_free_idnconverted_hostname(x)
+#define Curl_idn_decode(x) NULL
 #endif
 #endif /* HEADER_CURL_IDN_H */
diff --git a/lib/if2ip.c b/lib/if2ip.c
index c29194878..6bf0ce16f 100644
--- a/lib/if2ip.c
+++ b/lib/if2ip.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/if2ip.h b/lib/if2ip.h
index 5d15459e9..1f973505c 100644
--- a/lib/if2ip.h
+++ b/lib/if2ip.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2020, 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/imap.c b/lib/imap.c
index bd4c6f220..c2f675d4b 100644
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -475,15 +475,17 @@ static CURLcode imap_perform_upgrade_tls(struct Curl_easy *data,
   /* Start the SSL connection */
   struct imap_conn *imapc = &conn->proto.imapc;
   CURLcode result;
+  bool ssldone = FALSE;
 
-  if(!Curl_conn_is_ssl(data, FIRSTSOCKET)) {
+  if(!Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
     result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
     if(result)
       goto out;
   }
 
-  result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &imapc->ssldone);
+  result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
   if(!result) {
+    imapc->ssldone = ssldone;
     if(imapc->state != IMAP_UPGRADETLS)
       state(data, IMAP_UPGRADETLS);
 
@@ -952,7 +954,7 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data,
       line += wordlen;
     }
   }
-  else if(data->set.use_ssl && !Curl_conn_is_ssl(data, FIRSTSOCKET)) {
+  else if(data->set.use_ssl && !Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
     /* PREAUTH is not compatible with STARTTLS. */
     if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) {
       /* Switch to TLS connection now */
@@ -1386,8 +1388,10 @@ static CURLcode imap_multi_statemach(struct Curl_easy *data, bool *done)
   struct imap_conn *imapc = &conn->proto.imapc;
 
   if((conn->handler->flags & PROTOPT_SSL) && !imapc->ssldone) {
-    result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &imapc->ssldone);
-    if(result || !imapc->ssldone)
+    bool ssldone = FALSE;
+    result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
+    imapc->ssldone = ssldone;
+    if(result || !ssldone)
       return result;
   }
 
@@ -1774,7 +1778,7 @@ static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...)
   /* Calculate the tag based on the connection ID and command ID */
   msnprintf(imapc->resptag, sizeof(imapc->resptag), "%c%03d",
             'A' + curlx_sltosi(data->conn->connection_id % 26),
-            (++imapc->cmdid)%1000);
+            ++imapc->cmdid);
 
   /* start with a blank buffer */
   Curl_dyn_reset(&imapc->dyn);
diff --git a/lib/imap.h b/lib/imap.h
index 43cc1e98f..784ee97e5 100644
--- a/lib/imap.h
+++ b/lib/imap.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2009 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -72,19 +72,19 @@ struct IMAP {
    struct */
 struct imap_conn {
   struct pingpong pp;
-  imapstate state;            /* Always use imap.c:state() to change state! */
-  bool ssldone;               /* Is connect() over SSL done? */
-  bool preauth;               /* Is this connection PREAUTH? */
   struct SASL sasl;           /* SASL-related parameters */
-  unsigned int preftype;      /* Preferred authentication type */
-  unsigned int cmdid;         /* Last used command ID */
-  char resptag[5];            /* Response tag to wait for */
-  bool tls_supported;         /* StartTLS capability supported by server */
-  bool login_disabled;        /* LOGIN command disabled by server */
-  bool ir_supported;          /* Initial response supported by server */
+  struct dynbuf dyn;          /* for the IMAP commands */
   char *mailbox;              /* The last selected mailbox */
   char *mailbox_uidvalidity;  /* UIDVALIDITY parsed from select response */
-  struct dynbuf dyn;          /* for the IMAP commands */
+  imapstate state;            /* Always use imap.c:state() to change state! */
+  char resptag[5];            /* Response tag to wait for */
+  unsigned char preftype;     /* Preferred authentication type */
+  unsigned char cmdid;        /* Last used command ID */
+  BIT(ssldone);               /* Is connect() over SSL done? */
+  BIT(preauth);               /* Is this connection PREAUTH? */
+  BIT(tls_supported);         /* StartTLS capability supported by server */
+  BIT(login_disabled);        /* LOGIN command disabled by server */
+  BIT(ir_supported);          /* Initial response supported by server */
 };
 
 extern const struct Curl_handler Curl_handler_imap;
@@ -96,6 +96,6 @@ extern const struct Curl_handler Curl_handler_imaps;
 
 /* Authentication type values */
 #define IMAP_TYPE_NONE      0
-#define IMAP_TYPE_ANY       ~0U
+#define IMAP_TYPE_ANY       (IMAP_TYPE_CLEARTEXT|IMAP_TYPE_SASL)
 
 #endif /* HEADER_CURL_IMAP_H */
diff --git a/lib/inet_ntop.c b/lib/inet_ntop.c
index 024f8da36..770ed3a59 100644
--- a/lib/inet_ntop.c
+++ b/lib/inet_ntop.c
@@ -42,6 +42,15 @@
 #define INT16SZ          2
 
 /*
+ * If ENABLE_IPV6 is disabled, we still want to parse IPv6 addresses, so make
+ * sure we have _some_ value for AF_INET6 without polluting our fake value
+ * everywhere.
+ */
+#if !defined(ENABLE_IPV6) && !defined(AF_INET6)
+#define AF_INET6 (AF_INET + 1)
+#endif
+
+/*
  * Format an IPv4 address, more or less like inet_ntop().
  *
  * Returns `dst' (as a const)
@@ -72,7 +81,6 @@ static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size)
   return dst;
 }
 
-#ifdef ENABLE_IPV6
 /*
  * Convert IPv6 binary address into presentation (printable) format.
  */
@@ -168,7 +176,6 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size)
   strcpy(dst, tmp);
   return dst;
 }
-#endif  /* ENABLE_IPV6 */
 
 /*
  * Convert a network format address to presentation format.
@@ -187,10 +194,8 @@ char *Curl_inet_ntop(int af, const void *src, char *buf, size_t size)
   switch(af) {
   case AF_INET:
     return inet_ntop4((const unsigned char *)src, buf, size);
-#ifdef ENABLE_IPV6
   case AF_INET6:
     return inet_ntop6((const unsigned char *)src, buf, size);
-#endif
   default:
     errno = EAFNOSUPPORT;
     return NULL;
diff --git a/lib/inet_ntop.h b/lib/inet_ntop.h
index 18fbd8ba3..7c3ead434 100644
--- a/lib/inet_ntop.h
+++ b/lib/inet_ntop.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/inet_pton.c b/lib/inet_pton.c
index 47fb77834..7d3c69879 100644
--- a/lib/inet_pton.c
+++ b/lib/inet_pton.c
@@ -1,6 +1,6 @@
 /* This is from the BIND 4.9.4 release, modified to compile by itself */
 
-/* Copyright (c) 2003 - 2022 by Internet Software Consortium.
+/* Copyright (c) Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -39,14 +39,21 @@
 #define INT16SZ          2
 
 /*
+ * If ENABLE_IPV6 is disabled, we still want to parse IPv6 addresses, so make
+ * sure we have _some_ value for AF_INET6 without polluting our fake value
+ * everywhere.
+ */
+#if !defined(ENABLE_IPV6) && !defined(AF_INET6)
+#define AF_INET6 (AF_INET + 1)
+#endif
+
+/*
  * WARNING: Don't even consider trying to compile this on a system where
  * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
  */
 
 static int      inet_pton4(const char *src, unsigned char *dst);
-#ifdef ENABLE_IPV6
 static int      inet_pton6(const char *src, unsigned char *dst);
-#endif
 
 /* int
  * inet_pton(af, src, dst)
@@ -70,10 +77,8 @@ Curl_inet_pton(int af, const char *src, void *dst)
   switch(af) {
   case AF_INET:
     return (inet_pton4(src, (unsigned char *)dst));
-#ifdef ENABLE_IPV6
   case AF_INET6:
     return (inet_pton6(src, (unsigned char *)dst));
-#endif
   default:
     errno = EAFNOSUPPORT;
     return (-1);
@@ -135,7 +140,6 @@ inet_pton4(const char *src, unsigned char *dst)
   return (1);
 }
 
-#ifdef ENABLE_IPV6
 /* int
  * inet_pton6(src, dst)
  *      convert presentation level address to network order binary form.
@@ -234,6 +238,5 @@ inet_pton6(const char *src, unsigned char *dst)
   memcpy(dst, tmp, IN6ADDRSZ);
   return (1);
 }
-#endif /* ENABLE_IPV6 */
 
 #endif /* HAVE_INET_PTON */
diff --git a/lib/inet_pton.h b/lib/inet_pton.h
index 92ae93ea1..82fde7e2e 100644
--- a/lib/inet_pton.h
+++ b/lib/inet_pton.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/krb5.c b/lib/krb5.c
index b22dcdb11..548444768 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -2,7 +2,7 @@
  *
  * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
- * Copyright (c) 2004 - 2022 Daniel Stenberg
+ * Copyright (C) Daniel Stenberg
  * All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
@@ -46,6 +46,8 @@
 #endif
 
 #include "urldata.h"
+#include "cfilters.h"
+#include "cf-socket.h"
 #include "curl_base64.h"
 #include "ftp.h"
 #include "curl_gssapi.h"
@@ -207,8 +209,8 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn)
   gss_ctx_id_t *context = app_data;
   struct gss_channel_bindings_struct chan;
   size_t base64_sz = 0;
-  struct sockaddr_in **remote_addr =
-    (struct sockaddr_in **)&conn->ip_addr->ai_addr;
+  struct sockaddr_in *remote_addr =
+    (struct sockaddr_in *)(void *)&conn->remote_addr->sa_addr;
   char *stringp;
 
   if(getsockname(conn->sock[FIRSTSOCKET],
@@ -220,7 +222,7 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn)
   chan.initiator_address.value = &conn->local_addr.sin_addr.s_addr;
   chan.acceptor_addrtype = GSS_C_AF_INET;
   chan.acceptor_address.length = l - 4;
-  chan.acceptor_address.value = &(*remote_addr)->sin_addr.s_addr;
+  chan.acceptor_address.value = &remote_addr->sin_addr.s_addr;
   chan.application_data.length = 0;
   chan.application_data.value = NULL;
 
@@ -454,15 +456,15 @@ static int ftp_send_command(struct Curl_easy *data, const char *message, ...)
 /* Read |len| from the socket |fd| and store it in |to|. Return a CURLcode
    saying whether an error occurred or CURLE_OK if |len| was read. */
 static CURLcode
-socket_read(struct Curl_easy *data, curl_socket_t fd, void *to, size_t len)
+socket_read(struct Curl_easy *data, int sockindex, void *to, size_t len)
 {
   char *to_p = to;
   CURLcode result;
   ssize_t nread = 0;
 
   while(len > 0) {
-    result = Curl_read_plain(data, fd, to_p, len, &nread);
-    if(!result) {
+    nread = Curl_conn_recv(data, sockindex, to_p, len, &result);
+    if(nread > 0) {
       len -= nread;
       to_p += nread;
     }
@@ -480,7 +482,7 @@ socket_read(struct Curl_easy *data, curl_socket_t fd, void *to, size_t len)
    CURLcode saying whether an error occurred or CURLE_OK if |len| was
    written. */
 static CURLcode
-socket_write(struct Curl_easy *data, curl_socket_t fd, const void *to,
+socket_write(struct Curl_easy *data, int sockindex, const void *to,
              size_t len)
 {
   const char *to_p = to;
@@ -488,8 +490,8 @@ socket_write(struct Curl_easy *data, curl_socket_t fd, const void *to,
   ssize_t written;
 
   while(len > 0) {
-    result = Curl_write_plain(data, fd, to_p, len, &written);
-    if(!result) {
+    written = Curl_conn_send(data, sockindex, to_p, len, &result);
+    if(written > 0) {
       len -= written;
       to_p += written;
     }
@@ -502,7 +504,7 @@ socket_write(struct Curl_easy *data, curl_socket_t fd, const void *to,
   return CURLE_OK;
 }
 
-static CURLcode read_data(struct Curl_easy *data, curl_socket_t fd,
+static CURLcode read_data(struct Curl_easy *data, int sockindex,
                           struct krb5buffer *buf)
 {
   struct connectdata *conn = data->conn;
@@ -510,7 +512,7 @@ static CURLcode read_data(struct Curl_easy *data, curl_socket_t fd,
   CURLcode result;
   int nread;
 
-  result = socket_read(data, fd, &len, sizeof(len));
+  result = socket_read(data, sockindex, &len, sizeof(len));
   if(result)
     return result;
 
@@ -525,7 +527,7 @@ static CURLcode read_data(struct Curl_easy *data, curl_socket_t fd,
   if(!len || !buf->data)
     return CURLE_OUT_OF_MEMORY;
 
-  result = socket_read(data, fd, buf->data, len);
+  result = socket_read(data, sockindex, buf->data, len);
   if(result)
     return result;
   nread = conn->mech->decode(conn->app_data, buf->data, len,
@@ -554,13 +556,12 @@ static ssize_t sec_recv(struct Curl_easy *data, int sockindex,
   size_t bytes_read;
   size_t total_read = 0;
   struct connectdata *conn = data->conn;
-  curl_socket_t fd = conn->sock[sockindex];
 
   *err = CURLE_OK;
 
   /* Handle clear text response. */
   if(conn->sec_complete == 0 || conn->data_prot == PROT_CLEAR)
-    return Curl_recv_plain(data, sockindex, buffer, len, err);
+    return Curl_conn_recv(data, sockindex, buffer, len, err);
 
   if(conn->in_buffer.eof_flag) {
     conn->in_buffer.eof_flag = 0;
@@ -573,7 +574,7 @@ static ssize_t sec_recv(struct Curl_easy *data, int sockindex,
   buffer += bytes_read;
 
   while(len > 0) {
-    if(read_data(data, fd, &conn->in_buffer))
+    if(read_data(data, sockindex, &conn->in_buffer))
       return -1;
     if(conn->in_buffer.size == 0) {
       if(bytes_read > 0)
@@ -720,8 +721,7 @@ int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn,
     return 0;
 
   if(buf[3] != '-')
-    /* safe to ignore return code */
-    (void)sscanf(buf, "%d", &ret_code);
+    ret_code = atoi(buf);
 
   if(buf[decoded_len - 1] == '\n')
     buf[decoded_len - 1] = '\0';
@@ -764,8 +764,9 @@ static int sec_set_protection_level(struct Curl_easy *data)
 
     pbsz = strstr(data->state.buffer, "PBSZ=");
     if(pbsz) {
-      /* ignore return code, use default value if it fails */
-      (void)sscanf(pbsz, "PBSZ=%u", &buffer_size);
+      /* stick to default value if the check fails */
+      if(!strncmp(pbsz, "PBSZ=", 5) && ISDIGIT(pbsz[5]))
+        buffer_size = atoi(&pbsz[5]);
       if(buffer_size < conn->buffer_size)
         conn->buffer_size = buffer_size;
     }
diff --git a/lib/ldap.c b/lib/ldap.c
index 92006d693..595e4b3b3 100644
--- a/lib/ldap.c
+++ b/lib/ldap.c
@@ -5,7 +5,7 @@
  *                | (__| |_| |  _ <| |___
  *                 \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -140,6 +140,14 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp);
 #define ldap_err2string ldap_err2stringA
 #endif
 
+#if defined(USE_WIN32_LDAP) && defined(_MSC_VER) && (_MSC_VER <= 1600)
+/* Workaround for warning:
+   'type cast' : conversion from 'int' to 'void *' of greater size */
+#undef LDAP_OPT_ON
+#undef LDAP_OPT_OFF
+#define LDAP_OPT_ON   ((void *)(size_t)1)
+#define LDAP_OPT_OFF  ((void *)(size_t)0)
+#endif
 
 static CURLcode ldap_do(struct Curl_easy *data, bool *done);
 
diff --git a/lib/libcurl.rc b/lib/libcurl.rc
index 23134a710..daa2d62d8 100644
--- a/lib/libcurl.rc
+++ b/lib/libcurl.rc
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/llist.c b/lib/llist.c
index fa2d366cb..5b6b0336d 100644
--- a/lib/llist.c
+++ b/lib/llist.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/llist.h b/lib/llist.h
index 2fcb91ca5..320580e33 100644
--- a/lib/llist.h
+++ b/lib/llist.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/md4.c b/lib/md4.c
index c13b080d6..318e9da6a 100644
--- a/lib/md4.c
+++ b/lib/md4.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -86,11 +86,7 @@
 #include "memdebug.h"
 
 
-#if defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
-
-#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
-
-#elif defined(USE_GNUTLS)
+#if defined(USE_GNUTLS)
 
 typedef struct md4_ctx MD4_CTX;
 
@@ -109,6 +105,10 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
   md4_digest(ctx, MD4_DIGEST_SIZE, result);
 }
 
+#elif defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
+
+#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
+
 #elif defined(AN_APPLE_OS)
 typedef CC_MD4_CTX MD4_CTX;
 
diff --git a/lib/md5.c b/lib/md5.c
index 9610e0c77..f57ef391c 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/memdebug.c b/lib/memdebug.c
index 15fb49155..d6952a07a 100644
--- a/lib/memdebug.c
+++ b/lib/memdebug.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/memdebug.h b/lib/memdebug.h
index 7fc90e83a..c9eb5dc37 100644
--- a/lib/memdebug.h
+++ b/lib/memdebug.h
@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/mime.c b/lib/mime.c
index e3f2821db..83846c57d 100644
--- a/lib/mime.c
+++ b/lib/mime.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/mime.h b/lib/mime.h
index b9ea0f101..04adf2d24 100644
--- a/lib/mime.h
+++ b/lib/mime.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/mprintf.c b/lib/mprintf.c
index 8a7c17a7f..5de935b1f 100644
--- a/lib/mprintf.c
+++ b/lib/mprintf.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/mqtt.c b/lib/mqtt.c
index 8ba826f4f..47af36914 100644
--- a/lib/mqtt.c
+++ b/lib/mqtt.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2019, Björn Stenberg, <bjorn@haxx.se>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Björn Stenberg, <bjorn@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -122,8 +122,9 @@ static CURLcode mqtt_send(struct Curl_easy *data,
   struct MQTT *mq = data->req.p.mqtt;
   ssize_t n;
   result = Curl_write(data, sockfd, buf, len, &n);
-  if(!result)
-    Curl_debug(data, CURLINFO_HEADER_OUT, buf, (size_t)n);
+  if(result)
+    return result;
+  Curl_debug(data, CURLINFO_HEADER_OUT, buf, (size_t)n);
   if(len != (size_t)n) {
     size_t nsend = len - n;
     char *sendleftovers = Curl_memdup(&buf[n], nsend);
diff --git a/lib/mqtt.h b/lib/mqtt.h
index c400d9b14..63961366f 100644
--- a/lib/mqtt.h
+++ b/lib/mqtt.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Björn Stenberg, <bjorn@haxx.se>
+ * Copyright (C) Björn Stenberg, <bjorn@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/multi.c b/lib/multi.c
index b96ee7c7e..731b2598f 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -445,9 +445,6 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
   sockhash_destroy(&multi->sockhash);
   Curl_hash_destroy(&multi->hostcache);
   Curl_conncache_destroy(&multi->conn_cache);
-  Curl_llist_destroy(&multi->msglist, NULL);
-  Curl_llist_destroy(&multi->pending, NULL);
-
   free(multi);
   return NULL;
 }
@@ -459,6 +456,42 @@ struct Curl_multi *curl_multi_init(void)
                            CURL_DNS_HASH_SIZE);
 }
 
+static void link_easy(struct Curl_multi *multi,
+                      struct Curl_easy *data)
+{
+  /* We add the new easy entry last in the list. */
+  data->next = NULL; /* end of the line */
+  if(multi->easyp) {
+    struct Curl_easy *last = multi->easylp;
+    last->next = data;
+    data->prev = last;
+    multi->easylp = data; /* the new last node */
+  }
+  else {
+    /* first node, make prev NULL! */
+    data->prev = NULL;
+    multi->easylp = multi->easyp = data; /* both first and last */
+  }
+}
+
+/* unlink the given easy handle from the linked list of easy handles */
+static void unlink_easy(struct Curl_multi *multi,
+                        struct Curl_easy *data)
+{
+  /* make the previous node point to our next */
+  if(data->prev)
+    data->prev->next = data->next;
+  else
+    multi->easyp = data->next; /* point to first node */
+
+  /* make our next point to our previous node */
+  if(data->next)
+    data->next->prev = data->prev;
+  else
+    multi->easylp = data->prev; /* point to last node */
+}
+
+
 CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
                                 struct Curl_easy *data)
 {
@@ -554,19 +587,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
     data->psl = &multi->psl;
 #endif
 
-  /* We add the new entry last in the list. */
-  data->next = NULL; /* end of the line */
-  if(multi->easyp) {
-    struct Curl_easy *last = multi->easylp;
-    last->next = data;
-    data->prev = last;
-    multi->easylp = data; /* the new last node */
-  }
-  else {
-    /* first node, make prev NULL! */
-    data->prev = NULL;
-    multi->easylp = multi->easyp = data; /* both first and last */
-  }
+  link_easy(multi, data);
 
   /* increase the node-counter */
   multi->num_easy++;
@@ -655,6 +676,9 @@ static CURLcode multi_done(struct Curl_easy *data,
       result = CURLE_ABORTED_BY_CALLBACK;
   }
 
+  /* Inform connection filters that this transfer is done */
+  Curl_conn_ev_data_done(data, premature);
+
   process_pending_handles(data->multi); /* connection / multiplex */
 
   CONNCACHE_LOCK(data);
@@ -709,12 +733,12 @@ static CURLcode multi_done(struct Curl_easy *data,
            conn->proxy_negotiate_state == GSS_AUTHRECV)
 #endif
      ) || conn->bits.close
-       || (premature && !(conn->handler->flags & PROTOPT_STREAM))) {
+       || (premature && !Curl_conn_is_multiplex(conn, FIRSTSOCKET))) {
     DEBUGF(infof(data, "multi_done, not re-using connection=%ld, forbid=%d"
-                 ", close=%d, premature=%d, stream=%d",
+                 ", close=%d, premature=%d, conn_multiplex=%d",
                  conn->connection_id,
                  data->set.reuse_forbid, conn->bits.close, premature,
-                 (conn->handler->flags & PROTOPT_STREAM)));
+                 Curl_conn_is_multiplex(conn, FIRSTSOCKET)));
     connclose(conn, "disconnecting");
     Curl_conncache_remove_conn(data, conn, FALSE);
     CONNCACHE_UNLOCK(data);
@@ -838,10 +862,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
 
   Curl_wildcard_dtor(&data->wildcard);
 
-  /* destroy the timeout list that is held in the easy handle, do this *after*
-     multi_done() as that may actually call Curl_expire that uses this */
-  Curl_llist_destroy(&data->state.timeoutlist, NULL);
-
   /* change state without using multistate(), only to make singlesocket() do
      what we want */
   data->mstate = MSTATE_COMPLETED;
@@ -914,17 +934,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
     }
   }
 
-  /* make the previous node point to our next */
-  if(data->prev)
-    data->prev->next = data->next;
-  else
-    multi->easyp = data->next; /* point to first node */
-
-  /* make our next point to our previous node */
-  if(data->next)
-    data->next->prev = data->prev;
-  else
-    multi->easylp = data->prev; /* point to last node */
+  unlink_easy(multi, data);
 
   /* NOTE NOTE NOTE
      We do not touch the easy handle here! */
@@ -954,7 +964,7 @@ void Curl_detach_connection(struct Curl_easy *data)
 {
   struct connectdata *conn = data->conn;
   if(conn) {
-    Curl_conn_detach_data(conn, data);
+    Curl_conn_ev_data_detach(conn, data);
     Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL);
   }
   data->conn = NULL;
@@ -973,9 +983,9 @@ void Curl_attach_connection(struct Curl_easy *data,
   data->conn = conn;
   Curl_llist_insert_next(&conn->easyq, conn->easyq.tail, data,
                          &data->conn_queue);
-  Curl_conn_attach_data(conn, data);
-  if(conn->handler->attach)
+  if(conn->handler && conn->handler->attach)
     conn->handler->attach(data, conn);
+  Curl_conn_ev_data_attach(conn, data);
 }
 
 static int domore_getsock(struct Curl_easy *data,
@@ -1002,11 +1012,7 @@ static int protocol_getsock(struct Curl_easy *data,
 {
   if(conn->handler->proto_getsock)
     return conn->handler->proto_getsock(data, conn, socks);
-  /* Backup getsock logic. Since there is a live socket in use, we must wait
-     for it or it will be removed from watching when the multi_socket API is
-     used. */
-  socks[0] = conn->sock[FIRSTSOCKET];
-  return GETSOCK_READSOCK(0) | GETSOCK_WRITESOCK(0);
+  return Curl_conn_get_select_socks(data, FIRSTSOCKET, socks);
 }
 
 /* returns bitmapped flags for this handle and its sockets. The 'socks[]'
@@ -1111,6 +1117,22 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi,
   return CURLM_OK;
 }
 
+#ifdef USE_WINSOCK
+/* Reset FD_WRITE for TCP sockets. Nothing is actually sent. UDP sockets can't
+ * be reset this way because an empty datagram would be sent. #9203
+ *
+ * "On Windows the internal state of FD_WRITE as returned from
+ * WSAEnumNetworkEvents is only reset after successful send()."
+ */
+static void reset_socket_fdwrite(curl_socket_t s)
+{
+  int t;
+  int l = (int)sizeof(t);
+  if(!getsockopt(s, SOL_SOCKET, SO_TYPE, (char *)&t, &l) && t == SOCK_STREAM)
+    send(s, NULL, 0, 0);
+}
+#endif
+
 #define NUM_POLLS_ON_STACK 10
 
 static CURLMcode multi_wait(struct Curl_multi *multi,
@@ -1232,7 +1254,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
           s = sockbunch[i];
 #ifdef USE_WINSOCK
           mask |= FD_WRITE|FD_CONNECT|FD_CLOSE;
-          send(s, NULL, 0, 0); /* reset FD_WRITE */
+          reset_socket_fdwrite(s);
 #endif
           ufds[nfds].fd = s;
           ufds[nfds].events = POLLOUT;
@@ -1266,7 +1288,7 @@ static CURLMcode multi_wait(struct Curl_multi *multi,
       mask |= FD_OOB;
     if(extra_fds[i].events & CURL_WAIT_POLLOUT) {
       mask |= FD_WRITE|FD_CONNECT|FD_CLOSE;
-      send(extra_fds[i].fd, NULL, 0, 0); /* reset FD_WRITE */
+      reset_socket_fdwrite(extra_fds[i].fd);
     }
     if(WSAEventSelect(extra_fds[i].fd, multi->wsa_event, mask) != 0) {
       if(ufds_malloc)
@@ -1862,6 +1884,15 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
     multistate(data, MSTATE_COMPLETED);
   }
 
+#ifdef DEBUGBUILD
+  if(!multi->warned) {
+    infof(data, "!!! WARNING !!!");
+    infof(data, "This is a debug build of libcurl, "
+          "do not use in production.");
+    multi->warned = true;
+  }
+#endif
+
   do {
     /* A "stream" here is a logical stream if the protocol can handle that
        (HTTP/2), or the full connection for older protocols */
@@ -2168,7 +2199,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
 #ifndef CURL_DISABLE_FTP
             /* some steps needed for wildcard matching */
             if(data->state.wildcardmatch) {
-              struct WildcardData *wc = &data->wildcard;
+              struct WildcardData *wc = data->wildcard;
               if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) {
                 /* skip some states if it is important */
                 multi_done(data, CURLE_OK, FALSE);
@@ -2320,7 +2351,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
 #ifndef CURL_DISABLE_FTP
         if(data->state.wildcardmatch &&
            ((data->conn->handler->flags & PROTOPT_WILDCARD) == 0)) {
-          data->wildcard.state = CURLWC_DONE;
+          data->wildcard->state = CURLWC_DONE;
         }
 #endif
         multistate(data, MSTATE_DONE);
@@ -2550,7 +2581,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
 
 #ifndef CURL_DISABLE_FTP
       if(data->state.wildcardmatch) {
-        if(data->wildcard.state != CURLWC_DONE) {
+        if(data->wildcard->state != CURLWC_DONE) {
           /* if a wildcard is set and we are not ending -> lets start again
              with MSTATE_INIT */
           multistate(data, MSTATE_INIT);
@@ -2682,18 +2713,25 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles)
     return CURLM_RECURSIVE_API_CALL;
 
   data = multi->easyp;
-  while(data) {
+  if(data) {
     CURLMcode result;
+    bool nosig = data->set.no_signal;
     SIGPIPE_VARIABLE(pipe_st);
-
     sigpipe_ignore(data, &pipe_st);
-    result = multi_runsingle(multi, &now, data);
+    /* Do the loop and only alter the signal ignore state if the next handle
+       has a different NO_SIGNAL state than the previous */
+    do {
+      if(data->set.no_signal != nosig) {
+        sigpipe_restore(&pipe_st);
+        sigpipe_ignore(data, &pipe_st);
+        nosig = data->set.no_signal;
+      }
+      result = multi_runsingle(multi, &now, data);
+      if(result)
+        returncode = result;
+      data = data->next; /* operate on next handle */
+    } while(data);
     sigpipe_restore(&pipe_st);
-
-    if(result)
-      returncode = result;
-
-    data = data->next; /* operate on next handle */
   }
 
   /*
@@ -2764,9 +2802,6 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi)
 
     sockhash_destroy(&multi->sockhash);
     Curl_conncache_destroy(&multi->conn_cache);
-    Curl_llist_destroy(&multi->msglist, NULL);
-    Curl_llist_destroy(&multi->pending, NULL);
-
     Curl_hash_destroy(&multi->hostcache);
     Curl_psl_destroy(&multi->psl);
 
@@ -3248,7 +3283,7 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi,
     multi->push_userp = va_arg(param, void *);
     break;
   case CURLMOPT_PIPELINING:
-    multi->multiplexing = va_arg(param, long) & CURLPIPE_MULTIPLEX;
+    multi->multiplexing = va_arg(param, long) & CURLPIPE_MULTIPLEX ? 1 : 0;
     break;
   case CURLMOPT_TIMERFUNCTION:
     multi->timer_cb = va_arg(param, curl_multi_timer_callback);
diff --git a/lib/multihandle.h b/lib/multihandle.h
index 5a83656d5..6cda65d44 100644
--- a/lib/multihandle.h
+++ b/lib/multihandle.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -162,14 +162,17 @@ struct Curl_multi {
 #define IPV6_DEAD    1
 #define IPV6_WORKS   2
   unsigned char ipv6_up;       /* IPV6_* defined */
-  bool multiplexing;           /* multiplexing wanted */
-  bool recheckstate;           /* see Curl_multi_connchanged */
-  bool in_callback;            /* true while executing a callback */
+  BIT(multiplexing);           /* multiplexing wanted */
+  BIT(recheckstate);           /* see Curl_multi_connchanged */
+  BIT(in_callback);            /* true while executing a callback */
 #ifdef USE_OPENSSL
-  bool ssl_seeded;
+  BIT(ssl_seeded);
 #endif
-  bool dead; /* a callback returned error, everything needs to crash and
+  BIT(dead); /* a callback returned error, everything needs to crash and
                 burn */
+#ifdef DEBUGBUILD
+  BIT(warned);                 /* true after user warned of DEBUGBUILD */
+#endif
 };
 
 #endif /* HEADER_CURL_MULTIHANDLE_H */
diff --git a/lib/multiif.h b/lib/multiif.h
index 0cb9d4f7f..cae02cb08 100644
--- a/lib/multiif.h
+++ b/lib/multiif.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/netrc.c b/lib/netrc.c
index 4461b8492..aa1b80ab2 100644
--- a/lib/netrc.c
+++ b/lib/netrc.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/netrc.h b/lib/netrc.h
index 53d005672..9f2815f3b 100644
--- a/lib/netrc.h
+++ b/lib/netrc.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/nonblock.c b/lib/nonblock.c
index 8447b6f42..f4eb65612 100644
--- a/lib/nonblock.c
+++ b/lib/nonblock.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/nonblock.h b/lib/nonblock.h
index a42f443a4..4a1a6151f 100644
--- a/lib/nonblock.h
+++ b/lib/nonblock.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/noproxy.c b/lib/noproxy.c
index 9b13fe895..f1c1ed2c6 100644
--- a/lib/noproxy.c
+++ b/lib/noproxy.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -119,8 +119,10 @@ enum nametype {
 * Checks if the host is in the noproxy list. returns TRUE if it matches and
 * therefore the proxy should NOT be used.
 ****************************************************************/
-bool Curl_check_noproxy(const char *name, const char *no_proxy)
+bool Curl_check_noproxy(const char *name, const char *no_proxy,
+                        bool *spacesep)
 {
+  *spacesep = FALSE;
   /*
    * If we don't have a hostname at all, like for example with a FILE
    * transfer, we have nothing to interrogate the noproxy list with.
@@ -244,6 +246,15 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy)
         if(match)
           return TRUE;
       } /* if(tokenlen) */
+      /* pass blanks after pattern */
+      while(ISBLANK(*p))
+        p++;
+      /* if not a comma! */
+      if(*p && (*p != ',')) {
+        *spacesep = TRUE;
+        continue;
+      }
+      /* pass any number of commas */
       while(*p == ',')
         p++;
     } /* while(*p) */
diff --git a/lib/noproxy.h b/lib/noproxy.h
index 8800a2127..a3a680772 100644
--- a/lib/noproxy.h
+++ b/lib/noproxy.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,7 +37,8 @@ UNITTEST bool Curl_cidr6_match(const char *ipv6,
                                unsigned int bits);
 #endif
 
-bool Curl_check_noproxy(const char *name, const char *no_proxy);
+bool Curl_check_noproxy(const char *name, const char *no_proxy,
+                        bool *spacesep);
 
 #endif
 
diff --git a/lib/openldap.c b/lib/openldap.c
index ab81e57c2..b9feeda05 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -5,8 +5,8 @@
  *                | (__| |_| |  _ <| |___
  *                 \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2010, Howard Chu, <hyc@openldap.org>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Howard Chu, <hyc@openldap.org>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/optiontable.pl b/lib/optiontable.pl
index 588c0b4d9..25d6a66de 100644..100755
--- a/lib/optiontable.pl
+++ b/lib/optiontable.pl
@@ -3,12 +3,12 @@
 print <<HEAD
 /***************************************************************************
  *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
+ *  Project                     ___| | | |  _ \\| |
  *                             / __| | | | |_) | |
  *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
+ *                             \\___|\\___/|_| \\_\\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/parsedate.c b/lib/parsedate.c
index 5ed88195f..1662dd36b 100644
--- a/lib/parsedate.c
+++ b/lib/parsedate.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -212,56 +212,55 @@ static int checkday(const char *check, size_t len)
 {
   int i;
   const char * const *what;
-  bool found = FALSE;
   if(len > 3)
     what = &weekday[0];
-  else
+  else if(len == 3)
     what = &Curl_wkday[0];
+  else
+    return -1; /* too short */
   for(i = 0; i<7; i++) {
-    if(strcasecompare(check, what[0])) {
-      found = TRUE;
-      break;
-    }
+    size_t ilen = strlen(what[0]);
+    if((ilen == len) &&
+       strncasecompare(check, what[0], len))
+      return i;
     what++;
   }
-  return found?i:-1;
+  return -1;
 }
 
-static int checkmonth(const char *check)
+static int checkmonth(const char *check, size_t len)
 {
   int i;
-  const char * const *what;
-  bool found = FALSE;
+  const char * const *what = &Curl_month[0];
+  if(len != 3)
+    return -1; /* not a month */
 
-  what = &Curl_month[0];
   for(i = 0; i<12; i++) {
-    if(strcasecompare(check, what[0])) {
-      found = TRUE;
-      break;
-    }
+    if(strncasecompare(check, what[0], 3))
+      return i;
     what++;
   }
-  return found?i:-1; /* return the offset or -1, no real offset is -1 */
+  return -1; /* return the offset or -1, no real offset is -1 */
 }
 
 /* return the time zone offset between GMT and the input one, in number
    of seconds or -1 if the timezone wasn't found/legal */
 
-static int checktz(const char *check)
+static int checktz(const char *check, size_t len)
 {
   unsigned int i;
-  const struct tzinfo *what;
-  bool found = FALSE;
+  const struct tzinfo *what = tz;
+  if(len > 4) /* longer than any valid timezone */
+    return -1;
 
-  what = tz;
   for(i = 0; i< sizeof(tz)/sizeof(tz[0]); i++) {
-    if(strcasecompare(check, what->name)) {
-      found = TRUE;
-      break;
-    }
+    size_t ilen = strlen(what->name);
+    if((ilen == len) &&
+       strncasecompare(check, what->name, len))
+      return what->offset*60;
     what++;
   }
-  return found?what->offset*60:-1;
+  return -1;
 }
 
 static void skip(const char **date)
@@ -294,6 +293,53 @@ static time_t time2epoch(int sec, int min, int hour,
            + hour) * 60 + min) * 60 + sec;
 }
 
+/* Returns the value of a single-digit or two-digit decimal number, return
+   then pointer to after the number. The 'date' pointer is known to point to a
+   digit. */
+static int oneortwodigit(const char *date, const char **endp)
+{
+  int num = date[0] - '0';
+  if(ISDIGIT(date[1])) {
+    *endp = &date[2];
+    return num*10 + (date[1] - '0');
+  }
+  *endp = &date[1];
+  return num;
+}
+
+
+/* HH:MM:SS or HH:MM and accept single-digits too */
+static bool match_time(const char *date,
+                       int *h, int *m, int *s, char **endp)
+{
+  const char *p;
+  int hh, mm, ss = 0;
+  hh = oneortwodigit(date, &p);
+  if((hh < 24) && (*p == ':') && ISDIGIT(p[1])) {
+    mm = oneortwodigit(&p[1], &p);
+    if(mm < 60) {
+      if((*p == ':') && ISDIGIT(p[1])) {
+        ss = oneortwodigit(&p[1], &p);
+        if(ss <= 60) {
+          /* valid HH:MM:SS */
+          goto match;
+        }
+      }
+      else {
+        /* valid HH:MM */
+        goto match;
+      }
+    }
+  }
+  return FALSE; /* not a time string */
+  match:
+  *h = hh;
+  *m = mm;
+  *s = ss;
+  *endp = (char *)p;
+  return TRUE;
+}
+
 /*
  * parsedate()
  *
@@ -305,6 +351,9 @@ static time_t time2epoch(int sec, int min, int hour,
  * PARSEDATE_SOONER - time underflow at the low end of time_t
  */
 
+/* Wednesday is the longest name this parser knows about */
+#define NAME_LEN 12
+
 static int parsedate(const char *date, time_t *output)
 {
   time_t t = 0;
@@ -327,32 +376,32 @@ static int parsedate(const char *date, time_t *output)
 
     if(ISALPHA(*date)) {
       /* a name coming up */
-      char buf[32]="";
-      size_t len;
-      if(sscanf(date, "%31[ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-                          "abcdefghijklmnopqrstuvwxyz]", buf))
-        len = strlen(buf);
-      else
-        len = 0;
-
-      if(wdaynum == -1) {
-        wdaynum = checkday(buf, len);
-        if(wdaynum != -1)
-          found = TRUE;
-      }
-      if(!found && (monnum == -1)) {
-        monnum = checkmonth(buf);
-        if(monnum != -1)
-          found = TRUE;
+      size_t len = 0;
+      const char *p = date;
+      while(ISALPHA(*p) && (len < NAME_LEN)) {
+        p++;
+        len++;
       }
 
-      if(!found && (tzoff == -1)) {
-        /* this just must be a time zone string */
-        tzoff = checktz(buf);
-        if(tzoff != -1)
-          found = TRUE;
-      }
+      if(len != NAME_LEN) {
+        if(wdaynum == -1) {
+          wdaynum = checkday(date, len);
+          if(wdaynum != -1)
+            found = TRUE;
+        }
+        if(!found && (monnum == -1)) {
+          monnum = checkmonth(date, len);
+          if(monnum != -1)
+            found = TRUE;
+        }
 
+        if(!found && (tzoff == -1)) {
+          /* this just must be a time zone string */
+          tzoff = checktz(date, len);
+          if(tzoff != -1)
+            found = TRUE;
+        }
+      }
       if(!found)
         return PARSEDATE_FAIL; /* bad string */
 
@@ -362,18 +411,10 @@ static int parsedate(const char *date, time_t *output)
       /* a digit */
       int val;
       char *end;
-      int len = 0;
       if((secnum == -1) &&
-         (3 == sscanf(date, "%02d:%02d:%02d%n",
-                      &hournum, &minnum, &secnum, &len))) {
-        /* time stamp! */
-        date += len;
-      }
-      else if((secnum == -1) &&
-              (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
-        /* time stamp without seconds */
-        date += len;
-        secnum = 0;
+         match_time(date, &hournum, &minnum, &secnum, &end)) {
+        /* time stamp */
+        date = end;
       }
       else {
         long lval;
diff --git a/lib/parsedate.h b/lib/parsedate.h
index 4e4347754..84c37f167 100644
--- a/lib/parsedate.h
+++ b/lib/parsedate.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/pingpong.c b/lib/pingpong.c
index 9b9558048..2f4aa1c34 100644
--- a/lib/pingpong.c
+++ b/lib/pingpong.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/pingpong.h b/lib/pingpong.h
index cefae073a..80d3f7718 100644
--- a/lib/pingpong.h
+++ b/lib/pingpong.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/pop3.c b/lib/pop3.c
index ce17f2ac7..36707e535 100644
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -370,16 +370,18 @@ static CURLcode pop3_perform_upgrade_tls(struct Curl_easy *data,
   /* Start the SSL connection */
   struct pop3_conn *pop3c = &conn->proto.pop3c;
   CURLcode result;
+  bool ssldone = FALSE;
 
-  if(!Curl_conn_is_ssl(data, FIRSTSOCKET)) {
+  if(!Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
     result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
     if(result)
       goto out;
   }
 
-  result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &pop3c->ssldone);
+  result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
 
   if(!result) {
+    pop3c->ssldone = ssldone;
     if(pop3c->state != POP3_UPGRADETLS)
       state(data, POP3_UPGRADETLS);
 
@@ -769,7 +771,7 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code,
     if(pop3code != '+')
       pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
 
-    if(!data->set.use_ssl || Curl_conn_is_ssl(data, FIRSTSOCKET))
+    if(!data->set.use_ssl || Curl_conn_is_ssl(conn, FIRSTSOCKET))
       result = pop3_perform_authentication(data, conn);
     else if(pop3code == '+' && pop3c->tls_supported)
       /* Switch to TLS connection now */
@@ -1056,7 +1058,9 @@ static CURLcode pop3_multi_statemach(struct Curl_easy *data, bool *done)
   struct pop3_conn *pop3c = &conn->proto.pop3c;
 
   if((conn->handler->flags & PROTOPT_SSL) && !pop3c->ssldone) {
-    result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &pop3c->ssldone);
+    bool ssldone = FALSE;
+    result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
+    pop3c->ssldone = ssldone;
     if(result || !pop3c->ssldone)
       return result;
   }
diff --git a/lib/pop3.h b/lib/pop3.h
index bb0645f9b..83f0f831e 100644
--- a/lib/pop3.h
+++ b/lib/pop3.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2009 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -62,16 +62,16 @@ struct POP3 {
 struct pop3_conn {
   struct pingpong pp;
   pop3state state;        /* Always use pop3.c:state() to change state! */
-  bool ssldone;           /* Is connect() over SSL done? */
-  bool tls_supported;     /* StartTLS capability supported by server */
   size_t eob;             /* Number of bytes of the EOB (End Of Body) that
                              have been received so far */
   size_t strip;           /* Number of bytes from the start to ignore as
                              non-body */
   struct SASL sasl;       /* SASL-related storage */
-  unsigned int authtypes; /* Accepted authentication types */
-  unsigned int preftype;  /* Preferred authentication type */
   char *apoptimestamp;    /* APOP timestamp from the server greeting */
+  unsigned char authtypes; /* Accepted authentication types */
+  unsigned char preftype;  /* Preferred authentication type */
+  BIT(ssldone);           /* Is connect() over SSL done? */
+  BIT(tls_supported);     /* StartTLS capability supported by server */
 };
 
 extern const struct Curl_handler Curl_handler_pop3;
@@ -84,7 +84,7 @@ extern const struct Curl_handler Curl_handler_pop3s;
 
 /* Authentication type values */
 #define POP3_TYPE_NONE      0
-#define POP3_TYPE_ANY       ~0U
+#define POP3_TYPE_ANY       (POP3_TYPE_CLEARTEXT|POP3_TYPE_APOP|POP3_TYPE_SASL)
 
 /* This is the 5-bytes End-Of-Body marker for POP3 */
 #define POP3_EOB "\x0d\x0a\x2e\x0d\x0a"
diff --git a/lib/progress.c b/lib/progress.c
index 4a1e1daa8..6092b782c 100644
--- a/lib/progress.c
+++ b/lib/progress.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -87,8 +87,6 @@ static char *max5data(curl_off_t bytes, char *max5)
               CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE,
               (bytes%ONE_MEGABYTE) / (ONE_MEGABYTE/CURL_OFF_T_C(10)) );
 
-#if (SIZEOF_CURL_OFF_T > 4)
-
   else if(bytes < CURL_OFF_T_C(10000) * ONE_MEGABYTE)
     /* 'XXXXM' is good until we're at 10000MB or above */
     msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
@@ -111,15 +109,8 @@ static char *max5data(curl_off_t bytes, char *max5)
     /* up to 10000PB, display without decimal: XXXXP */
     msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "P", bytes/ONE_PETABYTE);
 
-    /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number
-       can hold, but our data type is signed so 8192PB will be the maximum. */
-
-#else
-
-  else
-    msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
-
-#endif
+  /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number can
+     hold, but our data type is signed so 8192PB will be the maximum. */
 
   return max5;
 }
@@ -166,14 +157,11 @@ void Curl_pgrsResetTransferSizes(struct Curl_easy *data)
 
 /*
  *
- * Curl_pgrsTime(). Store the current time at the given label. This fetches a
- * fresh "now" and returns it.
- *
- * @unittest: 1399
+ * Curl_pgrsTimeWas(). Store the timestamp time at the given label.
  */
-struct curltime Curl_pgrsTime(struct Curl_easy *data, timerid timer)
+void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer,
+                      struct curltime timestamp)
 {
-  struct curltime now = Curl_now();
   timediff_t *delta = NULL;
 
   switch(timer) {
@@ -183,15 +171,15 @@ struct curltime Curl_pgrsTime(struct Curl_easy *data, timerid timer)
     break;
   case TIMER_STARTOP:
     /* This is set at the start of a transfer */
-    data->progress.t_startop = now;
+    data->progress.t_startop = timestamp;
     break;
   case TIMER_STARTSINGLE:
     /* This is set at the start of each single fetch */
-    data->progress.t_startsingle = now;
+    data->progress.t_startsingle = timestamp;
     data->progress.is_t_startransfer_set = false;
     break;
   case TIMER_STARTACCEPT:
-    data->progress.t_acceptdata = now;
+    data->progress.t_acceptdata = timestamp;
     break;
   case TIMER_NAMELOOKUP:
     delta = &data->progress.t_nslookup;
@@ -214,7 +202,7 @@ struct curltime Curl_pgrsTime(struct Curl_easy *data, timerid timer)
      * changing the t_starttransfer time.
      */
     if(data->progress.is_t_startransfer_set) {
-      return now;
+      return;
     }
     else {
       data->progress.is_t_startransfer_set = true;
@@ -224,15 +212,30 @@ struct curltime Curl_pgrsTime(struct Curl_easy *data, timerid timer)
     /* this is the normal end-of-transfer thing */
     break;
   case TIMER_REDIRECT:
-    data->progress.t_redirect = Curl_timediff_us(now, data->progress.start);
+    data->progress.t_redirect = Curl_timediff_us(timestamp,
+                                                 data->progress.start);
     break;
   }
   if(delta) {
-    timediff_t us = Curl_timediff_us(now, data->progress.t_startsingle);
+    timediff_t us = Curl_timediff_us(timestamp, data->progress.t_startsingle);
     if(us < 1)
       us = 1; /* make sure at least one microsecond passed */
     *delta += us;
   }
+}
+
+/*
+ *
+ * Curl_pgrsTime(). Store the current time at the given label. This fetches a
+ * fresh "now" and returns it.
+ *
+ * @unittest: 1399
+ */
+struct curltime Curl_pgrsTime(struct Curl_easy *data, timerid timer)
+{
+  struct curltime now = Curl_now();
+
+  Curl_pgrsTimeWas(data, timer, now);
   return now;
 }
 
diff --git a/lib/progress.h b/lib/progress.h
index a12931514..0049cd04b 100644
--- a/lib/progress.h
+++ b/lib/progress.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -57,6 +57,13 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize,
                                   curl_off_t limit,
                                   struct curltime start,
                                   struct curltime now);
+/**
+ * Update progress timer with the elapsed time from its start to `timestamp`.
+ * This allows updating timers later and is used by happy eyeballing, where
+ * we only want to record the winner's times.
+ */
+void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer,
+                      struct curltime timestamp);
 
 #define PGRS_HIDE    (1<<4)
 #define PGRS_UL_SIZE_KNOWN (1<<5)
diff --git a/lib/psl.c b/lib/psl.c
index 60c98a4ca..626a203a6 100644
--- a/lib/psl.c
+++ b/lib/psl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/psl.h b/lib/psl.h
index 34f0a5cae..23cfa921c 100644
--- a/lib/psl.h
+++ b/lib/psl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/quic.h b/lib/quic.h
deleted file mode 100644
index b35774735..000000000
--- a/lib/quic.h
+++ /dev/null
@@ -1,68 +0,0 @@
-#ifndef HEADER_CURL_QUIC_H
-#define HEADER_CURL_QUIC_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef ENABLE_QUIC
-#ifdef USE_NGTCP2
-#include "vquic/ngtcp2.h"
-#endif
-#ifdef USE_QUICHE
-#include "vquic/quiche.h"
-#endif
-#ifdef USE_MSH3
-#include "vquic/msh3.h"
-#endif
-
-#include "urldata.h"
-
-/* functions provided by the specific backends */
-CURLcode Curl_quic_connect(struct Curl_easy *data,
-                           struct connectdata *conn,
-                           curl_socket_t sockfd,
-                           int sockindex,
-                           const struct sockaddr *addr,
-                           socklen_t addrlen);
-CURLcode Curl_quic_is_connected(struct Curl_easy *data,
-                                struct connectdata *conn,
-                                int sockindex,
-                                bool *connected);
-void Curl_quic_ver(char *p, size_t len);
-CURLcode Curl_quic_done_sending(struct Curl_easy *data);
-void Curl_quic_done(struct Curl_easy *data, bool premature);
-bool Curl_quic_data_pending(const struct Curl_easy *data);
-void Curl_quic_disconnect(struct Curl_easy *data,
-                          struct connectdata *conn, int tempindex);
-CURLcode Curl_quic_idle(struct Curl_easy *data);
-
-#else /* ENABLE_QUIC */
-#define Curl_quic_done_sending(x)
-#define Curl_quic_done(x,y)
-#define Curl_quic_data_pending(x)
-#define Curl_quic_disconnect(x,y,z)
-#endif /* !ENABLE_QUIC */
-
-#endif /* HEADER_CURL_QUIC_H */
diff --git a/lib/rand.c b/lib/rand.c
index a549624a8..9abb722d2 100644
--- a/lib/rand.c
+++ b/lib/rand.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -30,6 +30,10 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
+#ifdef HAVE_ARC4RANDOM
+/* Some platforms might have the prototype missing (ubuntu + libressl) */
+uint32_t arc4random(void);
+#endif
 
 #include <curl/curl.h>
 #include "vtls/vtls.h"
@@ -143,6 +147,11 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
   }
 #endif
 
+#ifdef HAVE_ARC4RANDOM
+  *rnd = (unsigned int)arc4random();
+  return CURLE_OK;
+#endif
+
 #if defined(RANDOM_FILE) && !defined(WIN32)
   if(!seeded) {
     /* if there's a random file to read a seed from, use it */
diff --git a/lib/rand.h b/lib/rand.h
index 30fc29615..cbe05677a 100644
--- a/lib/rand.h
+++ b/lib/rand.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/rename.c b/lib/rename.c
index cfb3699fb..97a66e947 100644
--- a/lib/rename.c
+++ b/lib/rename.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/rename.h b/lib/rename.h
index 9958e2cd2..04440820c 100644
--- a/lib/rename.h
+++ b/lib/rename.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/rtsp.c b/lib/rtsp.c
index 75e620d11..aef3560a9 100644
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -38,6 +38,7 @@
 #include "strcase.h"
 #include "select.h"
 #include "connect.h"
+#include "cfilters.h"
 #include "strdup.h"
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -134,36 +135,6 @@ static CURLcode rtsp_setup_connection(struct Curl_easy *data,
 
 
 /*
- * The server may send us RTP data at any point, and RTSPREQ_RECEIVE does not
- * want to block the application forever while receiving a stream. Therefore,
- * we cannot assume that an RTSP socket is dead just because it is readable.
- *
- * Instead, if it is readable, run Curl_connalive() to peek at the socket
- * and distinguish between closed and data.
- */
-static bool rtsp_connisdead(struct Curl_easy *data, struct connectdata *check)
-{
-  int sval;
-  bool ret_val = TRUE;
-
-  sval = SOCKET_READABLE(check->sock[FIRSTSOCKET], 0);
-  if(sval == 0) {
-    /* timeout */
-    ret_val = FALSE;
-  }
-  else if(sval & CURL_CSELECT_ERR) {
-    /* socket is in an error state */
-    ret_val = TRUE;
-  }
-  else if(sval & CURL_CSELECT_IN) {
-    /* readable with no error. could still be closed */
-    ret_val = !Curl_connalive(data, check);
-  }
-
-  return ret_val;
-}
-
-/*
  * Function to check on various aspects of a connection.
  */
 static unsigned int rtsp_conncheck(struct Curl_easy *data,
@@ -174,7 +145,8 @@ static unsigned int rtsp_conncheck(struct Curl_easy *data,
   (void)data;
 
   if(checks_to_perform & CONNCHECK_ISDEAD) {
-    if(rtsp_connisdead(data, conn))
+    bool input_pending;
+    if(!Curl_conn_is_alive(data, conn, &input_pending))
       ret_val |= CONNRESULT_DEAD;
   }
 
@@ -592,7 +564,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
   }
 
   /* issue the request */
-  result = Curl_buffer_send(&req_buffer, data,
+  result = Curl_buffer_send(&req_buffer, data, data->req.p.http,
                             &data->info.request_size, 0, FIRSTSOCKET);
   if(result) {
     failf(data, "Failed sending RTSP request");
@@ -784,12 +756,14 @@ CURLcode rtp_client_write(struct Curl_easy *data, char *ptr, size_t len)
 
 CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, char *header)
 {
-  long CSeq = 0;
-
   if(checkprefix("CSeq:", header)) {
-    /* Store the received CSeq. Match is verified in rtsp_done */
-    int nc = sscanf(&header[4], ": %ld", &CSeq);
-    if(nc == 1) {
+    long CSeq = 0;
+    char *endp;
+    char *p = &header[5];
+    while(ISBLANK(*p))
+      p++;
+    CSeq = strtol(p, &endp, 10);
+    if(p != endp) {
       struct RTSP *rtsp = data->req.p.rtsp;
       rtsp->CSeq_recv = CSeq; /* mark the request */
       data->state.rtsp_CSeq_recv = CSeq; /* update the handle */
diff --git a/lib/rtsp.h b/lib/rtsp.h
index fa6606ac9..6e55616b3 100644
--- a/lib/rtsp.h
+++ b/lib/rtsp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/select.c b/lib/select.c
index 2ac074677..61cce619b 100644
--- a/lib/select.c
+++ b/lib/select.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -230,14 +230,14 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
   if(readfd0 != CURL_SOCKET_BAD) {
     if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
       r |= CURL_CSELECT_IN;
-    if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
+    if(pfd[num].revents & (POLLPRI|POLLNVAL))
       r |= CURL_CSELECT_ERR;
     num++;
   }
   if(readfd1 != CURL_SOCKET_BAD) {
     if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
       r |= CURL_CSELECT_IN2;
-    if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
+    if(pfd[num].revents & (POLLPRI|POLLNVAL))
       r |= CURL_CSELECT_ERR;
     num++;
   }
diff --git a/lib/select.h b/lib/select.h
index f2cf8bbd9..5b1ca23eb 100644
--- a/lib/select.h
+++ b/lib/select.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/sendf.c b/lib/sendf.c
index 63262409b..2b0827168 100644
--- a/lib/sendf.c
+++ b/lib/sendf.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -138,149 +138,6 @@ static size_t convert_lineends(struct Curl_easy *data,
 }
 #endif /* CURL_DO_LINEEND_CONV && !CURL_DISABLE_FTP */
 
-#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
-bool Curl_recv_has_postponed_data(struct connectdata *conn, int sockindex)
-{
-  struct postponed_data * const psnd = &(conn->postponed[sockindex]);
-  return psnd->buffer && psnd->allocated_size &&
-         psnd->recv_size > psnd->recv_processed;
-}
-
-static CURLcode pre_receive_plain(struct Curl_easy *data,
-                                  struct connectdata *conn, int num)
-{
-  const curl_socket_t sockfd = conn->sock[num];
-  struct postponed_data * const psnd = &(conn->postponed[num]);
-  size_t bytestorecv = psnd->allocated_size - psnd->recv_size;
-  ssize_t recvedbytes;
-
-  /* WinSock will destroy unread received data if send() is
-     failed.
-     To avoid lossage of received data, recv() must be
-     performed before every send() if any incoming data is
-     available. However, skip this, if buffer is already full. */
-  if((conn->handler->protocol&PROTO_FAMILY_HTTP) != 0 &&
-     conn->recv[num] == Curl_conn_recv &&
-     (!psnd->buffer || bytestorecv)) {
-    const int readymask = Curl_socket_check(sockfd, CURL_SOCKET_BAD,
-                                            CURL_SOCKET_BAD, 0);
-    if(readymask != -1 && (readymask & CURL_CSELECT_IN) != 0) {
-      /* Have some incoming data */
-      if(!psnd->buffer) {
-        /* Use buffer double default size for intermediate buffer */
-        psnd->allocated_size = 2 * data->set.buffer_size;
-        psnd->buffer = malloc(psnd->allocated_size);
-        if(!psnd->buffer)
-          return CURLE_OUT_OF_MEMORY;
-        psnd->recv_size = 0;
-        psnd->recv_processed = 0;
-#ifdef DEBUGBUILD
-        psnd->bindsock = sockfd; /* Used only for DEBUGASSERT */
-#endif /* DEBUGBUILD */
-        bytestorecv = psnd->allocated_size;
-      }
-
-      DEBUGASSERT(psnd->bindsock == sockfd);
-      recvedbytes = sread(sockfd, psnd->buffer + psnd->recv_size,
-                          bytestorecv);
-      if(recvedbytes > 0)
-        psnd->recv_size += recvedbytes;
-    }
-  }
-  return CURLE_OK;
-}
-
-static ssize_t get_pre_recved(struct connectdata *conn, int num, char *buf,
-                              size_t len)
-{
-  struct postponed_data * const psnd = &(conn->postponed[num]);
-  size_t copysize;
-  if(!psnd->buffer)
-    return 0;
-
-  DEBUGASSERT(psnd->allocated_size > 0);
-  DEBUGASSERT(psnd->recv_size <= psnd->allocated_size);
-  DEBUGASSERT(psnd->recv_processed <= psnd->recv_size);
-  /* Check and process data that already received and storied in internal
-     intermediate buffer */
-  if(psnd->recv_size > psnd->recv_processed) {
-    DEBUGASSERT(psnd->bindsock == conn->sock[num]);
-    copysize = CURLMIN(len, psnd->recv_size - psnd->recv_processed);
-    memcpy(buf, psnd->buffer + psnd->recv_processed, copysize);
-    psnd->recv_processed += copysize;
-  }
-  else
-    copysize = 0; /* buffer was allocated, but nothing was received */
-
-  /* Free intermediate buffer if it has no unprocessed data */
-  if(psnd->recv_processed == psnd->recv_size) {
-    free(psnd->buffer);
-    psnd->buffer = NULL;
-    psnd->allocated_size = 0;
-    psnd->recv_size = 0;
-    psnd->recv_processed = 0;
-#ifdef DEBUGBUILD
-    psnd->bindsock = CURL_SOCKET_BAD;
-#endif /* DEBUGBUILD */
-  }
-  return (ssize_t)copysize;
-}
-#else  /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
-/* Use "do-nothing" macros instead of functions when workaround not used */
-bool Curl_recv_has_postponed_data(struct connectdata *conn, int sockindex)
-{
-  (void)conn;
-  (void)sockindex;
-  return false;
-}
-#define pre_receive_plain(d,c,n) CURLE_OK
-#define get_pre_recved(c,n,b,l) 0
-#endif /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
-
-/* Curl_infof() is for info message along the way */
-#define MAXINFO 2048
-
-void Curl_infof(struct Curl_easy *data, const char *fmt, ...)
-{
-  DEBUGASSERT(!strchr(fmt, '\n'));
-  if(data && data->set.verbose) {
-    va_list ap;
-    int len;
-    char buffer[MAXINFO + 2];
-    va_start(ap, fmt);
-    len = mvsnprintf(buffer, MAXINFO, fmt, ap);
-    va_end(ap);
-    buffer[len++] = '\n';
-    buffer[len] = '\0';
-    Curl_debug(data, CURLINFO_TEXT, buffer, len);
-  }
-}
-
-/* Curl_failf() is for messages stating why we failed.
- * The message SHALL NOT include any LF or CR.
- */
-
-void Curl_failf(struct Curl_easy *data, const char *fmt, ...)
-{
-  DEBUGASSERT(!strchr(fmt, '\n'));
-  if(data->set.verbose || data->set.errorbuffer) {
-    va_list ap;
-    int len;
-    char error[CURL_ERROR_SIZE + 2];
-    va_start(ap, fmt);
-    len = mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap);
-
-    if(data->set.errorbuffer && !data->state.errorbuf) {
-      strcpy(data->set.errorbuffer, error);
-      data->state.errorbuf = TRUE; /* wrote error string */
-    }
-    error[len++] = '\n';
-    error[len] = '\0';
-    Curl_debug(data, CURLINFO_TEXT, error, len);
-    va_end(ap);
-  }
-}
-
 /*
  * Curl_write() is an internal write function that sends data to the
  * server. Works with plain sockets, SCP, SSL or kerberos.
@@ -301,7 +158,7 @@ CURLcode Curl_write(struct Curl_easy *data,
   DEBUGASSERT(data);
   DEBUGASSERT(data->conn);
   conn = data->conn;
-  num = (sockfd == conn->sock[SECONDARYSOCKET]);
+  num = (sockfd != CURL_SOCKET_BAD && sockfd == conn->sock[SECONDARYSOCKET]);
 
 #ifdef CURLDEBUG
   {
@@ -338,153 +195,6 @@ CURLcode Curl_write(struct Curl_easy *data,
   }
 }
 
-/* Curl_send_plain sends raw data without a size restriction on 'len'. */
-ssize_t Curl_send_plain(struct Curl_easy *data, int num,
-                        const void *mem, size_t len, CURLcode *code)
-{
-  struct connectdata *conn;
-  curl_socket_t sockfd;
-  ssize_t bytes_written;
-
-  DEBUGASSERT(data);
-  DEBUGASSERT(data->conn);
-  conn = data->conn;
-  sockfd = conn->sock[num];
-  /* WinSock will destroy unread received data if send() is
-     failed.
-     To avoid lossage of received data, recv() must be
-     performed before every send() if any incoming data is
-     available. */
-  if(pre_receive_plain(data, conn, num)) {
-    *code = CURLE_OUT_OF_MEMORY;
-    return -1;
-  }
-
-#if defined(MSG_FASTOPEN) && !defined(TCP_FASTOPEN_CONNECT) /* Linux */
-  if(conn->bits.tcp_fastopen) {
-    bytes_written = sendto(sockfd, mem, len, MSG_FASTOPEN,
-                           conn->ip_addr->ai_addr, conn->ip_addr->ai_addrlen);
-    conn->bits.tcp_fastopen = FALSE;
-  }
-  else
-#endif
-    bytes_written = swrite(sockfd, mem, len);
-
-  *code = CURLE_OK;
-  if(-1 == bytes_written) {
-    int err = SOCKERRNO;
-
-    if(
-#ifdef WSAEWOULDBLOCK
-      /* This is how Windows does it */
-      (WSAEWOULDBLOCK == err)
-#else
-      /* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned
-         due to its inability to send off data without blocking. We therefore
-         treat both error codes the same here */
-      (EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err) ||
-      (EINPROGRESS == err)
-#endif
-      ) {
-      /* this is just a case of EWOULDBLOCK */
-      *code = CURLE_AGAIN;
-    }
-    else {
-      char buffer[STRERROR_LEN];
-      failf(data, "Send failure: %s",
-            Curl_strerror(err, buffer, sizeof(buffer)));
-      data->state.os_errno = err;
-      *code = CURLE_SEND_ERROR;
-    }
-  }
-  return bytes_written;
-}
-
-/*
- * Curl_write_plain() is an internal write function that sends data to the
- * server using plain sockets only. Otherwise meant to have the exact same
- * proto as Curl_write().
- *
- * This function wraps Curl_send_plain(). The only difference besides the
- * prototype is '*written' (bytes written) is set to 0 on error.
- * 'sockfd' must be one of the connection's two main sockets and the value of
- * 'len' must not be changed.
- */
-CURLcode Curl_write_plain(struct Curl_easy *data,
-                          curl_socket_t sockfd,
-                          const void *mem,
-                          size_t len,
-                          ssize_t *written)
-{
-  CURLcode result;
-  struct connectdata *conn = data->conn;
-  int num;
-  DEBUGASSERT(conn);
-  DEBUGASSERT(sockfd == conn->sock[FIRSTSOCKET] ||
-              sockfd == conn->sock[SECONDARYSOCKET]);
-  if(sockfd != conn->sock[FIRSTSOCKET] &&
-     sockfd != conn->sock[SECONDARYSOCKET])
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  num = (sockfd == conn->sock[SECONDARYSOCKET]);
-
-  *written = Curl_send_plain(data, num, mem, len, &result);
-  if(*written == -1)
-    *written = 0;
-
-  return result;
-}
-
-/* Curl_recv_plain receives raw data without a size restriction on 'len'. */
-ssize_t Curl_recv_plain(struct Curl_easy *data, int num, char *buf,
-                        size_t len, CURLcode *code)
-{
-  struct connectdata *conn;
-  curl_socket_t sockfd;
-  ssize_t nread;
-  DEBUGASSERT(data);
-  DEBUGASSERT(data->conn);
-  conn = data->conn;
-  sockfd = conn->sock[num];
-  /* Check and return data that already received and storied in internal
-     intermediate buffer */
-  nread = get_pre_recved(conn, num, buf, len);
-  if(nread > 0) {
-    *code = CURLE_OK;
-    return nread;
-  }
-
-  nread = sread(sockfd, buf, len);
-
-  *code = CURLE_OK;
-  if(-1 == nread) {
-    int err = SOCKERRNO;
-
-    if(
-#ifdef WSAEWOULDBLOCK
-      /* This is how Windows does it */
-      (WSAEWOULDBLOCK == err)
-#else
-      /* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned
-         due to its inability to send off data without blocking. We therefore
-         treat both error codes the same here */
-      (EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err)
-#endif
-      ) {
-      /* this is just a case of EWOULDBLOCK */
-      *code = CURLE_AGAIN;
-    }
-    else {
-      char buffer[STRERROR_LEN];
-      failf(data, "Recv failure: %s",
-            Curl_strerror(err, buffer, sizeof(buffer)));
-      data->state.os_errno = err;
-      *code = CURLE_RECV_ERROR;
-    }
-  }
-  return nread;
-}
-
 static CURLcode pausewrite(struct Curl_easy *data,
                            int type, /* what type of data */
                            const char *ptr,
@@ -498,8 +208,7 @@ static CURLcode pausewrite(struct Curl_easy *data,
   unsigned int i;
   bool newtype = TRUE;
 
-  /* If this transfers over HTTP/2, pause the stream! */
-  Curl_http2_stream_pause(data, TRUE);
+  Curl_conn_ev_data_pause(data, TRUE);
 
   if(s->tempcount) {
     for(i = 0; i< s->tempcount; i++) {
@@ -678,41 +387,6 @@ CURLcode Curl_client_write(struct Curl_easy *data,
 }
 
 /*
- * Curl_read_plain() is an internal read function that reads data from the
- * server using plain sockets only. Otherwise meant to have the exact same
- * proto as Curl_read().
- *
- * This function wraps Curl_recv_plain(). The only difference besides the
- * prototype is '*n' (bytes read) is set to 0 on error.
- * 'sockfd' must be one of the connection's two main sockets and the value of
- * 'sizerequested' must not be changed.
- */
-CURLcode Curl_read_plain(struct Curl_easy *data,   /* transfer */
-                         curl_socket_t sockfd,     /* read from this socket */
-                         char *buf,                /* store read data here */
-                         size_t sizerequested,     /* max amount to read */
-                         ssize_t *n)               /* amount bytes read */
-{
-  CURLcode result;
-  struct connectdata *conn = data->conn;
-  int num;
-  DEBUGASSERT(conn);
-  DEBUGASSERT(sockfd == conn->sock[FIRSTSOCKET] ||
-              sockfd == conn->sock[SECONDARYSOCKET]);
-  if(sockfd != conn->sock[FIRSTSOCKET] &&
-     sockfd != conn->sock[SECONDARYSOCKET])
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-
-  num = (sockfd == conn->sock[SECONDARYSOCKET]);
-
-  *n = Curl_recv_plain(data, num, buf, sizerequested, &result);
-  if(*n == -1)
-    *n = 0;
-
-  return result;
-}
-
-/*
  * Internal read-from-socket function. This is meant to deal with plain
  * sockets, SSL sockets and kerberos sockets.
  *
@@ -752,30 +426,3 @@ out:
   return result;
 }
 
-/* return 0 on success */
-void Curl_debug(struct Curl_easy *data, curl_infotype type,
-                char *ptr, size_t size)
-{
-  if(data->set.verbose) {
-    static const char s_infotype[CURLINFO_END][3] = {
-      "* ", "< ", "> ", "{ ", "} ", "{ ", "} " };
-    if(data->set.fdebug) {
-      bool inCallback = Curl_is_in_callback(data);
-      Curl_set_in_callback(data, true);
-      (void)(*data->set.fdebug)(data, type, ptr, size, data->set.debugdata);
-      Curl_set_in_callback(data, inCallback);
-    }
-    else {
-      switch(type) {
-      case CURLINFO_TEXT:
-      case CURLINFO_HEADER_OUT:
-      case CURLINFO_HEADER_IN:
-        fwrite(s_infotype[type], 2, 1, data->set.err);
-        fwrite(ptr, size, 1, data->set.err);
-        break;
-      default: /* nada */
-        break;
-      }
-    }
-  }
-}
diff --git a/lib/sendf.h b/lib/sendf.h
index 8af5c4608..d0c927570 100644
--- a/lib/sendf.h
+++ b/lib/sendf.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,26 +26,8 @@
 
 #include "curl_setup.h"
 
-void Curl_infof(struct Curl_easy *, const char *fmt, ...);
-void Curl_failf(struct Curl_easy *, const char *fmt, ...);
+#include "curl_log.h"
 
-#if defined(CURL_DISABLE_VERBOSE_STRINGS)
-
-#if defined(HAVE_VARIADIC_MACROS_C99)
-#define infof(...)  Curl_nop_stmt
-#elif defined(HAVE_VARIADIC_MACROS_GCC)
-#define infof(x...)  Curl_nop_stmt
-#else
-#error "missing VARIADIC macro define, fix and rebuild!"
-#endif
-
-#else /* CURL_DISABLE_VERBOSE_STRINGS */
-
-#define infof Curl_infof
-
-#endif /* CURL_DISABLE_VERBOSE_STRINGS */
-
-#define failf Curl_failf
 
 #define CLIENTWRITE_BODY    (1<<0)
 #define CLIENTWRITE_HEADER  (1<<1)
@@ -58,20 +40,6 @@ void Curl_failf(struct Curl_easy *, const char *fmt, ...);
 CURLcode Curl_client_write(struct Curl_easy *data, int type, char *ptr,
                            size_t len) WARN_UNUSED_RESULT;
 
-bool Curl_recv_has_postponed_data(struct connectdata *conn, int sockindex);
-
-/* internal read-function, does plain socket only */
-CURLcode Curl_read_plain(struct Curl_easy *data,
-                         curl_socket_t sockfd,
-                         char *buf,
-                         size_t sizerequested,
-                         ssize_t *n);
-
-ssize_t Curl_recv_plain(struct Curl_easy *data, int num, char *buf,
-                        size_t len, CURLcode *code);
-ssize_t Curl_send_plain(struct Curl_easy *data, int num,
-                        const void *mem, size_t len, CURLcode *code);
-
 /* internal read-function, does plain socket, SSL and krb4 */
 CURLcode Curl_read(struct Curl_easy *data, curl_socket_t sockfd,
                    char *buf, size_t buffersize,
@@ -83,15 +51,4 @@ CURLcode Curl_write(struct Curl_easy *data,
                     const void *mem, size_t len,
                     ssize_t *written);
 
-/* internal write-function, does plain sockets ONLY */
-CURLcode Curl_write_plain(struct Curl_easy *data,
-                          curl_socket_t sockfd,
-                          const void *mem, size_t len,
-                          ssize_t *written);
-
-/* the function used to output verbose information */
-void Curl_debug(struct Curl_easy *data, curl_infotype type,
-                char *ptr, size_t size);
-
-
 #endif /* HEADER_CURL_SENDF_H */
diff --git a/lib/setopt.c b/lib/setopt.c
index b77e95b4e..6bb88791c 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -174,7 +174,7 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val)
 
       *val |= h->protocol;
     }
-  } while(str++);
+  } while(str && str++);
 
   if(!*val)
     /* no protocol listed */
@@ -463,8 +463,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
          version_max >= CURL_SSLVERSION_MAX_LAST)
         return CURLE_BAD_FUNCTION_ARGUMENT;
 
-      primary->version = version;
-      primary->version_max = version_max;
+      primary->version = (unsigned char)version;
+      primary->version_max = (unsigned int)version_max;
     }
 #else
     result = CURLE_NOT_BUILT_IN;
@@ -732,13 +732,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     data->set.sep_headers = (bool)((arg & CURLHEADER_SEPARATE)? TRUE: FALSE);
     break;
 
-  case CURLOPT_HTTP200ALIASES:
-    /*
-     * Set a list of aliases for HTTP 200 in response header
-     */
-    data->set.http200aliases = va_arg(param, struct curl_slist *);
-    break;
-
 #if !defined(CURL_DISABLE_COOKIES)
   case CURLOPT_COOKIE:
     /*
@@ -760,18 +753,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
         return CURLE_BAD_FUNCTION_ARGUMENT;
       /* append the cookie file name to the list of file names, and deal with
          them later */
-      cl = curl_slist_append(data->state.cookielist, argptr);
+      cl = curl_slist_append(data->set.cookielist, argptr);
       if(!cl) {
-        curl_slist_free_all(data->state.cookielist);
-        data->state.cookielist = NULL;
+        curl_slist_free_all(data->set.cookielist);
+        data->set.cookielist = NULL;
         return CURLE_OUT_OF_MEMORY;
       }
-      data->state.cookielist = cl; /* store the list for later use */
+      data->set.cookielist = cl; /* store the list for later use */
     }
     else {
       /* clear the list of cookie files */
-      curl_slist_free_all(data->state.cookielist);
-      data->state.cookielist = NULL;
+      curl_slist_free_all(data->set.cookielist);
+      data->set.cookielist = NULL;
 
       if(!data->share || !data->share->cookies) {
         /* throw away all existing cookies if this isn't a shared cookie
@@ -902,22 +895,38 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
      * the listed enums in curl/curl.h.
      */
     arg = va_arg(param, long);
-    if(arg < CURL_HTTP_VERSION_NONE)
-      return CURLE_BAD_FUNCTION_ARGUMENT;
+    switch(arg) {
+    case CURL_HTTP_VERSION_NONE:
+#ifdef USE_HTTP2
+      /* TODO: this seems an undesirable quirk to force a behaviour on
+       * lower implementations that they should recognize independently? */
+      arg = CURL_HTTP_VERSION_2TLS;
+#endif
+      /* accepted */
+      break;
+    case CURL_HTTP_VERSION_1_0:
+    case CURL_HTTP_VERSION_1_1:
+      /* accepted */
+      break;
+#ifdef USE_HTTP2
+    case CURL_HTTP_VERSION_2_0:
+    case CURL_HTTP_VERSION_2TLS:
+    case CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE:
+      /* accepted */
+      break;
+#endif
 #ifdef ENABLE_QUIC
-    if(arg == CURL_HTTP_VERSION_3)
-      ;
-    else
+    case CURL_HTTP_VERSION_3:
+    case CURL_HTTP_VERSION_3ONLY:
+      /* accepted */
+      break;
 #endif
-#ifndef USE_HTTP2
-    if(arg >= CURL_HTTP_VERSION_2)
-      return CURLE_UNSUPPORTED_PROTOCOL;
-#else
-    if(arg >= CURL_HTTP_VERSION_LAST)
+    default:
+      /* not accepted */
+      if(arg < CURL_HTTP_VERSION_NONE)
+        return CURLE_BAD_FUNCTION_ARGUMENT;
       return CURLE_UNSUPPORTED_PROTOCOL;
-    if(arg == CURL_HTTP_VERSION_NONE)
-      arg = CURL_HTTP_VERSION_2TLS;
-#endif
+    }
     data->set.httpwant = (unsigned char)arg;
     break;
 
@@ -944,6 +953,13 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     data->set.http09_allowed = arg ? TRUE : FALSE;
 #endif
     break;
+
+  case CURLOPT_HTTP200ALIASES:
+    /*
+     * Set a list of aliases for HTTP 200 in response header
+     */
+    data->set.http200aliases = va_arg(param, struct curl_slist *);
+    break;
 #endif   /* CURL_DISABLE_HTTP */
 
 #if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) ||       \
@@ -1309,6 +1325,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     data->set.krb = (data->set.str[STRING_KRB_LEVEL]) ? TRUE : FALSE;
     break;
 #endif
+#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
   case CURLOPT_FTP_CREATE_MISSING_DIRS:
     /*
      * An FTP/SFTP option that modifies an upload to create missing
@@ -1322,6 +1339,26 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     else
       data->set.ftp_create_missing_dirs = (unsigned char)arg;
     break;
+
+  case CURLOPT_POSTQUOTE:
+    /*
+     * List of RAW FTP commands to use after a transfer
+     */
+    data->set.postquote = va_arg(param, struct curl_slist *);
+    break;
+  case CURLOPT_PREQUOTE:
+    /*
+     * List of RAW FTP commands to use prior to RETR (Wesley Laxton)
+     */
+    data->set.prequote = va_arg(param, struct curl_slist *);
+    break;
+  case CURLOPT_QUOTE:
+    /*
+     * List of RAW FTP commands to use before a transfer
+     */
+    data->set.quote = va_arg(param, struct curl_slist *);
+    break;
+#endif
   case CURLOPT_READDATA:
     /*
      * FILE pointer to read the file to be uploaded from. Or possibly
@@ -1431,7 +1468,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
 
   case CURLOPT_TIMEOUT_MS:
     uarg = va_arg(param, unsigned long);
-    if(uarg >= UINT_MAX)
+    if(uarg > UINT_MAX)
       uarg = UINT_MAX;
     data->set.timeout = (unsigned int)uarg;
     break;
@@ -1449,7 +1486,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
 
   case CURLOPT_CONNECTTIMEOUT_MS:
     uarg = va_arg(param, unsigned long);
-    if(uarg >= UINT_MAX)
+    if(uarg > UINT_MAX)
       uarg = UINT_MAX;
     data->set.connecttimeout = (unsigned int)uarg;
     break;
@@ -1460,7 +1497,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
      * The maximum time for curl to wait for FTP server connect
      */
     uarg = va_arg(param, unsigned long);
-    if(uarg >= UINT_MAX)
+    if(uarg > UINT_MAX)
       uarg = UINT_MAX;
     data->set.accepttimeout = (unsigned int)uarg;
     break;
@@ -1506,24 +1543,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
                             va_arg(param, char *));
     break;
 
-  case CURLOPT_POSTQUOTE:
-    /*
-     * List of RAW FTP commands to use after a transfer
-     */
-    data->set.postquote = va_arg(param, struct curl_slist *);
-    break;
-  case CURLOPT_PREQUOTE:
-    /*
-     * List of RAW FTP commands to use prior to RETR (Wesley Laxton)
-     */
-    data->set.prequote = va_arg(param, struct curl_slist *);
-    break;
-  case CURLOPT_QUOTE:
-    /*
-     * List of RAW FTP commands to use before a transfer
-     */
-    data->set.quote = va_arg(param, struct curl_slist *);
-    break;
   case CURLOPT_RESOLVE:
     /*
      * List of HOST:PORT:[addresses] strings to populate the DNS cache with
@@ -1871,16 +1890,15 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     arg = va_arg(param, long);
     if((arg < 0) || (arg > 65535))
       return CURLE_BAD_FUNCTION_ARGUMENT;
-    data->set.localportrange = curlx_sltosi(arg);
+    data->set.localportrange = curlx_sltous(arg);
     break;
   case CURLOPT_GSSAPI_DELEGATION:
     /*
      * GSS-API credential delegation bitmask
      */
-    arg = va_arg(param, long);
-    if(arg < CURLGSSAPI_DELEGATION_NONE)
-      return CURLE_BAD_FUNCTION_ARGUMENT;
-    data->set.gssapi_delegation = arg;
+    uarg = va_arg(param, unsigned long);
+    data->set.gssapi_delegation = (unsigned char)uarg&
+      (CURLGSSAPI_DELEGATION_POLICY_FLAG|CURLGSSAPI_DELEGATION_FLAG);
     break;
   case CURLOPT_SSL_VERIFYPEER:
     /*
@@ -2260,9 +2278,14 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
         data->cookies = NULL;
 #endif
 
+#ifndef CURL_DISABLE_HSTS
+      if(data->share->hsts == data->hsts)
+        data->hsts = NULL;
+#endif
+#ifdef USE_SSL
       if(data->share->sslsession == data->state.session)
         data->state.session = NULL;
-
+#endif
 #ifdef USE_LIBPSL
       if(data->psl == &data->share->psl)
         data->psl = data->multi? &data->multi->psl: NULL;
@@ -2296,10 +2319,19 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
         data->cookies = data->share->cookies;
       }
 #endif   /* CURL_DISABLE_HTTP */
+#ifndef CURL_DISABLE_HSTS
+      if(data->share->hsts) {
+        /* first free the private one if any */
+        Curl_hsts_cleanup(&data->hsts);
+        data->hsts = data->share->hsts;
+      }
+#endif   /* CURL_DISABLE_HTTP */
+#ifdef USE_SSL
       if(data->share->sslsession) {
         data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions;
         data->state.session = data->share->sslsession;
       }
+#endif
 #ifdef USE_LIBPSL
       if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL))
         data->psl = &data->share->psl;
@@ -2337,7 +2369,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     arg = va_arg(param, long);
     if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST))
       return CURLE_BAD_FUNCTION_ARGUMENT;
-    data->set.use_ssl = (curl_usessl)arg;
+    data->set.use_ssl = (unsigned char)arg;
     break;
 
   case CURLOPT_SSL_OPTIONS:
@@ -2515,6 +2547,14 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
                             va_arg(param, char *));
     break;
 
+  case CURLOPT_SSH_KNOWNHOSTS:
+    /*
+     * Store the file name to read known hosts from.
+     */
+    result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS],
+                            va_arg(param, char *));
+    break;
+#ifdef USE_LIBSSH2
   case CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256:
     /*
      * Option to allow for the SHA256 of the host public key to be checked
@@ -2524,14 +2564,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
                             va_arg(param, char *));
     break;
 
-  case CURLOPT_SSH_KNOWNHOSTS:
-    /*
-     * Store the file name to read known hosts from.
-     */
-    result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS],
-                            va_arg(param, char *));
-    break;
-#ifdef USE_LIBSSH2
   case CURLOPT_SSH_HOSTKEYFUNCTION:
     /* the callback to check the hostkey without the knownhost file */
     data->set.ssh_hostkeyfunc = va_arg(param, curl_sshhostkeycallback);
@@ -2544,6 +2576,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     data->set.ssh_hostkeyfunc_userp = va_arg(param, void *);
     break;
 #endif
+
   case CURLOPT_SSH_KEYFUNCTION:
     /* setting to NULL is fine since the ssh.c functions themselves will
        then revert to use the internal default */
@@ -2590,7 +2623,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
       return CURLE_BAD_FUNCTION_ARGUMENT;
     data->set.new_file_perms = (unsigned int)arg;
     break;
-
+#endif
+#ifdef USE_SSH
   case CURLOPT_NEW_DIRECTORY_PERMS:
     /*
      * Uses these permissions instead of 0755
@@ -2815,7 +2849,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     data->set.fnmatch = va_arg(param, curl_fnmatch_callback);
     break;
   case CURLOPT_CHUNK_DATA:
-    data->wildcard.customptr = va_arg(param, void *);
+    data->set.wildcardptr = va_arg(param, void *);
     break;
   case CURLOPT_FNMATCH_DATA:
     data->set.fnmatch_data = va_arg(param, void *);
@@ -2825,52 +2859,33 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
   case CURLOPT_TLSAUTH_USERNAME:
     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
                             va_arg(param, char *));
-    if(data->set.str[STRING_TLSAUTH_USERNAME] &&
-       !data->set.ssl.primary.authtype)
-      data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
     break;
 #ifndef CURL_DISABLE_PROXY
   case CURLOPT_PROXY_TLSAUTH_USERNAME:
     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
                             va_arg(param, char *));
-    if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
-       !data->set.proxy_ssl.primary.authtype)
-      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to
-                                                                  SRP */
     break;
 #endif
   case CURLOPT_TLSAUTH_PASSWORD:
     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
                             va_arg(param, char *));
-    if(data->set.str[STRING_TLSAUTH_USERNAME] &&
-       !data->set.ssl.primary.authtype)
-      data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
     break;
 #ifndef CURL_DISABLE_PROXY
   case CURLOPT_PROXY_TLSAUTH_PASSWORD:
     result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
                             va_arg(param, char *));
-    if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
-       !data->set.proxy_ssl.primary.authtype)
-      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */
     break;
 #endif
   case CURLOPT_TLSAUTH_TYPE:
     argptr = va_arg(param, char *);
-    if(!argptr ||
-       strncasecompare(argptr, "SRP", strlen("SRP")))
-      data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP;
-    else
-      data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE;
+    if(argptr && !strncasecompare(argptr, "SRP", strlen("SRP")))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
     break;
 #ifndef CURL_DISABLE_PROXY
   case CURLOPT_PROXY_TLSAUTH_TYPE:
     argptr = va_arg(param, char *);
-    if(!argptr ||
-       strncasecompare(argptr, "SRP", strlen("SRP")))
-      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP;
-    else
-      data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE;
+    if(argptr || !strncasecompare(argptr, "SRP", strlen("SRP")))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
     break;
 #endif
 #endif
@@ -2956,29 +2971,23 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     data->set.pipewait = (0 != va_arg(param, long)) ? TRUE : FALSE;
     break;
   case CURLOPT_STREAM_WEIGHT:
-#ifndef USE_NGHTTP2
-    return CURLE_NOT_BUILT_IN;
-#else
+#if defined(USE_HTTP2) || defined(USE_HTTP3)
     arg = va_arg(param, long);
     if((arg >= 1) && (arg <= 256))
-      data->set.stream_weight = (int)arg;
+      data->set.priority.weight = (int)arg;
     break;
+#else
+    return CURLE_NOT_BUILT_IN;
 #endif
   case CURLOPT_STREAM_DEPENDS:
   case CURLOPT_STREAM_DEPENDS_E:
   {
-#ifndef USE_NGHTTP2
-    return CURLE_NOT_BUILT_IN;
-#else
     struct Curl_easy *dep = va_arg(param, struct Curl_easy *);
     if(!dep || GOOD_EASY_HANDLE(dep)) {
-      if(data->set.stream_depends_on) {
-        Curl_http2_remove_child(data->set.stream_depends_on, data);
-      }
-      Curl_http2_add_child(dep, data, (option == CURLOPT_STREAM_DEPENDS_E));
+      return Curl_data_priority_add_child(dep, data,
+                                          option == CURLOPT_STREAM_DEPENDS_E);
     }
     break;
-#endif
   }
   case CURLOPT_CONNECT_TO:
     data->set.connect_to = va_arg(param, struct curl_slist *);
@@ -2988,7 +2997,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     break;
   case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS:
     uarg = va_arg(param, unsigned long);
-    if(uarg >= UINT_MAX)
+    if(uarg > UINT_MAX)
       uarg = UINT_MAX;
     data->set.happy_eyeballs_timeout = (unsigned int)uarg;
     break;
@@ -3049,19 +3058,39 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
   case CURLOPT_HSTSWRITEDATA:
     data->set.hsts_write_userp = va_arg(param, void *);
     break;
-  case CURLOPT_HSTS:
+  case CURLOPT_HSTS: {
+    struct curl_slist *h;
     if(!data->hsts) {
       data->hsts = Curl_hsts_init();
       if(!data->hsts)
         return CURLE_OUT_OF_MEMORY;
     }
     argptr = va_arg(param, char *);
-    result = Curl_setstropt(&data->set.str[STRING_HSTS], argptr);
-    if(result)
-      return result;
-    if(argptr)
-      (void)Curl_hsts_loadfile(data, data->hsts, argptr);
+    if(argptr) {
+      result = Curl_setstropt(&data->set.str[STRING_HSTS], argptr);
+      if(result)
+        return result;
+      /* this needs to build a list of file names to read from, so that it can
+         read them later, as we might get a shared HSTS handle to load them
+         into */
+      h = curl_slist_append(data->set.hstslist, argptr);
+      if(!h) {
+        curl_slist_free_all(data->set.hstslist);
+        data->set.hstslist = NULL;
+        return CURLE_OUT_OF_MEMORY;
+      }
+      data->set.hstslist = h; /* store the list for later use */
+    }
+    else {
+      /* clear the list of HSTS files */
+      curl_slist_free_all(data->set.hstslist);
+      data->set.hstslist = NULL;
+      if(!data->share || !data->share->hsts)
+        /* throw away the HSTS cache unless shared */
+        Curl_hsts_cleanup(&data->hsts);
+    }
     break;
+  }
   case CURLOPT_HSTS_CTRL:
     arg = va_arg(param, long);
     if(arg & CURLHSTS_ENABLE) {
diff --git a/lib/setopt.h b/lib/setopt.h
index ffc77a71d..3c14a05e3 100644
--- a/lib/setopt.h
+++ b/lib/setopt.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/setup-os400.h b/lib/setup-os400.h
index 785439786..759583466 100644
--- a/lib/setup-os400.h
+++ b/lib/setup-os400.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -205,7 +205,7 @@ extern OM_uint32 Curl_gss_delete_sec_context_a(OM_uint32 * minor_status,
 extern int Curl_os400_connect(int sd, struct sockaddr *destaddr, int addrlen);
 extern int Curl_os400_bind(int sd, struct sockaddr *localaddr, int addrlen);
 extern int Curl_os400_sendto(int sd, char *buffer, int buflen, int flags,
-                             struct sockaddr *dstaddr, int addrlen);
+                             const struct sockaddr *dstaddr, int addrlen);
 extern int Curl_os400_recvfrom(int sd, char *buffer, int buflen, int flags,
                                struct sockaddr *fromaddr, int *addrlen);
 extern int Curl_os400_getpeername(int sd, struct sockaddr *addr, int *addrlen);
diff --git a/lib/setup-vms.h b/lib/setup-vms.h
index b570683d7..46657b2cd 100644
--- a/lib/setup-vms.h
+++ b/lib/setup-vms.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/setup-win32.h b/lib/setup-win32.h
index bc5f8efc3..13948389a 100644
--- a/lib/setup-win32.h
+++ b/lib/setup-win32.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/sha256.c b/lib/sha256.c
index c96a9fc61..fdfd631ef 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com>
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Florin Petriuc, <petriuc.florin@gmail.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/share.c b/lib/share.c
index 1a083e72a..c0a8d806f 100644
--- a/lib/share.c
+++ b/lib/share.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -29,9 +29,11 @@
 #include "share.h"
 #include "psl.h"
 #include "vtls/vtls.h"
-#include "curl_memory.h"
+#include "hsts.h"
 
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
 #include "memdebug.h"
 
 struct Curl_share *
@@ -89,6 +91,18 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...)
 #endif
       break;
 
+    case CURL_LOCK_DATA_HSTS:
+#ifndef CURL_DISABLE_HSTS
+      if(!share->hsts) {
+        share->hsts = Curl_hsts_init();
+        if(!share->hsts)
+          res = CURLSHE_NOMEM;
+      }
+#else   /* CURL_DISABLE_HSTS */
+      res = CURLSHE_NOT_BUILT_IN;
+#endif
+      break;
+
     case CURL_LOCK_DATA_SSL_SESSION:
 #ifdef USE_SSL
       if(!share->sslsession) {
@@ -141,6 +155,16 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...)
 #endif
       break;
 
+    case CURL_LOCK_DATA_HSTS:
+#ifndef CURL_DISABLE_HSTS
+      if(share->hsts) {
+        Curl_hsts_cleanup(&share->hsts);
+      }
+#else   /* CURL_DISABLE_HSTS */
+      res = CURLSHE_NOT_BUILT_IN;
+#endif
+      break;
+
     case CURL_LOCK_DATA_SSL_SESSION:
 #ifdef USE_SSL
       Curl_safefree(share->sslsession);
@@ -207,6 +231,10 @@ curl_share_cleanup(struct Curl_share *share)
   Curl_cookie_cleanup(share->cookies);
 #endif
 
+#ifndef CURL_DISABLE_HSTS
+  Curl_hsts_cleanup(&share->hsts);
+#endif
+
 #ifdef USE_SSL
   if(share->sslsession) {
     size_t i;
diff --git a/lib/share.h b/lib/share.h
index 32be41691..7f55aac85 100644
--- a/lib/share.h
+++ b/lib/share.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -59,10 +59,14 @@ struct Curl_share {
 #ifdef USE_LIBPSL
   struct PslCache psl;
 #endif
-
+#ifndef CURL_DISABLE_HSTS
+  struct hsts *hsts;
+#endif
+#ifdef USE_SSL
   struct Curl_ssl_session *sslsession;
   size_t max_ssl_sessions;
   long sessionage;
+#endif
 };
 
 CURLSHcode Curl_share_lock(struct Curl_easy *, curl_lock_data,
diff --git a/lib/sigpipe.h b/lib/sigpipe.h
index d12b31764..48761ad0f 100644
--- a/lib/sigpipe.h
+++ b/lib/sigpipe.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -50,7 +50,6 @@ static void sigpipe_ignore(struct Curl_easy *data,
   if(!data->set.no_signal) {
     struct sigaction action;
     /* first, extract the existing situation */
-    memset(&ig->old_pipe_act, 0, sizeof(struct sigaction));
     sigaction(SIGPIPE, NULL, &ig->old_pipe_act);
     action = ig->old_pipe_act;
     /* ignore this signal */
diff --git a/lib/slist.c b/lib/slist.c
index 6c80722c7..366b24760 100644
--- a/lib/slist.c
+++ b/lib/slist.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/slist.h b/lib/slist.h
index 4e5834c90..9561fd022 100644
--- a/lib/slist.h
+++ b/lib/slist.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/smb.c b/lib/smb.c
index 48d5a2fe0..076200472 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -25,8 +25,7 @@
 
 #include "curl_setup.h"
 
-#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) &&  \
-  (SIZEOF_CURL_OFF_T > 4)
+#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE)
 
 #define BUILDING_CURL_SMB_C
 
@@ -763,6 +762,11 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
   void *msg = NULL;
   const struct smb_nt_create_response *smb_m;
 
+  if(data->set.upload && (data->state.infilesize < 0)) {
+    failf(data, "SMB upload needs to know the size up front");
+    return CURLE_SEND_ERROR;
+  }
+
   /* Start the request */
   if(req->state == SMB_REQUESTING) {
     result = smb_send_tree_connect(data);
@@ -993,6 +997,7 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data,
   /* The share must be present */
   if(!slash) {
     Curl_safefree(smbc->share);
+    failf(data, "missing share in URL path for SMB");
     return CURLE_URL_MALFORMAT;
   }
 
diff --git a/lib/smb.h b/lib/smb.h
index 919f3ac14..c35f3e970 100644
--- a/lib/smb.h
+++ b/lib/smb.h
@@ -7,8 +7,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/smtp.c b/lib/smtp.c
index 6d0783f45..7a030308d 100644
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -398,15 +398,17 @@ static CURLcode smtp_perform_upgrade_tls(struct Curl_easy *data)
   struct connectdata *conn = data->conn;
   struct smtp_conn *smtpc = &conn->proto.smtpc;
   CURLcode result;
+  bool ssldone = FALSE;
 
-  if(!Curl_conn_is_ssl(data, FIRSTSOCKET)) {
+  if(!Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
     result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
     if(result)
       goto out;
   }
 
-  result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &smtpc->ssldone);
+  result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
   if(!result) {
+    smtpc->ssldone = ssldone;
     if(smtpc->state != SMTP_UPGRADETLS)
       state(data, SMTP_UPGRADETLS);
 
@@ -891,7 +893,7 @@ static CURLcode smtp_state_ehlo_resp(struct Curl_easy *data,
 
   if(smtpcode/100 != 2 && smtpcode != 1) {
     if(data->set.use_ssl <= CURLUSESSL_TRY
-       || Curl_conn_is_ssl(data, FIRSTSOCKET))
+       || Curl_conn_is_ssl(conn, FIRSTSOCKET))
       result = smtp_perform_helo(data, conn);
     else {
       failf(data, "Remote access denied: %d", smtpcode);
@@ -956,7 +958,7 @@ static CURLcode smtp_state_ehlo_resp(struct Curl_easy *data,
     }
 
     if(smtpcode != 1) {
-      if(data->set.use_ssl && !Curl_conn_is_ssl(data, FIRSTSOCKET)) {
+      if(data->set.use_ssl && !Curl_conn_is_ssl(conn, FIRSTSOCKET)) {
         /* We don't have a SSL/TLS connection yet, but SSL is requested */
         if(smtpc->tls_supported)
           /* Switch to TLS connection now */
@@ -1288,7 +1290,9 @@ static CURLcode smtp_multi_statemach(struct Curl_easy *data, bool *done)
   struct smtp_conn *smtpc = &conn->proto.smtpc;
 
   if((conn->handler->flags & PROTOPT_SSL) && !smtpc->ssldone) {
-    result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &smtpc->ssldone);
+    bool ssldone = FALSE;
+    result = Curl_conn_connect(data, FIRSTSOCKET, FALSE, &ssldone);
+    smtpc->ssldone = ssldone;
     if(result || !smtpc->ssldone)
       return result;
   }
diff --git a/lib/smtp.h b/lib/smtp.h
index 24c5589e4..7a04c2154 100644
--- a/lib/smtp.h
+++ b/lib/smtp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2009 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -57,28 +57,28 @@ struct SMTP {
   curl_pp_transfer transfer;
   char *custom;            /* Custom Request */
   struct curl_slist *rcpt; /* Recipient list */
-  bool rcpt_had_ok;        /* Whether any of RCPT TO commands (depends on
-                              total number of recipients) succeeded so far */
-  bool trailing_crlf;      /* Specifies if the trailing CRLF is present */
   int rcpt_last_error;     /* The last error received for RCPT TO command */
   size_t eob;              /* Number of bytes of the EOB (End Of Body) that
                               have been received so far */
+  BIT(rcpt_had_ok);        /* Whether any of RCPT TO commands (depends on
+                              total number of recipients) succeeded so far */
+  BIT(trailing_crlf);      /* Specifies if the trailing CRLF is present */
 };
 
 /* smtp_conn is used for struct connection-oriented data in the connectdata
    struct */
 struct smtp_conn {
   struct pingpong pp;
+  struct SASL sasl;        /* SASL-related storage */
   smtpstate state;         /* Always use smtp.c:state() to change state! */
-  bool ssldone;            /* Is connect() over SSL done? */
   char *domain;            /* Client address/name to send in the EHLO */
-  struct SASL sasl;        /* SASL-related storage */
-  bool tls_supported;      /* StartTLS capability supported by server */
-  bool size_supported;     /* If server supports SIZE extension according to
+  BIT(ssldone);            /* Is connect() over SSL done? */
+  BIT(tls_supported);      /* StartTLS capability supported by server */
+  BIT(size_supported);     /* If server supports SIZE extension according to
                               RFC 1870 */
-  bool utf8_supported;     /* If server supports SMTPUTF8 extension according
+  BIT(utf8_supported);     /* If server supports SMTPUTF8 extension according
                               to RFC 6531 */
-  bool auth_supported;     /* AUTH capability supported by server */
+  BIT(auth_supported);     /* AUTH capability supported by server */
 };
 
 extern const struct Curl_handler Curl_handler_smtp;
diff --git a/lib/sockaddr.h b/lib/sockaddr.h
index 77ec833ee..5a6bb207d 100644
--- a/lib/sockaddr.h
+++ b/lib/sockaddr.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/socketpair.c b/lib/socketpair.c
index 0f8798f08..b94c9843e 100644
--- a/lib/socketpair.c
+++ b/lib/socketpair.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -65,7 +65,7 @@ int Curl_socketpair(int domain, int type, int protocol,
   union {
     struct sockaddr_in inaddr;
     struct sockaddr addr;
-  } a, a2;
+  } a;
   curl_socket_t listener;
   curl_socklen_t addrlen = sizeof(a.inaddr);
   int reuse = 1;
@@ -85,9 +85,22 @@ int Curl_socketpair(int domain, int type, int protocol,
 
   socks[0] = socks[1] = CURL_SOCKET_BAD;
 
+#if defined(WIN32) || defined(__CYGWIN__)
+  /* don't set SO_REUSEADDR on Windows */
+  (void)reuse;
+#ifdef SO_EXCLUSIVEADDRUSE
+  {
+    int exclusive = 1;
+    if(setsockopt(listener, SOL_SOCKET, SO_EXCLUSIVEADDRUSE,
+                  (char *)&exclusive, (curl_socklen_t)sizeof(exclusive)) == -1)
+      goto error;
+  }
+#endif
+#else
   if(setsockopt(listener, SOL_SOCKET, SO_REUSEADDR,
                 (char *)&reuse, (curl_socklen_t)sizeof(reuse)) == -1)
     goto error;
+#endif
   if(bind(listener, &a.addr, sizeof(a.inaddr)) == -1)
     goto error;
   if(getsockname(listener, &a.addr, &addrlen) == -1 ||
@@ -107,24 +120,59 @@ int Curl_socketpair(int domain, int type, int protocol,
   pfd[0].fd = listener;
   pfd[0].events = POLLIN;
   pfd[0].revents = 0;
-  (void)Curl_poll(pfd, 1, 10*1000); /* 10 seconds */
+  (void)Curl_poll(pfd, 1, 1000); /* one second */
   socks[1] = accept(listener, NULL, NULL);
   if(socks[1] == CURL_SOCKET_BAD)
     goto error;
+  else {
+    struct curltime check;
+    struct curltime start = Curl_now();
+    char *p = (char *)&check;
+    size_t s = sizeof(check);
 
-  /* verify that nothing else connected */
-  addrlen = sizeof(a.inaddr);
-  if(getsockname(socks[0], &a.addr, &addrlen) == -1 ||
-     addrlen < (int)sizeof(a.inaddr))
-    goto error;
-  addrlen = sizeof(a2.inaddr);
-  if(getpeername(socks[1], &a2.addr, &addrlen) == -1 ||
-     addrlen < (int)sizeof(a2.inaddr))
-    goto error;
-  if(a.inaddr.sin_family != a2.inaddr.sin_family ||
-     a.inaddr.sin_addr.s_addr != a2.inaddr.sin_addr.s_addr ||
-     a.inaddr.sin_port != a2.inaddr.sin_port)
-    goto error;
+    /* write data to the socket */
+    swrite(socks[0], &start, sizeof(start));
+    /* verify that we read the correct data */
+    do {
+      ssize_t nread;
+
+      pfd[0].fd = socks[1];
+      pfd[0].events = POLLIN;
+      pfd[0].revents = 0;
+      (void)Curl_poll(pfd, 1, 1000); /* one second */
+
+      nread = sread(socks[1], p, s);
+      if(nread == -1) {
+        int sockerr = SOCKERRNO;
+        /* Don't block forever */
+        if(Curl_timediff(Curl_now(), start) > (60 * 1000))
+          goto error;
+        if(
+#ifdef WSAEWOULDBLOCK
+          /* This is how Windows does it */
+          (WSAEWOULDBLOCK == sockerr)
+#else
+          /* errno may be EWOULDBLOCK or on some systems EAGAIN when it
+             returned due to its inability to send off data without
+             blocking. We therefore treat both error codes the same here */
+          (EWOULDBLOCK == sockerr) || (EAGAIN == sockerr) ||
+          (EINTR == sockerr) || (EINPROGRESS == sockerr)
+#endif
+          ) {
+          continue;
+        }
+        goto error;
+      }
+      s -= nread;
+      if(s) {
+        p += nread;
+        continue;
+      }
+      if(memcmp(&start, &check, sizeof(check)))
+        goto error;
+      break;
+    } while(1);
+  }
 
   sclose(listener);
   return 0;
diff --git a/lib/socketpair.h b/lib/socketpair.h
index de70df673..306ab5dc4 100644
--- a/lib/socketpair.h
+++ b/lib/socketpair.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/socks.c b/lib/socks.c
index d491e089b..95c2b004c 100644
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -89,8 +89,8 @@ struct socks_state {
  *
  * This is STUPID BLOCKING behavior. Only used by the SOCKS GSSAPI functions.
  */
-int Curl_blockread_all(struct Curl_easy *data,   /* transfer */
-                       curl_socket_t sockfd,     /* read from this socket */
+int Curl_blockread_all(struct Curl_cfilter *cf,
+                       struct Curl_easy *data,   /* transfer */
                        char *buf,                /* store read data here */
                        ssize_t buffersize,       /* max amount to read */
                        ssize_t *n)               /* amount bytes read */
@@ -98,6 +98,8 @@ int Curl_blockread_all(struct Curl_easy *data,   /* transfer */
   ssize_t nread = 0;
   ssize_t allread = 0;
   int result;
+  CURLcode err = CURLE_OK;
+
   *n = 0;
   for(;;) {
     timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
@@ -108,15 +110,19 @@ int Curl_blockread_all(struct Curl_easy *data,   /* transfer */
     }
     if(!timeout_ms)
       timeout_ms = TIMEDIFF_T_MAX;
-    if(SOCKET_READABLE(sockfd, timeout_ms) <= 0) {
+    if(SOCKET_READABLE(cf->conn->sock[cf->sockindex], timeout_ms) <= 0) {
       result = ~CURLE_OK;
       break;
     }
-    result = Curl_read_plain(data, sockfd, buf, buffersize, &nread);
-    if(CURLE_AGAIN == result)
-      continue;
-    if(result)
-      break;
+    nread = Curl_conn_cf_recv(cf->next, data, buf, buffersize, &err);
+    if(nread <= 0) {
+      result = err;
+      if(CURLE_AGAIN == err)
+        continue;
+      if(err) {
+        break;
+      }
+    }
 
     if(buffersize == nread) {
       allread += nread;
@@ -192,6 +198,68 @@ static void socksstate(struct socks_state *sx, struct Curl_easy *data,
 #endif
 }
 
+static CURLproxycode socks_state_send(struct Curl_cfilter *cf,
+                                      struct socks_state *sx,
+                                      struct Curl_easy *data,
+                                      CURLproxycode failcode,
+                                      const char *description)
+{
+  ssize_t nwritten;
+  CURLcode result;
+
+  nwritten = Curl_conn_cf_send(cf->next, data, (char *)sx->outp,
+                               sx->outstanding, &result);
+  if(nwritten <= 0) {
+    if(CURLE_AGAIN == result) {
+      return CURLPX_OK;
+    }
+    else if(CURLE_OK == result) {
+      /* connection closed */
+      failf(data, "connection to proxy closed");
+      return CURLPX_CLOSED;
+    }
+    failf(data, "Failed to send %s: %s", description,
+          curl_easy_strerror(result));
+    return failcode;
+  }
+  DEBUGASSERT(sx->outstanding >= nwritten);
+  /* not done, remain in state */
+  sx->outstanding -= nwritten;
+  sx->outp += nwritten;
+  return CURLPX_OK;
+}
+
+static CURLproxycode socks_state_recv(struct Curl_cfilter *cf,
+                                      struct socks_state *sx,
+                                      struct Curl_easy *data,
+                                      CURLproxycode failcode,
+                                      const char *description)
+{
+  ssize_t nread;
+  CURLcode result;
+
+  nread = Curl_conn_cf_recv(cf->next, data, (char *)sx->outp,
+                            sx->outstanding, &result);
+  if(nread <= 0) {
+    if(CURLE_AGAIN == result) {
+      return CURLPX_OK;
+    }
+    else if(CURLE_OK == result) {
+      /* connection closed */
+      failf(data, "connection to proxy closed");
+      return CURLPX_CLOSED;
+    }
+    failf(data, "SOCKS4: Failed receiving %s: %s", description,
+          curl_easy_strerror(result));
+    return failcode;
+  }
+  /* remain in reading state */
+  DEBUGASSERT(sx->outstanding >= nread);
+  sx->outstanding -= nread;
+  sx->outp += nread;
+  return CURLPX_OK;
+}
+
 /*
 * This function logs in to a SOCKS4 proxy and sends the specifics to the final
 * destination server.
@@ -212,10 +280,8 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf,
     (conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE;
   unsigned char *socksreq = (unsigned char *)data->state.buffer;
   CURLcode result;
-  curl_socket_t sockfd = conn->sock[cf->sockindex];
+  CURLproxycode presult;
   struct Curl_dns_entry *dns = NULL;
-  ssize_t actualread;
-  ssize_t written;
 
   /* make sure that the buffer is at least 600 bytes */
   DEBUGASSERT(READBUFFER_MIN >= 600);
@@ -250,7 +316,7 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf,
     /* DNS resolve only for SOCKS4, not SOCKS4a */
     if(!protocol4a) {
       enum resolve_t rc =
-        Curl_resolv(data, sx->hostname, sx->remote_port, FALSE, &dns);
+        Curl_resolv(data, sx->hostname, sx->remote_port, TRUE, &dns);
 
       if(rc == CURLRESOLV_ERROR)
         return CURLPX_RESOLVE_HOST;
@@ -375,19 +441,14 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf,
     /* FALLTHROUGH */
   case CONNECT_REQ_SENDING:
     /* Send request */
-    result = Curl_write_plain(data, sockfd, (char *)sx->outp,
-                              sx->outstanding, &written);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Failed to send SOCKS4 connect request.");
-      return CURLPX_SEND_CONNECT;
-    }
-    if(written != sx->outstanding) {
-      /* not done, remain in state */
-      sx->outstanding -= written;
-      sx->outp += written;
+    presult = socks_state_send(cf, sx, data, CURLPX_SEND_CONNECT,
+                               "SOCKS4 connect request");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in sending state */
       return CURLPX_OK;
     }
-
     /* done sending! */
     sx->outstanding = 8; /* receive data size */
     sx->outp = socksreq;
@@ -396,22 +457,12 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf,
     /* FALLTHROUGH */
   case CONNECT_SOCKS_READ:
     /* Receive response */
-    result = Curl_read_plain(data, sockfd, (char *)sx->outp,
-                             sx->outstanding, &actualread);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "SOCKS4: Failed receiving connect request ack: %s",
-            curl_easy_strerror(result));
-      return CURLPX_RECV_CONNECT;
-    }
-    else if(!result && !actualread) {
-      /* connection closed */
-      failf(data, "connection to proxy closed");
-      return CURLPX_CLOSED;
-    }
-    else if(actualread != sx->outstanding) {
+    presult = socks_state_recv(cf, sx, data, CURLPX_RECV_CONNECT,
+                               "connect request ack");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
       /* remain in reading state */
-      sx->outstanding -= actualread;
-      sx->outp += actualread;
       return CURLPX_OK;
     }
     sxstate(sx, data, CONNECT_DONE);
@@ -518,10 +569,8 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
   unsigned char *socksreq = (unsigned char *)data->state.buffer;
   char dest[256] = "unknown";  /* printable hostname:port */
   int idx;
-  ssize_t actualread;
-  ssize_t written;
   CURLcode result;
-  curl_socket_t sockfd = conn->sock[cf->sockindex];
+  CURLproxycode presult;
   bool socks5_resolve_local =
     (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE;
   const size_t hostname_len = strlen(sx->hostname);
@@ -567,30 +616,25 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
     /* write the number of authentication methods */
     socksreq[1] = (unsigned char) (idx - 2);
 
-    result = Curl_write_plain(data, sockfd, socksreq, idx, &written);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Unable to send initial SOCKS5 request.");
-      return CURLPX_SEND_CONNECT;
-    }
-    if(written != idx) {
-      sxstate(sx, data, CONNECT_SOCKS_SEND);
-      sx->outstanding = idx - written;
-      sx->outp = &socksreq[written];
+    sx->outp = socksreq;
+    sx->outstanding = idx;
+    presult = socks_state_send(cf, sx, data, CURLPX_SEND_CONNECT,
+                               "initial SOCKS5 request");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in sending state */
       return CURLPX_OK;
     }
     sxstate(sx, data, CONNECT_SOCKS_READ);
     goto CONNECT_SOCKS_READ_INIT;
   case CONNECT_SOCKS_SEND:
-    result = Curl_write_plain(data, sockfd, (char *)sx->outp,
-                              sx->outstanding, &written);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Unable to send initial SOCKS5 request.");
-      return CURLPX_SEND_CONNECT;
-    }
-    if(written != sx->outstanding) {
-      /* not done, remain in state */
-      sx->outstanding -= written;
-      sx->outp += written;
+    presult = socks_state_send(cf, sx, data, CURLPX_SEND_CONNECT,
+                               "initial SOCKS5 request");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in sending state */
       return CURLPX_OK;
     }
     /* FALLTHROUGH */
@@ -600,21 +644,12 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
     sx->outp = socksreq; /* store it here */
     /* FALLTHROUGH */
   case CONNECT_SOCKS_READ:
-    result = Curl_read_plain(data, sockfd, (char *)sx->outp,
-                             sx->outstanding, &actualread);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Unable to receive initial SOCKS5 response.");
-      return CURLPX_RECV_CONNECT;
-    }
-    else if(!result && !actualread) {
-      /* connection closed */
-      failf(data, "Connection to proxy closed");
-      return CURLPX_CLOSED;
-    }
-    else if(actualread != sx->outstanding) {
+    presult = socks_state_recv(cf, sx, data, CURLPX_RECV_CONNECT,
+                               "initial SOCKS5 response");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
       /* remain in reading state */
-      sx->outstanding -= actualread;
-      sx->outp += actualread;
       return CURLPX_OK;
     }
     else if(socksreq[0] != 5) {
@@ -634,7 +669,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
     else if(allow_gssapi && (socksreq[1] == 1)) {
       sxstate(sx, data, CONNECT_GSSAPI_INIT);
-      result = Curl_SOCKS5_gssapi_negotiate(cf->sockindex, data);
+      result = Curl_SOCKS5_gssapi_negotiate(cf, data);
       if(result) {
         failf(data, "Unable to negotiate SOCKS5 GSS-API context.");
         return CURLPX_GSSAPI;
@@ -713,16 +748,12 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
   }
     /* FALLTHROUGH */
   case CONNECT_AUTH_SEND:
-    result = Curl_write_plain(data, sockfd, sx->outp,
-                              sx->outstanding, &written);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Failed to send SOCKS5 sub-negotiation request.");
-      return CURLPX_SEND_AUTH;
-    }
-    if(sx->outstanding != written) {
-      /* remain in state */
-      sx->outstanding -= written;
-      sx->outp += written;
+    presult = socks_state_send(cf, sx, data, CURLPX_SEND_AUTH,
+                               "SOCKS5 sub-negotiation request");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in sending state */
       return CURLPX_OK;
     }
     sx->outp = socksreq;
@@ -730,21 +761,12 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
     sxstate(sx, data, CONNECT_AUTH_READ);
     /* FALLTHROUGH */
   case CONNECT_AUTH_READ:
-    result = Curl_read_plain(data, sockfd, (char *)sx->outp,
-                             sx->outstanding, &actualread);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
-      return CURLPX_RECV_AUTH;
-    }
-    else if(!result && !actualread) {
-      /* connection closed */
-      failf(data, "connection to proxy closed");
-      return CURLPX_CLOSED;
-    }
-    else if(actualread != sx->outstanding) {
-      /* remain in state */
-      sx->outstanding -= actualread;
-      sx->outp += actualread;
+    presult = socks_state_recv(cf, sx, data, CURLPX_RECV_AUTH,
+                               "SOCKS5 sub-negotiation response");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in reading state */
       return CURLPX_OK;
     }
     /* ignore the first (VER) byte */
@@ -761,7 +783,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
   case CONNECT_REQ_INIT:
     if(socks5_resolve_local) {
       enum resolve_t rc = Curl_resolv(data, sx->hostname, sx->remote_port,
-                                      FALSE, &dns);
+                                      TRUE, &dns);
 
       if(rc == CURLRESOLV_ERROR)
         return CURLPX_RESOLVE_HOST;
@@ -909,16 +931,12 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
     sxstate(sx, data, CONNECT_REQ_SENDING);
     /* FALLTHROUGH */
   case CONNECT_REQ_SENDING:
-    result = Curl_write_plain(data, sockfd, (char *)sx->outp,
-                              sx->outstanding, &written);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Failed to send SOCKS5 connect request.");
-      return CURLPX_SEND_REQUEST;
-    }
-    if(sx->outstanding != written) {
-      /* remain in state */
-      sx->outstanding -= written;
-      sx->outp += written;
+    presult = socks_state_send(cf, sx, data, CURLPX_SEND_REQUEST,
+                               "SOCKS5 connect request");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in send state */
       return CURLPX_OK;
     }
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
@@ -932,25 +950,15 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
     sxstate(sx, data, CONNECT_REQ_READ);
     /* FALLTHROUGH */
   case CONNECT_REQ_READ:
-    result = Curl_read_plain(data, sockfd, (char *)sx->outp,
-                             sx->outstanding, &actualread);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Failed to receive SOCKS5 connect request ack.");
-      return CURLPX_RECV_REQACK;
-    }
-    else if(!result && !actualread) {
-      /* connection closed */
-      failf(data, "connection to proxy closed");
-      return CURLPX_CLOSED;
-    }
-    else if(actualread != sx->outstanding) {
-      /* remain in state */
-      sx->outstanding -= actualread;
-      sx->outp += actualread;
+    presult = socks_state_recv(cf, sx, data, CURLPX_RECV_REQACK,
+                               "SOCKS5 connect request ack");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in reading state */
       return CURLPX_OK;
     }
-
-    if(socksreq[0] != 5) { /* version */
+    else if(socksreq[0] != 5) { /* version */
       failf(data,
             "SOCKS5 reply has wrong version, version should be 5.");
       return CURLPX_BAD_VERSION;
@@ -1031,21 +1039,12 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf,
 #endif
     /* FALLTHROUGH */
   case CONNECT_REQ_READ_MORE:
-    result = Curl_read_plain(data, sockfd, (char *)sx->outp,
-                             sx->outstanding, &actualread);
-    if(result && (CURLE_AGAIN != result)) {
-      failf(data, "Failed to receive SOCKS5 connect request ack.");
-      return CURLPX_RECV_ADDRESS;
-    }
-    else if(!result && !actualread) {
-      /* connection closed */
-      failf(data, "connection to proxy closed");
-      return CURLPX_CLOSED;
-    }
-    else if(actualread != sx->outstanding) {
-      /* remain in state */
-      sx->outstanding -= actualread;
-      sx->outp += actualread;
+    presult = socks_state_recv(cf, sx, data, CURLPX_RECV_ADDRESS,
+                               "SOCKS5 connect request address");
+    if(CURLPX_OK != presult)
+      return presult;
+    else if(sx->outstanding) {
+      /* remain in reading state */
       return CURLPX_OK;
     }
     sxstate(sx, data, CONNECT_DONE);
@@ -1151,7 +1150,6 @@ static CURLcode socks_proxy_cf_connect(struct Curl_cfilter *cf,
   result = connect_SOCKS(cf, sx, data);
   if(!result && sx->state == CONNECT_DONE) {
     cf->connected = TRUE;
-    Curl_updateconninfo(data, conn, conn->sock[cf->sockindex]);
     Curl_verboseconnect(data, conn);
     socks_proxy_cf_free(cf);
   }
@@ -1171,7 +1169,7 @@ static int socks_cf_get_select_socks(struct Curl_cfilter *cf,
   if(!fds && cf->next->connected && !cf->connected && sx) {
     /* If we are not connected, the filter below is and has nothing
      * to wait on, we determine what to wait for. */
-    socks[0] = cf->conn->sock[cf->sockindex];
+    socks[0] = Curl_conn_cf_get_socket(cf, data);
     switch(sx->state) {
     case CONNECT_RESOLVING:
     case CONNECT_SOCKS_READ:
@@ -1205,13 +1203,6 @@ static void socks_proxy_cf_destroy(struct Curl_cfilter *cf,
   socks_proxy_cf_free(cf);
 }
 
-static void socks_proxy_cf_detach_data(struct Curl_cfilter *cf,
-                                       struct Curl_easy *data)
-{
-  (void)data;
-  socks_proxy_cf_free(cf);
-}
-
 static void socks_cf_get_host(struct Curl_cfilter *cf,
                               struct Curl_easy *data,
                               const char **phost,
@@ -1229,11 +1220,11 @@ static void socks_cf_get_host(struct Curl_cfilter *cf,
   }
 }
 
-static const struct Curl_cftype cft_socks_proxy = {
+struct Curl_cftype Curl_cft_socks_proxy = {
   "SOCKS-PROXYY",
   CF_TYPE_IP_CONNECT,
+  0,
   socks_proxy_cf_destroy,
-  Curl_cf_def_setup,
   socks_proxy_cf_connect,
   socks_proxy_cf_close,
   socks_cf_get_host,
@@ -1241,8 +1232,10 @@ static const struct Curl_cftype cft_socks_proxy = {
   Curl_cf_def_data_pending,
   Curl_cf_def_send,
   Curl_cf_def_recv,
-  Curl_cf_def_attach_data,
-  socks_proxy_cf_detach_data,
+  Curl_cf_def_cntrl,
+  Curl_cf_def_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  Curl_cf_def_query,
 };
 
 CURLcode Curl_conn_socks_proxy_add(struct Curl_easy *data,
@@ -1252,10 +1245,23 @@ CURLcode Curl_conn_socks_proxy_add(struct Curl_easy *data,
   struct Curl_cfilter *cf;
   CURLcode result;
 
-  result = Curl_cf_create(&cf, &cft_socks_proxy, NULL);
+  result = Curl_cf_create(&cf, &Curl_cft_socks_proxy, NULL);
   if(!result)
     Curl_conn_cf_add(data, conn, sockindex, cf);
   return result;
 }
 
+CURLcode Curl_cf_socks_proxy_insert_after(struct Curl_cfilter *cf_at,
+                                          struct Curl_easy *data)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  (void)data;
+  result = Curl_cf_create(&cf, &Curl_cft_socks_proxy, NULL);
+  if(!result)
+    Curl_conn_cf_insert_after(cf_at, cf);
+  return result;
+}
+
 #endif /* CURL_DISABLE_PROXY */
diff --git a/lib/socks.h b/lib/socks.h
index 2e2fa18f8..ba5b54a7b 100644
--- a/lib/socks.h
+++ b/lib/socks.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,8 +37,8 @@
  *
  * This is STUPID BLOCKING behavior
  */
-int Curl_blockread_all(struct Curl_easy *data,
-                       curl_socket_t sockfd,
+int Curl_blockread_all(struct Curl_cfilter *cf,
+                       struct Curl_easy *data,
                        char *buf,
                        ssize_t buffersize,
                        ssize_t *n);
@@ -47,7 +47,7 @@ int Curl_blockread_all(struct Curl_easy *data,
 /*
  * This function handles the SOCKS5 GSS-API negotiation and initialization
  */
-CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
                                       struct Curl_easy *data);
 #endif
 
@@ -55,6 +55,11 @@ CURLcode Curl_conn_socks_proxy_add(struct Curl_easy *data,
                                    struct connectdata *conn,
                                    int sockindex);
 
+CURLcode Curl_cf_socks_proxy_insert_after(struct Curl_cfilter *cf_at,
+                                          struct Curl_easy *data);
+
+extern struct Curl_cftype Curl_cft_socks_proxy;
+
 #endif /* CURL_DISABLE_PROXY */
 
 #endif  /* HEADER_CURL_SOCKS_H */
diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c
index f14099feb..2ede8c7c2 100644
--- a/lib/socks_gssapi.c
+++ b/lib/socks_gssapi.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2012, Markus Moeller, <markus_moeller@compuserve.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Markus Moeller, <markus_moeller@compuserve.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -30,6 +30,7 @@
 #include "curl_gssapi.h"
 #include "urldata.h"
 #include "sendf.h"
+#include "cfilters.h"
 #include "connect.h"
 #include "timeval.h"
 #include "socks.h"
@@ -101,14 +102,14 @@ static int check_gss_err(struct Curl_easy *data,
   return 0;
 }
 
-CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
                                       struct Curl_easy *data)
 {
-  struct connectdata *conn = data->conn;
-  curl_socket_t sock = conn->sock[sockindex];
+  struct connectdata *conn = cf->conn;
+  curl_socket_t sock = conn->sock[cf->sockindex];
   CURLcode code;
   ssize_t actualread;
-  ssize_t written;
+  ssize_t nwritten;
   int result;
   OM_uint32 gss_major_status, gss_minor_status, gss_status;
   OM_uint32 gss_ret_flags;
@@ -203,8 +204,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       us_length = htons((short)gss_send_token.length);
       memcpy(socksreq + 2, &us_length, sizeof(short));
 
-      code = Curl_write_plain(data, sock, (char *)socksreq, 4, &written);
-      if(code || (4 != written)) {
+      nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code);
+      if(code || (4 != nwritten)) {
         failf(data, "Failed to send GSS-API authentication request.");
         gss_release_name(&gss_status, &server);
         gss_release_buffer(&gss_status, &gss_recv_token);
@@ -213,10 +214,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
         return CURLE_COULDNT_CONNECT;
       }
 
-      code = Curl_write_plain(data, sock, (char *)gss_send_token.value,
-                              gss_send_token.length, &written);
-
-      if(code || ((ssize_t)gss_send_token.length != written)) {
+      nwritten = Curl_conn_cf_send(cf->next, data,
+                                   (char *)gss_send_token.value,
+                                   gss_send_token.length, &code);
+      if(code || ((ssize_t)gss_send_token.length != nwritten)) {
         failf(data, "Failed to send GSS-API authentication token.");
         gss_release_name(&gss_status, &server);
         gss_release_buffer(&gss_status, &gss_recv_token);
@@ -242,7 +243,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
      * +----+------+-----+----------------+
      */
 
-    result = Curl_blockread_all(data, sock, (char *)socksreq, 4, &actualread);
+    result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
     if(result || (actualread != 4)) {
       failf(data, "Failed to receive GSS-API authentication response.");
       gss_release_name(&gss_status, &server);
@@ -281,7 +282,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       return CURLE_OUT_OF_MEMORY;
     }
 
-    result = Curl_blockread_all(data, sock, (char *)gss_recv_token.value,
+    result = Curl_blockread_all(cf, data, (char *)gss_recv_token.value,
                                 gss_recv_token.length, &actualread);
 
     if(result || (actualread != us_length)) {
@@ -410,8 +411,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     memcpy(socksreq + 2, &us_length, sizeof(short));
   }
 
-  code = Curl_write_plain(data, sock, (char *)socksreq, 4, &written);
-  if(code  || (4 != written)) {
+  nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code);
+  if(code  || (4 != nwritten)) {
     failf(data, "Failed to send GSS-API encryption request.");
     gss_release_buffer(&gss_status, &gss_w_token);
     gss_delete_sec_context(&gss_status, &gss_context, NULL);
@@ -420,17 +421,18 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
 
   if(data->set.socks5_gssapi_nec) {
     memcpy(socksreq, &gss_enc, 1);
-    code = Curl_write_plain(data, sock, socksreq, 1, &written);
-    if(code || ( 1 != written)) {
+    nwritten = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, &code);
+    if(code || ( 1 != nwritten)) {
       failf(data, "Failed to send GSS-API encryption type.");
       gss_delete_sec_context(&gss_status, &gss_context, NULL);
       return CURLE_COULDNT_CONNECT;
     }
   }
   else {
-    code = Curl_write_plain(data, sock, (char *)gss_w_token.value,
-                            gss_w_token.length, &written);
-    if(code || ((ssize_t)gss_w_token.length != written)) {
+    nwritten = Curl_conn_cf_send(cf->next, data,
+                                 (char *)gss_w_token.value,
+                                 gss_w_token.length, &code);
+    if(code || ((ssize_t)gss_w_token.length != nwritten)) {
       failf(data, "Failed to send GSS-API encryption type.");
       gss_release_buffer(&gss_status, &gss_w_token);
       gss_delete_sec_context(&gss_status, &gss_context, NULL);
@@ -439,7 +441,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     gss_release_buffer(&gss_status, &gss_w_token);
   }
 
-  result = Curl_blockread_all(data, sock, (char *)socksreq, 4, &actualread);
+  result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
   if(result || (actualread != 4)) {
     failf(data, "Failed to receive GSS-API encryption response.");
     gss_delete_sec_context(&gss_status, &gss_context, NULL);
@@ -470,7 +472,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     gss_delete_sec_context(&gss_status, &gss_context, NULL);
     return CURLE_OUT_OF_MEMORY;
   }
-  result = Curl_blockread_all(data, sock, (char *)gss_recv_token.value,
+  result = Curl_blockread_all(cf, data, (char *)gss_recv_token.value,
                               gss_recv_token.length, &actualread);
 
   if(result || (actualread != us_length)) {
diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c
index 210a0dfbc..d1200ea03 100644
--- a/lib/socks_sspi.c
+++ b/lib/socks_sspi.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2012, 2011, Markus Moeller, <markus_moeller@compuserve.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Markus Moeller, <markus_moeller@compuserve.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -29,6 +29,7 @@
 
 #include "urldata.h"
 #include "sendf.h"
+#include "cfilters.h"
 #include "connect.h"
 #include "strerror.h"
 #include "timeval.h"
@@ -62,11 +63,11 @@ static int check_sspi_err(struct Curl_easy *data,
 }
 
 /* This is the SSPI-using version of this function */
-CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
+CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
                                       struct Curl_easy *data)
 {
-  struct connectdata *conn = data->conn;
-  curl_socket_t sock = conn->sock[sockindex];
+  struct connectdata *conn = cf->conn;
+  curl_socket_t sock = conn->sock[cf->sockindex];
   CURLcode code;
   ssize_t actualread;
   ssize_t written;
@@ -206,7 +207,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       us_length = htons((short)sspi_send_token.cbBuffer);
       memcpy(socksreq + 2, &us_length, sizeof(short));
 
-      code = Curl_write_plain(data, sock, (char *)socksreq, 4, &written);
+      written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code);
       if(code || (4 != written)) {
         failf(data, "Failed to send SSPI authentication request.");
         free(service_name);
@@ -219,8 +220,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
         return CURLE_COULDNT_CONNECT;
       }
 
-      code = Curl_write_plain(data, sock, (char *)sspi_send_token.pvBuffer,
-                              sspi_send_token.cbBuffer, &written);
+      written = Curl_conn_cf_send(cf->next, data,
+                                  (char *)sspi_send_token.pvBuffer,
+                                  sspi_send_token.cbBuffer, &code);
       if(code || (sspi_send_token.cbBuffer != (size_t)written)) {
         failf(data, "Failed to send SSPI authentication token.");
         free(service_name);
@@ -260,7 +262,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
      * +----+------+-----+----------------+
      */
 
-    result = Curl_blockread_all(data, sock, (char *)socksreq, 4, &actualread);
+    result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
     if(result || (actualread != 4)) {
       failf(data, "Failed to receive SSPI authentication response.");
       free(service_name);
@@ -300,7 +302,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       s_pSecFn->DeleteSecurityContext(&sspi_context);
       return CURLE_OUT_OF_MEMORY;
     }
-    result = Curl_blockread_all(data, sock, (char *)sspi_recv_token.pvBuffer,
+    result = Curl_blockread_all(cf, data, (char *)sspi_recv_token.pvBuffer,
                                 sspi_recv_token.cbBuffer, &actualread);
 
     if(result || (actualread != us_length)) {
@@ -468,7 +470,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     memcpy(socksreq + 2, &us_length, sizeof(short));
   }
 
-  code = Curl_write_plain(data, sock, (char *)socksreq, 4, &written);
+  written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 4, &code);
   if(code || (4 != written)) {
     failf(data, "Failed to send SSPI encryption request.");
     if(sspi_send_token.pvBuffer)
@@ -479,7 +481,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
 
   if(data->set.socks5_gssapi_nec) {
     memcpy(socksreq, &gss_enc, 1);
-    code = Curl_write_plain(data, sock, (char *)socksreq, 1, &written);
+    written = Curl_conn_cf_send(cf->next, data, (char *)socksreq, 1, &code);
     if(code || (1 != written)) {
       failf(data, "Failed to send SSPI encryption type.");
       s_pSecFn->DeleteSecurityContext(&sspi_context);
@@ -487,8 +489,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     }
   }
   else {
-    code = Curl_write_plain(data, sock, (char *)sspi_send_token.pvBuffer,
-                            sspi_send_token.cbBuffer, &written);
+    written = Curl_conn_cf_send(cf->next, data,
+                                (char *)sspi_send_token.pvBuffer,
+                                sspi_send_token.cbBuffer, &code);
     if(code || (sspi_send_token.cbBuffer != (size_t)written)) {
       failf(data, "Failed to send SSPI encryption type.");
       if(sspi_send_token.pvBuffer)
@@ -500,7 +503,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
       s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
   }
 
-  result = Curl_blockread_all(data, sock, (char *)socksreq, 4, &actualread);
+  result = Curl_blockread_all(cf, data, (char *)socksreq, 4, &actualread);
   if(result || (actualread != 4)) {
     failf(data, "Failed to receive SSPI encryption response.");
     s_pSecFn->DeleteSecurityContext(&sspi_context);
@@ -532,7 +535,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
     return CURLE_OUT_OF_MEMORY;
   }
 
-  result = Curl_blockread_all(data, sock, (char *)sspi_w_token[0].pvBuffer,
+  result = Curl_blockread_all(cf, data, (char *)sspi_w_token[0].pvBuffer,
                               sspi_w_token[0].cbBuffer, &actualread);
 
   if(result || (actualread != us_length)) {
diff --git a/lib/speedcheck.c b/lib/speedcheck.c
index 3ddc43d2d..580efbde7 100644
--- a/lib/speedcheck.c
+++ b/lib/speedcheck.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/speedcheck.h b/lib/speedcheck.h
index cb44eb04e..bff2f32b7 100644
--- a/lib/speedcheck.h
+++ b/lib/speedcheck.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/splay.c b/lib/splay.c
index 33b44aa1c..48e079b32 100644
--- a/lib/splay.c
+++ b/lib/splay.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1997 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/splay.h b/lib/splay.h
index 015e2ca52..dd1d07ac2 100644
--- a/lib/splay.h
+++ b/lib/splay.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1997 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/strcase.c b/lib/strcase.c
index 7fb9c8087..7c0b4ef90 100644
--- a/lib/strcase.c
+++ b/lib/strcase.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/strcase.h b/lib/strcase.h
index 192e0da09..8c50bbcba 100644
--- a/lib/strcase.h
+++ b/lib/strcase.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/strdup.c b/lib/strdup.c
index ac22b6dda..07a61391a 100644
--- a/lib/strdup.c
+++ b/lib/strdup.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,7 +37,7 @@
 #include "memdebug.h"
 
 #ifndef HAVE_STRDUP
-char *curlx_strdup(const char *str)
+char *Curl_strdup(const char *str)
 {
   size_t len;
   char *newstr;
diff --git a/lib/strdup.h b/lib/strdup.h
index fb46808b8..c3430b54d 100644
--- a/lib/strdup.h
+++ b/lib/strdup.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,7 +26,7 @@
 #include "curl_setup.h"
 
 #ifndef HAVE_STRDUP
-extern char *curlx_strdup(const char *str);
+char *Curl_strdup(const char *str);
 #endif
 #ifdef WIN32
 wchar_t* Curl_wcsdup(const wchar_t* src);
diff --git a/lib/strerror.c b/lib/strerror.c
index b9a51e26b..3ec10e369 100644
--- a/lib/strerror.c
+++ b/lib/strerror.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2004 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -550,6 +550,9 @@ curl_url_strerror(CURLUcode error)
   case CURLUE_BAD_USER:
     return "Bad user";
 
+  case CURLUE_LACKS_IDN:
+    return "libcurl lacks IDN support";
+
   case CURLUE_LAST:
     break;
   }
diff --git a/lib/strerror.h b/lib/strerror.h
index 658f16c10..399712f8e 100644
--- a/lib/strerror.h
+++ b/lib/strerror.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/strtok.c b/lib/strtok.c
index 6120bcc28..d8e1e8183 100644
--- a/lib/strtok.c
+++ b/lib/strtok.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/strtok.h b/lib/strtok.h
index 641a3daed..321cba232 100644
--- a/lib/strtok.h
+++ b/lib/strtok.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/strtoofft.c b/lib/strtoofft.c
index fb8d92196..077b25792 100644
--- a/lib/strtoofft.c
+++ b/lib/strtoofft.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/strtoofft.h b/lib/strtoofft.h
index 311dae440..34d293ba3 100644
--- a/lib/strtoofft.h
+++ b/lib/strtoofft.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/system_win32.c b/lib/system_win32.c
index bede9c7dc..0cdaf3b2f 100644
--- a/lib/system_win32.c
+++ b/lib/system_win32.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/system_win32.h b/lib/system_win32.h
index 167804e3c..24899cb2d 100644
--- a/lib/system_win32.h
+++ b/lib/system_win32.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/telnet.c b/lib/telnet.c
index 22bc81e75..e4ffd853a 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -770,22 +770,32 @@ static void printsub(struct Curl_easy *data,
   }
 }
 
+static bool str_is_nonascii(const char *str)
+{
+  size_t len = strlen(str);
+  while(len--) {
+    if(*str & 0x80)
+      return TRUE;
+    str++;
+  }
+  return FALSE;
+}
+
 static CURLcode check_telnet_options(struct Curl_easy *data)
 {
   struct curl_slist *head;
   struct curl_slist *beg;
-  char option_keyword[128] = "";
-  char option_arg[256] = "";
   struct TELNET *tn = data->req.p.telnet;
-  struct connectdata *conn = data->conn;
   CURLcode result = CURLE_OK;
-  int binary_option;
 
   /* Add the user name as an environment variable if it
      was given on the command line */
   if(data->state.aptr.user) {
-    msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user);
-    beg = curl_slist_append(tn->telnet_vars, option_arg);
+    char buffer[256];
+    if(str_is_nonascii(data->conn->user))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    msnprintf(buffer, sizeof(buffer), "USER,%s", data->conn->user);
+    beg = curl_slist_append(tn->telnet_vars, buffer);
     if(!beg) {
       curl_slist_free_all(tn->telnet_vars);
       tn->telnet_vars = NULL;
@@ -795,68 +805,100 @@ static CURLcode check_telnet_options(struct Curl_easy *data)
     tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
   }
 
-  for(head = data->set.telnet_options; head; head = head->next) {
-    if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
-              option_keyword, option_arg) == 2) {
-
-      /* Terminal type */
-      if(strcasecompare(option_keyword, "TTYPE")) {
-        strncpy(tn->subopt_ttype, option_arg, 31);
-        tn->subopt_ttype[31] = 0; /* String termination */
-        tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES;
+  for(head = data->set.telnet_options; head && !result; head = head->next) {
+    size_t olen;
+    char *option = head->data;
+    char *arg;
+    char *sep = strchr(option, '=');
+    if(sep) {
+      olen = sep - option;
+      arg = ++sep;
+      if(str_is_nonascii(arg))
         continue;
-      }
+      switch(olen) {
+      case 5:
+        /* Terminal type */
+        if(strncasecompare(option, "TTYPE", 5)) {
+          strncpy(tn->subopt_ttype, arg, 31);
+          tn->subopt_ttype[31] = 0; /* String termination */
+          tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES;
+        }
+        else
+          result = CURLE_UNKNOWN_OPTION;
+        break;
 
-      /* Display variable */
-      if(strcasecompare(option_keyword, "XDISPLOC")) {
-        strncpy(tn->subopt_xdisploc, option_arg, 127);
-        tn->subopt_xdisploc[127] = 0; /* String termination */
-        tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES;
-        continue;
-      }
+      case 8:
+        /* Display variable */
+        if(strncasecompare(option, "XDISPLOC", 8)) {
+          strncpy(tn->subopt_xdisploc, arg, 127);
+          tn->subopt_xdisploc[127] = 0; /* String termination */
+          tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES;
+        }
+        else
+          result = CURLE_UNKNOWN_OPTION;
+        break;
 
-      /* Environment variable */
-      if(strcasecompare(option_keyword, "NEW_ENV")) {
-        beg = curl_slist_append(tn->telnet_vars, option_arg);
-        if(!beg) {
-          result = CURLE_OUT_OF_MEMORY;
-          break;
+      case 7:
+        /* Environment variable */
+        if(strncasecompare(option, "NEW_ENV", 7)) {
+          beg = curl_slist_append(tn->telnet_vars, arg);
+          if(!beg) {
+            result = CURLE_OUT_OF_MEMORY;
+            break;
+          }
+          tn->telnet_vars = beg;
+          tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
         }
-        tn->telnet_vars = beg;
-        tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
-        continue;
-      }
+        else
+          result = CURLE_UNKNOWN_OPTION;
+        break;
 
-      /* Window Size */
-      if(strcasecompare(option_keyword, "WS")) {
-        if(sscanf(option_arg, "%hu%*[xX]%hu",
-                  &tn->subopt_wsx, &tn->subopt_wsy) == 2)
-          tn->us_preferred[CURL_TELOPT_NAWS] = CURL_YES;
-        else {
-          failf(data, "Syntax error in telnet option: %s", head->data);
-          result = CURLE_SETOPT_OPTION_SYNTAX;
-          break;
+      case 2:
+        /* Window Size */
+        if(strncasecompare(option, "WS", 2)) {
+          char *p;
+          unsigned long x = strtoul(arg, &p, 10);
+          unsigned long y = 0;
+          if(x && (x <= 0xffff) && Curl_raw_tolower(*p) == 'x') {
+            p++;
+            y = strtoul(p, NULL, 10);
+            if(y && (y <= 0xffff)) {
+              tn->subopt_wsx = (unsigned short)x;
+              tn->subopt_wsy = (unsigned short)y;
+              tn->us_preferred[CURL_TELOPT_NAWS] = CURL_YES;
+            }
+          }
+          if(!y) {
+            failf(data, "Syntax error in telnet option: %s", head->data);
+            result = CURLE_SETOPT_OPTION_SYNTAX;
+          }
         }
-        continue;
-      }
+        else
+          result = CURLE_UNKNOWN_OPTION;
+        break;
 
-      /* To take care or not of the 8th bit in data exchange */
-      if(strcasecompare(option_keyword, "BINARY")) {
-        binary_option = atoi(option_arg);
-        if(binary_option != 1) {
-          tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO;
-          tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+      case 6:
+        /* To take care or not of the 8th bit in data exchange */
+        if(strncasecompare(option, "BINARY", 6)) {
+          int binary_option = atoi(arg);
+          if(binary_option != 1) {
+            tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+            tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO;
+          }
         }
-        continue;
+        else
+          result = CURLE_UNKNOWN_OPTION;
+        break;
+      default:
+        failf(data, "Unknown telnet option %s", head->data);
+        result = CURLE_UNKNOWN_OPTION;
+        break;
       }
-
-      failf(data, "Unknown telnet option %s", head->data);
-      result = CURLE_UNKNOWN_OPTION;
-      break;
     }
-    failf(data, "Syntax error in telnet option: %s", head->data);
-    result = CURLE_SETOPT_OPTION_SYNTAX;
-    break;
+    else {
+      failf(data, "Syntax error in telnet option: %s", head->data);
+      result = CURLE_SETOPT_OPTION_SYNTAX;
+    }
   }
 
   if(result) {
@@ -881,8 +923,6 @@ static void suboption(struct Curl_easy *data)
   ssize_t bytes_written;
   size_t len;
   int err;
-  char varname[128] = "";
-  char varval[128] = "";
   struct TELNET *tn = data->req.p.telnet;
   struct connectdata *conn = data->conn;
 
@@ -920,19 +960,18 @@ static void suboption(struct Curl_easy *data)
 
       for(v = tn->telnet_vars; v; v = v->next) {
         size_t tmplen = (strlen(v->data) + 1);
-        /* Add the variable only if it fits */
+        /* Add the variable if it fits */
         if(len + tmplen < (int)sizeof(temp)-6) {
-          int rv;
-          char sep[2] = "";
-          varval[0] = 0;
-          rv = sscanf(v->data, "%127[^,]%1[,]%127s", varname, sep, varval);
-          if(rv == 1)
+          char *s = strchr(v->data, ',');
+          if(!s)
             len += msnprintf((char *)&temp[len], sizeof(temp) - len,
-                             "%c%s", CURL_NEW_ENV_VAR, varname);
-          else if(rv >= 2)
+                             "%c%s", CURL_NEW_ENV_VAR, v->data);
+          else {
+            size_t vlen = s - v->data;
             len += msnprintf((char *)&temp[len], sizeof(temp) - len,
-                             "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
-                             CURL_NEW_ENV_VALUE, varval);
+                             "%c%.*s%c%s", CURL_NEW_ENV_VAR,
+                             (int)vlen, v->data, CURL_NEW_ENV_VALUE, ++s);
+          }
         }
       }
       msnprintf((char *)&temp[len], sizeof(temp) - len,
diff --git a/lib/telnet.h b/lib/telnet.h
index 6dd99b48d..30782d837 100644
--- a/lib/telnet.h
+++ b/lib/telnet.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/tftp.c b/lib/tftp.c
index 9e6d9490e..164d3c723 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -48,6 +48,7 @@
 
 #include "urldata.h"
 #include <curl/curl.h>
+#include "cf-socket.h"
 #include "transfer.h"
 #include "sendf.h"
 #include "tftp.h"
@@ -529,8 +530,8 @@ static CURLcode tftp_send_first(struct tftp_state_data *state,
        not have a size_t argument, like older unixes that want an 'int' */
     senddata = sendto(state->sockfd, (void *)state->spacket.data,
                       (SEND_TYPE_ARG3)sbytes, 0,
-                      data->conn->ip_addr->ai_addr,
-                      data->conn->ip_addr->ai_addrlen);
+                      &data->conn->remote_addr->sa_addr,
+                      data->conn->remote_addr->addrlen);
     if(senddata != (ssize_t)sbytes) {
       char buffer[STRERROR_LEN];
       failf(data, "%s", Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
@@ -1014,7 +1015,7 @@ static CURLcode tftp_connect(struct Curl_easy *data, bool *done)
   state->requested_blksize = blksize;
 
   ((struct sockaddr *)&state->local_addr)->sa_family =
-    (CURL_SA_FAMILY_T)(conn->ip_addr->ai_family);
+    (CURL_SA_FAMILY_T)(conn->remote_addr->family);
 
   tftp_set_timeouts(state);
 
@@ -1033,7 +1034,7 @@ static CURLcode tftp_connect(struct Curl_easy *data, bool *done)
      * IPv4 and IPv6...
      */
     int rc = bind(state->sockfd, (struct sockaddr *)&state->local_addr,
-                  conn->ip_addr->ai_addrlen);
+                  conn->remote_addr->addrlen);
     if(rc) {
       char buffer[STRERROR_LEN];
       failf(data, "bind() failed; %s",
diff --git a/lib/tftp.h b/lib/tftp.h
index 3f1fda638..5d2d5da61 100644
--- a/lib/tftp.h
+++ b/lib/tftp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/timediff.c b/lib/timediff.c
index c5893187d..1b762bbd3 100644
--- a/lib/timediff.c
+++ b/lib/timediff.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/timediff.h b/lib/timediff.h
index 90e547457..fb318d4f2 100644
--- a/lib/timediff.h
+++ b/lib/timediff.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/timeval.c b/lib/timeval.c
index 647d7b0fc..dca1c6fe5 100644
--- a/lib/timeval.c
+++ b/lib/timeval.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/timeval.h b/lib/timeval.h
index 8d4fef4e1..92e484ad1 100644
--- a/lib/timeval.h
+++ b/lib/timeval.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/transfer.c b/lib/transfer.c
index ba0410fc5..a28395233 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -73,6 +73,7 @@
 #include "url.h"
 #include "getinfo.h"
 #include "vtls/vtls.h"
+#include "vquic/vquic.h"
 #include "select.h"
 #include "multiif.h"
 #include "connect.h"
@@ -367,27 +368,12 @@ static int data_pending(struct Curl_easy *data)
 {
   struct connectdata *conn = data->conn;
 
-#ifdef ENABLE_QUIC
-  if(conn->transport == TRNSPRT_QUIC)
-    return Curl_quic_data_pending(data);
-#endif
-
   if(conn->handler->protocol&PROTO_FAMILY_FTP)
     return Curl_conn_data_pending(data, SECONDARYSOCKET);
 
   /* in the case of libssh2, we can never be really sure that we have emptied
      its internal buffers so we MUST always try until we get EAGAIN back */
   return conn->handler->protocol&(CURLPROTO_SCP|CURLPROTO_SFTP) ||
-#ifdef USE_NGHTTP2
-    /* For HTTP/2, we may read up everything including response body
-       with header fields in Curl_http_readwrite_headers. If no
-       content-length is provided, curl waits for the connection
-       close, which we emulate it using conn->proto.httpc.closed =
-       TRUE. The thing is if we read everything, then http2_recv won't
-       be called and we cannot signal the HTTP/2 stream has closed. As
-       a workaround, we return nonzero here to call http2_recv. */
-    ((conn->handler->protocol&PROTO_FAMILY_HTTP) && conn->httpversion >= 20) ||
-#endif
     Curl_conn_data_pending(data, FIRSTSOCKET);
 }
 
@@ -454,29 +440,16 @@ static CURLcode readwrite_data(struct Curl_easy *data,
     bool is_empty_data = FALSE;
     size_t buffersize = data->set.buffer_size;
     size_t bytestoread = buffersize;
-#ifdef USE_NGHTTP2
-    bool is_http2 = ((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
-                     (conn->httpversion == 20));
-#endif
-    bool is_http3 =
-#ifdef ENABLE_QUIC
-      ((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
-       (conn->httpversion == 30));
-#else
-      FALSE;
-#endif
-
-    if(
-#ifdef USE_NGHTTP2
-      /* For HTTP/2, read data without caring about the content length. This
-         is safe because body in HTTP/2 is always segmented thanks to its
-         framing layer. Meanwhile, we have to call Curl_read to ensure that
-         http2_handle_stream_close is called when we read all incoming bytes
-         for a particular stream. */
-      !is_http2 &&
-#endif
-      !is_http3 && /* Same reason mentioned above. */
-      k->size != -1 && !k->header) {
+    /* For HTTP/2 and HTTP/3, read data without caring about the content
+       length. This is safe because body in HTTP/2 is always segmented
+       thanks to its framing layer. Meanwhile, we have to call Curl_read
+       to ensure that http2_handle_stream_close is called when we read all
+       incoming bytes for a particular stream. */
+    bool is_http3 = Curl_conn_is_http3(data, conn, FIRSTSOCKET);
+    bool data_eof_handled = is_http3
+                            || Curl_conn_is_http2(data, conn, FIRSTSOCKET);
+
+    if(!data_eof_handled && k->size != -1 && !k->header) {
       /* make sure we don't read too much */
       curl_off_t totalleft = k->size - k->bytecount;
       if(totalleft < (curl_off_t)bytestoread)
@@ -499,7 +472,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
     else {
       /* read nothing but since we wanted nothing we consider this an OK
          situation to proceed from */
-      DEBUGF(infof(data, "readwrite_data: we're done"));
+      DEBUGF(infof(data, DMSG(data, "readwrite_data: we're done")));
       nread = 0;
     }
 
@@ -518,14 +491,9 @@ static CURLcode readwrite_data(struct Curl_easy *data,
       buf[nread] = 0;
     }
     else {
-      /* if we receive 0 or less here, either the http2 stream is closed or the
+      /* if we receive 0 or less here, either the data transfer is done or the
          server closed the connection and we bail out from this! */
-#ifdef USE_NGHTTP2
-      if(is_http2 && !nread)
-        DEBUGF(infof(data, "nread == 0, stream closed, bailing"));
-      else
-#endif
-      if(is_http3 && !nread)
+      if(data_eof_handled)
         DEBUGF(infof(data, "nread == 0, stream closed, bailing"));
       else
         DEBUGF(infof(data, "nread <= 0, server closed connection, bailing"));
@@ -776,8 +744,8 @@ static CURLcode readwrite_data(struct Curl_easy *data,
       k->keepon &= ~KEEP_RECV;
     }
 
-    if(k->keepon & KEEP_RECV_PAUSE) {
-      /* this is a paused transfer */
+    if((k->keepon & KEEP_RECV_PAUSE) || !(k->keepon & KEEP_RECV)) {
+      /* this is a paused or stopped transfer */
       break;
     }
 
@@ -799,19 +767,18 @@ static CURLcode readwrite_data(struct Curl_easy *data,
   }
 
 out:
-  DEBUGF(infof(data, "readwrite_data(handle=%p) -> %d", data, result));
+  if(result)
+    DEBUGF(infof(data, DMSG(data, "readwrite_data() -> %d"), result));
   return result;
 }
 
 CURLcode Curl_done_sending(struct Curl_easy *data,
                            struct SingleRequest *k)
 {
-  struct connectdata *conn = data->conn;
   k->keepon &= ~KEEP_SEND; /* we're done writing */
 
   /* These functions should be moved into the handler struct! */
-  Curl_http2_done_sending(data, conn);
-  Curl_quic_done_sending(data);
+  Curl_conn_ev_data_done_send(data);
 
   return CURLE_OK;
 }
@@ -1013,7 +980,15 @@ static CURLcode readwrite_upload(struct Curl_easy *data,
     if(result)
       return result;
 
-    win_update_buffer_size(conn->writesockfd);
+#if defined(WIN32) && defined(USE_WINSOCK)
+    {
+      struct curltime n = Curl_now();
+      if(Curl_timediff(n, k->last_sndbuf_update) > 1000) {
+        win_update_buffer_size(conn->writesockfd);
+        k->last_sndbuf_update = n;
+      }
+    }
+#endif
 
     if(k->pendingheader) {
       /* parts of what was sent was header */
@@ -1088,6 +1063,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
 {
   struct SingleRequest *k = &data->req;
   CURLcode result;
+  struct curltime now;
   int didwhat = 0;
 
   curl_socket_t fd_read;
@@ -1113,6 +1089,8 @@ CURLcode Curl_readwrite(struct connectdata *conn,
   if(data->state.drain) {
     select_res |= CURL_CSELECT_IN;
     DEBUGF(infof(data, "Curl_readwrite: forcibly told to drain data"));
+    if((k->keepon & KEEP_SENDBITS) == KEEP_SEND)
+      select_res |= CURL_CSELECT_OUT;
   }
 #endif
 
@@ -1155,7 +1133,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
   }
 #endif
 
-  k->now = Curl_now();
+  now = Curl_now();
   if(!didwhat) {
     /* no read no write, this is a timeout? */
     if(k->exp100 == EXP100_AWAITING_CONTINUE) {
@@ -1172,7 +1150,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
 
       */
 
-      timediff_t ms = Curl_timediff(k->now, k->start100);
+      timediff_t ms = Curl_timediff(now, k->start100);
       if(ms >= data->set.expect_100_timeout) {
         /* we've waited long enough, continue anyway */
         k->exp100 = EXP100_SEND_DATA;
@@ -1182,35 +1160,31 @@ CURLcode Curl_readwrite(struct connectdata *conn,
       }
     }
 
-#ifdef ENABLE_QUIC
-    if(conn->transport == TRNSPRT_QUIC) {
-      result = Curl_quic_idle(data);
-      if(result)
-        goto out;
-    }
-#endif
+    result = Curl_conn_ev_data_idle(data);
+    if(result)
+      goto out;
   }
 
   if(Curl_pgrsUpdate(data))
     result = CURLE_ABORTED_BY_CALLBACK;
   else
-    result = Curl_speedcheck(data, k->now);
+    result = Curl_speedcheck(data, now);
   if(result)
     goto out;
 
   if(k->keepon) {
-    if(0 > Curl_timeleft(data, &k->now, FALSE)) {
+    if(0 > Curl_timeleft(data, &now, FALSE)) {
       if(k->size != -1) {
         failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T
               " milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %"
               CURL_FORMAT_CURL_OFF_T " bytes received",
-              Curl_timediff(k->now, data->progress.t_startsingle),
+              Curl_timediff(now, data->progress.t_startsingle),
               k->bytecount, k->size);
       }
       else {
         failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T
               " milliseconds with %" CURL_FORMAT_CURL_OFF_T " bytes received",
-              Curl_timediff(k->now, data->progress.t_startsingle),
+              Curl_timediff(now, data->progress.t_startsingle),
               k->bytecount);
       }
       result = CURLE_OPERATION_TIMEDOUT;
@@ -1260,11 +1234,11 @@ CURLcode Curl_readwrite(struct connectdata *conn,
   }
 
   /* Now update the "done" boolean we return */
-  *done = (0 == (k->keepon&(KEEP_RECV|KEEP_SEND|
-                            KEEP_RECV_PAUSE|KEEP_SEND_PAUSE))) ? TRUE : FALSE;
+  *done = (0 == (k->keepon&(KEEP_RECVBITS|KEEP_SENDBITS))) ? TRUE : FALSE;
   result = CURLE_OK;
 out:
-  DEBUGF(infof(data, "Curl_readwrite(handle=%p) -> %d", data, result));
+  if(result)
+    DEBUGF(infof(data, DMSG(data, "Curl_readwrite() -> %d"), result));
   return result;
 }
 
@@ -1377,6 +1351,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
   data->state.authhost.want = data->set.httpauth;
   data->state.authproxy.want = data->set.proxyauth;
   Curl_safefree(data->info.wouldredirect);
+  Curl_data_priority_clear_state(data);
 
   if(data->state.httpreq == HTTPREQ_PUT)
     data->state.infilesize = data->set.filesize;
@@ -1389,15 +1364,16 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
   else
     data->state.infilesize = 0;
 
-#ifndef CURL_DISABLE_COOKIES
   /* If there is a list of cookie files to read, do it now! */
-  if(data->state.cookielist)
-    Curl_cookie_loadfiles(data);
-#endif
+  Curl_cookie_loadfiles(data);
+
   /* If there is a list of host pairs to deal with */
   if(data->state.resolve)
     result = Curl_loadhostpairs(data);
 
+  /* If there is a list of hsts files to read */
+  Curl_hsts_loadfiles(data);
+
   if(!result) {
     /* Allow data->set.use_port to set which port to use. This needs to be
      * disabled for example when we follow Location: headers to URLs using
@@ -1425,7 +1401,13 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
 #ifndef CURL_DISABLE_FTP
     data->state.wildcardmatch = data->set.wildcard_enabled;
     if(data->state.wildcardmatch) {
-      struct WildcardData *wc = &data->wildcard;
+      struct WildcardData *wc;
+      if(!data->wildcard) {
+        data->wildcard = calloc(1, sizeof(struct WildcardData));
+        if(!data->wildcard)
+          return CURLE_OUT_OF_MEMORY;
+      }
+      wc = data->wildcard;
       if(wc->state < CURLWC_INIT) {
         result = Curl_wildcard_init(wc); /* init wildcard structures */
         if(result)
@@ -1433,7 +1415,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
       }
     }
 #endif
-    Curl_http2_init_state(&data->state);
     result = Curl_hsts_loadcb(data, data->hsts);
   }
 
@@ -1871,7 +1852,7 @@ Curl_setup_transfer(
   httpsending = ((conn->handler->protocol&PROTO_FAMILY_HTTP) &&
                  (http->sending == HTTPSEND_REQUEST));
 
-  if(conn->bits.multiplex || conn->httpversion == 20 || httpsending) {
+  if(conn->bits.multiplex || conn->httpversion >= 20 || httpsending) {
     /* when multiplexing, the read/write sockets need to be the same! */
     conn->sockfd = sockindex == -1 ?
       ((writesockindex == -1 ? CURL_SOCKET_BAD : conn->sock[writesockindex])) :
diff --git a/lib/transfer.h b/lib/transfer.h
index 409250872..536ac249b 100644
--- a/lib/transfer.h
+++ b/lib/transfer.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/url.c b/lib/url.c
index 3ab63a068..f7b4bbbe9 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -288,33 +288,6 @@ static const struct Curl_handler * const protocols[] = {
   (struct Curl_handler *) NULL
 };
 
-/*
- * Dummy handler for undefined protocol schemes.
- */
-
-static const struct Curl_handler Curl_handler_dummy = {
-  "<no protocol>",                      /* scheme */
-  ZERO_NULL,                            /* setup_connection */
-  ZERO_NULL,                            /* do_it */
-  ZERO_NULL,                            /* done */
-  ZERO_NULL,                            /* do_more */
-  ZERO_NULL,                            /* connect_it */
-  ZERO_NULL,                            /* connecting */
-  ZERO_NULL,                            /* doing */
-  ZERO_NULL,                            /* proto_getsock */
-  ZERO_NULL,                            /* doing_getsock */
-  ZERO_NULL,                            /* domore_getsock */
-  ZERO_NULL,                            /* perform_getsock */
-  ZERO_NULL,                            /* disconnect */
-  ZERO_NULL,                            /* readwrite */
-  ZERO_NULL,                            /* connection_check */
-  ZERO_NULL,                            /* attach connection */
-  0,                                    /* defport */
-  0,                                    /* protocol */
-  0,                                    /* family */
-  PROTOPT_NONE                          /* flags */
-};
-
 void Curl_freeset(struct Curl_easy *data)
 {
   /* Free all dynamic strings stored in the data->set substructure. */
@@ -341,6 +314,11 @@ void Curl_freeset(struct Curl_easy *data)
   data->state.url = NULL;
 
   Curl_mime_cleanpart(&data->set.mimepost);
+
+#ifndef CURL_DISABLE_COOKIES
+  curl_slist_free_all(data->set.cookielist);
+  data->set.cookielist = NULL;
+#endif
 }
 
 /* free the URL pieces */
@@ -434,7 +412,11 @@ CURLcode Curl_close(struct Curl_easy **datap)
   Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]);
   Curl_altsvc_cleanup(&data->asi);
   Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]);
-  Curl_hsts_cleanup(&data->hsts);
+#ifndef CURL_DISABLE_HSTS
+  if(!data->share || !data->share->hsts)
+    Curl_hsts_cleanup(&data->hsts);
+  curl_slist_free_all(data->set.hstslist); /* clean up list */
+#endif
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
   Curl_http_auth_cleanup_digest(data);
 #endif
@@ -445,7 +427,7 @@ CURLcode Curl_close(struct Curl_easy **datap)
   Curl_resolver_cancel(data);
   Curl_resolver_cleanup(data->state.async.resolver);
 
-  Curl_http2_cleanup_dependencies(data);
+  Curl_data_priority_cleanup(data);
 
   /* No longer a dirty share, if it exists */
   if(data->share) {
@@ -531,11 +513,11 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
   /* Timeout every 24 hours by default */
   set->general_ssl.ca_cache_timeout = 24 * 60 * 60;
 
-  set->proxyport = 0;
-  set->proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
   set->httpauth = CURLAUTH_BASIC;  /* defaults to basic */
 
 #ifndef CURL_DISABLE_PROXY
+  set->proxyport = 0;
+  set->proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
   set->proxyauth = CURLAUTH_BASIC; /* defaults to basic */
   /* SOCKS5 proxy auth defaults to username/password + GSS-API */
   set->socks5auth = CURLAUTH_BASIC | CURLAUTH_GSSAPI;
@@ -556,11 +538,11 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
 #endif
   set->ssl.primary.verifypeer = TRUE;
   set->ssl.primary.verifyhost = TRUE;
-#ifdef USE_TLS_SRP
-  set->ssl.primary.authtype = CURL_TLSAUTH_NONE;
-#endif
-   /* defaults to any auth type */
+#ifdef USE_SSH
+  /* defaults to any auth type */
   set->ssh_auth_types = CURLSSH_AUTH_DEFAULT;
+  set->new_directory_perms = 0755; /* Default permissions */
+#endif
   set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by
                                         default */
 #ifndef CURL_DISABLE_PROXY
@@ -568,7 +550,6 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
 #endif
 
   set->new_file_perms = 0644;    /* Default permissions */
-  set->new_directory_perms = 0755; /* Default permissions */
   set->allowed_protocols = (curl_prot_t) CURLPROTO_ALL;
   set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP |
                          CURLPROTO_FTPS;
@@ -631,14 +612,15 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
   set->maxage_conn = 118;
   set->maxlifetime_conn = 0;
   set->http09_allowed = FALSE;
-  set->httpwant =
 #ifdef USE_HTTP2
-    CURL_HTTP_VERSION_2TLS
+  set->httpwant = CURL_HTTP_VERSION_2TLS
 #else
-    CURL_HTTP_VERSION_1_1
+  set->httpwant = CURL_HTTP_VERSION_1_1
 #endif
     ;
-  Curl_http2_init_userset(set);
+#if defined(USE_HTTP2) || defined(USE_HTTP3)
+  memset(&set->priority, 0, sizeof(set->priority));
+#endif
   set->quick_exit = 0L;
   return result;
 }
@@ -698,45 +680,6 @@ CURLcode Curl_open(struct Curl_easy **curl)
   return result;
 }
 
-#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
-static void conn_reset_postponed_data(struct connectdata *conn, int num)
-{
-  struct postponed_data * const psnd = &(conn->postponed[num]);
-  if(psnd->buffer) {
-    DEBUGASSERT(psnd->allocated_size > 0);
-    DEBUGASSERT(psnd->recv_size <= psnd->allocated_size);
-    DEBUGASSERT(psnd->recv_size ?
-                (psnd->recv_processed < psnd->recv_size) :
-                (psnd->recv_processed == 0));
-    DEBUGASSERT(psnd->bindsock != CURL_SOCKET_BAD);
-    free(psnd->buffer);
-    psnd->buffer = NULL;
-    psnd->allocated_size = 0;
-    psnd->recv_size = 0;
-    psnd->recv_processed = 0;
-#ifdef DEBUGBUILD
-    psnd->bindsock = CURL_SOCKET_BAD; /* used only for DEBUGASSERT */
-#endif /* DEBUGBUILD */
-  }
-  else {
-    DEBUGASSERT(psnd->allocated_size == 0);
-    DEBUGASSERT(psnd->recv_size == 0);
-    DEBUGASSERT(psnd->recv_processed == 0);
-    DEBUGASSERT(psnd->bindsock == CURL_SOCKET_BAD);
-  }
-}
-
-static void conn_reset_all_postponed_data(struct connectdata *conn)
-{
-  conn_reset_postponed_data(conn, 0);
-  conn_reset_postponed_data(conn, 1);
-}
-#else  /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
-/* Use "do-nothing" macro instead of function when workaround not used */
-#define conn_reset_all_postponed_data(c) do {} while(0)
-#endif /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
-
-
 static void conn_shutdown(struct Curl_easy *data)
 {
   DEBUGASSERT(data);
@@ -777,14 +720,13 @@ static void conn_free(struct Curl_easy *data, struct connectdata *conn)
   Curl_safefree(conn->sasl_authzid);
   Curl_safefree(conn->options);
   Curl_safefree(conn->oauth_bearer);
+#ifndef CURL_DISABLE_HTTP
   Curl_dyn_free(&conn->trailer);
+#endif
   Curl_safefree(conn->host.rawalloc); /* host name buffer */
   Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
   Curl_safefree(conn->hostname_resolve);
   Curl_safefree(conn->secondaryhostname);
-
-  conn_reset_all_postponed_data(conn);
-  Curl_llist_destroy(&conn->easyq, NULL);
   Curl_safefree(conn->localdev);
   Curl_free_primary_ssl_config(&conn->ssl_config);
 
@@ -854,7 +796,7 @@ void Curl_disconnect(struct Curl_easy *data,
      disconnect and shutdown */
   Curl_attach_connection(data, conn);
 
-  if(conn->handler->disconnect)
+  if(conn->handler && conn->handler->disconnect)
     /* This is set if protocol-specific cleanups should be made */
     conn->handler->disconnect(data, conn, dead_connection);
 
@@ -867,24 +809,6 @@ void Curl_disconnect(struct Curl_easy *data,
 }
 
 /*
- * This function should return TRUE if the socket is to be assumed to
- * be dead. Most commonly this happens when the server has closed the
- * connection due to inactivity.
- */
-static bool SocketIsDead(curl_socket_t sock)
-{
-  int sval;
-  bool ret_val = TRUE;
-
-  sval = SOCKET_READABLE(sock, 0);
-  if(sval == 0)
-    /* timeout */
-    ret_val = FALSE;
-
-  return ret_val;
-}
-
-/*
  * IsMultiplexingPossible()
  *
  * Return a bitmask with the available multiplexing options for the given
@@ -1014,8 +938,20 @@ static bool extract_if_dead(struct connectdata *conn,
 
     }
     else {
-      /* Use the general method for determining the death of a connection */
-      dead = SocketIsDead(conn->sock[FIRSTSOCKET]);
+      bool input_pending;
+
+      dead = !Curl_conn_is_alive(data, conn, &input_pending);
+      if(input_pending) {
+        /* For reuse, we want a "clean" connection state. The includes
+         * that we expect - in general - no waiting input data. Input
+         * waiting might be a TLS Notify Close, for example. We reject
+         * that.
+         * For protocols where data from other other end may arrive at
+         * any time (HTTP/2 PING for example), the protocol handler needs
+         * to install its own `connection_check` callback.
+         */
+        dead = TRUE;
+      }
     }
 
     if(dead) {
@@ -1220,14 +1156,14 @@ ConnectionExists(struct Curl_easy *data,
             continue;
           }
         }
+      }
 
-        if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
-          foundPendingCandidate = TRUE;
-          /* Don't pick a connection that hasn't connected yet */
-          infof(data, "Connection #%ld isn't open enough, can't reuse",
-                check->connection_id);
-          continue;
-        }
+      if(!Curl_conn_is_connected(check, FIRSTSOCKET)) {
+        foundPendingCandidate = TRUE;
+        /* Don't pick a connection that hasn't connected yet */
+        infof(data, "Connection #%ld isn't open enough, can't reuse",
+              check->connection_id);
+        continue;
       }
 
 #ifdef USE_UNIX_SOCKETS
@@ -1341,17 +1277,37 @@ ConnectionExists(struct Curl_easy *data,
         }
       }
 
+      /* GSS delegation differences do not actually affect every connection
+         and auth method, but this check takes precaution before efficiency */
+      if(needle->gssapi_delegation != check->gssapi_delegation)
+        continue;
+
       /* If multiplexing isn't enabled on the h2 connection and h1 is
          explicitly requested, handle it: */
       if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
-         (check->httpversion >= 20) &&
-         (data->state.httpwant < CURL_HTTP_VERSION_2_0))
+         (((check->httpversion >= 20) &&
+           (data->state.httpwant < CURL_HTTP_VERSION_2_0))
+          || ((check->httpversion >= 30) &&
+           (data->state.httpwant < CURL_HTTP_VERSION_3))))
         continue;
-
-      if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+#ifdef USE_SSH
+      else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) {
         if(!ssh_config_matches(needle, check))
           continue;
       }
+#endif
+#ifndef CURL_DISABLE_FTP
+      else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) {
+        /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */
+        if(Curl_timestrcmp(needle->proto.ftpc.account,
+                           check->proto.ftpc.account) ||
+           Curl_timestrcmp(needle->proto.ftpc.alternative_to_user,
+                           check->proto.ftpc.alternative_to_user) ||
+           (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) ||
+           (needle->proto.ftpc.ccc != check->proto.ftpc.ccc))
+          continue;
+      }
+#endif
 
       if((needle->handler->flags&PROTOPT_SSL)
 #ifndef CURL_DISABLE_PROXY
@@ -1467,9 +1423,8 @@ ConnectionExists(struct Curl_easy *data,
 #ifdef USE_NGHTTP2
           /* If multiplexed, make sure we don't go over concurrency limit */
           if(check->bits.multiplex) {
-            /* Multiplexed connections can only be HTTP/2 for now */
-            struct http_conn *httpc = &check->proto.httpc;
-            if(multiplexed >= httpc->settings.max_concurrent_streams) {
+            if(multiplexed >= Curl_conn_get_max_concurrent(data, check,
+                                                           FIRSTSOCKET)) {
               infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)",
                     multiplexed);
               continue;
@@ -1543,23 +1498,13 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
   if(!conn)
     return NULL;
 
-  conn->handler = &Curl_handler_dummy;  /* Be sure we have a handler defined
-                                           already from start to avoid NULL
-                                           situations and checks */
-
   /* and we setup a few fields in case we end up actually using this struct */
 
   conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD;     /* no file descriptor */
   conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */
-  conn->tempsock[0] = CURL_SOCKET_BAD; /* no file descriptor */
-  conn->tempsock[1] = CURL_SOCKET_BAD; /* no file descriptor */
   conn->connection_id = -1;    /* no ID */
   conn->port = -1; /* unknown at this point */
   conn->remote_port = -1; /* unknown at this point */
-#if defined(USE_RECV_BEFORE_SEND_WORKAROUND) && defined(DEBUGBUILD)
-  conn->postponed[0].bindsock = CURL_SOCKET_BAD; /* no file descriptor */
-  conn->postponed[1].bindsock = CURL_SOCKET_BAD; /* no file descriptor */
-#endif /* USE_RECV_BEFORE_SEND_WORKAROUND && DEBUGBUILD */
 
   /* Default protocol-independent behavior doesn't support persistent
      connections, so we set this to force-close. Protocols that support
@@ -1644,11 +1589,11 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
   conn->fclosesocket = data->set.fclosesocket;
   conn->closesocket_client = data->set.closesocket_client;
   conn->lastused = Curl_now(); /* used now */
+  conn->gssapi_delegation = data->set.gssapi_delegation;
 
   return conn;
   error:
 
-  Curl_llist_destroy(&conn->easyq, NULL);
   free(conn->localdev);
   free(conn);
   return NULL;
@@ -2329,7 +2274,7 @@ static CURLcode parse_proxy(struct Curl_easy *data,
       result = CURLE_OUT_OF_MEMORY;
       goto error;
     }
-    /* path will be "/", if no path was was found */
+    /* path will be "/", if no path was found */
     if(strcmp("/", path)) {
       is_unix_proxy = TRUE;
       free(host);
@@ -2412,6 +2357,7 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data,
   char *socksproxy = NULL;
   char *no_proxy = NULL;
   CURLcode result = CURLE_OK;
+  bool spacesep = FALSE;
 
   /*************************************************************
    * Extract the user and password from the authentication string
@@ -2458,7 +2404,8 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data,
   }
 
   if(Curl_check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY] ?
-                        data->set.str[STRING_NOPROXY] : no_proxy)) {
+                        data->set.str[STRING_NOPROXY] : no_proxy,
+                        &spacesep)) {
     Curl_safefree(proxy);
     Curl_safefree(socksproxy);
   }
@@ -2467,6 +2414,8 @@ static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data,
     /* if the host is not in the noproxy list, detect proxy. */
     proxy = detect_proxy(data, conn);
 #endif /* CURL_DISABLE_HTTP */
+  if(spacesep)
+    infof(data, "space-separated NOPROXY patterns are deprecated");
 
   Curl_safefree(no_proxy);
 
@@ -2795,7 +2744,7 @@ static CURLcode override_login(struct Curl_easy *data,
         return CURLE_OUT_OF_MEMORY;
     }
     /* no user was set but a password, set a blank user */
-    if(userp && !*userp && *passwdp) {
+    if(!*userp && *passwdp) {
       *userp = strdup("");
       if(!*userp)
         return CURLE_OUT_OF_MEMORY;
@@ -3345,12 +3294,6 @@ static void reuse_conn(struct Curl_easy *data,
                        struct connectdata *temp,
                        struct connectdata *existing)
 {
-  /* 'local_ip' and 'local_port' get filled with local's numerical
-     ip address and port number whenever an outgoing connection is
-     **established** from the primary socket to a remote address. */
-  char local_ip[MAX_IPADR_LEN] = "";
-  int local_port = -1;
-
   /* get the user+password information from the temp struct since it may
    * be new for this request even when we re-use an existing connection */
   if(temp->user) {
@@ -3382,6 +3325,20 @@ static void reuse_conn(struct Curl_easy *data,
   }
 #endif
 
+  /* Finding a connection for reuse in the cache matches, among other
+   * things on the "remote-relevant" hostname. This is not necessarily
+   * the authority of the URL, e.g. conn->host. For example:
+   * - we use a proxy (not tunneling). we want to send all requests
+   *   that use the same proxy on this connection.
+   * - we have a "connect-to" setting that may redirect the hostname of
+   *   a new request to the same remote endpoint of an existing conn.
+   *   We want to reuse an existing conn to the remote endpoint.
+   * Since connection reuse does not match on conn->host necessarily, we
+   * switch `existing` conn to `temp` conn's host settings.
+   * TODO: is this correct in the case of TLS connections that have
+   *       used the original hostname in SNI to negotiate? Do we send
+   *       requests for another host through the different SNI?
+   */
   Curl_free_idnconverted_hostname(&existing->host);
   Curl_free_idnconverted_hostname(&existing->conn_to_host);
   Curl_safefree(existing->host.rawalloc);
@@ -3398,15 +3355,6 @@ static void reuse_conn(struct Curl_easy *data,
   existing->hostname_resolve = temp->hostname_resolve;
   temp->hostname_resolve = NULL;
 
-  /* persist connection info in session handle */
-  if(existing->transport == TRNSPRT_TCP) {
-    Curl_conninfo_local(data, existing->sock[FIRSTSOCKET],
-                        local_ip, &local_port);
-  }
-  Curl_persistconninfo(data, existing, local_ip, local_port);
-
-  conn_reset_all_postponed_data(temp); /* free buffers */
-
   /* re-use init */
   existing->bits.reuse = TRUE; /* yes, we're re-using here */
 
@@ -3880,6 +3828,13 @@ static CURLcode create_conn(struct Curl_easy *data,
    * Resolve the address of the server or proxy
    *************************************************************/
   result = resolve_server(data, conn, async);
+  if(result)
+    goto out;
+
+  /* Everything general done, inform filters that they need
+   * to prepare for a data transfer.
+   */
+  result = Curl_conn_ev_data_setup(data);
 
 out:
   return result;
@@ -4007,7 +3962,6 @@ CURLcode Curl_init_do(struct Curl_easy *data, struct connectdata *conn)
     data->state.httpreq = HTTPREQ_HEAD;
 
   k->start = Curl_now(); /* start time */
-  k->now = k->start;   /* current time is now */
   k->header = TRUE; /* assume header */
   k->bytecount = 0;
   k->ignorebody = FALSE;
@@ -4018,3 +3972,103 @@ CURLcode Curl_init_do(struct Curl_easy *data, struct connectdata *conn)
 
   return CURLE_OK;
 }
+
+#if defined(USE_HTTP2) || defined(USE_HTTP3)
+
+#ifdef USE_NGHTTP2
+
+static void priority_remove_child(struct Curl_easy *parent,
+                                  struct Curl_easy *child)
+{
+  struct Curl_data_prio_node **pnext = &parent->set.priority.children;
+  struct Curl_data_prio_node *pnode = parent->set.priority.children;
+
+  DEBUGASSERT(child->set.priority.parent == parent);
+  while(pnode && pnode->data != child) {
+    pnext = &pnode->next;
+    pnode = pnode->next;
+  }
+
+  DEBUGASSERT(pnode);
+  if(pnode) {
+    *pnext = pnode->next;
+    free(pnode);
+  }
+
+  child->set.priority.parent = 0;
+  child->set.priority.exclusive = FALSE;
+}
+
+CURLcode Curl_data_priority_add_child(struct Curl_easy *parent,
+                                      struct Curl_easy *child,
+                                      bool exclusive)
+{
+  if(child->set.priority.parent) {
+    priority_remove_child(child->set.priority.parent, child);
+  }
+
+  if(parent) {
+    struct Curl_data_prio_node **tail;
+    struct Curl_data_prio_node *pnode;
+
+    pnode = calloc(1, sizeof(*pnode));
+    if(!pnode)
+      return CURLE_OUT_OF_MEMORY;
+    pnode->data = child;
+
+    if(parent->set.priority.children && exclusive) {
+      /* exclusive: move all existing children underneath the new child */
+      struct Curl_data_prio_node *node = parent->set.priority.children;
+      while(node) {
+        node->data->set.priority.parent = child;
+        node = node->next;
+      }
+
+      tail = &child->set.priority.children;
+      while(*tail)
+        tail = &(*tail)->next;
+
+      DEBUGASSERT(!*tail);
+      *tail = parent->set.priority.children;
+      parent->set.priority.children = 0;
+    }
+
+    tail = &parent->set.priority.children;
+    while(*tail) {
+      (*tail)->data->set.priority.exclusive = FALSE;
+      tail = &(*tail)->next;
+    }
+
+    DEBUGASSERT(!*tail);
+    *tail = pnode;
+  }
+
+  child->set.priority.parent = parent;
+  child->set.priority.exclusive = exclusive;
+  return CURLE_OK;
+}
+
+#endif /* USE_NGHTTP2 */
+
+void Curl_data_priority_cleanup(struct Curl_easy *data)
+{
+#ifdef USE_NGHTTP2
+  while(data->set.priority.children) {
+    struct Curl_easy *tmp = data->set.priority.children->data;
+    priority_remove_child(data, tmp);
+    if(data->set.priority.parent)
+      Curl_data_priority_add_child(data->set.priority.parent, tmp, FALSE);
+  }
+
+  if(data->set.priority.parent)
+    priority_remove_child(data->set.priority.parent, data);
+#endif
+  (void)data;
+}
+
+void Curl_data_priority_clear_state(struct Curl_easy *data)
+{
+  memset(&data->state.priority, 0, sizeof(data->state.priority));
+}
+
+#endif /* defined(USE_HTTP2) || defined(USE_HTTP3) */
diff --git a/lib/url.h b/lib/url.h
index 1a03c564c..3b58df403 100644
--- a/lib/url.h
+++ b/lib/url.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -59,4 +59,20 @@ const struct Curl_handler *Curl_builtin_scheme(const char *scheme,
 void Curl_verboseconnect(struct Curl_easy *data, struct connectdata *conn);
 #endif
 
+#if defined(USE_HTTP2) || defined(USE_HTTP3)
+void Curl_data_priority_cleanup(struct Curl_easy *data);
+void Curl_data_priority_clear_state(struct Curl_easy *data);
+#else
+#define Curl_data_priority_cleanup(x)
+#define Curl_data_priority_clear_state(x)
+#endif /* !(defined(USE_HTTP2) || defined(USE_HTTP3)) */
+
+#ifdef USE_NGHTTP2
+CURLcode Curl_data_priority_add_child(struct Curl_easy *parent,
+                                      struct Curl_easy *child,
+                                      bool exclusive);
+#else
+#define Curl_data_priority_add_child(x, y, z) CURLE_NOT_BUILT_IN
+#endif
+
 #endif /* HEADER_CURL_URL_H */
diff --git a/lib/urlapi-int.h b/lib/urlapi-int.h
index 43a83ef6e..28e5dd7ea 100644
--- a/lib/urlapi-int.h
+++ b/lib/urlapi-int.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/urlapi.c b/lib/urlapi.c
index b96af35ad..62e323306 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -33,6 +33,7 @@
 #include "inet_pton.h"
 #include "inet_ntop.h"
 #include "strdup.h"
+#include "idn.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -56,6 +57,15 @@
 /* scheme is not URL encoded, the longest libcurl supported ones are... */
 #define MAX_SCHEME_LEN 40
 
+/*
+ * If ENABLE_IPV6 is disabled, we still want to parse IPv6 addresses, so make
+ * sure we have _some_ value for AF_INET6 without polluting our fake value
+ * everywhere.
+ */
+#if !defined(ENABLE_IPV6) && !defined(AF_INET6)
+#define AF_INET6 (AF_INET + 1)
+#endif
+
 /* Internal representation of CURLU. Point to URL-encoded strings. */
 struct Curl_URL {
   char *scheme;
@@ -116,14 +126,11 @@ static const char *find_host_sep(const char *url)
 }
 
 /*
- * Decide in an encoding-independent manner whether a character in a URL must
- * be escaped. This is used in urlencode_str().
+ * Decide whether a character in a URL must be escaped.
  */
-static bool urlchar_needs_escaping(int c)
-{
-  return !(ISCNTRL(c) || ISSPACE(c) || ISGRAPH(c));
-}
+#define urlchar_needs_escaping(c) (!(ISCNTRL(c) || ISSPACE(c) || ISGRAPH(c)))
 
+static const char hexdigits[] = "0123456789abcdef";
 /* urlencode_str() writes data into an output dynbuf and URL-encodes the
  * spaces in the source URL accordingly.
  *
@@ -167,7 +174,10 @@ static CURLUcode urlencode_str(struct dynbuf *o, const char *url,
       left = FALSE;
 
     if(urlchar_needs_escaping(*iptr)) {
-      if(Curl_dyn_addf(o, "%%%02x", *iptr))
+      char out[3]={'%'};
+      out[1] = hexdigits[*iptr>>4];
+      out[2] = hexdigits[*iptr & 0xf];
+      if(Curl_dyn_addn(o, out, 3))
         return CURLUE_OUT_OF_MEMORY;
     }
     else {
@@ -492,35 +502,21 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u,
 UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, struct dynbuf *host,
                                    bool has_scheme)
 {
-  char *portptr = NULL;
-  char endbracket;
-  int len;
+  char *portptr;
   char *hostname = Curl_dyn_ptr(host);
   /*
    * Find the end of an IPv6 address, either on the ']' ending bracket or
    * a percent-encoded zone index.
    */
-  if(1 == sscanf(hostname, "[%*45[0123456789abcdefABCDEF:.]%c%n",
-                 &endbracket, &len)) {
-    if(']' == endbracket)
-      portptr = &hostname[len];
-    else if('%' == endbracket) {
-      int zonelen = len;
-      if(1 == sscanf(hostname + zonelen, "%*[^]]%c%n", &endbracket, &len)) {
-        if(']' != endbracket)
-          return CURLUE_BAD_IPV6;
-        portptr = &hostname[--zonelen + len + 1];
-      }
-      else
-        return CURLUE_BAD_IPV6;
-    }
-    else
+  if(hostname[0] == '[') {
+    portptr = strchr(hostname, ']');
+    if(!portptr)
       return CURLUE_BAD_IPV6;
-
+    portptr++;
     /* this is a RFC2732-style specified IP-address */
-    if(portptr && *portptr) {
+    if(*portptr) {
       if(*portptr != ':')
-        return CURLUE_BAD_IPV6;
+        return CURLUE_BAD_PORT_NUMBER;
     }
     else
       portptr = NULL;
@@ -584,11 +580,9 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
     hostname++;
     hlen -= 2;
 
-    if(hostname[hlen] != ']')
-      return CURLUE_BAD_IPV6;
-
-    /* only valid letters are ok */
+    /* only valid IPv6 letters are ok */
     len = strspn(hostname, l);
+
     if(hlen != len) {
       hlen = len;
       if(hostname[len] == '%') {
@@ -602,8 +596,7 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
         while(*h && (*h != ']') && (i < 15))
           zoneid[i++] = *h++;
         if(!i || (']' != *h))
-          /* impossible to reach? */
-          return CURLUE_MALFORMED_INPUT;
+          return CURLUE_BAD_IPV6;
         zoneid[i] = 0;
         u->zoneid = strdup(zoneid);
         if(!u->zoneid)
@@ -615,7 +608,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
         return CURLUE_BAD_IPV6;
       /* hostname is fine */
     }
-#ifdef ENABLE_IPV6
+
+    /* Check the IPv6 address. */
     {
       char dest[16]; /* fits a binary IPv6 address */
       char norm[MAX_IPADR_LEN];
@@ -632,11 +626,10 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
       }
       hostname[hlen] = ']'; /* restore ending bracket */
     }
-#endif
   }
   else {
     /* letters from the second string are not ok */
-    len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()");
+    len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()%");
     if(hlen != len)
       /* hostname with bad content */
       return CURLUE_BAD_HOSTNAME;
@@ -782,25 +775,28 @@ static CURLUcode decode_host(struct dynbuf *host)
  *
  * RETURNS
  *
- * an allocated dedotdotified output string
+ * Zero for success and 'out' set to an allocated dedotdotified string.
  */
-UNITTEST char *dedotdotify(const char *input, size_t clen);
-UNITTEST char *dedotdotify(const char *input, size_t clen)
+UNITTEST int dedotdotify(const char *input, size_t clen, char **outp);
+UNITTEST int dedotdotify(const char *input, size_t clen, char **outp)
 {
-  char *out = malloc(clen + 1);
   char *outptr;
   const char *orginput = input;
   char *queryp;
+  char *out;
+
+  *outp = NULL;
+  /* the path always starts with a slash, and a slash has not dot */
+  if((clen < 2) || !memchr(input, '.', clen))
+    return 0;
+
+  out = malloc(clen + 1);
   if(!out)
-    return NULL; /* out of memory */
+    return 1; /* out of memory */
 
   *out = 0; /* null-terminates, for inputs like "./" */
   outptr = out;
 
-  if(!*input)
-    /* zero length input string, return that */
-    return out;
-
   /*
    * To handle query-parts properly, we must find it and remove it during the
    * dotdot-operation and then append it again at the end to the output
@@ -905,7 +901,8 @@ UNITTEST char *dedotdotify(const char *input, size_t clen)
     memcpy(outptr, &orginput[oindex], qlen + 1); /* include zero byte */
   }
 
-  return out;
+  *outp = out;
+  return 0; /* success */
 }
 
 static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags)
@@ -1152,7 +1149,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags)
     size_t qlen = strlen(query) - fraglen; /* includes '?' */
     pathlen = strlen(path) - qlen - fraglen;
     if(qlen > 1) {
-      if(qlen && (flags & CURLU_URLENCODE)) {
+      if(flags & CURLU_URLENCODE) {
         struct dynbuf enc;
         Curl_dyn_init(&enc, CURL_MAX_INPUT_LENGTH);
         /* skip the leading question mark */
@@ -1199,8 +1196,8 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags)
     path = u->path = Curl_dyn_ptr(&enc);
   }
 
-  if(!pathlen) {
-    /* there is no path left, unset */
+  if(pathlen <= 1) {
+    /* there is no path left or just the slash, unset */
     path = NULL;
   }
   else {
@@ -1224,13 +1221,16 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags)
 
     if(!(flags & CURLU_PATH_AS_IS)) {
       /* remove ../ and ./ sequences according to RFC3986 */
-      char *newp = dedotdotify((char *)path, pathlen);
-      if(!newp) {
+      char *dedot;
+      int err = dedotdotify((char *)path, pathlen, &dedot);
+      if(err) {
         result = CURLUE_OUT_OF_MEMORY;
         goto fail;
       }
-      free(u->path);
-      u->path = newp;
+      if(dedot) {
+        free(u->path);
+        u->path = dedot;
+      }
     }
   }
 
@@ -1350,7 +1350,7 @@ void curl_url_cleanup(CURLU *u)
     }                                           \
   } while(0)
 
-CURLU *curl_url_dup(CURLU *in)
+CURLU *curl_url_dup(const CURLU *in)
 {
   struct Curl_URL *u = calloc(sizeof(struct Curl_URL), 1);
   if(u) {
@@ -1371,14 +1371,15 @@ CURLU *curl_url_dup(CURLU *in)
   return NULL;
 }
 
-CURLUcode curl_url_get(CURLU *u, CURLUPart what,
+CURLUcode curl_url_get(const CURLU *u, CURLUPart what,
                        char **part, unsigned int flags)
 {
-  char *ptr;
+  const char *ptr;
   CURLUcode ifmissing = CURLUE_UNKNOWN_PART;
   char portbuf[7];
   bool urldecode = (flags & CURLU_URLDECODE)?1:0;
   bool urlencode = (flags & CURLU_URLENCODE)?1:0;
+  bool punycode = FALSE;
   bool plusdecode = FALSE;
   (void)flags;
   if(!u)
@@ -1408,6 +1409,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
   case CURLUPART_HOST:
     ptr = u->host;
     ifmissing = CURLUE_NO_HOST;
+    punycode = (flags & CURLU_PUNYCODE)?1:0;
     break;
   case CURLUPART_ZONEID:
     ptr = u->zoneid;
@@ -1439,11 +1441,8 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
     break;
   case CURLUPART_PATH:
     ptr = u->path;
-    if(!ptr) {
-      ptr = u->path = strdup("/");
-      if(!u->path)
-        return CURLUE_OUT_OF_MEMORY;
-    }
+    if(!ptr)
+      ptr = "/";
     break;
   case CURLUPART_QUERY:
     ptr = u->query;
@@ -1460,6 +1459,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
     char *options = u->options;
     char *port = u->port;
     char *allochost = NULL;
+    punycode = (flags & CURLU_PUNYCODE)?1:0;
     if(u->scheme && strcasecompare("file", u->scheme)) {
       url = aprintf("file://%s%s%s",
                     u->path,
@@ -1514,6 +1514,17 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
         if(!allochost)
           return CURLUE_OUT_OF_MEMORY;
       }
+      else if(punycode) {
+        if(!Curl_is_ASCII_name(u->host)) {
+#ifndef USE_IDN
+          return CURLUE_LACKS_IDN;
+#else
+          allochost = Curl_idn_decode(u->host);
+          if(!allochost)
+            return CURLUE_OUT_OF_MEMORY;
+#endif
+        }
+      }
       else {
         /* only encode '%' in output host name */
         char *host = u->host;
@@ -1541,8 +1552,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
               return CURLUE_OUT_OF_MEMORY;
             host++;
           }
-          free(u->host);
-          u->host = Curl_dyn_ptr(&enc);
+          allochost = Curl_dyn_ptr(&enc);
         }
       }
 
@@ -1611,6 +1621,19 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
       free(*part);
       *part = Curl_dyn_ptr(&enc);
     }
+    else if(punycode) {
+      if(!Curl_is_ASCII_name(u->host)) {
+#ifndef USE_IDN
+        return CURLUE_LACKS_IDN;
+#else
+        char *allochost = Curl_idn_decode(*part);
+        if(!allochost)
+          return CURLUE_OUT_OF_MEMORY;
+        free(*part);
+        *part = allochost;
+#endif
+      }
+    }
 
     return CURLUE_OK;
   }
@@ -1807,7 +1830,10 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
             return CURLUE_OUT_OF_MEMORY;
         }
         else {
-          result = Curl_dyn_addf(&enc, "%%%02x", *i);
+          char out[3]={'%'};
+          out[1] = hexdigits[*i>>4];
+          out[2] = hexdigits[*i & 0xf];
+          result = Curl_dyn_addn(&enc, out, 3);
           if(result)
             return CURLUE_OUT_OF_MEMORY;
         }
diff --git a/lib/urldata.h b/lib/urldata.h
index 3d7545c68..8b54518d2 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -113,23 +113,6 @@ typedef unsigned int curl_prot_t;
    input easier and better. */
 #define CURL_MAX_INPUT_LENGTH 8000000
 
-/* Macros intended for DEBUGF logging, use like:
- * DEBUGF(infof(data, CFMSG(cf, "this filter %s rocks"), "very much"));
- * and it will output:
- * [CONN-1-0][CF-SSL] this filter very much rocks
- * on connection #1 with sockindex 0 for filter of type "SSL". */
-#define DMSG(d,msg)  \
-  "[CONN-%ld] "msg, (d)->conn->connection_id
-#define DMSGI(d,i,msg)  \
-  "[CONN-%ld-%d] "msg, (d)->conn->connection_id, (i)
-#define CMSG(c,msg)  \
-  "[CONN-%ld] "msg, (conn)->connection_id
-#define CMSGI(c,i,msg)  \
-  "[CONN-%ld-%d] "msg, (conn)->connection_id, (i)
-#define CFMSG(cf,msg)  \
-  "[CONN-%ld-%d][CF-%s] "msg, (cf)->conn->connection_id, \
-  (cf)->sockindex, (cf)->cft->name
-
 
 #include "cookie.h"
 #include "psl.h"
@@ -185,10 +168,10 @@ typedef CURLcode (*Curl_datastream)(struct Curl_easy *data,
 #include "rtsp.h"
 #include "smb.h"
 #include "mqtt.h"
-#include "wildcard.h"
+#include "ftplistparser.h"
 #include "multihandle.h"
-#include "quic.h"
 #include "c-hyper.h"
+#include "cf-socket.h"
 
 #ifdef HAVE_GSSAPI
 # ifdef HAVE_GSSGNU
@@ -268,8 +251,6 @@ typedef enum {
 struct ssl_backend_data;
 
 struct ssl_primary_config {
-  long version;          /* what version the client wants to use */
-  long version_max;      /* max supported version the client wants to use */
   char *CApath;          /* certificate dir (doesn't work on windows) */
   char *CAfile;          /* certificate to verify peer against */
   char *issuercert;      /* optional issuer certificate filename */
@@ -284,10 +265,11 @@ struct ssl_primary_config {
 #ifdef USE_TLS_SRP
   char *username; /* TLS username (for, e.g., SRP) */
   char *password; /* TLS password (for, e.g., SRP) */
-  enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */
 #endif
   char *curves;          /* list of curves to use */
   unsigned char ssl_options;  /* the CURLOPT_SSL_OPTIONS bitmask */
+  unsigned int version_max; /* max supported version the client wants to use */
+  unsigned char version;    /* what version the client wants to use */
   BIT(verifypeer);       /* set TRUE if this is desired */
   BIT(verifyhost);       /* set TRUE if CN/SAN must match hostname */
   BIT(verifystatus);     /* set TRUE if certificate status must be checked */
@@ -648,7 +630,6 @@ struct SingleRequest {
   curl_off_t pendingheader;      /* this many bytes left to send is actually
                                     header and not body */
   struct curltime start;         /* transfer started at this time */
-  struct curltime now;           /* current time */
   enum {
     HEADER_NORMAL,              /* no bad header at all */
     HEADER_PARTHEADER,          /* part of the chunk is a bad header, the rest
@@ -706,7 +687,12 @@ struct SingleRequest {
 #ifndef CURL_DISABLE_DOH
   struct dohdata *doh; /* DoH specific data for this request */
 #endif
+#if defined(WIN32) && defined(USE_WINSOCK)
+  struct curltime last_sndbuf_update;  /* last time readwrite_upload called
+                                          win_update_buffer_size */
+#endif
   unsigned char setcookies;
+  unsigned char writer_stack_depth; /* Unencoding stack depth. */
   BIT(header);        /* incoming data has HTTP header */
   BIT(content_range); /* set TRUE if Content-Range: was found */
   BIT(upload_done);   /* set to TRUE when doing chunked transfer-encoding
@@ -783,8 +769,8 @@ struct Curl_handler {
   /* This function *MAY* be set to a protocol-dependent function that is run
    * by the curl_disconnect(), as a step in the disconnection.  If the handler
    * is called because the connection has been considered dead,
-   * dead_connection is set to TRUE. The connection is already disassociated
-   * from the transfer here.
+   * dead_connection is set to TRUE. The connection is (again) associated with
+   * the transfer here.
    */
   CURLcode (*disconnect)(struct Curl_easy *, struct connectdata *,
                          bool dead_connection);
@@ -830,7 +816,7 @@ struct Curl_handler {
 #define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login credentials per
                                           request instead of per connection */
 #define PROTOPT_ALPN (1<<8) /* set ALPN for this */
-#define PROTOPT_STREAM (1<<9) /* a protocol with individual logical streams */
+/* (1<<9) was PROTOPT_STREAM, now free */
 #define PROTOPT_URLOPTIONS (1<<10) /* allow options part in the userinfo field
                                       of the URL */
 #define PROTOPT_PROXY_AS_HTTP (1<<11) /* allow this non-HTTP scheme over a
@@ -848,20 +834,6 @@ struct Curl_handler {
 #define CONNRESULT_NONE 0                /* No extra information. */
 #define CONNRESULT_DEAD (1<<0)           /* The connection is dead. */
 
-#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
-struct postponed_data {
-  char *buffer;          /* Temporal store for received data during
-                            sending, must be freed */
-  size_t allocated_size; /* Size of temporal store */
-  size_t recv_size;      /* Size of received data during sending */
-  size_t recv_processed; /* Size of processed part of postponed data */
-#ifdef DEBUGBUILD
-  curl_socket_t bindsock;/* Structure must be bound to specific socket,
-                            used only for DEBUGASSERT */
-#endif /* DEBUGBUILD */
-};
-#endif /* USE_RECV_BEFORE_SEND_WORKAROUND */
-
 struct proxy_info {
   struct hostname host;
   int port;
@@ -909,16 +881,9 @@ struct connectdata {
      there is no name resolve done. */
   struct Curl_dns_entry *dns_entry;
 
-  /* 'ip_addr' is the particular IP we connected to. It points to a struct
-     within the DNS cache, so this pointer is only valid as long as the DNS
-     cache entry remains locked. It gets unlocked in multi_done() */
-  struct Curl_addrinfo *ip_addr;
-  struct Curl_addrinfo *tempaddr[2]; /* for happy eyeballs */
-
-#ifdef ENABLE_QUIC
-  struct quicsocket hequic[2]; /* two, for happy eyeballs! */
-  struct quicsocket *quic;
-#endif
+  /* 'remote_addr' is the particular IP we connected to. it is owned, set
+   * and NULLed by the connected socket filter (if there is one). */
+  const struct Curl_sockaddr_ex *remote_addr;
 
   struct hostname host;
   char *hostname_resolve; /* host name to resolve to address, allocated */
@@ -947,31 +912,16 @@ struct connectdata {
   struct curltime lastused; /* when returned to the connection cache */
   curl_socket_t sock[2]; /* two sockets, the second is used for the data
                             transfer when doing FTP */
-  curl_socket_t tempsock[2]; /* temporary sockets for happy eyeballs */
-  int tempfamily[2]; /* family used for the temp sockets */
   Curl_recv *recv[2];
   Curl_send *send[2];
   struct Curl_cfilter *cfilter[2]; /* connection filters */
 
-#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
-  struct postponed_data postponed[2]; /* two buffers for two sockets */
-#endif /* USE_RECV_BEFORE_SEND_WORKAROUND */
   struct ssl_primary_config ssl_config;
 #ifndef CURL_DISABLE_PROXY
   struct ssl_primary_config proxy_ssl_config;
 #endif
   struct ConnectBits bits;    /* various state-flags for this connection */
 
- /* connecttime: when connect() is called on the current IP address. Used to
-    be able to track when to move on to try next IP - but only when the multi
-    interface is used. */
-  struct curltime connecttime;
-
-  /* The field below gets set in Curl_connecthost */
-  /* how long time in milliseconds to spend on trying to connect to each IP
-     address, per family */
-  timediff_t timeoutms_per_addr[2];
-
   const struct Curl_handler *handler; /* Connection's protocol handler */
   const struct Curl_handler *given;   /* The protocol first given */
 
@@ -1034,16 +984,15 @@ struct connectdata {
   struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
 #endif
 
+#ifndef CURL_DISABLE_HTTP
   /* for chunked-encoded trailer */
   struct dynbuf trailer;
+#endif
 
   union {
 #ifndef CURL_DISABLE_FTP
     struct ftp_conn ftpc;
 #endif
-#ifndef CURL_DISABLE_HTTP
-    struct http_conn httpc;
-#endif
 #ifdef USE_SSH
     struct ssh_conn sshc;
 #endif
@@ -1070,6 +1019,9 @@ struct connectdata {
 #ifndef CURL_DISABLE_MQTT
     struct mqtt_conn mqtt;
 #endif
+#ifdef USE_WEBSOCKETS
+    struct ws_conn ws;
+#endif
   } proto;
 
   struct connectbundle *bundle; /* The bundle we are member of */
@@ -1086,14 +1038,13 @@ struct connectdata {
      that subsequent bound-requested connections aren't accidentally re-using
      wrong connections. */
   char *localdev;
-  int localportrange;
+  unsigned short localportrange;
   int cselect_bits; /* bitmask of socket events */
   int waitfor;      /* current READ/WRITE bits to wait for */
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
   int socks5_gssapi_enctype;
 #endif
-  /* The field below gets set in Curl_connecthost */
-  int num_addr; /* number of addresses to try to connect to */
+  /* The field below gets set in connect.c:connecthost() */
   int port;        /* which port to use locally - to connect to */
   int remote_port; /* the remote port, not the proxy port! */
   int conn_to_port; /* the remote port to connect to. valid only if
@@ -1110,6 +1061,7 @@ struct connectdata {
   unsigned char ip_version; /* copied from the Curl_easy at creation time */
   unsigned char httpversion; /* the HTTP version*10 reported by the server */
   unsigned char connect_only;
+  unsigned char gssapi_delegation; /* inherited from set.gssapi_delegation */
 };
 
 /* The end of connectdata. */
@@ -1238,10 +1190,29 @@ struct auth {
                    should be RFC compliant */
 };
 
-struct Curl_http2_dep {
-  struct Curl_http2_dep *next;
+#ifdef USE_NGHTTP2
+struct Curl_data_prio_node {
+  struct Curl_data_prio_node *next;
   struct Curl_easy *data;
 };
+#endif
+
+/**
+ * Priority information for an easy handle in relation to others
+ * on the same connection.
+ * TODO: we need to adapt it to the new priority scheme as defined in RFC 9218
+ */
+struct Curl_data_priority {
+#ifdef USE_NGHTTP2
+  /* tree like dependencies only implemented in nghttp2 */
+  struct Curl_easy *parent;
+  struct Curl_data_prio_node *children;
+#endif
+  int weight;
+#ifdef USE_NGHTTP2
+  BIT(exclusive);
+#endif
+};
 
 /*
  * This struct is for holding data that was attempted to get sent to the user's
@@ -1270,6 +1241,7 @@ typedef enum {
   EXPIRE_TOOFAST,
   EXPIRE_QUIC,
   EXPIRE_FTP_ACCEPT,
+  EXPIRE_ALPN_EYEBALLS,
   EXPIRE_LAST /* not an actual timer, used as a marker only */
 } expire_id;
 
@@ -1389,24 +1361,17 @@ struct UrlState {
   size_t drain; /* Increased when this stream has data to read, even if its
                    socket is not necessarily is readable. Decreased when
                    checked. */
+  struct Curl_data_priority priority; /* shallow copy of data->set */
 #endif
 
   curl_read_callback fread_func; /* read callback/function */
   void *in;                      /* CURLOPT_READDATA */
-#ifdef USE_HTTP2
-  struct Curl_easy *stream_depends_on;
-  int stream_weight;
-#endif
   CURLU *uh; /* URL handle for the current parsed URL */
   struct urlpieces up;
   unsigned char httpreq; /* Curl_HttpReq; what kind of HTTP request (if any)
                             is this */
   char *url;        /* work URL, copied from UserDefined */
   char *referer;    /* referer string */
-#ifndef CURL_DISABLE_COOKIES
-  struct curl_slist *cookielist; /* list of cookie files set by
-                                    curl_easy_setopt(COOKIEFILE) calls */
-#endif
   struct curl_slist *resolve; /* set to point to the set.resolve list when
                                  this should be dealt with in pretransfer */
 #ifndef CURL_DISABLE_HTTP
@@ -1414,7 +1379,7 @@ struct UrlState {
   struct dynbuf trailers_buf; /* a buffer containing the compiled trailing
                                  headers */
   struct Curl_llist httphdrs; /* received headers */
-  struct curl_header headerout; /* for external purposes */
+  struct curl_header headerout[2]; /* for external purposes */
   struct Curl_header_store *prevhead; /* the latest added header */
   trailers_state trailers_state; /* whether we are sending trailers
                                     and what stage are we at */
@@ -1471,7 +1436,6 @@ struct UrlState {
   BIT(done); /* set to FALSE when Curl_init_do() is called and set to TRUE
                 when multi_done() is called, to prevent multi_done() to get
                 invoked twice when the multi interface is used. */
-  BIT(stream_depends_e); /* set or don't set the Exclusive bit */
   BIT(previouslypending); /* this transfer WAS in the multi->pending queue */
   BIT(cookie_engine);
   BIT(prefer_ascii);   /* ASCII rather than binary */
@@ -1620,15 +1584,9 @@ struct UserDefined {
   void *out;         /* CURLOPT_WRITEDATA */
   void *in_set;      /* CURLOPT_READDATA */
   void *writeheader; /* write the header to this if non-NULL */
-  unsigned short proxyport; /* If non-zero, use this port number by
-                               default. If the proxy string features a
-                               ":[port]" that one will override this. */
   unsigned short use_port; /* which port to use (when not using default) */
   unsigned long httpauth;  /* kind of HTTP authentication to use (bitmask) */
   unsigned long proxyauth; /* kind of proxy authentication to use (bitmask) */
-#ifndef CURL_DISABLE_PROXY
-  unsigned char socks5auth;/* kind of SOCKS5 authentication to use (bitmask) */
-#endif
   long maxredirs;    /* maximum no. of http(s) redirects to follow, set to -1
                         for infinity */
 
@@ -1638,8 +1596,9 @@ struct UserDefined {
                                of strlen(), and then the data *may* be binary
                                (contain zero bytes) */
   unsigned short localport; /* local port number to bind to */
-  int localportrange; /* number of additional port numbers to test in case the
-                         'localport' one can't be bind()ed */
+  unsigned short localportrange; /* number of additional port numbers to test
+                                    in case the 'localport' one can't be
+                                    bind()ed */
   curl_write_callback fwrite_func;   /* function that stores the output */
   curl_write_callback fwrite_header; /* function that stores headers */
   curl_write_callback fwrite_rtp;    /* function that stores interleaved RTP */
@@ -1661,7 +1620,13 @@ struct UserDefined {
   void *prereq_userp; /* pre-initial request user data */
 
   void *seek_client;    /* pointer to pass to the seek callback */
+#ifndef CURL_DISABLE_COOKIES
+  struct curl_slist *cookielist; /* list of cookie files set by
+                                    curl_easy_setopt(COOKIEFILE) calls */
+#endif
 #ifndef CURL_DISABLE_HSTS
+  struct curl_slist *hstslist; /* list of HSTS files set by
+                                  curl_easy_setopt(HSTS) calls */
   curl_hstsread_callback hsts_read;
   void *hsts_read_userp;
   curl_hstswrite_callback hsts_write;
@@ -1688,17 +1653,8 @@ struct UserDefined {
                                 download */
   curl_off_t set_resume_from;  /* continue [ftp] transfer from here */
   struct curl_slist *headers; /* linked list of extra headers */
-  struct curl_slist *proxyheaders; /* linked list of extra CONNECT headers */
   struct curl_httppost *httppost;  /* linked list of old POST data */
   curl_mimepart mimepost;  /* MIME/POST data. */
-  struct curl_slist *quote;     /* after connection is established */
-  struct curl_slist *postquote; /* after the transfer */
-  struct curl_slist *prequote; /* before the transfer, after type */
-  struct curl_slist *source_quote;  /* 3rd party quote */
-  struct curl_slist *source_prequote;  /* in 3rd party transfer mode - before
-                                          the transfer on source host */
-  struct curl_slist *source_postquote; /* in 3rd party transfer mode - after
-                                          the transfer on source host */
 #ifndef CURL_DISABLE_TELNET
   struct curl_slist *telnet_options; /* linked list of telnet options */
 #endif
@@ -1708,13 +1664,18 @@ struct UserDefined {
                                     the hostname and port to connect to */
   time_t timevalue;       /* what time to compare with */
   unsigned char timecondition; /* kind of time comparison: curl_TimeCond */
-  unsigned char proxytype; /* what kind of proxy: curl_proxytype */
   unsigned char method;   /* what kind of HTTP request: Curl_HttpReq */
   unsigned char httpwant; /* when non-zero, a specific HTTP version requested
                              to be used in the library's request(s) */
   struct ssl_config_data ssl;  /* user defined SSL stuff */
 #ifndef CURL_DISABLE_PROXY
   struct ssl_config_data proxy_ssl;  /* user defined SSL stuff for proxy */
+  struct curl_slist *proxyheaders; /* linked list of extra CONNECT headers */
+  unsigned short proxyport; /* If non-zero, use this port number by
+                               default. If the proxy string features a
+                               ":[port]" that one will override this. */
+  unsigned char proxytype; /* what kind of proxy: curl_proxytype */
+  unsigned char socks5auth;/* kind of SOCKS5 authentication to use (bitmask) */
 #endif
   struct ssl_general_config general_ssl; /* general user defined SSL stuff */
   int dns_cache_timeout; /* DNS cache timeout (seconds) */
@@ -1722,7 +1683,9 @@ struct UserDefined {
   unsigned int upload_buffer_size; /* size of upload buffer to use,
                                       keep it >= CURL_MAX_WRITE_SIZE */
   void *private_data; /* application-private data */
+#ifndef CURL_DISABLE_HTTP
   struct curl_slist *http200aliases; /* linked list of aliases for http200 */
+#endif
   unsigned char ipver; /* the CURL_IPRESOLVE_* defines in the public header
                           file 0 - whatever, 1 - v2, 2 - v6 */
   curl_off_t max_filesize; /* Maximum file size to download */
@@ -1732,26 +1695,30 @@ struct UserDefined {
   unsigned char ftp_ccc;   /* FTP CCC options: curl_ftpccc */
   unsigned int accepttimeout;   /* in milliseconds, 0 means no timeout */
 #endif
-  /* Desppie the name ftp_create_missing_dirs is for FTP(S) and SFTP
+#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
+  struct curl_slist *quote;     /* after connection is established */
+  struct curl_slist *postquote; /* after the transfer */
+  struct curl_slist *prequote; /* before the transfer, after type */
+  /* Despite the name, ftp_create_missing_dirs is for FTP(S) and SFTP
      1 - create directories that don't exist
      2 - the same but also allow MKD to fail once
   */
   unsigned char ftp_create_missing_dirs;
+#endif
 #ifdef USE_LIBSSH2
   curl_sshhostkeycallback ssh_hostkeyfunc; /* hostkey check callback */
   void *ssh_hostkeyfunc_userp;         /* custom pointer to callback */
 #endif
-
+#ifdef USE_SSH
   curl_sshkeycallback ssh_keyfunc; /* key matching callback */
   void *ssh_keyfunc_userp;         /* custom pointer to callback */
+  int ssh_auth_types;    /* allowed SSH auth types */
+  unsigned int new_directory_perms; /* when creating remote dirs */
+#endif
 #ifndef CURL_DISABLE_NETRC
   unsigned char use_netrc;        /* enum CURL_NETRC_OPTION values  */
 #endif
-  curl_usessl use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
-                            IMAP or POP3 or others! */
   unsigned int new_file_perms;      /* when creating remote files */
-  unsigned int new_directory_perms; /* when creating remote dirs */
-  int ssh_auth_types;    /* allowed SSH auth types */
   char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
   struct curl_blob *blobs[BLOB_LAST];
 #ifdef ENABLE_IPV6
@@ -1759,8 +1726,9 @@ struct UserDefined {
 #endif
   curl_prot_t allowed_protocols;
   curl_prot_t redir_protocols;
+#ifndef CURL_DISABLE_MIME
   unsigned int mime_options;      /* Mime option flags. */
-
+#endif
 #ifndef CURL_DISABLE_RTSP
   void *rtp_out;     /* write RTP to this if non-NULL */
   /* Common RTSP header options */
@@ -1774,9 +1742,11 @@ struct UserDefined {
   curl_fnmatch_callback fnmatch; /* callback to decide which file corresponds
                                     to pattern (e.g. if WILDCARDMATCH is on) */
   void *fnmatch_data;
+  void *wildcardptr;
 #endif
-  long gssapi_delegation; /* GSS-API credential delegation, see the
-                             documentation of CURLOPT_GSSAPI_DELEGATION */
+ /* GSS-API credential delegation, see the documentation of
+    CURLOPT_GSSAPI_DELEGATION */
+  unsigned char gssapi_delegation;
 
   int tcp_keepidle;     /* seconds in idle before sending keepalive probe */
   int tcp_keepintvl;    /* seconds between TCP keepalive probes */
@@ -1784,10 +1754,8 @@ struct UserDefined {
   size_t maxconnects;    /* Max idle connections in the connection cache */
 
   long expect_100_timeout; /* in milliseconds */
-#ifdef USE_HTTP2
-  struct Curl_easy *stream_depends_on;
-  int stream_weight;
-  struct Curl_http2_dep *stream_dependents;
+#if defined(USE_HTTP2) || defined(USE_HTTP3)
+  struct Curl_data_priority priority;
 #endif
   curl_resolver_start_callback resolver_start; /* optional callback called
                                                   before resolver start */
@@ -1798,8 +1766,10 @@ struct UserDefined {
   struct Curl_easy *dohfor; /* this is a DoH request for that transfer */
 #endif
   CURLU *uh; /* URL handle for the current parsed URL */
+#ifndef CURL_DISABLE_HTTP
   void *trailer_data; /* pointer to pass to trailer data callback */
   curl_trailer_callback trailer_callback; /* trailing data callback */
+#endif
   char keep_post;     /* keep POSTs as POSTs after a 30x request; each
                          bit represents a request, from 301 to 303 */
 #ifndef CURL_DISABLE_SMTP
@@ -1807,6 +1777,8 @@ struct UserDefined {
   BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
                                 recipients */
 #endif
+  unsigned char use_ssl;   /* if AUTH TLS is to be attempted etc, for FTP or
+                              IMAP or POP3 or others! (type: curl_usessl)*/
   unsigned char connect_only; /* make connection/request, then let
                                  application use the socket */
   BIT(is_fread_set); /* has read callback been set to non-NULL? */
@@ -1877,7 +1849,6 @@ struct UserDefined {
   BIT(suppress_connect_headers); /* suppress proxy CONNECT response headers
                                     from user callbacks */
   BIT(dns_shuffle_addresses); /* whether to shuffle addresses before use */
-  BIT(stream_depends_e); /* set or don't set the Exclusive bit */
   BIT(haproxyprotocol); /* whether to send HAProxy PROXY protocol v1
                            header */
   BIT(abstract_unix_socket);
@@ -1969,7 +1940,7 @@ struct Curl_easy {
   struct UrlState state;       /* struct for fields used for state info and
                                   other dynamic purposes */
 #ifndef CURL_DISABLE_FTP
-  struct WildcardData wildcard; /* wildcard download state info */
+  struct WildcardData *wildcard; /* wildcard download state info */
 #endif
   struct PureInfo info;        /* stats, reports and info data */
   struct curl_tlssessioninfo tsi; /* Information about the TLS session, only
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index b82b17146..c651fc514 100644
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -28,7 +28,8 @@
 #include "curl_setup.h"
 
 #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) ||       \
-  !defined(CURL_DISABLE_POP3)
+  !defined(CURL_DISABLE_POP3) || \
+  (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
 
 #include <curl/curl.h>
 #include "urldata.h"
diff --git a/lib/vauth/cram.c b/lib/vauth/cram.c
index 475d31b8d..5894ed4bc 100644
--- a/lib/vauth/cram.c
+++ b/lib/vauth/cram.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c
index c81ce1095..b7a0d92a3 100644
--- a/lib/vauth/digest.c
+++ b/lib/vauth/digest.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/digest.h b/lib/vauth/digest.h
index d785bdd91..68fdb28c4 100644
--- a/lib/vauth/digest.h
+++ b/lib/vauth/digest.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c
index 6c95a3ef7..8fb866939 100644
--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
- * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/gsasl.c b/lib/vauth/gsasl.c
index a73c64443..c7d0a8d3b 100644
--- a/lib/vauth/gsasl.c
+++ b/lib/vauth/gsasl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Simon Josefsson, <simon@josefsson.org>, et al.
+ * Copyright (C) Simon Josefsson, <simon@josefsson.org>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c
index bac78049d..65eb3e1b5 100644
--- a/lib/vauth/krb5_gssapi.c
+++ b/lib/vauth/krb5_gssapi.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>.
- * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index 015bc66a3..c487149b9 100644
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index 0141e173f..2a5d4a490 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/ntlm.h b/lib/vauth/ntlm.h
index 14ebba244..31ce921cd 100644
--- a/lib/vauth/ntlm.h
+++ b/lib/vauth/ntlm.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/ntlm_sspi.c b/lib/vauth/ntlm_sspi.c
index 193576aca..5118963f4 100644
--- a/lib/vauth/ntlm_sspi.c
+++ b/lib/vauth/ntlm_sspi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/oauth2.c b/lib/vauth/oauth2.c
index 1604b303e..a4adbdcf1 100644
--- a/lib/vauth/oauth2.c
+++ b/lib/vauth/oauth2.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -27,7 +27,8 @@
 #include "curl_setup.h"
 
 #if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
-  !defined(CURL_DISABLE_POP3)
+  !defined(CURL_DISABLE_POP3) || \
+  (!defined(CURL_DISABLE_LDAP) && defined(USE_OPENLDAP))
 
 #include <curl/curl.h>
 #include "urldata.h"
diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c
index 25dff967d..e1d52b755 100644
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c
index d845caca6..d3245d0b1 100644
--- a/lib/vauth/spnego_sspi.c
+++ b/lib/vauth/spnego_sspi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/vauth.c b/lib/vauth/vauth.c
index 58fe05139..62fc7c40f 100644
--- a/lib/vauth/vauth.c
+++ b/lib/vauth/vauth.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h
index c310c6637..e17d7aad6 100644
--- a/lib/vauth/vauth.h
+++ b/lib/vauth/vauth.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/version.c b/lib/version.c
index b43a8bc71..c036e9717 100644
--- a/lib/version.c
+++ b/lib/version.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,12 +24,16 @@
 
 #include "curl_setup.h"
 
+#ifdef USE_NGHTTP2
+#include <nghttp2/nghttp2.h>
+#endif
+
 #include <curl/curl.h>
 #include "urldata.h"
 #include "vtls/vtls.h"
 #include "http2.h"
 #include "vssh/ssh.h"
-#include "quic.h"
+#include "vquic/vquic.h"
 #include "curl_printf.h"
 #include "easy_lock.h"
 
@@ -58,7 +62,15 @@
 #endif
 
 #ifdef HAVE_BROTLI
+#if defined(__GNUC__)
+/* Ignore -Wvla warnings in brotli headers */
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvla"
+#endif
 #include <brotli/decode.h>
+#if defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
 #endif
 
 #ifdef HAVE_ZSTD
@@ -353,8 +365,7 @@ static const char * const protocols[] = {
 #ifdef USE_SSH
   "sftp",
 #endif
-#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \
-   (SIZEOF_CURL_OFF_T > 4)
+#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE)
   "smb",
 #  ifdef USE_SSL
   "smbs",
diff --git a/lib/version_win32.c b/lib/version_win32.c
index e8f14f9df..872d5b4f3 100644
--- a/lib/version_win32.c
+++ b/lib/version_win32.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/version_win32.h b/lib/version_win32.h
index 7a9a6a14f..3899174a3 100644
--- a/lib/version_win32.h
+++ b/lib/version_win32.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
new file mode 100644
index 000000000..530899977
--- /dev/null
+++ b/lib/vquic/curl_msh3.c
@@ -0,0 +1,850 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_MSH3
+
+#include "urldata.h"
+#include "timeval.h"
+#include "multiif.h"
+#include "sendf.h"
+#include "curl_log.h"
+#include "cfilters.h"
+#include "cf-socket.h"
+#include "connect.h"
+#include "progress.h"
+#include "h2h3.h"
+#include "curl_msh3.h"
+#include "socketpair.h"
+#include "vquic/vquic.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#define DEBUG_CF 1
+
+#if DEBUG_CF && defined(DEBUGBUILD)
+#define CF_DEBUGF(x) x
+#else
+#define CF_DEBUGF(x) do { } while(0)
+#endif
+
+#define MSH3_REQ_INIT_BUF_LEN 16384
+#define MSH3_REQ_MAX_BUF_LEN 0x100000
+
+#ifdef _WIN32
+#define msh3_lock CRITICAL_SECTION
+#define msh3_lock_initialize(lock) InitializeCriticalSection(lock)
+#define msh3_lock_uninitialize(lock) DeleteCriticalSection(lock)
+#define msh3_lock_acquire(lock) EnterCriticalSection(lock)
+#define msh3_lock_release(lock) LeaveCriticalSection(lock)
+#else /* !_WIN32 */
+#include <pthread.h>
+#define msh3_lock pthread_mutex_t
+#define msh3_lock_initialize(lock) do { \
+  pthread_mutexattr_t attr; \
+  pthread_mutexattr_init(&attr); \
+  pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); \
+  pthread_mutex_init(lock, &attr); \
+  pthread_mutexattr_destroy(&attr); \
+}while(0)
+#define msh3_lock_uninitialize(lock) pthread_mutex_destroy(lock)
+#define msh3_lock_acquire(lock) pthread_mutex_lock(lock)
+#define msh3_lock_release(lock) pthread_mutex_unlock(lock)
+#endif /* _WIN32 */
+
+
+static void MSH3_CALL msh3_conn_connected(MSH3_CONNECTION *Connection,
+                                          void *IfContext);
+static void MSH3_CALL msh3_conn_shutdown_complete(MSH3_CONNECTION *Connection,
+                                          void *IfContext);
+static void MSH3_CALL msh3_conn_new_request(MSH3_CONNECTION *Connection,
+                                          void *IfContext,
+                                          MSH3_REQUEST *Request);
+static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request,
+                                           void *IfContext,
+                                           const MSH3_HEADER *Header);
+static bool MSH3_CALL msh3_data_received(MSH3_REQUEST *Request,
+                                        void *IfContext, uint32_t *Length,
+                                        const uint8_t *Data);
+static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext,
+                                    bool Aborted, uint64_t AbortError);
+static void MSH3_CALL msh3_shutdown_complete(MSH3_REQUEST *Request,
+                                             void *IfContext);
+static void MSH3_CALL msh3_data_sent(MSH3_REQUEST *Request,
+                                     void *IfContext, void *SendContext);
+
+
+void Curl_msh3_ver(char *p, size_t len)
+{
+  uint32_t v[4];
+  MsH3Version(v);
+  (void)msnprintf(p, len, "msh3/%d.%d.%d.%d", v[0], v[1], v[2], v[3]);
+}
+
+#define SP_LOCAL   0
+#define SP_REMOTE  1
+
+struct cf_msh3_ctx {
+  MSH3_API *api;
+  MSH3_CONNECTION *qconn;
+  struct Curl_sockaddr_ex addr;
+  curl_socket_t sock[2]; /* fake socket pair until we get support in msh3 */
+  char l_ip[MAX_IPADR_LEN];          /* local IP as string */
+  int l_port;                        /* local port number */
+  struct curltime connect_started;   /* time the current attempt started */
+  struct curltime handshake_at;      /* time connect handshake finished */
+  /* Flags written by msh3/msquic thread */
+  bool handshake_complete;
+  bool handshake_succeeded;
+  bool connected;
+  /* Flags written by curl thread */
+  BIT(verbose);
+  BIT(active);
+};
+
+static const MSH3_CONNECTION_IF msh3_conn_if = {
+  msh3_conn_connected,
+  msh3_conn_shutdown_complete,
+  msh3_conn_new_request
+};
+
+static void MSH3_CALL msh3_conn_connected(MSH3_CONNECTION *Connection,
+                                          void *IfContext)
+{
+  struct cf_msh3_ctx *ctx = IfContext;
+  (void)Connection;
+  if(ctx->verbose)
+    CF_DEBUGF(fprintf(stderr, "* [MSH3] evt: connected\n"));
+  ctx->handshake_succeeded = true;
+  ctx->connected = true;
+  ctx->handshake_complete = true;
+}
+
+static void MSH3_CALL msh3_conn_shutdown_complete(MSH3_CONNECTION *Connection,
+                                          void *IfContext)
+{
+  struct cf_msh3_ctx *ctx = IfContext;
+  (void)Connection;
+  if(ctx->verbose)
+    CF_DEBUGF(fprintf(stderr, "* [MSH3] evt: shutdown complete\n"));
+  ctx->connected = false;
+  ctx->handshake_complete = true;
+}
+
+static void MSH3_CALL msh3_conn_new_request(MSH3_CONNECTION *Connection,
+                                          void *IfContext,
+                                          MSH3_REQUEST *Request)
+{
+  (void)Connection;
+  (void)IfContext;
+  (void)Request;
+}
+
+static const MSH3_REQUEST_IF msh3_request_if = {
+  msh3_header_received,
+  msh3_data_received,
+  msh3_complete,
+  msh3_shutdown_complete,
+  msh3_data_sent
+};
+
+static CURLcode msh3_data_setup(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
+{
+  struct HTTP *stream = data->req.p.http;
+  (void)cf;
+
+  DEBUGASSERT(stream);
+  if(!stream->recv_buf) {
+    DEBUGF(LOG_CF(data, cf, "req: setup"));
+    stream->recv_buf = malloc(MSH3_REQ_INIT_BUF_LEN);
+    if(!stream->recv_buf) {
+      return CURLE_OUT_OF_MEMORY;
+    }
+    stream->req = ZERO_NULL;
+    msh3_lock_initialize(&stream->recv_lock);
+    stream->recv_buf_alloc = MSH3_REQ_INIT_BUF_LEN;
+    stream->recv_buf_max = MSH3_REQ_MAX_BUF_LEN;
+    stream->recv_header_len = 0;
+    stream->recv_header_complete = false;
+    stream->recv_data_len = 0;
+    stream->recv_data_complete = false;
+    stream->recv_error = CURLE_OK;
+  }
+  return CURLE_OK;
+}
+
+/* Requires stream->recv_lock to be held */
+static bool msh3request_ensure_room(struct HTTP *stream, size_t len)
+{
+  uint8_t *new_recv_buf;
+  const size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len;
+
+  if(cur_recv_len + len > stream->recv_buf_alloc) {
+    size_t new_recv_buf_alloc_len = stream->recv_buf_alloc;
+    do {
+      new_recv_buf_alloc_len <<= 1; /* TODO - handle overflow */
+    } while(cur_recv_len + len > new_recv_buf_alloc_len);
+    CF_DEBUGF(fprintf(stderr, "* enlarging buffer to %zu\n",
+              new_recv_buf_alloc_len));
+    new_recv_buf = malloc(new_recv_buf_alloc_len);
+    if(!new_recv_buf) {
+      CF_DEBUGF(fprintf(stderr, "* FAILED: enlarging buffer to %zu\n",
+                new_recv_buf_alloc_len));
+      return false;
+    }
+    if(cur_recv_len) {
+      memcpy(new_recv_buf, stream->recv_buf, cur_recv_len);
+    }
+    stream->recv_buf_alloc = new_recv_buf_alloc_len;
+    free(stream->recv_buf);
+    stream->recv_buf = new_recv_buf;
+  }
+  return true;
+}
+
+static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request,
+                                           void *IfContext,
+                                           const MSH3_HEADER *Header)
+{
+  struct Curl_easy *data = IfContext;
+  struct HTTP *stream = data->req.p.http;
+  size_t total_len;
+  (void)Request;
+
+  if(stream->recv_header_complete) {
+    CF_DEBUGF(fprintf(stderr, "* ignoring header after data\n"));
+    return;
+  }
+
+  msh3_lock_acquire(&stream->recv_lock);
+
+  if((Header->NameLength == 7) &&
+     !strncmp(H2H3_PSEUDO_STATUS, (char *)Header->Name, 7)) {
+    total_len = 10 + Header->ValueLength;
+    if(!msh3request_ensure_room(stream, total_len)) {
+      CF_DEBUGF(fprintf(stderr, "* ERROR: unable to buffer: %.*s\n",
+                (int)Header->NameLength, Header->Name));
+      stream->recv_error = CURLE_OUT_OF_MEMORY;
+      goto release_lock;
+    }
+    msnprintf((char *)stream->recv_buf + stream->recv_header_len,
+              stream->recv_buf_alloc - stream->recv_header_len,
+              "HTTP/3 %.*s \r\n", (int)Header->ValueLength, Header->Value);
+  }
+  else {
+    total_len = 4 + Header->NameLength + Header->ValueLength;
+    if(!msh3request_ensure_room(stream, total_len)) {
+      CF_DEBUGF(fprintf(stderr, "* ERROR: unable to buffer: %.*s\n",
+                (int)Header->NameLength, Header->Name));
+      stream->recv_error = CURLE_OUT_OF_MEMORY;
+      goto release_lock;
+    }
+    msnprintf((char *)stream->recv_buf + stream->recv_header_len,
+              stream->recv_buf_alloc - stream->recv_header_len,
+              "%.*s: %.*s\r\n",
+              (int)Header->NameLength, Header->Name,
+              (int)Header->ValueLength, Header->Value);
+  }
+
+  stream->recv_header_len += total_len;
+  data->state.drain = 1;
+
+release_lock:
+  msh3_lock_release(&stream->recv_lock);
+}
+
+static bool MSH3_CALL msh3_data_received(MSH3_REQUEST *Request,
+                                         void *IfContext, uint32_t *Length,
+                                         const uint8_t *Data)
+{
+  struct Curl_easy *data = IfContext;
+  struct HTTP *stream = data->req.p.http;
+  size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len;
+
+  (void)Request;
+  if(data && data->set.verbose)
+    CF_DEBUGF(fprintf(stderr, "* [MSH3] req: evt: received %u. %zu buffered, "
+              "%zu allocated\n",
+              *Length, cur_recv_len, stream->recv_buf_alloc));
+  /* TODO - Update this code to limit data bufferring by `stream->recv_buf_max`
+     and return `false` when we reach that limit. Then, when curl drains some
+     of the buffer, making room, call MsH3RequestSetReceiveEnabled to enable
+     receive callbacks again. */
+  msh3_lock_acquire(&stream->recv_lock);
+
+  if(!stream->recv_header_complete) {
+    if(data && data->set.verbose)
+      CF_DEBUGF(fprintf(stderr, "* [MSH3] req: Headers complete!\n"));
+    if(!msh3request_ensure_room(stream, 2)) {
+      stream->recv_error = CURLE_OUT_OF_MEMORY;
+      goto release_lock;
+    }
+    stream->recv_buf[stream->recv_header_len++] = '\r';
+    stream->recv_buf[stream->recv_header_len++] = '\n';
+    stream->recv_header_complete = true;
+    cur_recv_len += 2;
+  }
+  if(!msh3request_ensure_room(stream, *Length)) {
+    stream->recv_error = CURLE_OUT_OF_MEMORY;
+    goto release_lock;
+  }
+  memcpy(stream->recv_buf + cur_recv_len, Data, *Length);
+  stream->recv_data_len += (size_t)*Length;
+  data->state.drain = 1;
+
+release_lock:
+  msh3_lock_release(&stream->recv_lock);
+  return true;
+}
+
+static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext,
+                                    bool Aborted, uint64_t AbortError)
+{
+  struct Curl_easy *data = IfContext;
+  struct HTTP *stream = data->req.p.http;
+
+  (void)Request;
+  (void)AbortError;
+  if(data && data->set.verbose)
+    CF_DEBUGF(fprintf(stderr, "* [MSH3] req: evt: complete, aborted=%s\n",
+              Aborted ? "true" : "false"));
+  msh3_lock_acquire(&stream->recv_lock);
+  if(Aborted) {
+    stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */
+  }
+  stream->recv_header_complete = true;
+  stream->recv_data_complete = true;
+  msh3_lock_release(&stream->recv_lock);
+}
+
+static void MSH3_CALL msh3_shutdown_complete(MSH3_REQUEST *Request,
+                                             void *IfContext)
+{
+  struct Curl_easy *data = IfContext;
+  struct HTTP *stream = data->req.p.http;
+  (void)Request;
+  (void)stream;
+}
+
+static void MSH3_CALL msh3_data_sent(MSH3_REQUEST *Request,
+                                     void *IfContext, void *SendContext)
+{
+  struct Curl_easy *data = IfContext;
+  struct HTTP *stream = data->req.p.http;
+  (void)Request;
+  (void)stream;
+  (void)SendContext;
+}
+
+static ssize_t cf_msh3_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+                            char *buf, size_t len, CURLcode *err)
+{
+  struct HTTP *stream = data->req.p.http;
+  size_t outsize = 0;
+
+  (void)cf;
+  DEBUGF(LOG_CF(data, cf, "req: recv with %zu byte buffer", len));
+
+  if(stream->recv_error) {
+    failf(data, "request aborted");
+    data->state.drain = 0;
+    *err = stream->recv_error;
+    return -1;
+  }
+
+  *err = CURLE_OK;
+  msh3_lock_acquire(&stream->recv_lock);
+
+  if(stream->recv_header_len) {
+    outsize = len;
+    if(stream->recv_header_len < outsize) {
+      outsize = stream->recv_header_len;
+    }
+    memcpy(buf, stream->recv_buf, outsize);
+    if(outsize < stream->recv_header_len + stream->recv_data_len) {
+      memmove(stream->recv_buf, stream->recv_buf + outsize,
+              stream->recv_header_len + stream->recv_data_len - outsize);
+    }
+    stream->recv_header_len -= outsize;
+    DEBUGF(LOG_CF(data, cf, "req: returned %zu bytes of header", outsize));
+  }
+  else if(stream->recv_data_len) {
+    outsize = len;
+    if(stream->recv_data_len < outsize) {
+      outsize = stream->recv_data_len;
+    }
+    memcpy(buf, stream->recv_buf, outsize);
+    if(outsize < stream->recv_data_len) {
+      memmove(stream->recv_buf, stream->recv_buf + outsize,
+              stream->recv_data_len - outsize);
+    }
+    stream->recv_data_len -= outsize;
+    DEBUGF(LOG_CF(data, cf, "req: returned %zu bytes of data", outsize));
+    if(stream->recv_data_len == 0 && stream->recv_data_complete)
+      data->state.drain = 1;
+  }
+  else if(stream->recv_data_complete) {
+    DEBUGF(LOG_CF(data, cf, "req: receive complete"));
+    data->state.drain = 0;
+  }
+  else {
+    DEBUGF(LOG_CF(data, cf, "req: nothing here, call again"));
+    *err = CURLE_AGAIN;
+    outsize = -1;
+  }
+
+  msh3_lock_release(&stream->recv_lock);
+
+  return (ssize_t)outsize;
+}
+
+static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+                            const void *buf, size_t len, CURLcode *err)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  struct h2h3req *hreq;
+  size_t hdrlen = 0;
+  size_t sentlen = 0;
+
+  /* Sizes must match for cast below to work" */
+  DEBUGASSERT(sizeof(MSH3_HEADER) == sizeof(struct h2h3pseudo));
+  DEBUGF(LOG_CF(data, cf, "req: send %zu bytes", len));
+
+  if(!stream->req) {
+    /* The first send on the request contains the headers and possibly some
+       data. Parse out the headers and create the request, then if there is
+       any data left over go ahead and send it too. */
+
+    *err = msh3_data_setup(cf, data);
+    if(*err) {
+      failf(data, "could not setup data");
+      return -1;
+    }
+
+    *err = Curl_pseudo_headers(data, buf, len, &hdrlen, &hreq);
+    if(*err) {
+      failf(data, "Curl_pseudo_headers failed");
+      return -1;
+    }
+
+    DEBUGF(LOG_CF(data, cf, "req: send %zu headers", hreq->entries));
+    stream->req = MsH3RequestOpen(ctx->qconn, &msh3_request_if, data,
+                                  (MSH3_HEADER*)hreq->header, hreq->entries,
+                                  hdrlen == len ? MSH3_REQUEST_FLAG_FIN :
+                                  MSH3_REQUEST_FLAG_NONE);
+    Curl_pseudo_free(hreq);
+    if(!stream->req) {
+      failf(data, "request open failed");
+      *err = CURLE_SEND_ERROR;
+      return -1;
+    }
+    *err = CURLE_OK;
+    return len;
+  }
+
+  DEBUGF(LOG_CF(data, cf, "req: send %zd body bytes", len));
+  if(len > 0xFFFFFFFF) {
+    /* msh3 doesn't support size_t sends currently. */
+    *err = CURLE_SEND_ERROR;
+    return -1;
+  }
+
+  /* TODO - Need an explicit signal to know when to FIN. */
+  if(!MsH3RequestSend(stream->req, MSH3_REQUEST_FLAG_FIN, buf, (uint32_t)len,
+                      stream)) {
+    *err = CURLE_SEND_ERROR;
+    return -1;
+  }
+
+  /* TODO - msh3/msquic will hold onto this memory until the send complete
+     event. How do we make sure curl doesn't free it until then? */
+  sentlen += len;
+  *err = CURLE_OK;
+  return sentlen;
+}
+
+static int cf_msh3_get_select_socks(struct Curl_cfilter *cf,
+                                    struct Curl_easy *data,
+                                    curl_socket_t *socks)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  int bitmap = GETSOCK_BLANK;
+
+  if(stream && ctx->sock[SP_LOCAL] != CURL_SOCKET_BAD) {
+    socks[0] = ctx->sock[SP_LOCAL];
+
+    if(stream->recv_error) {
+      bitmap |= GETSOCK_READSOCK(0);
+      data->state.drain = 1;
+    }
+    else if(stream->recv_header_len || stream->recv_data_len) {
+      bitmap |= GETSOCK_READSOCK(0);
+      data->state.drain = 1;
+    }
+  }
+  DEBUGF(LOG_CF(data, cf, "select_sock %u -> %d",
+                (uint32_t)data->state.drain, bitmap));
+
+  return bitmap;
+}
+
+static bool cf_msh3_data_pending(struct Curl_cfilter *cf,
+                                 const struct Curl_easy *data)
+{
+  struct HTTP *stream = data->req.p.http;
+
+  (void)cf;
+  DEBUGF(LOG_CF((struct Curl_easy *)data, cf, "data pending = %hhu",
+                (bool)(stream->recv_header_len || stream->recv_data_len)));
+  return stream->recv_header_len || stream->recv_data_len;
+}
+
+static void cf_msh3_active(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+
+  /* use this socket from now on */
+  cf->conn->sock[cf->sockindex] = ctx->sock[SP_LOCAL];
+  /* the first socket info gets set at conn and data */
+  if(cf->sockindex == FIRSTSOCKET) {
+    cf->conn->remote_addr = &ctx->addr;
+  #ifdef ENABLE_IPV6
+    cf->conn->bits.ipv6 = (ctx->addr.family == AF_INET6)? TRUE : FALSE;
+  #endif
+    Curl_persistconninfo(data, cf->conn, ctx->l_ip, ctx->l_port);
+  }
+  ctx->active = TRUE;
+}
+
+static CURLcode cf_msh3_data_event(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+                                   int event, int arg1, void *arg2)
+{
+  struct HTTP *stream = data->req.p.http;
+  CURLcode result = CURLE_OK;
+
+  (void)arg1;
+  (void)arg2;
+  switch(event) {
+  case CF_CTRL_DATA_SETUP:
+    result = msh3_data_setup(cf, data);
+    break;
+  case CF_CTRL_DATA_DONE:
+    DEBUGF(LOG_CF(data, cf, "req: done"));
+    if(stream) {
+      if(stream->recv_buf) {
+        Curl_safefree(stream->recv_buf);
+        msh3_lock_uninitialize(&stream->recv_lock);
+      }
+      if(stream->req) {
+        MsH3RequestClose(stream->req);
+        stream->req = ZERO_NULL;
+      }
+    }
+    break;
+  case CF_CTRL_DATA_DONE_SEND:
+    DEBUGF(LOG_CF(data, cf, "req: send done"));
+    stream->upload_done = TRUE;
+    break;
+  case CF_CTRL_CONN_INFO_UPDATE:
+    DEBUGF(LOG_CF(data, cf, "req: update info"));
+    cf_msh3_active(cf, data);
+    break;
+  default:
+    break;
+  }
+  return result;
+}
+
+static CURLcode cf_connect_start(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+  bool verify = !!cf->conn->ssl_config.verifypeer;
+  MSH3_ADDR addr = {0};
+  memcpy(&addr, &ctx->addr.sa_addr, ctx->addr.addrlen);
+  MSH3_SET_PORT(&addr, (uint16_t)cf->conn->remote_port);
+  ctx->verbose = (data && data->set.verbose);
+
+  if(verify && (cf->conn->ssl_config.CAfile || cf->conn->ssl_config.CApath)) {
+    /* TODO: need a way to provide trust anchors to MSH3 */
+#ifdef DEBUGBUILD
+    /* we need this for our test cases to run */
+    DEBUGF(LOG_CF(data, cf, "non-standard CA not supported, "
+                  "switching off verifypeer in DEBUG mode"));
+    verify = 0;
+#else
+    DEBUGF(LOG_CF(data, cf, "non-standard CA not supported, "
+                  "attempting with built-in verification"));
+#endif
+  }
+
+  DEBUGF(LOG_CF(data, cf, "connecting to %s:%d (verify=%d)",
+                cf->conn->host.name, (int)cf->conn->remote_port, verify));
+
+  ctx->api = MsH3ApiOpen();
+  if(!ctx->api) {
+    failf(data, "can't create msh3 api");
+    return CURLE_FAILED_INIT;
+  }
+
+  ctx->qconn = MsH3ConnectionOpen(ctx->api,
+                                  &msh3_conn_if,
+                                  ctx,
+                                  cf->conn->host.name,
+                                  &addr,
+                                  !verify);
+  if(!ctx->qconn) {
+    failf(data, "can't create msh3 connection");
+    if(ctx->api) {
+      MsH3ApiClose(ctx->api);
+      ctx->api = NULL;
+    }
+    return CURLE_FAILED_INIT;
+  }
+
+  return CURLE_OK;
+}
+
+static CURLcode cf_msh3_connect(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                bool blocking, bool *done)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+
+  (void)blocking;
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ctx->sock[SP_LOCAL] == CURL_SOCKET_BAD) {
+    if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, &ctx->sock[0]) < 0) {
+      ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD;
+      ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD;
+      return CURLE_COULDNT_CONNECT;
+    }
+  }
+
+  *done = FALSE;
+  if(!ctx->qconn) {
+    ctx->connect_started = Curl_now();
+    result = cf_connect_start(cf, data);
+    if(result)
+      goto out;
+  }
+
+  if(ctx->handshake_complete) {
+    ctx->handshake_at = Curl_now();
+    if(ctx->handshake_succeeded) {
+      cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+      cf->conn->httpversion = 30;
+      cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+      cf->connected = TRUE;
+      cf->conn->alpn = CURL_HTTP_VERSION_3;
+      *done = TRUE;
+      connkeep(cf->conn, "HTTP/3 default");
+      Curl_pgrsTime(data, TIMER_APPCONNECT);
+    }
+    else {
+      failf(data, "failed to connect, handshake failed");
+      result = CURLE_COULDNT_CONNECT;
+    }
+  }
+
+out:
+  return result;
+}
+
+static void cf_msh3_close(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+
+  (void)data;
+  if(ctx) {
+    DEBUGF(LOG_CF(data, cf, "destroying"));
+    if(ctx->qconn)
+      MsH3ConnectionClose(ctx->qconn);
+    if(ctx->api)
+      MsH3ApiClose(ctx->api);
+
+    if(ctx->active) {
+      /* We share our socket at cf->conn->sock[cf->sockindex] when active.
+       * If it is no longer there, someone has stolen (and hopefully
+       * closed it) and we just forget about it.
+       */
+      if(ctx->sock[SP_LOCAL] == cf->conn->sock[cf->sockindex]) {
+        DEBUGF(LOG_CF(data, cf, "cf_msh3_close(%d) active",
+                      (int)ctx->sock[SP_LOCAL]));
+        cf->conn->sock[cf->sockindex] = CURL_SOCKET_BAD;
+      }
+      else {
+        DEBUGF(LOG_CF(data, cf, "cf_socket_close(%d) no longer at "
+                      "conn->sock[], discarding", (int)ctx->sock[SP_LOCAL]));
+        ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD;
+      }
+      if(cf->sockindex == FIRSTSOCKET)
+        cf->conn->remote_addr = NULL;
+    }
+    if(ctx->sock[SP_LOCAL] != CURL_SOCKET_BAD) {
+      sclose(ctx->sock[SP_LOCAL]);
+    }
+    if(ctx->sock[SP_REMOTE] != CURL_SOCKET_BAD) {
+      sclose(ctx->sock[SP_REMOTE]);
+    }
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD;
+    ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD;
+  }
+}
+
+static void cf_msh3_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  cf_msh3_close(cf, data);
+  free(cf->ctx);
+  cf->ctx = NULL;
+}
+
+static CURLcode cf_msh3_query(struct Curl_cfilter *cf,
+                              struct Curl_easy *data,
+                              int query, int *pres1, void *pres2)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+
+  switch(query) {
+  case CF_QUERY_MAX_CONCURRENT: {
+    /* TODO: we do not have access to this so far, fake it */
+    (void)ctx;
+    *pres1 = 100;
+    return CURLE_OK;
+  }
+  case CF_QUERY_TIMER_CONNECT: {
+    struct curltime *when = pres2;
+    /* we do not know when the first byte arrived */
+    if(cf->connected)
+      *when = ctx->handshake_at;
+    return CURLE_OK;
+  }
+  case CF_QUERY_TIMER_APPCONNECT: {
+    struct curltime *when = pres2;
+    if(cf->connected)
+      *when = ctx->handshake_at;
+    return CURLE_OK;
+  }
+  default:
+    break;
+  }
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
+}
+
+static bool cf_msh3_conn_is_alive(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  bool *input_pending)
+{
+  struct cf_msh3_ctx *ctx = cf->ctx;
+
+  (void)data;
+  *input_pending = FALSE;
+  return ctx && ctx->sock[SP_LOCAL] != CURL_SOCKET_BAD && ctx->qconn &&
+         ctx->connected;
+}
+
+struct Curl_cftype Curl_cft_http3 = {
+  "HTTP/3",
+  CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX,
+  0,
+  cf_msh3_destroy,
+  cf_msh3_connect,
+  cf_msh3_close,
+  Curl_cf_def_get_host,
+  cf_msh3_get_select_socks,
+  cf_msh3_data_pending,
+  cf_msh3_send,
+  cf_msh3_recv,
+  cf_msh3_data_event,
+  cf_msh3_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_msh3_query,
+};
+
+CURLcode Curl_cf_msh3_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             struct connectdata *conn,
+                             const struct Curl_addrinfo *ai)
+{
+  struct cf_msh3_ctx *ctx = NULL;
+  struct Curl_cfilter *cf = NULL;
+  CURLcode result;
+
+  (void)data;
+  (void)conn;
+  (void)ai; /* TODO: msh3 resolves itself? */
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  Curl_sock_assign_addr(&ctx->addr, ai, TRNSPRT_QUIC);
+  ctx->sock[SP_LOCAL] = CURL_SOCKET_BAD;
+  ctx->sock[SP_REMOTE] = CURL_SOCKET_BAD;
+
+  result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
+
+out:
+  *pcf = (!result)? cf : NULL;
+  if(result) {
+    Curl_safefree(cf);
+    Curl_safefree(ctx);
+  }
+
+  return result;
+}
+
+bool Curl_conn_is_msh3(const struct Curl_easy *data,
+                       const struct connectdata *conn,
+                       int sockindex)
+{
+  struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL;
+
+  (void)data;
+  for(; cf; cf = cf->next) {
+    if(cf->cft == &Curl_cft_http3)
+      return TRUE;
+    if(cf->cft->flags & CF_TYPE_IP_CONNECT)
+      return FALSE;
+  }
+  return FALSE;
+}
+
+#endif /* USE_MSH3 */
diff --git a/lib/vquic/curl_msh3.h b/lib/vquic/curl_msh3.h
new file mode 100644
index 000000000..33931f59b
--- /dev/null
+++ b/lib/vquic/curl_msh3.h
@@ -0,0 +1,46 @@
+#ifndef HEADER_CURL_VQUIC_CURL_MSH3_H
+#define HEADER_CURL_VQUIC_CURL_MSH3_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_MSH3
+
+#include <msh3.h>
+
+void Curl_msh3_ver(char *p, size_t len);
+
+CURLcode Curl_cf_msh3_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             struct connectdata *conn,
+                             const struct Curl_addrinfo *ai);
+
+bool Curl_conn_is_msh3(const struct Curl_easy *data,
+                       const struct connectdata *conn,
+                       int sockindex);
+
+#endif /* USE_MSQUIC */
+
+#endif /* HEADER_CURL_VQUIC_CURL_MSH3_H */
diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
new file mode 100644
index 000000000..d2d0a3a5a
--- /dev/null
+++ b/lib/vquic/curl_ngtcp2.c
@@ -0,0 +1,2550 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_NGTCP2
+#include <ngtcp2/ngtcp2.h>
+#include <nghttp3/nghttp3.h>
+
+#ifdef USE_OPENSSL
+#include <openssl/err.h>
+#ifdef OPENSSL_IS_BORINGSSL
+#include <ngtcp2/ngtcp2_crypto_boringssl.h>
+#else
+#include <ngtcp2/ngtcp2_crypto_openssl.h>
+#endif
+#include "vtls/openssl.h"
+#elif defined(USE_GNUTLS)
+#include <ngtcp2/ngtcp2_crypto_gnutls.h>
+#include "vtls/gtls.h"
+#elif defined(USE_WOLFSSL)
+#include <ngtcp2/ngtcp2_crypto_wolfssl.h>
+#include "vtls/wolfssl.h"
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "strdup.h"
+#include "rand.h"
+#include "multiif.h"
+#include "strcase.h"
+#include "cfilters.h"
+#include "cf-socket.h"
+#include "connect.h"
+#include "progress.h"
+#include "strerror.h"
+#include "dynbuf.h"
+#include "select.h"
+#include "vquic.h"
+#include "vquic_int.h"
+#include "h2h3.h"
+#include "vtls/keylog.h"
+#include "vtls/vtls.h"
+#include "curl_ngtcp2.h"
+
+#include "warnless.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+
+#define H3_ALPN_H3_29 "\x5h3-29"
+#define H3_ALPN_H3 "\x2h3"
+
+/*
+ * This holds outgoing HTTP/3 stream data that is used by nghttp3 until acked.
+ * It is used as a circular buffer. Add new bytes at the end until it reaches
+ * the far end, then start over at index 0 again.
+ */
+
+#define H3_SEND_SIZE (256*1024)
+struct h3out {
+  uint8_t buf[H3_SEND_SIZE];
+  size_t used;   /* number of bytes used in the buffer */
+  size_t windex; /* index in the buffer where to start writing the next
+                    data block */
+};
+
+#define QUIC_MAX_STREAMS (256*1024)
+#define QUIC_MAX_DATA (1*1024*1024)
+#define QUIC_IDLE_TIMEOUT (60*NGTCP2_SECONDS)
+#define QUIC_HANDSHAKE_TIMEOUT (10*NGTCP2_SECONDS)
+
+#ifdef USE_OPENSSL
+#define QUIC_CIPHERS                                                          \
+  "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_"               \
+  "POLY1305_SHA256:TLS_AES_128_CCM_SHA256"
+#define QUIC_GROUPS "P-256:X25519:P-384:P-521"
+#elif defined(USE_GNUTLS)
+#define QUIC_PRIORITY \
+  "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \
+  "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \
+  "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \
+  "%DISABLE_TLS13_COMPAT_MODE"
+#elif defined(USE_WOLFSSL)
+#define QUIC_CIPHERS                                                          \
+  "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_"               \
+  "POLY1305_SHA256:TLS_AES_128_CCM_SHA256"
+#define QUIC_GROUPS "P-256:P-384:P-521"
+#endif
+
+
+/*
+ * Store ngtcp2 version info in this buffer.
+ */
+void Curl_ngtcp2_ver(char *p, size_t len)
+{
+  const ngtcp2_info *ng2 = ngtcp2_version(0);
+  const nghttp3_info *ht3 = nghttp3_version(0);
+  (void)msnprintf(p, len, "ngtcp2/%s nghttp3/%s",
+                  ng2->version_str, ht3->version_str);
+}
+
+struct cf_ngtcp2_ctx {
+  struct cf_quic_ctx q;
+  ngtcp2_path connected_path;
+  ngtcp2_conn *qconn;
+  ngtcp2_cid dcid;
+  ngtcp2_cid scid;
+  uint32_t version;
+  ngtcp2_settings settings;
+  ngtcp2_transport_params transport_params;
+  ngtcp2_connection_close_error last_error;
+  ngtcp2_crypto_conn_ref conn_ref;
+#ifdef USE_OPENSSL
+  SSL_CTX *sslctx;
+  SSL *ssl;
+#elif defined(USE_GNUTLS)
+  struct gtls_instance *gtls;
+#elif defined(USE_WOLFSSL)
+  WOLFSSL_CTX *sslctx;
+  WOLFSSL *ssl;
+#endif
+  struct cf_call_data call_data;
+  nghttp3_conn *h3conn;
+  nghttp3_settings h3settings;
+  int qlogfd;
+  struct curltime started_at;        /* time the current attempt started */
+  struct curltime handshake_at;      /* time connect handshake finished */
+  struct curltime first_byte_at;     /* when first byte was recvd */
+  struct curltime reconnect_at;    /* time the next attempt should start */
+  BIT(got_first_byte);               /* if first byte was received */
+};
+
+/* How to access `call_data` from a cf_ngtcp2 filter */
+#define CF_CTX_CALL_DATA(cf)  \
+  ((struct cf_ngtcp2_ctx *)(cf)->ctx)->call_data
+
+
+/* ngtcp2 default congestion controller does not perform pacing. Limit
+   the maximum packet burst to MAX_PKT_BURST packets. */
+#define MAX_PKT_BURST 10
+
+static CURLcode cf_process_ingress(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data);
+static CURLcode cf_flush_egress(struct Curl_cfilter *cf,
+                                struct Curl_easy *data);
+static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
+                                   uint64_t datalen, void *user_data,
+                                   void *stream_user_data);
+
+static ngtcp2_conn *get_conn(ngtcp2_crypto_conn_ref *conn_ref)
+{
+  struct Curl_cfilter *cf = conn_ref->user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  return ctx->qconn;
+}
+
+static ngtcp2_tstamp timestamp(void)
+{
+  struct curltime ct = Curl_now();
+  return ct.tv_sec * NGTCP2_SECONDS + ct.tv_usec * NGTCP2_MICROSECONDS;
+}
+
+#ifdef DEBUG_NGTCP2
+static void quic_printf(void *user_data, const char *fmt, ...)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+
+  (void)ctx;  /* TODO: need an easy handle to infof() message */
+  va_list ap;
+  va_start(ap, fmt);
+  vfprintf(stderr, fmt, ap);
+  va_end(ap);
+  fprintf(stderr, "\n");
+}
+#endif
+
+static void qlog_callback(void *user_data, uint32_t flags,
+                          const void *data, size_t datalen)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  (void)flags;
+  if(ctx->qlogfd != -1) {
+    ssize_t rc = write(ctx->qlogfd, data, datalen);
+    if(rc == -1) {
+      /* on write error, stop further write attempts */
+      close(ctx->qlogfd);
+      ctx->qlogfd = -1;
+    }
+  }
+
+}
+
+static void quic_settings(struct cf_ngtcp2_ctx *ctx,
+                          struct Curl_easy *data)
+{
+  ngtcp2_settings *s = &ctx->settings;
+  ngtcp2_transport_params *t = &ctx->transport_params;
+  size_t stream_win_size = CURL_MAX_READ_SIZE;
+
+  ngtcp2_settings_default(s);
+  ngtcp2_transport_params_default(t);
+#ifdef DEBUG_NGTCP2
+  s->log_printf = quic_printf;
+#else
+  s->log_printf = NULL;
+#endif
+
+  (void)data;
+  s->initial_ts = timestamp();
+  s->handshake_timeout = QUIC_HANDSHAKE_TIMEOUT;
+  s->max_window = 100 * stream_win_size;
+  s->max_stream_window = stream_win_size;
+
+  t->initial_max_data = 10 * stream_win_size;
+  t->initial_max_stream_data_bidi_local = stream_win_size;
+  t->initial_max_stream_data_bidi_remote = stream_win_size;
+  t->initial_max_stream_data_uni = stream_win_size;
+  t->initial_max_streams_bidi = QUIC_MAX_STREAMS;
+  t->initial_max_streams_uni = QUIC_MAX_STREAMS;
+  t->max_idle_timeout = QUIC_IDLE_TIMEOUT;
+  if(ctx->qlogfd != -1) {
+    s->qlog.write = qlog_callback;
+  }
+}
+
+#ifdef USE_OPENSSL
+static void keylog_callback(const SSL *ssl, const char *line)
+{
+  (void)ssl;
+  Curl_tls_keylog_write_line(line);
+}
+#elif defined(USE_GNUTLS)
+static int keylog_callback(gnutls_session_t session, const char *label,
+                    const gnutls_datum_t *secret)
+{
+  gnutls_datum_t crandom;
+  gnutls_datum_t srandom;
+
+  gnutls_session_get_random(session, &crandom, &srandom);
+  if(crandom.size != 32) {
+    return -1;
+  }
+
+  Curl_tls_keylog_write(label, crandom.data, secret->data, secret->size);
+  return 0;
+}
+#elif defined(USE_WOLFSSL)
+#if defined(HAVE_SECRET_CALLBACK)
+static void keylog_callback(const WOLFSSL *ssl, const char *line)
+{
+  (void)ssl;
+  Curl_tls_keylog_write_line(line);
+}
+#endif
+#endif
+
+static int init_ngh3_conn(struct Curl_cfilter *cf);
+
+#ifdef USE_OPENSSL
+static CURLcode quic_ssl_ctx(SSL_CTX **pssl_ctx,
+                             struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct connectdata *conn = cf->conn;
+  CURLcode result = CURLE_FAILED_INIT;
+  SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
+
+  if(!ssl_ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+#ifdef OPENSSL_IS_BORINGSSL
+  if(ngtcp2_crypto_boringssl_configure_client_context(ssl_ctx) != 0) {
+    failf(data, "ngtcp2_crypto_boringssl_configure_client_context failed");
+    goto out;
+  }
+#else
+  if(ngtcp2_crypto_openssl_configure_client_context(ssl_ctx) != 0) {
+    failf(data, "ngtcp2_crypto_openssl_configure_client_context failed");
+    goto out;
+  }
+#endif
+
+  SSL_CTX_set_default_verify_paths(ssl_ctx);
+
+#ifdef OPENSSL_IS_BORINGSSL
+  if(SSL_CTX_set1_curves_list(ssl_ctx, QUIC_GROUPS) != 1) {
+    failf(data, "SSL_CTX_set1_curves_list failed");
+    goto out;
+  }
+#else
+  if(SSL_CTX_set_ciphersuites(ssl_ctx, QUIC_CIPHERS) != 1) {
+    char error_buffer[256];
+    ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
+    failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer);
+    goto out;
+  }
+
+  if(SSL_CTX_set1_groups_list(ssl_ctx, QUIC_GROUPS) != 1) {
+    failf(data, "SSL_CTX_set1_groups_list failed");
+    goto out;
+  }
+#endif
+
+  /* Open the file if a TLS or QUIC backend has not done this before. */
+  Curl_tls_keylog_open();
+  if(Curl_tls_keylog_enabled()) {
+    SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
+  }
+
+  result = Curl_ssl_setup_x509_store(cf, data, ssl_ctx);
+  if(result)
+    goto out;
+
+  /* OpenSSL always tries to verify the peer, this only says whether it should
+   * fail to connect if the verification fails, or if it should continue
+   * anyway. In the latter case the result of the verification is checked with
+   * SSL_get_verify_result() below. */
+  SSL_CTX_set_verify(ssl_ctx, conn->ssl_config.verifypeer ?
+                     SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
+
+  /* give application a chance to interfere with SSL set up. */
+  if(data->set.ssl.fsslctx) {
+    Curl_set_in_callback(data, true);
+    result = (*data->set.ssl.fsslctx)(data, ssl_ctx,
+                                      data->set.ssl.fsslctxp);
+    Curl_set_in_callback(data, false);
+    if(result) {
+      failf(data, "error signaled by ssl ctx callback");
+      goto out;
+    }
+  }
+  result = CURLE_OK;
+
+out:
+  *pssl_ctx = result? NULL : ssl_ctx;
+  if(result && ssl_ctx)
+    SSL_CTX_free(ssl_ctx);
+  return result;
+}
+
+static CURLcode quic_set_client_cert(struct Curl_cfilter *cf,
+                                     struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  SSL_CTX *ssl_ctx = ctx->sslctx;
+  const struct ssl_config_data *ssl_config;
+
+  ssl_config = Curl_ssl_get_config(data, FIRSTSOCKET);
+  DEBUGASSERT(ssl_config);
+
+  if(ssl_config->primary.clientcert || ssl_config->primary.cert_blob
+     || ssl_config->cert_type) {
+    return Curl_ossl_set_client_cert(
+        data, ssl_ctx, ssl_config->primary.clientcert,
+        ssl_config->primary.cert_blob, ssl_config->cert_type,
+        ssl_config->key, ssl_config->key_blob,
+        ssl_config->key_type, ssl_config->key_passwd);
+  }
+
+  return CURLE_OK;
+}
+
+/** SSL callbacks ***/
+
+static CURLcode quic_init_ssl(struct Curl_cfilter *cf,
+                              struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  const uint8_t *alpn = NULL;
+  size_t alpnlen = 0;
+
+  (void)data;
+  DEBUGASSERT(!ctx->ssl);
+  ctx->ssl = SSL_new(ctx->sslctx);
+
+  SSL_set_app_data(ctx->ssl, &ctx->conn_ref);
+  SSL_set_connect_state(ctx->ssl);
+  SSL_set_quic_use_legacy_codepoint(ctx->ssl, 0);
+
+  alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3;
+  alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1;
+  if(alpn)
+    SSL_set_alpn_protos(ctx->ssl, alpn, (int)alpnlen);
+
+  /* set SNI */
+  SSL_set_tlsext_host_name(ctx->ssl, cf->conn->host.name);
+  return CURLE_OK;
+}
+#elif defined(USE_GNUTLS)
+static CURLcode quic_init_ssl(struct Curl_cfilter *cf,
+                              struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  CURLcode result;
+  gnutls_datum_t alpn[2];
+  /* this will need some attention when HTTPS proxy over QUIC get fixed */
+  const char * const hostname = cf->conn->host.name;
+  long * const pverifyresult = &data->set.ssl.certverifyresult;
+  int rc;
+
+  DEBUGASSERT(ctx->gtls == NULL);
+  ctx->gtls = calloc(1, sizeof(*(ctx->gtls)));
+  if(!ctx->gtls)
+    return CURLE_OUT_OF_MEMORY;
+
+  result = gtls_client_init(data, &cf->conn->ssl_config, &data->set.ssl,
+                            hostname, ctx->gtls, pverifyresult);
+  if(result)
+    return result;
+
+  gnutls_session_set_ptr(ctx->gtls->session, &ctx->conn_ref);
+
+  if(ngtcp2_crypto_gnutls_configure_client_session(ctx->gtls->session) != 0) {
+    DEBUGF(LOG_CF(data, cf,
+                  "ngtcp2_crypto_gnutls_configure_client_session failed\n"));
+    return CURLE_QUIC_CONNECT_ERROR;
+  }
+
+  rc = gnutls_priority_set_direct(ctx->gtls->session, QUIC_PRIORITY, NULL);
+  if(rc < 0) {
+    DEBUGF(LOG_CF(data, cf, "gnutls_priority_set_direct failed: %s\n",
+                  gnutls_strerror(rc)));
+    return CURLE_QUIC_CONNECT_ERROR;
+  }
+
+  /* Open the file if a TLS or QUIC backend has not done this before. */
+  Curl_tls_keylog_open();
+  if(Curl_tls_keylog_enabled()) {
+    gnutls_session_set_keylog_function(ctx->gtls->session, keylog_callback);
+  }
+
+  /* strip the first byte (the length) from NGHTTP3_ALPN_H3 */
+  alpn[0].data = (unsigned char *)H3_ALPN_H3_29 + 1;
+  alpn[0].size = sizeof(H3_ALPN_H3_29) - 2;
+  alpn[1].data = (unsigned char *)H3_ALPN_H3 + 1;
+  alpn[1].size = sizeof(H3_ALPN_H3) - 2;
+
+  gnutls_alpn_set_protocols(ctx->gtls->session,
+                            alpn, 2, GNUTLS_ALPN_MANDATORY);
+  return CURLE_OK;
+}
+#elif defined(USE_WOLFSSL)
+
+static CURLcode quic_ssl_ctx(WOLFSSL_CTX **pssl_ctx,
+                             struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct connectdata *conn = cf->conn;
+  CURLcode result = CURLE_FAILED_INIT;
+  WOLFSSL_CTX *ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+
+  if(!ssl_ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+  if(ngtcp2_crypto_wolfssl_configure_client_context(ssl_ctx) != 0) {
+    failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed");
+    goto out;
+  }
+
+  wolfSSL_CTX_set_default_verify_paths(ssl_ctx);
+
+  if(wolfSSL_CTX_set_cipher_list(ssl_ctx, QUIC_CIPHERS) != 1) {
+    char error_buffer[256];
+    ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
+    failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer);
+    goto out;
+  }
+
+  if(wolfSSL_CTX_set1_groups_list(ssl_ctx, (char *)QUIC_GROUPS) != 1) {
+    failf(data, "SSL_CTX_set1_groups_list failed");
+    goto out;
+  }
+
+  /* Open the file if a TLS or QUIC backend has not done this before. */
+  Curl_tls_keylog_open();
+  if(Curl_tls_keylog_enabled()) {
+#if defined(HAVE_SECRET_CALLBACK)
+    wolfSSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
+#else
+    failf(data, "wolfSSL was built without keylog callback");
+    goto out;
+#endif
+  }
+
+  if(conn->ssl_config.verifypeer) {
+    const char * const ssl_cafile = conn->ssl_config.CAfile;
+    const char * const ssl_capath = conn->ssl_config.CApath;
+
+    wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+    if(conn->ssl_config.CAfile || conn->ssl_config.CApath) {
+      /* tell wolfSSL where to find CA certificates that are used to verify
+         the server's certificate. */
+      if(!wolfSSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
+        /* Fail if we insist on successfully verifying the server. */
+        failf(data, "error setting certificate verify locations:"
+              "  CAfile: %s CApath: %s",
+              ssl_cafile ? ssl_cafile : "none",
+              ssl_capath ? ssl_capath : "none");
+        goto out;
+      }
+      infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
+      infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
+    }
+#ifdef CURL_CA_FALLBACK
+    else {
+      /* verifying the peer without any CA certificates won't work so
+         use wolfssl's built-in default as fallback */
+      wolfSSL_CTX_set_default_verify_paths(ssl_ctx);
+    }
+#endif
+  }
+  else {
+    wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
+  }
+
+  /* give application a chance to interfere with SSL set up. */
+  if(data->set.ssl.fsslctx) {
+    Curl_set_in_callback(data, true);
+    result = (*data->set.ssl.fsslctx)(data, ssl_ctx,
+                                      data->set.ssl.fsslctxp);
+    Curl_set_in_callback(data, false);
+    if(result) {
+      failf(data, "error signaled by ssl ctx callback");
+      goto out;
+    }
+  }
+  result = CURLE_OK;
+
+out:
+  *pssl_ctx = result? NULL : ssl_ctx;
+  if(result && ssl_ctx)
+    SSL_CTX_free(ssl_ctx);
+  return result;
+}
+
+/** SSL callbacks ***/
+
+static CURLcode quic_init_ssl(struct Curl_cfilter *cf,
+                              struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  const uint8_t *alpn = NULL;
+  size_t alpnlen = 0;
+  /* this will need some attention when HTTPS proxy over QUIC get fixed */
+  const char * const hostname = cf->conn->host.name;
+
+  (void)data;
+  DEBUGASSERT(!ctx->ssl);
+  ctx->ssl = wolfSSL_new(ctx->sslctx);
+
+  wolfSSL_set_app_data(ctx->ssl, &ctx->conn_ref);
+  wolfSSL_set_connect_state(ctx->ssl);
+  wolfSSL_set_quic_use_legacy_codepoint(ctx->ssl, 0);
+
+  alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3;
+  alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1;
+  if(alpn)
+    wolfSSL_set_alpn_protos(ctx->ssl, alpn, (int)alpnlen);
+
+  /* set SNI */
+  wolfSSL_UseSNI(ctx->ssl, WOLFSSL_SNI_HOST_NAME,
+                 hostname, (unsigned short)strlen(hostname));
+
+  return CURLE_OK;
+}
+#endif /* defined(USE_WOLFSSL) */
+
+static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data)
+{
+  (void)user_data;
+  (void)tconn;
+  return 0;
+}
+
+static void report_consumed_data(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data,
+                                 size_t consumed)
+{
+  struct HTTP *stream = data->req.p.http;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+
+  /* the HTTP/1.1 response headers are written to the buffer, but
+   * consuming those does not count against flow control. */
+  if(stream->recv_buf_nonflow) {
+    if(consumed >= stream->recv_buf_nonflow) {
+      consumed -= stream->recv_buf_nonflow;
+      stream->recv_buf_nonflow = 0;
+    }
+    else {
+      stream->recv_buf_nonflow -= consumed;
+      consumed = 0;
+    }
+  }
+  if(consumed > 0) {
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] consumed %zu DATA bytes",
+                  stream->stream3_id, consumed));
+    ngtcp2_conn_extend_max_stream_offset(ctx->qconn, stream->stream3_id,
+                                         consumed);
+    ngtcp2_conn_extend_max_offset(ctx->qconn, consumed);
+  }
+  if(!stream->closed && data->state.drain
+     && !stream->memlen
+     && !Curl_dyn_len(&stream->overflow)) {
+     /* nothing buffered any more */
+     data->state.drain = 0;
+  }
+}
+
+static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags,
+                               int64_t stream_id, uint64_t offset,
+                               const uint8_t *buf, size_t buflen,
+                               void *user_data, void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  nghttp3_ssize nconsumed;
+  int fin = (flags & NGTCP2_STREAM_DATA_FLAG_FIN) ? 1 : 0;
+  struct Curl_easy *data = stream_user_data;
+  (void)offset;
+  (void)data;
+
+  nconsumed =
+    nghttp3_conn_read_stream(ctx->h3conn, stream_id, buf, buflen, fin);
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] read_stream(len=%zu) -> %zd",
+                stream_id, buflen, nconsumed));
+  if(nconsumed < 0) {
+    ngtcp2_connection_close_error_set_application_error(
+        &ctx->last_error,
+        nghttp3_err_infer_quic_app_error_code((int)nconsumed), NULL, 0);
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  /* number of bytes inside buflen which consists of framing overhead
+   * including QPACK HEADERS. In other words, it does not consume payload of
+   * DATA frame. */
+  ngtcp2_conn_extend_max_stream_offset(tconn, stream_id, nconsumed);
+  ngtcp2_conn_extend_max_offset(tconn, nconsumed);
+
+  return 0;
+}
+
+static int
+cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id,
+                            uint64_t offset, uint64_t datalen, void *user_data,
+                            void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  int rv;
+  (void)stream_id;
+  (void)tconn;
+  (void)offset;
+  (void)datalen;
+  (void)stream_user_data;
+
+  rv = nghttp3_conn_add_ack_offset(ctx->h3conn, stream_id, datalen);
+  if(rv) {
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static int cb_stream_close(ngtcp2_conn *tconn, uint32_t flags,
+                           int64_t stream3_id, uint64_t app_error_code,
+                           void *user_data, void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct Curl_easy *data = stream_user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  int rv;
+
+  (void)tconn;
+  (void)data;
+  /* stream is closed... */
+
+  if(!(flags & NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET)) {
+    app_error_code = NGHTTP3_H3_NO_ERROR;
+  }
+
+  rv = nghttp3_conn_close_stream(ctx->h3conn, stream3_id,
+                                 app_error_code);
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] quic close(err=%"
+                PRIu64 ") -> %d", stream3_id, app_error_code, rv));
+  if(rv) {
+    ngtcp2_connection_close_error_set_application_error(
+        &ctx->last_error, nghttp3_err_infer_quic_app_error_code(rv), NULL, 0);
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static int cb_stream_reset(ngtcp2_conn *tconn, int64_t stream_id,
+                           uint64_t final_size, uint64_t app_error_code,
+                           void *user_data, void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct Curl_easy *data = stream_user_data;
+  int rv;
+  (void)tconn;
+  (void)final_size;
+  (void)app_error_code;
+  (void)data;
+
+  rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id);
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] reset -> %d", stream_id, rv));
+  if(rv) {
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static int cb_stream_stop_sending(ngtcp2_conn *tconn, int64_t stream_id,
+                                  uint64_t app_error_code, void *user_data,
+                                  void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  int rv;
+  (void)tconn;
+  (void)app_error_code;
+  (void)stream_user_data;
+
+  rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id);
+  if(rv) {
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static int cb_extend_max_local_streams_bidi(ngtcp2_conn *tconn,
+                                            uint64_t max_streams,
+                                            void *user_data)
+{
+  (void)tconn;
+  (void)max_streams;
+  (void)user_data;
+
+  return 0;
+}
+
+static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t stream_id,
+                                     uint64_t max_data, void *user_data,
+                                     void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  int rv;
+  (void)tconn;
+  (void)max_data;
+  (void)stream_user_data;
+
+  rv = nghttp3_conn_unblock_stream(ctx->h3conn, stream_id);
+  if(rv) {
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static void cb_rand(uint8_t *dest, size_t destlen,
+                    const ngtcp2_rand_ctx *rand_ctx)
+{
+  CURLcode result;
+  (void)rand_ctx;
+
+  result = Curl_rand(NULL, dest, destlen);
+  if(result) {
+    /* cb_rand is only used for non-cryptographic context.  If Curl_rand
+       failed, just fill 0 and call it *random*. */
+    memset(dest, 0, destlen);
+  }
+}
+
+static int cb_get_new_connection_id(ngtcp2_conn *tconn, ngtcp2_cid *cid,
+                                    uint8_t *token, size_t cidlen,
+                                    void *user_data)
+{
+  CURLcode result;
+  (void)tconn;
+  (void)user_data;
+
+  result = Curl_rand(NULL, cid->data, cidlen);
+  if(result)
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  cid->datalen = cidlen;
+
+  result = Curl_rand(NULL, token, NGTCP2_STATELESS_RESET_TOKENLEN);
+  if(result)
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+
+  return 0;
+}
+
+static int cb_recv_rx_key(ngtcp2_conn *tconn, ngtcp2_crypto_level level,
+                          void *user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  (void)tconn;
+
+  if(level != NGTCP2_CRYPTO_LEVEL_APPLICATION) {
+    return 0;
+  }
+
+  if(init_ngh3_conn(cf) != CURLE_OK) {
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static ngtcp2_callbacks ng_callbacks = {
+  ngtcp2_crypto_client_initial_cb,
+  NULL, /* recv_client_initial */
+  ngtcp2_crypto_recv_crypto_data_cb,
+  cb_handshake_completed,
+  NULL, /* recv_version_negotiation */
+  ngtcp2_crypto_encrypt_cb,
+  ngtcp2_crypto_decrypt_cb,
+  ngtcp2_crypto_hp_mask_cb,
+  cb_recv_stream_data,
+  cb_acked_stream_data_offset,
+  NULL, /* stream_open */
+  cb_stream_close,
+  NULL, /* recv_stateless_reset */
+  ngtcp2_crypto_recv_retry_cb,
+  cb_extend_max_local_streams_bidi,
+  NULL, /* extend_max_local_streams_uni */
+  cb_rand,
+  cb_get_new_connection_id,
+  NULL, /* remove_connection_id */
+  ngtcp2_crypto_update_key_cb, /* update_key */
+  NULL, /* path_validation */
+  NULL, /* select_preferred_addr */
+  cb_stream_reset,
+  NULL, /* extend_max_remote_streams_bidi */
+  NULL, /* extend_max_remote_streams_uni */
+  cb_extend_max_stream_data,
+  NULL, /* dcid_status */
+  NULL, /* handshake_confirmed */
+  NULL, /* recv_new_token */
+  ngtcp2_crypto_delete_crypto_aead_ctx_cb,
+  ngtcp2_crypto_delete_crypto_cipher_ctx_cb,
+  NULL, /* recv_datagram */
+  NULL, /* ack_datagram */
+  NULL, /* lost_datagram */
+  ngtcp2_crypto_get_path_challenge_data_cb,
+  cb_stream_stop_sending,
+  NULL, /* version_negotiation */
+  cb_recv_rx_key,
+  NULL, /* recv_tx_key */
+  NULL, /* early_data_rejected */
+};
+
+static int cf_ngtcp2_get_select_socks(struct Curl_cfilter *cf,
+                                      struct Curl_easy *data,
+                                      curl_socket_t *socks)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct SingleRequest *k = &data->req;
+  int rv = GETSOCK_BLANK;
+  struct HTTP *stream = data->req.p.http;
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
+  socks[0] = ctx->q.sockfd;
+
+  /* in an HTTP/3 connection we can basically always get a frame so we should
+     always be ready for one */
+  rv |= GETSOCK_READSOCK(0);
+
+  /* we're still uploading or the HTTP/2 layer wants to send data */
+  if((k->keepon & KEEP_SENDBITS) == KEEP_SEND &&
+     (!stream->h3out || stream->h3out->used < H3_SEND_SIZE) &&
+     ngtcp2_conn_get_cwnd_left(ctx->qconn) &&
+     ngtcp2_conn_get_max_data_left(ctx->qconn) &&
+     nghttp3_conn_is_stream_writable(ctx->h3conn, stream->stream3_id))
+    rv |= GETSOCK_WRITESOCK(0);
+
+  DEBUGF(LOG_CF(data, cf, "get_select_socks -> %x (sock=%d)",
+                rv, (int)socks[0]));
+  CF_DATA_RESTORE(cf, save);
+  return rv;
+}
+
+static void notify_drain(struct Curl_cfilter *cf,
+                         struct Curl_easy *data)
+{
+  (void)cf;
+  if(!data->state.drain) {
+    data->state.drain = 1;
+    Curl_expire(data, 0, EXPIRE_RUN_NOW);
+  }
+}
+
+
+static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
+                              uint64_t app_error_code, void *user_data,
+                              void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct Curl_easy *data = stream_user_data;
+  struct HTTP *stream = data->req.p.http;
+  (void)conn;
+  (void)stream_id;
+  (void)app_error_code;
+  (void)cf;
+
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] h3 close(err=%" PRIx64 ")",
+                stream_id, app_error_code));
+  stream->closed = TRUE;
+  stream->error3 = app_error_code;
+  if(app_error_code == NGHTTP3_H3_INTERNAL_ERROR) {
+    /* TODO: we do not get a specific error when the remote end closed
+     * the response before it was complete. */
+    stream->reset = TRUE;
+  }
+  notify_drain(cf, data);
+  return 0;
+}
+
+/*
+ * write_resp_raw() copies response data in raw format to the `data`'s
+  * receive buffer. If not enough space is available, it appends to the
+ * `data`'s overflow buffer.
+ */
+static CURLcode write_resp_raw(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               const void *mem, size_t memlen,
+                               bool flow)
+{
+  struct HTTP *stream = data->req.p.http;
+  CURLcode result = CURLE_OK;
+  const char *buf = mem;
+  size_t ncopy = memlen;
+  /* copy as much as possible to the receive buffer */
+  if(stream->len) {
+    size_t len = CURLMIN(ncopy, stream->len);
+    memcpy(stream->mem + stream->memlen, buf, len);
+    stream->len -= len;
+    stream->memlen += len;
+    buf += len;
+    ncopy -= len;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] resp_raw: added %zu bytes"
+                  " to data buffer", stream->stream3_id, len));
+  }
+  /* copy the rest to the overflow buffer */
+  if(ncopy) {
+    result = Curl_dyn_addn(&stream->overflow, buf, ncopy);
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] resp_raw: added %zu bytes"
+                  " to overflow buffer -> %d",
+                  stream->stream3_id, ncopy, result));
+    notify_drain(cf, data);
+  }
+
+  if(!flow)
+    stream->recv_buf_nonflow += memlen;
+  if(CF_DATA_CURRENT(cf) != data) {
+    notify_drain(cf, data);
+  }
+  return result;
+}
+
+static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id,
+                           const uint8_t *buf, size_t buflen,
+                           void *user_data, void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct Curl_easy *data = stream_user_data;
+  CURLcode result;
+
+  (void)conn;
+  (void)stream3_id;
+
+  result = write_resp_raw(cf, data, buf, buflen, TRUE);
+  return result? -1 : 0;
+}
+
+static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream3_id,
+                                  size_t consumed, void *user_data,
+                                  void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  (void)conn;
+  (void)stream_user_data;
+
+  /* nghttp3 has consumed bytes on the QUIC stream and we need to
+   * tell the QUIC connection to increase its flow control */
+  ngtcp2_conn_extend_max_stream_offset(ctx->qconn, stream3_id, consumed);
+  ngtcp2_conn_extend_max_offset(ctx->qconn, consumed);
+  return 0;
+}
+
+/* Decode HTTP status code.  Returns -1 if no valid status code was
+   decoded. (duplicate from http2.c) */
+static int decode_status_code(const uint8_t *value, size_t len)
+{
+  int i;
+  int res;
+
+  if(len != 3) {
+    return -1;
+  }
+
+  res = 0;
+
+  for(i = 0; i < 3; ++i) {
+    char c = value[i];
+
+    if(c < '0' || c > '9') {
+      return -1;
+    }
+
+    res *= 10;
+    res += c - '0';
+  }
+
+  return res;
+}
+
+static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
+                             int fin, void *user_data, void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct Curl_easy *data = stream_user_data;
+  struct HTTP *stream = data->req.p.http;
+  CURLcode result = CURLE_OK;
+  (void)conn;
+  (void)stream_id;
+  (void)fin;
+  (void)cf;
+
+  /* add a CRLF only if we've received some headers */
+  if(stream->firstheader) {
+    result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
+    if(result) {
+      return -1;
+    }
+  }
+
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] end_headers(status_code=%d",
+                stream_id, stream->status_code));
+  if(stream->status_code / 100 != 1) {
+    stream->bodystarted = TRUE;
+  }
+  return 0;
+}
+
+static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
+                             int32_t token, nghttp3_rcbuf *name,
+                             nghttp3_rcbuf *value, uint8_t flags,
+                             void *user_data, void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name);
+  nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value);
+  struct Curl_easy *data = stream_user_data;
+  struct HTTP *stream = data->req.p.http;
+  CURLcode result = CURLE_OK;
+  (void)conn;
+  (void)stream_id;
+  (void)token;
+  (void)flags;
+  (void)cf;
+
+  if(token == NGHTTP3_QPACK_TOKEN__STATUS) {
+    char line[14]; /* status line is always 13 characters long */
+    size_t ncopy;
+
+    DEBUGASSERT(!stream->firstheader);
+    stream->status_code = decode_status_code(h3val.base, h3val.len);
+    DEBUGASSERT(stream->status_code != -1);
+    ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
+                      stream->status_code);
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] status: %s",
+                  stream_id, line));
+    result = write_resp_raw(cf, data, line, ncopy, FALSE);
+    if(result) {
+      return -1;
+    }
+    stream->firstheader = TRUE;
+  }
+  else {
+    /* store as an HTTP1-style header */
+    DEBUGASSERT(stream->firstheader);
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] header: %.*s: %.*s",
+                  stream_id, (int)h3name.len, h3name.base,
+                  (int)h3val.len, h3val.base));
+    result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE);
+    if(result) {
+      return -1;
+    }
+    result = write_resp_raw(cf, data, ": ", 2, FALSE);
+    if(result) {
+      return -1;
+    }
+    result = write_resp_raw(cf, data, h3val.base, h3val.len, FALSE);
+    if(result) {
+      return -1;
+    }
+    result = write_resp_raw(cf, data, "\r\n", 2, FALSE);
+    if(result) {
+      return -1;
+    }
+  }
+  return 0;
+}
+
+static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t stream_id,
+                              uint64_t app_error_code, void *user_data,
+                              void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  int rv;
+  (void)conn;
+  (void)stream_user_data;
+
+  rv = ngtcp2_conn_shutdown_stream_read(ctx->qconn, stream_id, app_error_code);
+  if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) {
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t stream_id,
+                              uint64_t app_error_code, void *user_data,
+                              void *stream_user_data) {
+  struct Curl_cfilter *cf = user_data;
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct Curl_easy *data = stream_user_data;
+  int rv;
+  (void)conn;
+  (void)data;
+
+  rv = ngtcp2_conn_shutdown_stream_write(ctx->qconn, stream_id,
+                                         app_error_code);
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] reset -> %d", stream_id, rv));
+  if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) {
+    return NGTCP2_ERR_CALLBACK_FAILURE;
+  }
+
+  return 0;
+}
+
+static nghttp3_callbacks ngh3_callbacks = {
+  cb_h3_acked_stream_data, /* acked_stream_data */
+  cb_h3_stream_close,
+  cb_h3_recv_data,
+  cb_h3_deferred_consume,
+  NULL, /* begin_headers */
+  cb_h3_recv_header,
+  cb_h3_end_headers,
+  NULL, /* begin_trailers */
+  cb_h3_recv_header,
+  NULL, /* end_trailers */
+  cb_h3_stop_sending,
+  NULL, /* end_stream */
+  cb_h3_reset_stream,
+  NULL /* shutdown */
+};
+
+static int init_ngh3_conn(struct Curl_cfilter *cf)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  CURLcode result;
+  int rc;
+  int64_t ctrl_stream_id, qpack_enc_stream_id, qpack_dec_stream_id;
+
+  if(ngtcp2_conn_get_max_local_streams_uni(ctx->qconn) < 3) {
+    return CURLE_QUIC_CONNECT_ERROR;
+  }
+
+  nghttp3_settings_default(&ctx->h3settings);
+
+  rc = nghttp3_conn_client_new(&ctx->h3conn,
+                               &ngh3_callbacks,
+                               &ctx->h3settings,
+                               nghttp3_mem_default(),
+                               cf);
+  if(rc) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto fail;
+  }
+
+  rc = ngtcp2_conn_open_uni_stream(ctx->qconn, &ctrl_stream_id, NULL);
+  if(rc) {
+    result = CURLE_QUIC_CONNECT_ERROR;
+    goto fail;
+  }
+
+  rc = nghttp3_conn_bind_control_stream(ctx->h3conn, ctrl_stream_id);
+  if(rc) {
+    result = CURLE_QUIC_CONNECT_ERROR;
+    goto fail;
+  }
+
+  rc = ngtcp2_conn_open_uni_stream(ctx->qconn, &qpack_enc_stream_id, NULL);
+  if(rc) {
+    result = CURLE_QUIC_CONNECT_ERROR;
+    goto fail;
+  }
+
+  rc = ngtcp2_conn_open_uni_stream(ctx->qconn, &qpack_dec_stream_id, NULL);
+  if(rc) {
+    result = CURLE_QUIC_CONNECT_ERROR;
+    goto fail;
+  }
+
+  rc = nghttp3_conn_bind_qpack_streams(ctx->h3conn, qpack_enc_stream_id,
+                                       qpack_dec_stream_id);
+  if(rc) {
+    result = CURLE_QUIC_CONNECT_ERROR;
+    goto fail;
+  }
+
+  return CURLE_OK;
+  fail:
+
+  return result;
+}
+
+static void drain_overflow_buffer(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data)
+{
+  struct HTTP *stream = data->req.p.http;
+  size_t overlen = Curl_dyn_len(&stream->overflow);
+  size_t ncopy = CURLMIN(overlen, stream->len);
+
+  (void)cf;
+  if(ncopy > 0) {
+    memcpy(stream->mem + stream->memlen,
+           Curl_dyn_ptr(&stream->overflow), ncopy);
+    stream->len -= ncopy;
+    stream->memlen += ncopy;
+    if(ncopy != overlen)
+      /* make the buffer only keep the tail */
+      (void)Curl_dyn_tail(&stream->overflow, overlen - ncopy);
+    else {
+      Curl_dyn_reset(&stream->overflow);
+    }
+  }
+}
+
+static ssize_t recv_closed_stream(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  CURLcode *err)
+{
+  struct HTTP *stream = data->req.p.http;
+  ssize_t nread = -1;
+
+  (void)cf;
+
+  if(stream->reset) {
+    failf(data,
+          "HTTP/3 stream %" PRId64 " reset by server", stream->stream3_id);
+    *err = CURLE_PARTIAL_FILE;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv, was reset -> %d",
+                  stream->stream3_id, *err));
+    goto out;
+  }
+  else if(stream->error3 != NGHTTP3_H3_NO_ERROR) {
+    failf(data,
+          "HTTP/3 stream %" PRId64 " was not closed cleanly: (err 0x%" PRIx64
+          ")",
+          stream->stream3_id, stream->error3);
+    *err = CURLE_HTTP3;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv, closed uncleanly"
+                  " -> %d", stream->stream3_id, *err));
+    goto out;
+  }
+
+  if(!stream->bodystarted) {
+    failf(data,
+          "HTTP/3 stream %" PRId64 " was closed cleanly, but before getting"
+          " all response header fields, treated as error",
+          stream->stream3_id);
+    *err = CURLE_HTTP3;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv, closed incomplete"
+                  " -> %d", stream->stream3_id, *err));
+    goto out;
+  }
+  else {
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv, closed ok"
+                  " -> %d", stream->stream3_id, *err));
+  }
+  *err = CURLE_OK;
+  nread = 0;
+
+out:
+  data->state.drain = 0;
+  return nread;
+}
+
+/* incoming data frames on the h3 stream */
+static ssize_t cf_ngtcp2_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+                              char *buf, size_t len, CURLcode *err)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  ssize_t nread = -1;
+  struct cf_call_data save;
+
+  (void)ctx;
+
+  CF_DATA_SAVE(save, cf, data);
+  DEBUGASSERT(cf->connected);
+  DEBUGASSERT(ctx);
+  DEBUGASSERT(ctx->qconn);
+  DEBUGASSERT(ctx->h3conn);
+  *err = CURLE_OK;
+
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv(len=%zu) start",
+                stream->stream3_id, len));
+  /* TODO: this implementation of response DATA buffering is fragile.
+   * It makes the following assumptions:
+   * - the `buf` passed here has the same lifetime as the easy handle
+   * - data returned in `buf` from this call is immediately used and `buf`
+   *   can be overwritten during any handling of other transfers at
+   *   this connection.
+   */
+  if(!stream->memlen) {
+    /* `buf` was not known before or is currently not used by stream,
+     * assign it (again). */
+    stream->mem = buf;
+    stream->len = len;
+  }
+
+  /* if there's data in the overflow buffer, move as much
+     as possible to the receive buffer now */
+  drain_overflow_buffer(cf, data);
+
+  if(cf_process_ingress(cf, data)) {
+    *err = CURLE_RECV_ERROR;
+    nread = -1;
+    goto out;
+  }
+
+  if(stream->memlen) {
+    nread = stream->memlen;
+    /* reset to allow more data to come */
+    /* TODO: very brittle buffer use design:
+     * - stream->mem has now `nread` bytes of response data
+     * - we assume that the caller will use those immediately and
+     *   we can overwrite that with new data on our next invocation from
+     *   anywhere.
+     */
+    stream->mem = buf;
+    stream->memlen = 0;
+    stream->len = len;
+    /* extend the stream window with the data we're consuming and send out
+       any additional packets to tell the server that we can receive more */
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv -> %zd bytes",
+                  stream->stream3_id, nread));
+    report_consumed_data(cf, data, nread);
+    if(cf_flush_egress(cf, data)) {
+      *err = CURLE_SEND_ERROR;
+      nread = -1;
+    }
+    goto out;
+  }
+
+  if(stream->closed) {
+    nread = recv_closed_stream(cf, data, err);
+    goto out;
+  }
+
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv -> EAGAIN",
+                stream->stream3_id));
+  *err = CURLE_AGAIN;
+  nread = -1;
+out:
+  if(cf_flush_egress(cf, data)) {
+    *err = CURLE_SEND_ERROR;
+    nread = -1;
+    goto out;
+  }
+
+  CF_DATA_RESTORE(cf, save);
+  return nread;
+}
+
+/* this amount of data has now been acked on this stream */
+static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
+                                   uint64_t datalen, void *user_data,
+                                   void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct Curl_easy *data = stream_user_data;
+  struct HTTP *stream = data->req.p.http;
+  (void)user_data;
+
+  (void)cf;
+  if(!data->set.postfields) {
+    stream->h3out->used -= datalen;
+    DEBUGF(LOG_CF(data, cf, "cb_h3_acked_stream_data, %"PRIu64" bytes, "
+                  "%zd left unacked", datalen, stream->h3out->used));
+    DEBUGASSERT(stream->h3out->used < H3_SEND_SIZE);
+
+    if(stream->h3out->used == 0) {
+      int rv = nghttp3_conn_resume_stream(conn, stream_id);
+      if(rv) {
+        return NGTCP2_ERR_CALLBACK_FAILURE;
+      }
+    }
+  }
+  return 0;
+}
+
+static nghttp3_ssize cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id,
+                                        nghttp3_vec *vec, size_t veccnt,
+                                        uint32_t *pflags, void *user_data,
+                                        void *stream_user_data)
+{
+  struct Curl_cfilter *cf = user_data;
+  struct Curl_easy *data = stream_user_data;
+  size_t nread;
+  struct HTTP *stream = data->req.p.http;
+  (void)cf;
+  (void)conn;
+  (void)stream_id;
+  (void)user_data;
+  (void)veccnt;
+
+  if(data->set.postfields) {
+    vec[0].base = data->set.postfields;
+    vec[0].len = data->state.infilesize;
+    *pflags = NGHTTP3_DATA_FLAG_EOF;
+    return 1;
+  }
+
+  if(stream->upload_len && H3_SEND_SIZE <= stream->h3out->used) {
+    return NGHTTP3_ERR_WOULDBLOCK;
+  }
+
+  nread = CURLMIN(stream->upload_len, H3_SEND_SIZE - stream->h3out->used);
+  if(nread > 0) {
+    /* nghttp3 wants us to hold on to the data until it tells us it is okay to
+       delete it. Append the data at the end of the h3out buffer. Since we can
+       only return consecutive data, copy the amount that fits and the next
+       part comes in next invoke. */
+    struct h3out *out = stream->h3out;
+    if(nread + out->windex > H3_SEND_SIZE)
+      nread = H3_SEND_SIZE - out->windex;
+
+    memcpy(&out->buf[out->windex], stream->upload_mem, nread);
+
+    /* that's the chunk we return to nghttp3 */
+    vec[0].base = &out->buf[out->windex];
+    vec[0].len = nread;
+
+    out->windex += nread;
+    out->used += nread;
+
+    if(out->windex == H3_SEND_SIZE)
+      out->windex = 0; /* wrap */
+    stream->upload_mem += nread;
+    stream->upload_len -= nread;
+    if(data->state.infilesize != -1) {
+      stream->upload_left -= nread;
+      if(!stream->upload_left)
+        *pflags = NGHTTP3_DATA_FLAG_EOF;
+    }
+    DEBUGF(LOG_CF(data, cf, "cb_h3_readfunction %zd bytes%s (at %zd unacked)",
+                  nread, *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"",
+                  out->used));
+  }
+  if(stream->upload_done && !stream->upload_len &&
+     (stream->upload_left <= 0)) {
+    DEBUGF(LOG_CF(data, cf, "cb_h3_readfunction sets EOF"));
+    *pflags = NGHTTP3_DATA_FLAG_EOF;
+    return nread ? 1 : 0;
+  }
+  else if(!nread) {
+    return NGHTTP3_ERR_WOULDBLOCK;
+  }
+  return 1;
+}
+
+/* Index where :authority header field will appear in request header
+   field list. */
+#define AUTHORITY_DST_IDX 3
+
+static CURLcode h3_stream_open(struct Curl_cfilter *cf,
+                               struct Curl_easy *data,
+                               const void *mem,
+                               size_t len)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  size_t nheader;
+  CURLcode result = CURLE_OK;
+  nghttp3_nv *nva = NULL;
+  int64_t stream3_id;
+  int rc = 0;
+  struct h3out *h3out = NULL;
+  struct h2h3req *hreq = NULL;
+
+  rc = ngtcp2_conn_open_bidi_stream(ctx->qconn, &stream3_id, NULL);
+  if(rc) {
+    failf(data, "can get bidi streams");
+    goto fail;
+  }
+
+  stream->stream3_id = stream3_id;
+  stream->h3req = TRUE;
+  Curl_dyn_init(&stream->overflow, CURL_MAX_READ_SIZE);
+  stream->recv_buf_nonflow = 0;
+
+  result = Curl_pseudo_headers(data, mem, len, NULL, &hreq);
+  if(result)
+    goto fail;
+  nheader = hreq->entries;
+
+  nva = malloc(sizeof(nghttp3_nv) * nheader);
+  if(!nva) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto fail;
+  }
+  else {
+    unsigned int i;
+    for(i = 0; i < nheader; i++) {
+      nva[i].name = (unsigned char *)hreq->header[i].name;
+      nva[i].namelen = hreq->header[i].namelen;
+      nva[i].value = (unsigned char *)hreq->header[i].value;
+      nva[i].valuelen = hreq->header[i].valuelen;
+      nva[i].flags = NGHTTP3_NV_FLAG_NONE;
+    }
+  }
+
+  switch(data->state.httpreq) {
+  case HTTPREQ_POST:
+  case HTTPREQ_POST_FORM:
+  case HTTPREQ_POST_MIME:
+  case HTTPREQ_PUT: {
+    nghttp3_data_reader data_reader;
+    if(data->state.infilesize != -1)
+      stream->upload_left = data->state.infilesize;
+    else
+      /* data sending without specifying the data amount up front */
+      stream->upload_left = -1; /* unknown, but not zero */
+
+    data_reader.read_data = cb_h3_readfunction;
+
+    h3out = calloc(sizeof(struct h3out), 1);
+    if(!h3out) {
+      result = CURLE_OUT_OF_MEMORY;
+      goto fail;
+    }
+    stream->h3out = h3out;
+
+    rc = nghttp3_conn_submit_request(ctx->h3conn, stream->stream3_id,
+                                     nva, nheader, &data_reader, data);
+    if(rc)
+      goto fail;
+    break;
+  }
+  default:
+    stream->upload_left = 0; /* nothing left to send */
+    rc = nghttp3_conn_submit_request(ctx->h3conn, stream->stream3_id,
+                                     nva, nheader, NULL, data);
+    if(rc)
+      goto fail;
+    break;
+  }
+
+  Curl_safefree(nva);
+
+  infof(data, "Using HTTP/3 Stream ID: %" PRId64 " (easy handle %p)",
+        stream3_id, (void *)data);
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] opened for %s",
+                stream3_id, data->state.url));
+
+  Curl_pseudo_free(hreq);
+  return CURLE_OK;
+
+fail:
+  if(rc) {
+    switch(rc) {
+    case NGHTTP3_ERR_CONN_CLOSING:
+      DEBUGF(LOG_CF(data, cf, "h3sid[%"PRId64"] failed to send, "
+                    "connection is closing", stream->stream3_id));
+      result = CURLE_RECV_ERROR;
+      break;
+    default:
+      DEBUGF(LOG_CF(data, cf, "h3sid[%"PRId64"] failed to send -> %d (%s)",
+                    stream->stream3_id, rc, ngtcp2_strerror(rc)));
+      result = CURLE_SEND_ERROR;
+      break;
+    }
+  }
+  free(nva);
+  Curl_pseudo_free(hreq);
+  return result;
+}
+
+static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+                              const void *buf, size_t len, CURLcode *err)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  ssize_t sent = 0;
+  struct HTTP *stream = data->req.p.http;
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
+  DEBUGASSERT(cf->connected);
+  DEBUGASSERT(ctx->qconn);
+  DEBUGASSERT(ctx->h3conn);
+  *err = CURLE_OK;
+
+  if(stream->closed) {
+    *err = CURLE_HTTP3;
+    sent = -1;
+    goto out;
+  }
+
+  if(!stream->h3req) {
+    CURLcode result = h3_stream_open(cf, data, buf, len);
+    if(result) {
+      DEBUGF(LOG_CF(data, cf, "failed to open stream -> %d", result));
+      sent = -1;
+      goto out;
+    }
+    /* Assume that mem of length len only includes HTTP/1.1 style
+       header fields.  In other words, it does not contain request
+       body. */
+    sent = len;
+  }
+  else {
+    DEBUGF(LOG_CF(data, cf, "ngh3_stream_send() wants to send %zd bytes",
+                  len));
+    if(!stream->upload_len) {
+      stream->upload_mem = buf;
+      stream->upload_len = len;
+      (void)nghttp3_conn_resume_stream(ctx->h3conn, stream->stream3_id);
+    }
+    else {
+      *err = CURLE_AGAIN;
+      sent = -1;
+      goto out;
+    }
+  }
+
+  if(cf_flush_egress(cf, data)) {
+    *err = CURLE_SEND_ERROR;
+    sent = -1;
+    goto out;
+  }
+
+  /* Reset post upload buffer after resumed. */
+  if(stream->upload_mem) {
+    if(data->set.postfields) {
+      sent = len;
+    }
+    else {
+      sent = len - stream->upload_len;
+    }
+
+    stream->upload_mem = NULL;
+    stream->upload_len = 0;
+
+    if(sent == 0) {
+      *err = CURLE_AGAIN;
+      sent = -1;
+      goto out;
+    }
+  }
+out:
+  CF_DATA_RESTORE(cf, save);
+  return sent;
+}
+
+static CURLcode qng_verify_peer(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+  const char *hostname, *disp_hostname;
+  int port;
+  char *snihost;
+
+  Curl_conn_get_host(data, cf->sockindex, &hostname, &disp_hostname, &port);
+  snihost = Curl_ssl_snihost(data, hostname, NULL);
+  if(!snihost)
+      return CURLE_PEER_FAILED_VERIFICATION;
+
+  cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+  cf->conn->httpversion = 30;
+  cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+
+  if(cf->conn->ssl_config.verifyhost) {
+#ifdef USE_OPENSSL
+    X509 *server_cert;
+    server_cert = SSL_get_peer_certificate(ctx->ssl);
+    if(!server_cert) {
+      return CURLE_PEER_FAILED_VERIFICATION;
+    }
+    result = Curl_ossl_verifyhost(data, cf->conn, server_cert);
+    X509_free(server_cert);
+    if(result)
+      return result;
+#elif defined(USE_GNUTLS)
+    result = Curl_gtls_verifyserver(data, ctx->gtls->session,
+                                    &cf->conn->ssl_config, &data->set.ssl,
+                                    hostname, disp_hostname,
+                                    data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
+    if(result)
+      return result;
+#elif defined(USE_WOLFSSL)
+    if(wolfSSL_check_domain_name(ctx->ssl, snihost) == SSL_FAILURE)
+      return CURLE_PEER_FAILED_VERIFICATION;
+#endif
+    infof(data, "Verified certificate just fine");
+  }
+  else
+    infof(data, "Skipped certificate verification");
+#ifdef USE_OPENSSL
+  if(data->set.ssl.certinfo)
+    /* asked to gather certificate info */
+    (void)Curl_ossl_certchain(data, ctx->ssl);
+#endif
+  return result;
+}
+
+static CURLcode cf_process_ingress(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  ssize_t recvd;
+  int rv;
+  uint8_t buf[65536];
+  int bufsize = (int)sizeof(buf);
+  size_t pktcount = 0, total_recvd = 0;
+  struct sockaddr_storage remote_addr;
+  socklen_t remote_addrlen;
+  ngtcp2_path path;
+  ngtcp2_tstamp ts = timestamp();
+  ngtcp2_pkt_info pi = { 0 };
+
+  for(;;) {
+    remote_addrlen = sizeof(remote_addr);
+    while((recvd = recvfrom(ctx->q.sockfd, (char *)buf, bufsize, 0,
+                            (struct sockaddr *)&remote_addr,
+                            &remote_addrlen)) == -1 &&
+          SOCKERRNO == EINTR)
+      ;
+    if(recvd == -1) {
+      if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
+        DEBUGF(LOG_CF(data, cf, "ingress, recvfrom -> EAGAIN"));
+        goto out;
+      }
+      if(!cf->connected && SOCKERRNO == ECONNREFUSED) {
+        const char *r_ip;
+        int r_port;
+        Curl_cf_socket_peek(cf->next, data, NULL, NULL,
+                            &r_ip, &r_port, NULL, NULL);
+        failf(data, "ngtcp2: connection to %s port %u refused",
+              r_ip, r_port);
+        return CURLE_COULDNT_CONNECT;
+      }
+      failf(data, "ngtcp2: recvfrom() unexpectedly returned %zd (errno=%d)",
+                  recvd, SOCKERRNO);
+      return CURLE_RECV_ERROR;
+    }
+
+    if(recvd > 0 && !ctx->got_first_byte) {
+      ctx->first_byte_at = Curl_now();
+      ctx->got_first_byte = TRUE;
+    }
+
+    ++pktcount;
+    total_recvd += recvd;
+
+    ngtcp2_addr_init(&path.local, (struct sockaddr *)&ctx->q.local_addr,
+                     ctx->q.local_addrlen);
+    ngtcp2_addr_init(&path.remote, (struct sockaddr *)&remote_addr,
+                     remote_addrlen);
+
+    rv = ngtcp2_conn_read_pkt(ctx->qconn, &path, &pi, buf, recvd, ts);
+    if(rv) {
+      DEBUGF(LOG_CF(data, cf, "ingress, read_pkt -> %s",
+                    ngtcp2_strerror(rv)));
+      if(!ctx->last_error.error_code) {
+        if(rv == NGTCP2_ERR_CRYPTO) {
+          ngtcp2_connection_close_error_set_transport_error_tls_alert(
+              &ctx->last_error,
+              ngtcp2_conn_get_tls_alert(ctx->qconn), NULL, 0);
+        }
+        else {
+          ngtcp2_connection_close_error_set_transport_error_liberr(
+              &ctx->last_error, rv, NULL, 0);
+        }
+      }
+
+      if(rv == NGTCP2_ERR_CRYPTO)
+        /* this is a "TLS problem", but a failed certificate verification
+           is a common reason for this */
+        return CURLE_PEER_FAILED_VERIFICATION;
+      return CURLE_RECV_ERROR;
+    }
+  }
+
+out:
+  (void)pktcount;
+  (void)total_recvd;
+  DEBUGF(LOG_CF(data, cf, "ingress, recvd %zu packets with %zd bytes",
+                pktcount, total_recvd));
+  return CURLE_OK;
+}
+
+static CURLcode cf_flush_egress(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  int rv;
+  size_t sent;
+  ngtcp2_ssize outlen;
+  uint8_t *outpos = ctx->q.pktbuf;
+  size_t max_udp_payload_size =
+      ngtcp2_conn_get_max_tx_udp_payload_size(ctx->qconn);
+  size_t path_max_udp_payload_size =
+      ngtcp2_conn_get_path_max_tx_udp_payload_size(ctx->qconn);
+  size_t max_pktcnt =
+      CURLMIN(MAX_PKT_BURST, ctx->q.pktbuflen / max_udp_payload_size);
+  size_t pktcnt = 0;
+  size_t gsolen = 0;  /* this disables gso until we have a clue */
+  ngtcp2_path_storage ps;
+  ngtcp2_tstamp ts = timestamp();
+  ngtcp2_tstamp expiry;
+  ngtcp2_duration timeout;
+  int64_t stream_id;
+  nghttp3_ssize veccnt;
+  int fin;
+  nghttp3_vec vec[16];
+  ngtcp2_ssize ndatalen;
+  uint32_t flags;
+  CURLcode curlcode;
+
+  rv = ngtcp2_conn_handle_expiry(ctx->qconn, ts);
+  if(rv) {
+    failf(data, "ngtcp2_conn_handle_expiry returned error: %s",
+          ngtcp2_strerror(rv));
+    ngtcp2_connection_close_error_set_transport_error_liberr(&ctx->last_error,
+                                                             rv, NULL, 0);
+    return CURLE_SEND_ERROR;
+  }
+
+  if(ctx->q.num_blocked_pkt) {
+    curlcode = vquic_send_blocked_pkt(cf, data, &ctx->q);
+    if(curlcode) {
+      if(curlcode == CURLE_AGAIN) {
+        Curl_expire(data, 1, EXPIRE_QUIC);
+        return CURLE_OK;
+      }
+      return curlcode;
+    }
+  }
+
+  ngtcp2_path_storage_zero(&ps);
+
+  for(;;) {
+    veccnt = 0;
+    stream_id = -1;
+    fin = 0;
+
+    if(ctx->h3conn && ngtcp2_conn_get_max_data_left(ctx->qconn)) {
+      veccnt = nghttp3_conn_writev_stream(ctx->h3conn, &stream_id, &fin, vec,
+                                          sizeof(vec) / sizeof(vec[0]));
+      if(veccnt < 0) {
+        failf(data, "nghttp3_conn_writev_stream returned error: %s",
+              nghttp3_strerror((int)veccnt));
+        ngtcp2_connection_close_error_set_application_error(
+            &ctx->last_error,
+            nghttp3_err_infer_quic_app_error_code((int)veccnt), NULL, 0);
+        return CURLE_SEND_ERROR;
+      }
+    }
+
+    flags = NGTCP2_WRITE_STREAM_FLAG_MORE |
+            (fin ? NGTCP2_WRITE_STREAM_FLAG_FIN : 0);
+    outlen = ngtcp2_conn_writev_stream(ctx->qconn, &ps.path, NULL, outpos,
+                                       max_udp_payload_size,
+                                       &ndatalen, flags, stream_id,
+                                       (const ngtcp2_vec *)vec, veccnt, ts);
+    if(outlen == 0) {
+      /* ngtcp2 does not want to send more packets, if the buffer is
+       * not empty, send that now */
+      if(outpos != ctx->q.pktbuf) {
+        curlcode = vquic_send_packet(cf, data, &ctx->q, ctx->q.pktbuf,
+                               outpos - ctx->q.pktbuf, gsolen, &sent);
+        if(curlcode) {
+          if(curlcode == CURLE_AGAIN) {
+            vquic_push_blocked_pkt(cf, &ctx->q, ctx->q.pktbuf + sent,
+                                   outpos - ctx->q.pktbuf - sent,
+                                   gsolen);
+            Curl_expire(data, 1, EXPIRE_QUIC);
+            return CURLE_OK;
+          }
+          return curlcode;
+        }
+      }
+      /* done for now */
+      goto out;
+    }
+    if(outlen < 0) {
+      switch(outlen) {
+      case NGTCP2_ERR_STREAM_DATA_BLOCKED:
+        assert(ndatalen == -1);
+        nghttp3_conn_block_stream(ctx->h3conn, stream_id);
+        continue;
+      case NGTCP2_ERR_STREAM_SHUT_WR:
+        assert(ndatalen == -1);
+        nghttp3_conn_shutdown_stream_write(ctx->h3conn, stream_id);
+        continue;
+      case NGTCP2_ERR_WRITE_MORE:
+        /* ngtcp2 wants to send more. update the flow of the stream whose data
+         * is in the buffer and continue */
+        assert(ndatalen >= 0);
+        rv = nghttp3_conn_add_write_offset(ctx->h3conn, stream_id, ndatalen);
+        if(rv) {
+          failf(data, "nghttp3_conn_add_write_offset returned error: %s\n",
+                nghttp3_strerror(rv));
+          return CURLE_SEND_ERROR;
+        }
+        continue;
+      default:
+        assert(ndatalen == -1);
+        failf(data, "ngtcp2_conn_writev_stream returned error: %s",
+              ngtcp2_strerror((int)outlen));
+        ngtcp2_connection_close_error_set_transport_error_liberr(
+            &ctx->last_error, (int)outlen, NULL, 0);
+        return CURLE_SEND_ERROR;
+      }
+    }
+    else if(ndatalen >= 0) {
+      /* ngtcp2 thinks it has added all it wants. Update the stream  */
+      rv = nghttp3_conn_add_write_offset(ctx->h3conn, stream_id, ndatalen);
+      if(rv) {
+        failf(data, "nghttp3_conn_add_write_offset returned error: %s\n",
+              nghttp3_strerror(rv));
+        return CURLE_SEND_ERROR;
+      }
+    }
+
+    /* advance to the end of the buffered packet data */
+    outpos += outlen;
+
+    if(pktcnt == 0) {
+      /* first packet buffer chunk. use this as gsolen. It's how ngtcp2
+       * indicates the intended segment size. */
+      gsolen = outlen;
+    }
+    else if((size_t)outlen > gsolen ||
+            (gsolen > path_max_udp_payload_size && (size_t)outlen != gsolen)) {
+      /* Packet larger than path_max_udp_payload_size is PMTUD probe
+         packet and it might not be sent because of EMSGSIZE. Send
+         them separately to minimize the loss. */
+      /* send the pktbuf *before* the last addition */
+      curlcode = vquic_send_packet(cf, data, &ctx->q, ctx->q.pktbuf,
+                             outpos - outlen - ctx->q.pktbuf, gsolen, &sent);
+      if(curlcode) {
+        if(curlcode == CURLE_AGAIN) {
+          /* blocked, add the pktbuf *before* and *at* the last addition
+           * separately to the blocked packages */
+          vquic_push_blocked_pkt(cf, &ctx->q, ctx->q.pktbuf + sent,
+                           outpos - outlen - ctx->q.pktbuf - sent, gsolen);
+          vquic_push_blocked_pkt(cf, &ctx->q, outpos - outlen, outlen, outlen);
+          Curl_expire(data, 1, EXPIRE_QUIC);
+          return CURLE_OK;
+        }
+        return curlcode;
+      }
+      /* send the pktbuf *at* the last addition */
+      curlcode = vquic_send_packet(cf, data, &ctx->q, outpos - outlen, outlen,
+                                   outlen, &sent);
+      if(curlcode) {
+        if(curlcode == CURLE_AGAIN) {
+          assert(0 == sent);
+          vquic_push_blocked_pkt(cf, &ctx->q, outpos - outlen, outlen, outlen);
+          Curl_expire(data, 1, EXPIRE_QUIC);
+          return CURLE_OK;
+        }
+        return curlcode;
+      }
+      /* pktbuf has been completely sent */
+      pktcnt = 0;
+      outpos = ctx->q.pktbuf;
+      continue;
+    }
+
+    if(++pktcnt >= max_pktcnt || (size_t)outlen < gsolen) {
+      /* enough packets or last one is shorter than the intended
+       * segment size, indicating that it is time to send. */
+      curlcode = vquic_send_packet(cf, data, &ctx->q, ctx->q.pktbuf,
+                                   outpos - ctx->q.pktbuf, gsolen, &sent);
+      if(curlcode) {
+        if(curlcode == CURLE_AGAIN) {
+          vquic_push_blocked_pkt(cf, &ctx->q, ctx->q.pktbuf + sent,
+                                 outpos - ctx->q.pktbuf - sent, gsolen);
+          Curl_expire(data, 1, EXPIRE_QUIC);
+          return CURLE_OK;
+        }
+        return curlcode;
+      }
+      /* pktbuf has been completely sent */
+      pktcnt = 0;
+      outpos = ctx->q.pktbuf;
+    }
+  }
+
+out:
+  /* non-errored exit. check when we should run again. */
+  expiry = ngtcp2_conn_get_expiry(ctx->qconn);
+  if(expiry != UINT64_MAX) {
+    if(expiry <= ts) {
+      timeout = 0;
+    }
+    else {
+      timeout = expiry - ts;
+      if(timeout % NGTCP2_MILLISECONDS) {
+        timeout += NGTCP2_MILLISECONDS;
+      }
+    }
+    Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC);
+  }
+
+  return CURLE_OK;
+}
+
+/*
+ * Called from transfer.c:data_pending to know if we should keep looping
+ * to receive more data from the connection.
+ */
+static bool cf_ngtcp2_data_pending(struct Curl_cfilter *cf,
+                                   const struct Curl_easy *data)
+{
+  /* We may have received more data than we're able to hold in the receive
+     buffer and allocated an overflow buffer. Since it's possible that
+     there's no more data coming on the socket, we need to keep reading
+     until the overflow buffer is empty. */
+  const struct HTTP *stream = data->req.p.http;
+  (void)cf;
+  return Curl_dyn_len(&stream->overflow) > 0;
+}
+
+static CURLcode cf_ngtcp2_data_event(struct Curl_cfilter *cf,
+                                     struct Curl_easy *data,
+                                     int event, int arg1, void *arg2)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
+  (void)arg1;
+  (void)arg2;
+  switch(event) {
+  case CF_CTRL_DATA_DONE: {
+    struct HTTP *stream = data->req.p.http;
+    Curl_dyn_free(&stream->overflow);
+    free(stream->h3out);
+    break;
+  }
+  case CF_CTRL_DATA_DONE_SEND: {
+    struct HTTP *stream = data->req.p.http;
+    stream->upload_done = TRUE;
+    (void)nghttp3_conn_resume_stream(ctx->h3conn, stream->stream3_id);
+    break;
+  }
+  case CF_CTRL_DATA_IDLE:
+    if(timestamp() >= ngtcp2_conn_get_expiry(ctx->qconn)) {
+      if(cf_flush_egress(cf, data)) {
+        result = CURLE_SEND_ERROR;
+      }
+    }
+    break;
+  default:
+    break;
+  }
+  CF_DATA_RESTORE(cf, save);
+  return result;
+}
+
+static void cf_ngtcp2_ctx_clear(struct cf_ngtcp2_ctx *ctx)
+{
+  struct cf_call_data save = ctx->call_data;
+
+  if(ctx->qlogfd != -1) {
+    close(ctx->qlogfd);
+  }
+#ifdef USE_OPENSSL
+  if(ctx->ssl)
+    SSL_free(ctx->ssl);
+  if(ctx->sslctx)
+    SSL_CTX_free(ctx->sslctx);
+#elif defined(USE_GNUTLS)
+  if(ctx->gtls) {
+    if(ctx->gtls->cred)
+      gnutls_certificate_free_credentials(ctx->gtls->cred);
+    if(ctx->gtls->session)
+      gnutls_deinit(ctx->gtls->session);
+    free(ctx->gtls);
+  }
+#elif defined(USE_WOLFSSL)
+  if(ctx->ssl)
+    wolfSSL_free(ctx->ssl);
+  if(ctx->sslctx)
+    wolfSSL_CTX_free(ctx->sslctx);
+#endif
+  vquic_ctx_free(&ctx->q);
+  if(ctx->h3conn)
+    nghttp3_conn_del(ctx->h3conn);
+  if(ctx->qconn)
+    ngtcp2_conn_del(ctx->qconn);
+
+  memset(ctx, 0, sizeof(*ctx));
+  ctx->qlogfd = -1;
+  ctx->call_data = save;
+}
+
+static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
+  if(ctx && ctx->qconn) {
+    char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE];
+    ngtcp2_tstamp ts;
+    ngtcp2_ssize rc;
+
+    DEBUGF(LOG_CF(data, cf, "close"));
+    ts = timestamp();
+    rc = ngtcp2_conn_write_connection_close(ctx->qconn, NULL, /* path */
+                                            NULL, /* pkt_info */
+                                            (uint8_t *)buffer, sizeof(buffer),
+                                            &ctx->last_error, ts);
+    if(rc > 0) {
+      while((send(ctx->q.sockfd, buffer, (SEND_TYPE_ARG3)rc, 0) == -1) &&
+            SOCKERRNO == EINTR);
+    }
+
+    cf_ngtcp2_ctx_clear(ctx);
+  }
+
+  cf->connected = FALSE;
+  CF_DATA_RESTORE(cf, save);
+}
+
+static void cf_ngtcp2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
+  DEBUGF(LOG_CF(data, cf, "destroy"));
+  if(ctx) {
+    cf_ngtcp2_ctx_clear(ctx);
+    free(ctx);
+  }
+  cf->ctx = NULL;
+  /* No CF_DATA_RESTORE(cf, save) possible */
+  (void)save;
+}
+
+/*
+ * Might be called twice for happy eyeballs.
+ */
+static CURLcode cf_connect_start(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  int rc;
+  int rv;
+  CURLcode result;
+  const struct Curl_sockaddr_ex *sockaddr;
+  int qfd;
+
+  ctx->version = NGTCP2_PROTO_VER_MAX;
+#ifdef USE_OPENSSL
+  result = quic_ssl_ctx(&ctx->sslctx, cf, data);
+  if(result)
+    return result;
+
+  result = quic_set_client_cert(cf, data);
+  if(result)
+    return result;
+#elif defined(USE_WOLFSSL)
+  result = quic_ssl_ctx(&ctx->sslctx, cf, data);
+  if(result)
+    return result;
+#endif
+
+  result = quic_init_ssl(cf, data);
+  if(result)
+    return result;
+
+  ctx->dcid.datalen = NGTCP2_MAX_CIDLEN;
+  result = Curl_rand(data, ctx->dcid.data, NGTCP2_MAX_CIDLEN);
+  if(result)
+    return result;
+
+  ctx->scid.datalen = NGTCP2_MAX_CIDLEN;
+  result = Curl_rand(data, ctx->scid.data, NGTCP2_MAX_CIDLEN);
+  if(result)
+    return result;
+
+  (void)Curl_qlogdir(data, ctx->scid.data, NGTCP2_MAX_CIDLEN, &qfd);
+  ctx->qlogfd = qfd; /* -1 if failure above */
+  quic_settings(ctx, data);
+
+  result = vquic_ctx_init(&ctx->q,
+                          NGTCP2_MAX_PMTUD_UDP_PAYLOAD_SIZE * MAX_PKT_BURST);
+  if(result)
+    return result;
+
+  Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd,
+                      &sockaddr, NULL, NULL, NULL, NULL);
+  ctx->q.local_addrlen = sizeof(ctx->q.local_addr);
+  rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr,
+                   &ctx->q.local_addrlen);
+  if(rv == -1)
+    return CURLE_QUIC_CONNECT_ERROR;
+
+  ngtcp2_addr_init(&ctx->connected_path.local,
+                   (struct sockaddr *)&ctx->q.local_addr,
+                   ctx->q.local_addrlen);
+  ngtcp2_addr_init(&ctx->connected_path.remote,
+                   &sockaddr->sa_addr, sockaddr->addrlen);
+
+  rc = ngtcp2_conn_client_new(&ctx->qconn, &ctx->dcid, &ctx->scid,
+                              &ctx->connected_path,
+                              NGTCP2_PROTO_VER_V1, &ng_callbacks,
+                              &ctx->settings, &ctx->transport_params,
+                              NULL, cf);
+  if(rc)
+    return CURLE_QUIC_CONNECT_ERROR;
+
+#ifdef USE_GNUTLS
+  ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->gtls->session);
+#else
+  ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->ssl);
+#endif
+
+  ngtcp2_connection_close_error_default(&ctx->last_error);
+
+  ctx->conn_ref.get_conn = get_conn;
+  ctx->conn_ref.user_data = cf;
+
+  return CURLE_OK;
+}
+
+static CURLcode cf_ngtcp2_connect(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  bool blocking, bool *done)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+  struct cf_call_data save;
+  struct curltime now;
+
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  /* Connect the UDP filter first */
+  if(!cf->next->connected) {
+    result = Curl_conn_cf_connect(cf->next, data, blocking, done);
+    if(result || !*done)
+      return result;
+  }
+
+  *done = FALSE;
+  now = Curl_now();
+
+  CF_DATA_SAVE(save, cf, data);
+
+  if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) {
+    /* Not time yet to attempt the next connect */
+    DEBUGF(LOG_CF(data, cf, "waiting for reconnect time"));
+    goto out;
+  }
+
+  if(!ctx->qconn) {
+    ctx->started_at = now;
+    result = cf_connect_start(cf, data);
+    if(result)
+      goto out;
+    result = cf_flush_egress(cf, data);
+    /* we do not expect to be able to recv anything yet */
+    goto out;
+  }
+
+  result = cf_process_ingress(cf, data);
+  if(result)
+    goto out;
+
+  result = cf_flush_egress(cf, data);
+  if(result)
+    goto out;
+
+  if(ngtcp2_conn_get_handshake_completed(ctx->qconn)) {
+    ctx->handshake_at = now;
+    DEBUGF(LOG_CF(data, cf, "handshake complete after %dms",
+           (int)Curl_timediff(now, ctx->started_at)));
+    result = qng_verify_peer(cf, data);
+    if(!result) {
+      DEBUGF(LOG_CF(data, cf, "peer verified"));
+      cf->connected = TRUE;
+      cf->conn->alpn = CURL_HTTP_VERSION_3;
+      *done = TRUE;
+      connkeep(cf->conn, "HTTP/3 default");
+    }
+  }
+
+out:
+  if(result == CURLE_RECV_ERROR && ctx->qconn &&
+     ngtcp2_conn_is_in_draining_period(ctx->qconn)) {
+    /* When a QUIC server instance is shutting down, it may send us a
+     * CONNECTION_CLOSE right away. Our connection then enters the DRAINING
+     * state.
+     * This may be a stopping of the service or it may be that the server
+     * is reloading and a new instance will start serving soon.
+     * In any case, we tear down our socket and start over with a new one.
+     * We re-open the underlying UDP cf right now, but do not start
+     * connecting until called again.
+     */
+    int reconn_delay_ms = 200;
+
+    DEBUGF(LOG_CF(data, cf, "connect, remote closed, reconnect after %dms",
+                  reconn_delay_ms));
+    Curl_conn_cf_close(cf->next, data);
+    cf_ngtcp2_ctx_clear(ctx);
+    result = Curl_conn_cf_connect(cf->next, data, FALSE, done);
+    if(!result && *done) {
+      *done = FALSE;
+      ctx->reconnect_at = now;
+      ctx->reconnect_at.tv_usec += reconn_delay_ms * 1000;
+      Curl_expire(data, reconn_delay_ms, EXPIRE_QUIC);
+      result = CURLE_OK;
+    }
+  }
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  if(result) {
+    const char *r_ip;
+    int r_port;
+
+    Curl_cf_socket_peek(cf->next, data, NULL, NULL,
+                        &r_ip, &r_port, NULL, NULL);
+    infof(data, "QUIC connect to %s port %u failed: %s",
+          r_ip, r_port, curl_easy_strerror(result));
+  }
+#endif
+  DEBUGF(LOG_CF(data, cf, "connect -> %d, done=%d", result, *done));
+  CF_DATA_RESTORE(cf, save);
+  return result;
+}
+
+static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int query, int *pres1, void *pres2)
+{
+  struct cf_ngtcp2_ctx *ctx = cf->ctx;
+  struct cf_call_data save;
+
+  switch(query) {
+  case CF_QUERY_MAX_CONCURRENT: {
+    const ngtcp2_transport_params *rp;
+    DEBUGASSERT(pres1);
+
+    CF_DATA_SAVE(save, cf, data);
+    rp = ngtcp2_conn_get_remote_transport_params(ctx->qconn);
+    if(rp)
+      *pres1 = (rp->initial_max_streams_bidi > INT_MAX)?
+                 INT_MAX : (int)rp->initial_max_streams_bidi;
+    else  /* not arrived yet? */
+      *pres1 = Curl_multi_max_concurrent_streams(data->multi);
+    DEBUGF(LOG_CF(data, cf, "query max_conncurrent -> %d", *pres1));
+    CF_DATA_RESTORE(cf, save);
+    return CURLE_OK;
+  }
+  case CF_QUERY_CONNECT_REPLY_MS:
+    if(ctx->got_first_byte) {
+      timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at);
+      *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX;
+    }
+    else
+      *pres1 = -1;
+    return CURLE_OK;
+  case CF_QUERY_TIMER_CONNECT: {
+    struct curltime *when = pres2;
+    if(ctx->got_first_byte)
+      *when = ctx->first_byte_at;
+    return CURLE_OK;
+  }
+  case CF_QUERY_TIMER_APPCONNECT: {
+    struct curltime *when = pres2;
+    if(cf->connected)
+      *when = ctx->handshake_at;
+    return CURLE_OK;
+  }
+  default:
+    break;
+  }
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
+}
+
+static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf,
+                                    struct Curl_easy *data,
+                                    bool *input_pending)
+{
+  bool alive = TRUE;
+
+  *input_pending = FALSE;
+  if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
+    return FALSE;
+
+  if(*input_pending) {
+    /* This happens before we've sent off a request and the connection is
+       not in use by any other transfer, there shouldn't be any data here,
+       only "protocol frames" */
+    *input_pending = FALSE;
+    Curl_attach_connection(data, cf->conn);
+    if(cf_process_ingress(cf, data))
+      alive = FALSE;
+    else {
+      alive = TRUE;
+    }
+    Curl_detach_connection(data);
+  }
+
+  return alive;
+}
+
+struct Curl_cftype Curl_cft_http3 = {
+  "HTTP/3",
+  CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX,
+  0,
+  cf_ngtcp2_destroy,
+  cf_ngtcp2_connect,
+  cf_ngtcp2_close,
+  Curl_cf_def_get_host,
+  cf_ngtcp2_get_select_socks,
+  cf_ngtcp2_data_pending,
+  cf_ngtcp2_send,
+  cf_ngtcp2_recv,
+  cf_ngtcp2_data_event,
+  cf_ngtcp2_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_ngtcp2_query,
+};
+
+CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf,
+                               struct Curl_easy *data,
+                               struct connectdata *conn,
+                               const struct Curl_addrinfo *ai)
+{
+  struct cf_ngtcp2_ctx *ctx = NULL;
+  struct Curl_cfilter *cf = NULL, *udp_cf = NULL;
+  CURLcode result;
+
+  (void)data;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  ctx->qlogfd = -1;
+  cf_ngtcp2_ctx_clear(ctx);
+
+  result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
+  if(result)
+    goto out;
+
+  result = Curl_cf_udp_create(&udp_cf, data, conn, ai, TRNSPRT_QUIC);
+  if(result)
+    goto out;
+
+  cf->conn = conn;
+  udp_cf->conn = cf->conn;
+  udp_cf->sockindex = cf->sockindex;
+  cf->next = udp_cf;
+
+out:
+  *pcf = (!result)? cf : NULL;
+  if(result) {
+    if(udp_cf)
+      Curl_conn_cf_discard(udp_cf, data);
+    Curl_safefree(cf);
+    Curl_safefree(ctx);
+  }
+  return result;
+}
+
+bool Curl_conn_is_ngtcp2(const struct Curl_easy *data,
+                         const struct connectdata *conn,
+                         int sockindex)
+{
+  struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL;
+
+  (void)data;
+  for(; cf; cf = cf->next) {
+    if(cf->cft == &Curl_cft_http3)
+      return TRUE;
+    if(cf->cft->flags & CF_TYPE_IP_CONNECT)
+      return FALSE;
+  }
+  return FALSE;
+}
+
+#endif
diff --git a/lib/wildcard.c b/lib/vquic/curl_ngtcp2.h
index a3e24b678..8813ec9a7 100644
--- a/lib/wildcard.c
+++ b/lib/vquic/curl_ngtcp2.h
@@ -1,3 +1,5 @@
+#ifndef HEADER_CURL_VQUIC_CURL_NGTCP2_H
+#define HEADER_CURL_VQUIC_CURL_NGTCP2_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -5,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,52 +26,36 @@
 
 #include "curl_setup.h"
 
-#ifndef CURL_DISABLE_FTP
+#ifdef USE_NGTCP2
 
-#include "wildcard.h"
-#include "llist.h"
-#include "fileinfo.h"
-/* The last 3 #include files should be in this order */
-#include "curl_printf.h"
-#include "curl_memory.h"
-#include "memdebug.h"
+#ifdef HAVE_NETINET_UDP_H
+#include <netinet/udp.h>
+#endif
 
-static void fileinfo_dtor(void *user, void *element)
-{
-  (void)user;
-  Curl_fileinfo_cleanup(element);
-}
+#include <ngtcp2/ngtcp2_crypto.h>
+#include <nghttp3/nghttp3.h>
+#ifdef USE_OPENSSL
+#include <openssl/ssl.h>
+#elif defined(USE_WOLFSSL)
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/quic.h>
+#endif
 
-CURLcode Curl_wildcard_init(struct WildcardData *wc)
-{
-  Curl_llist_init(&wc->filelist, fileinfo_dtor);
-  wc->state = CURLWC_INIT;
+struct Curl_cfilter;
 
-  return CURLE_OK;
-}
+#include "urldata.h"
 
-void Curl_wildcard_dtor(struct WildcardData *wc)
-{
-  if(!wc)
-    return;
+void Curl_ngtcp2_ver(char *p, size_t len);
 
-  if(wc->dtor) {
-    wc->dtor(wc->protdata);
-    wc->dtor = ZERO_NULL;
-    wc->protdata = NULL;
-  }
-  DEBUGASSERT(wc->protdata == NULL);
+CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             struct connectdata *conn,
+                             const struct Curl_addrinfo *ai);
 
-  Curl_llist_destroy(&wc->filelist, NULL);
+bool Curl_conn_is_ngtcp2(const struct Curl_easy *data,
+                         const struct connectdata *conn,
+                         int sockindex);
+#endif
 
-
-  free(wc->path);
-  wc->path = NULL;
-  free(wc->pattern);
-  wc->pattern = NULL;
-
-  wc->customptr = NULL;
-  wc->state = CURLWC_INIT;
-}
-
-#endif /* if disabled */
+#endif /* HEADER_CURL_VQUIC_CURL_NGTCP2_H */
diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
new file mode 100644
index 000000000..87a221cc1
--- /dev/null
+++ b/lib/vquic/curl_quiche.c
@@ -0,0 +1,1464 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_QUICHE
+#include <quiche.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include "urldata.h"
+#include "cfilters.h"
+#include "cf-socket.h"
+#include "sendf.h"
+#include "strdup.h"
+#include "rand.h"
+#include "strcase.h"
+#include "multiif.h"
+#include "connect.h"
+#include "progress.h"
+#include "strerror.h"
+#include "vquic.h"
+#include "vquic_int.h"
+#include "curl_quiche.h"
+#include "transfer.h"
+#include "h2h3.h"
+#include "vtls/openssl.h"
+#include "vtls/keylog.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+
+#define QUIC_MAX_STREAMS (256*1024)
+#define QUIC_MAX_DATA (1*1024*1024)
+#define QUIC_IDLE_TIMEOUT (60 * 1000) /* milliseconds */
+
+/* how many UDP packets to send max in one call */
+#define MAX_PKT_BURST 10
+#define MAX_UDP_PAYLOAD_SIZE  1452
+
+/*
+ * Store quiche version info in this buffer.
+ */
+void Curl_quiche_ver(char *p, size_t len)
+{
+  (void)msnprintf(p, len, "quiche/%s", quiche_version());
+}
+
+static void keylog_callback(const SSL *ssl, const char *line)
+{
+  (void)ssl;
+  Curl_tls_keylog_write_line(line);
+}
+
+static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
+{
+  SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
+
+  SSL_CTX_set_alpn_protos(ssl_ctx,
+                          (const uint8_t *)QUICHE_H3_APPLICATION_PROTOCOL,
+                          sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1);
+
+  SSL_CTX_set_default_verify_paths(ssl_ctx);
+
+  /* Open the file if a TLS or QUIC backend has not done this before. */
+  Curl_tls_keylog_open();
+  if(Curl_tls_keylog_enabled()) {
+    SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
+  }
+
+  {
+    struct connectdata *conn = data->conn;
+    if(conn->ssl_config.verifypeer) {
+      const char * const ssl_cafile = conn->ssl_config.CAfile;
+      const char * const ssl_capath = conn->ssl_config.CApath;
+      if(ssl_cafile || ssl_capath) {
+        SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+        /* tell OpenSSL where to find CA certificates that are used to verify
+           the server's certificate. */
+        if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
+          /* Fail if we insist on successfully verifying the server. */
+          failf(data, "error setting certificate verify locations:"
+                "  CAfile: %s CApath: %s",
+                ssl_cafile ? ssl_cafile : "none",
+                ssl_capath ? ssl_capath : "none");
+          return NULL;
+        }
+        infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
+        infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
+      }
+#ifdef CURL_CA_FALLBACK
+      else {
+        /* verifying the peer without any CA certificates won't work so
+           use openssl's built-in default as fallback */
+        SSL_CTX_set_default_verify_paths(ssl_ctx);
+      }
+#endif
+    }
+  }
+  return ssl_ctx;
+}
+
+struct quic_handshake {
+  char *buf;       /* pointer to the buffer */
+  size_t alloclen; /* size of allocation */
+  size_t len;      /* size of content in buffer */
+  size_t nread;    /* how many bytes have been read */
+};
+
+struct h3_event_node {
+  struct h3_event_node *next;
+  quiche_h3_event *ev;
+};
+
+struct cf_quiche_ctx {
+  struct cf_quic_ctx q;
+  quiche_conn *qconn;
+  quiche_config *cfg;
+  quiche_h3_conn *h3c;
+  quiche_h3_config *h3config;
+  uint8_t scid[QUICHE_MAX_CONN_ID_LEN];
+  SSL_CTX *sslctx;
+  SSL *ssl;
+  struct curltime started_at;        /* time the current attempt started */
+  struct curltime handshake_at;      /* time connect handshake finished */
+  struct curltime first_byte_at;     /* when first byte was recvd */
+  struct curltime reconnect_at;      /* time the next attempt should start */
+  BIT(goaway);                       /* got GOAWAY from server */
+  BIT(got_first_byte);               /* if first byte was received */
+};
+
+
+#ifdef DEBUG_QUICHE
+static void quiche_debug_log(const char *line, void *argp)
+{
+  (void)argp;
+  fprintf(stderr, "%s\n", line);
+}
+#endif
+
+static void h3_clear_pending(struct Curl_easy *data)
+{
+  struct HTTP *stream = data->req.p.http;
+
+  if(stream->pending) {
+    struct h3_event_node *node, *next;
+    for(node = stream->pending; node; node = next) {
+      next = node->next;
+      quiche_h3_event_free(node->ev);
+      free(node);
+    }
+    stream->pending = NULL;
+  }
+}
+
+static void cf_quiche_ctx_clear(struct cf_quiche_ctx *ctx)
+{
+  if(ctx) {
+    vquic_ctx_free(&ctx->q);
+    if(ctx->qconn)
+      quiche_conn_free(ctx->qconn);
+    if(ctx->h3config)
+      quiche_h3_config_free(ctx->h3config);
+    if(ctx->h3c)
+      quiche_h3_conn_free(ctx->h3c);
+    if(ctx->cfg)
+      quiche_config_free(ctx->cfg);
+    memset(ctx, 0, sizeof(*ctx));
+  }
+}
+
+static void notify_drain(struct Curl_cfilter *cf,
+                         struct Curl_easy *data)
+{
+  (void)cf;
+  data->state.drain = 1;
+  Curl_expire(data, 0, EXPIRE_RUN_NOW);
+}
+
+static CURLcode h3_add_event(struct Curl_cfilter *cf,
+                             struct Curl_easy *data,
+                             int64_t stream3_id, quiche_h3_event *ev)
+{
+  struct Curl_easy *mdata;
+  struct h3_event_node *node, **pnext;
+
+  DEBUGASSERT(data->multi);
+  for(mdata = data->multi->easyp; mdata; mdata = mdata->next) {
+    if(mdata->req.p.http && mdata->req.p.http->stream3_id == stream3_id) {
+      break;
+    }
+  }
+
+  if(!mdata) {
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"] event discarded, easy handle "
+                  "not found", stream3_id));
+    quiche_h3_event_free(ev);
+    return CURLE_OK;
+  }
+
+  node = calloc(sizeof(*node), 1);
+  if(!node) {
+    quiche_h3_event_free(ev);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  node->ev = ev;
+  /* append to process them in order of arrival */
+  pnext = &mdata->req.p.http->pending;
+  while(*pnext) {
+    pnext = &((*pnext)->next);
+  }
+  *pnext = node;
+  notify_drain(cf, mdata);
+  return CURLE_OK;
+}
+
+struct h3h1header {
+  char *dest;
+  size_t destlen; /* left to use */
+  size_t nlen; /* used */
+};
+
+static int cb_each_header(uint8_t *name, size_t name_len,
+                          uint8_t *value, size_t value_len,
+                          void *argp)
+{
+  struct h3h1header *headers = (struct h3h1header *)argp;
+  size_t olen = 0;
+
+  if((name_len == 7) && !strncmp(H2H3_PSEUDO_STATUS, (char *)name, 7)) {
+    msnprintf(headers->dest,
+              headers->destlen, "HTTP/3 %.*s \r\n",
+              (int) value_len, value);
+  }
+  else if(!headers->nlen) {
+    return CURLE_HTTP3;
+  }
+  else {
+    msnprintf(headers->dest,
+              headers->destlen, "%.*s: %.*s\r\n",
+              (int)name_len, name, (int) value_len, value);
+  }
+  olen = strlen(headers->dest);
+  headers->destlen -= olen;
+  headers->nlen += olen;
+  headers->dest += olen;
+  return 0;
+}
+
+static ssize_t cf_recv_body(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                char *buf, size_t len,
+                                CURLcode *err)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  ssize_t nread;
+  size_t offset = 0;
+
+  if(!stream->firstbody) {
+    /* add a header-body separator CRLF */
+    offset = 2;
+  }
+  nread = quiche_h3_recv_body(ctx->h3c, ctx->qconn, stream->stream3_id,
+                              (unsigned char *)buf + offset, len - offset);
+  if(nread >= 0) {
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"][DATA] len=%zd",
+                  stream->stream3_id, nread));
+    if(!stream->firstbody) {
+      stream->firstbody = TRUE;
+      buf[0] = '\r';
+      buf[1] = '\n';
+      nread += offset;
+    }
+  }
+  else if(nread == -1) {
+    *err = CURLE_AGAIN;
+    stream->h3_recving_data = FALSE;
+  }
+  else {
+    failf(data, "Error %zd in HTTP/3 response body for stream[%"PRId64"]",
+          nread, stream->stream3_id);
+    stream->closed = TRUE;
+    stream->reset = TRUE;
+    streamclose(cf->conn, "Reset of stream");
+    stream->h3_recving_data = FALSE;
+    nread = -1;
+    *err = stream->h3_got_header? CURLE_PARTIAL_FILE : CURLE_RECV_ERROR;
+  }
+  return nread;
+}
+
+#ifdef DEBUGBUILD
+static const char *cf_ev_name(quiche_h3_event *ev)
+{
+  switch(quiche_h3_event_type(ev)) {
+  case QUICHE_H3_EVENT_HEADERS:
+    return "HEADERS";
+  case QUICHE_H3_EVENT_DATA:
+    return "DATA";
+  case QUICHE_H3_EVENT_RESET:
+    return "RESET";
+  case QUICHE_H3_EVENT_FINISHED:
+    return "FINISHED";
+  case QUICHE_H3_EVENT_GOAWAY:
+    return "GOAWAY";
+  default:
+    return "Unknown";
+  }
+}
+#else
+#define cf_ev_name(x)   ""
+#endif
+
+static ssize_t h3_process_event(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                char *buf, size_t len,
+                                int64_t stream3_id,
+                                quiche_h3_event *ev,
+                                CURLcode *err)
+{
+  struct HTTP *stream = data->req.p.http;
+  ssize_t recvd = 0;
+  int rc;
+  struct h3h1header headers;
+
+  DEBUGASSERT(stream3_id == stream->stream3_id);
+
+  *err = CURLE_OK;
+  switch(quiche_h3_event_type(ev)) {
+  case QUICHE_H3_EVENT_HEADERS:
+    stream->h3_got_header = TRUE;
+    headers.dest = buf;
+    headers.destlen = len;
+    headers.nlen = 0;
+    rc = quiche_h3_event_for_each_header(ev, cb_each_header, &headers);
+    if(rc) {
+      failf(data, "Error %d in HTTP/3 response header for stream[%"PRId64"]",
+            rc, stream3_id);
+      *err = CURLE_RECV_ERROR;
+      recvd = -1;
+      break;
+    }
+    recvd = headers.nlen;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"][HEADERS] len=%zd",
+                  stream3_id, recvd));
+    break;
+
+  case QUICHE_H3_EVENT_DATA:
+    DEBUGASSERT(!stream->closed);
+    stream->h3_recving_data = TRUE;
+    recvd = cf_recv_body(cf, data, buf, len, err);
+    if(recvd < 0) {
+      if(*err != CURLE_AGAIN)
+        return -1;
+      recvd = 0;
+    }
+    break;
+
+  case QUICHE_H3_EVENT_RESET:
+      DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"][RESET]", stream3_id));
+    stream->closed = TRUE;
+    stream->reset = TRUE;
+    /* streamclose(cf->conn, "Reset of stream");*/
+    stream->h3_recving_data = FALSE;
+    break;
+
+  case QUICHE_H3_EVENT_FINISHED:
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"][FINISHED]", stream3_id));
+    stream->closed = TRUE;
+    /* streamclose(cf->conn, "End of stream");*/
+    stream->h3_recving_data = FALSE;
+    break;
+
+  case QUICHE_H3_EVENT_GOAWAY:
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"][GOAWAY]", stream3_id));
+    break;
+
+  default:
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"] recv, unhandled event %d",
+                  stream3_id, quiche_h3_event_type(ev)));
+    break;
+  }
+  return recvd;
+}
+
+static ssize_t h3_process_pending(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  char *buf, size_t len,
+                                  CURLcode *err)
+{
+  struct HTTP *stream = data->req.p.http;
+  struct h3_event_node *node = stream->pending, **pnext = &stream->pending;
+  ssize_t recvd = 0, erecvd;
+
+  *err = CURLE_OK;
+  DEBUGASSERT(stream);
+  while(node && len) {
+    erecvd = h3_process_event(cf, data, buf, len,
+                              stream->stream3_id, node->ev, err);
+    quiche_h3_event_free(node->ev);
+    *pnext = node->next;
+    free(node);
+    node = *pnext;
+    if(erecvd < 0) {
+      DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"] process event -> %d",
+                    stream->stream3_id, *err));
+      return erecvd;
+    }
+    recvd += erecvd;
+    *err = CURLE_OK;
+    buf += erecvd;
+    len -= erecvd;
+  }
+  return recvd;
+}
+
+static CURLcode cf_process_ingress(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  int64_t stream3_id = data->req.p.http? data->req.p.http->stream3_id : -1;
+  uint8_t buf[65536];
+  int bufsize = (int)sizeof(buf);
+  struct sockaddr_storage remote_addr;
+  socklen_t remote_addrlen;
+  quiche_recv_info recv_info;
+  ssize_t recvd, nread;
+  ssize_t total = 0, pkts = 0;
+
+  DEBUGASSERT(ctx->qconn);
+
+  /* in case the timeout expired */
+  quiche_conn_on_timeout(ctx->qconn);
+
+  do {
+    remote_addrlen = sizeof(remote_addr);
+    while((recvd = recvfrom(ctx->q.sockfd, (char *)buf, bufsize, 0,
+                            (struct sockaddr *)&remote_addr,
+                            &remote_addrlen)) == -1 &&
+          SOCKERRNO == EINTR)
+      ;
+    if(recvd < 0) {
+      if((SOCKERRNO == EAGAIN) || (SOCKERRNO == EWOULDBLOCK)) {
+        break;
+      }
+      if(SOCKERRNO == ECONNREFUSED) {
+        const char *r_ip;
+        int r_port;
+        Curl_cf_socket_peek(cf->next, data, NULL, NULL,
+                            &r_ip, &r_port, NULL, NULL);
+        failf(data, "quiche: connection to %s:%u refused",
+              r_ip, r_port);
+        return CURLE_COULDNT_CONNECT;
+      }
+      failf(data, "quiche: recvfrom() unexpectedly returned %zd "
+            "(errno: %d, socket %d)", recvd, SOCKERRNO, ctx->q.sockfd);
+      return CURLE_RECV_ERROR;
+    }
+
+    total += recvd;
+    ++pkts;
+    if(recvd > 0 && !ctx->got_first_byte) {
+      ctx->first_byte_at = Curl_now();
+      ctx->got_first_byte = TRUE;
+    }
+    recv_info.from = (struct sockaddr *) &remote_addr;
+    recv_info.from_len = remote_addrlen;
+    recv_info.to = (struct sockaddr *) &ctx->q.local_addr;
+    recv_info.to_len = ctx->q.local_addrlen;
+
+    nread = quiche_conn_recv(ctx->qconn, buf, recvd, &recv_info);
+    if(nread < 0) {
+      if(QUICHE_ERR_DONE == nread) {
+        DEBUGF(LOG_CF(data, cf, "ingress, quiche is DONE"));
+        return CURLE_OK;
+      }
+      else if(QUICHE_ERR_TLS_FAIL == nread) {
+        long verify_ok = SSL_get_verify_result(ctx->ssl);
+        if(verify_ok != X509_V_OK) {
+          failf(data, "SSL certificate problem: %s",
+                X509_verify_cert_error_string(verify_ok));
+          return CURLE_PEER_FAILED_VERIFICATION;
+        }
+      }
+      else {
+        failf(data, "quiche_conn_recv() == %zd", nread);
+        return CURLE_RECV_ERROR;
+      }
+    }
+    else if(nread < recvd) {
+      DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] ingress, quiche only "
+                    "accepted %zd/%zd bytes",
+                    stream3_id, nread, recvd));
+    }
+
+  } while(pkts < 1000); /* arbitrary */
+
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] ingress, recvd %zd bytes "
+                "in %zd packets", stream3_id, total, pkts));
+  return CURLE_OK;
+}
+
+/*
+ * flush_egress drains the buffers and sends off data.
+ * Calls failf() on errors.
+ */
+static CURLcode cf_flush_egress(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  int64_t stream3_id = data->req.p.http? data->req.p.http->stream3_id : -1;
+  quiche_send_info send_info;
+  ssize_t outlen, total_len = 0;
+  size_t max_udp_payload_size =
+    quiche_conn_max_send_udp_payload_size(ctx->qconn);
+  size_t gsolen = max_udp_payload_size;
+  size_t sent, pktcnt = 0;
+  CURLcode result;
+  int64_t timeout_ns;
+
+  ctx->q.no_gso = TRUE;
+  if(ctx->q.num_blocked_pkt) {
+    result = vquic_send_blocked_pkt(cf, data, &ctx->q);
+    if(result) {
+      if(result == CURLE_AGAIN) {
+        DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] egress, still not "
+                      "able to send blocked packet", stream3_id));
+        Curl_expire(data, 1, EXPIRE_QUIC);
+        return CURLE_OK;
+      }
+      goto out;
+    }
+  }
+
+  for(;;) {
+    outlen = quiche_conn_send(ctx->qconn, ctx->q.pktbuf, max_udp_payload_size,
+                              &send_info);
+    if(outlen == QUICHE_ERR_DONE) {
+      result = CURLE_OK;
+      goto out;
+    }
+
+    if(outlen < 0) {
+      failf(data, "quiche_conn_send returned %zd", outlen);
+      result = CURLE_SEND_ERROR;
+      goto out;
+    }
+
+    /* send the pktbuf *before* the last addition */
+    result = vquic_send_packet(cf, data, &ctx->q, ctx->q.pktbuf,
+                               outlen, gsolen, &sent);
+    ++pktcnt;
+    total_len += outlen;
+    if(result) {
+      if(result == CURLE_AGAIN) {
+        /* blocked, add the pktbuf *before* and *at* the last addition
+         * separately to the blocked packages */
+        DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] egress, pushing blocked "
+                      "packet with %zd bytes", stream3_id, outlen));
+        vquic_push_blocked_pkt(cf, &ctx->q, ctx->q.pktbuf, outlen, gsolen);
+        Curl_expire(data, 1, EXPIRE_QUIC);
+        return CURLE_OK;
+      }
+      goto out;
+    }
+  }
+
+out:
+  timeout_ns = quiche_conn_timeout_as_nanos(ctx->qconn);
+  if(timeout_ns % 1000000)
+    timeout_ns += 1000000;
+    /* expire resolution is milliseconds */
+  Curl_expire(data, (timeout_ns / 1000000), EXPIRE_QUIC);
+  if(pktcnt)
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] egress, sent %zd packets "
+                  "with %zd bytes", stream3_id, pktcnt, total_len));
+  return result;
+}
+
+static ssize_t recv_closed_stream(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  CURLcode *err)
+{
+  struct HTTP *stream = data->req.p.http;
+  ssize_t nread = -1;
+
+  if(stream->reset) {
+    failf(data,
+          "HTTP/3 stream %" PRId64 " reset by server", stream->stream3_id);
+    *err = stream->h3_got_header? CURLE_PARTIAL_FILE : CURLE_RECV_ERROR;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv, was reset -> %d",
+                  stream->stream3_id, *err));
+    goto out;
+  }
+
+  if(!stream->h3_got_header) {
+    failf(data,
+          "HTTP/3 stream %" PRId64 " was closed cleanly, but before getting"
+          " all response header fields, treated as error",
+          stream->stream3_id);
+    /* *err = CURLE_PARTIAL_FILE; */
+    *err = CURLE_RECV_ERROR;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv, closed incomplete"
+                  " -> %d", stream->stream3_id, *err));
+    goto out;
+  }
+  else {
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_recv, closed ok"
+                  " -> %d", stream->stream3_id, *err));
+  }
+  *err = CURLE_OK;
+  nread = 0;
+
+out:
+  return nread;
+}
+
+static CURLcode cf_poll_events(struct Curl_cfilter *cf,
+                               struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  quiche_h3_event *ev;
+
+  /* Take in the events and distribute them to the transfers. */
+  while(1) {
+    int64_t stream3_id = quiche_h3_conn_poll(ctx->h3c, ctx->qconn, &ev);
+    if(stream3_id < 0) {
+      /* nothing more to do */
+      break;
+    }
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"] recv, queue event %s "
+                  "for [h3sid=%"PRId64"]",
+                  stream? stream->stream3_id : -1, cf_ev_name(ev),
+                  stream3_id));
+    if(h3_add_event(cf, data, stream3_id, ev) != CURLE_OK) {
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  return CURLE_OK;
+}
+
+static ssize_t cf_recv_transfer_data(struct Curl_cfilter *cf,
+                                     struct Curl_easy *data,
+                                      char *buf, size_t len,
+                                      CURLcode *err)
+{
+  struct HTTP *stream = data->req.p.http;
+  ssize_t recvd = -1;
+  size_t offset = 0;
+
+  if(stream->h3_recving_data) {
+    /* try receiving body first */
+    recvd = cf_recv_body(cf, data, buf, len, err);
+    if(recvd < 0) {
+      if(*err != CURLE_AGAIN)
+        return -1;
+      recvd = 0;
+    }
+    if(recvd > 0) {
+      offset = recvd;
+    }
+  }
+
+  if(offset < len && stream->pending) {
+    /* process any pending events for `data` first. if there are,
+     * return so the transfer can handle those. We do not want to
+     * progress ingress while events are pending here. */
+    recvd = h3_process_pending(cf, data, buf + offset, len - offset, err);
+    if(recvd < 0) {
+      if(*err != CURLE_AGAIN)
+        return -1;
+      recvd = 0;
+    }
+    if(recvd > 0) {
+      offset += recvd;
+    }
+  }
+
+  if(offset) {
+    *err = CURLE_OK;
+    return offset;
+  }
+  *err = CURLE_AGAIN;
+  return 0;
+}
+
+static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
+                              char *buf, size_t len, CURLcode *err)
+{
+  struct HTTP *stream = data->req.p.http;
+  ssize_t recvd = -1;
+
+  *err = CURLE_AGAIN;
+
+  recvd = cf_recv_transfer_data(cf, data, buf, len, err);
+  if(recvd)
+    goto out;
+  if(stream->closed) {
+    recvd = recv_closed_stream(cf, data, err);
+    goto out;
+  }
+
+  /* we did get nothing from the quiche buffers or pending events.
+   * Take in more data from the connection, any error is fatal */
+  if(cf_process_ingress(cf, data)) {
+    DEBUGF(LOG_CF(data, cf, "h3_stream_recv returns on ingress"));
+    *err = CURLE_RECV_ERROR;
+    recvd = -1;
+    goto out;
+  }
+  /* poll quiche and distribute the events to the transfers */
+  *err = cf_poll_events(cf, data);
+  if(*err) {
+    recvd = -1;
+    goto out;
+  }
+
+  /* try to receive again for this transfer */
+  recvd = cf_recv_transfer_data(cf, data, buf, len, err);
+  if(recvd)
+    goto out;
+  if(stream->closed) {
+    recvd = recv_closed_stream(cf, data, err);
+    goto out;
+  }
+  recvd = -1;
+  *err = CURLE_AGAIN;
+  data->state.drain = 0;
+
+out:
+  if(cf_flush_egress(cf, data)) {
+    DEBUGF(LOG_CF(data, cf, "cf_recv, flush egress failed"));
+    *err = CURLE_SEND_ERROR;
+    return -1;
+  }
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"] cf_recv -> %zd, err=%d",
+                stream->stream3_id, recvd, *err));
+  if(recvd > 0)
+    notify_drain(cf, data);
+  return recvd;
+}
+
+/* Index where :authority header field will appear in request header
+   field list. */
+#define AUTHORITY_DST_IDX 3
+
+static CURLcode cf_http_request(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                const void *mem,
+                                size_t len)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  size_t nheader;
+  int64_t stream3_id;
+  quiche_h3_header *nva = NULL;
+  CURLcode result = CURLE_OK;
+  struct h2h3req *hreq = NULL;
+
+  stream->h3req = TRUE; /* send off! */
+  stream->closed = FALSE;
+  stream->reset = FALSE;
+
+  result = Curl_pseudo_headers(data, mem, len, NULL, &hreq);
+  if(result)
+    goto fail;
+  nheader = hreq->entries;
+
+  nva = malloc(sizeof(quiche_h3_header) * nheader);
+  if(!nva) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto fail;
+  }
+  else {
+    unsigned int i;
+    for(i = 0; i < nheader; i++) {
+      nva[i].name = (unsigned char *)hreq->header[i].name;
+      nva[i].name_len = hreq->header[i].namelen;
+      nva[i].value = (unsigned char *)hreq->header[i].value;
+      nva[i].value_len = hreq->header[i].valuelen;
+    }
+  }
+
+  switch(data->state.httpreq) {
+  case HTTPREQ_POST:
+  case HTTPREQ_POST_FORM:
+  case HTTPREQ_POST_MIME:
+  case HTTPREQ_PUT:
+    if(data->state.infilesize != -1)
+      stream->upload_left = data->state.infilesize;
+    else
+      /* data sending without specifying the data amount up front */
+      stream->upload_left = -1; /* unknown, but not zero */
+
+    stream->upload_done = !stream->upload_left;
+    stream3_id = quiche_h3_send_request(ctx->h3c, ctx->qconn, nva, nheader,
+                                        stream->upload_done);
+    break;
+  default:
+    stream->upload_left = 0;
+    stream->upload_done = TRUE;
+    stream3_id = quiche_h3_send_request(ctx->h3c, ctx->qconn, nva, nheader,
+                                        TRUE);
+    break;
+  }
+
+  Curl_safefree(nva);
+
+  if(stream3_id < 0) {
+    if(QUICHE_H3_ERR_STREAM_BLOCKED == stream3_id) {
+      DEBUGF(LOG_CF(data, cf, "send_request(%s, body_len=%ld) rejected "
+                    "with H3_ERR_STREAM_BLOCKED",
+                    data->state.url, (long)stream->upload_left));
+      result = CURLE_AGAIN;
+      goto fail;
+    }
+    else {
+      DEBUGF(LOG_CF(data, cf, "send_request(%s, body_len=%ld) -> %" PRId64,
+                    data->state.url, (long)stream->upload_left, stream3_id));
+    }
+    result = CURLE_SEND_ERROR;
+    goto fail;
+  }
+
+  stream->stream3_id = stream3_id;
+  infof(data, "Using HTTP/3 Stream ID: %" PRId64 " (easy handle %p)",
+        stream3_id, (void *)data);
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] opened for %s",
+                stream3_id, data->state.url));
+
+  Curl_pseudo_free(hreq);
+  return CURLE_OK;
+
+fail:
+  free(nva);
+  Curl_pseudo_free(hreq);
+  return result;
+}
+
+static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+                              const void *buf, size_t len, CURLcode *err)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+  ssize_t nwritten;
+
+  DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] cf_send(len=%zu) start",
+                stream->h3req? stream->stream3_id : -1, len));
+  *err = cf_process_ingress(cf, data);
+  if(*err)
+    return -1;
+
+  if(!stream->h3req) {
+    CURLcode result = cf_http_request(cf, data, buf, len);
+    if(result) {
+      *err = result;
+      return -1;
+    }
+    nwritten = len;
+  }
+  else {
+    nwritten = quiche_h3_send_body(ctx->h3c, ctx->qconn, stream->stream3_id,
+                                   (uint8_t *)buf, len, FALSE);
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%" PRId64 "] send body(len=%zu) -> %zd",
+                  stream->stream3_id, len, nwritten));
+    if(nwritten == QUICHE_H3_ERR_DONE) {
+      /* no error, nothing to do (flow control?) */
+      *err = CURLE_AGAIN;
+      nwritten = -1;
+    }
+    else if(nwritten == QUICHE_H3_TRANSPORT_ERR_FINAL_SIZE) {
+      DEBUGF(LOG_CF(data, cf, "send_body(len=%zu) -> exceeds size", len));
+      *err = CURLE_SEND_ERROR;
+      nwritten = -1;
+    }
+    else if(nwritten < 0) {
+      DEBUGF(LOG_CF(data, cf, "send_body(len=%zu) -> SEND_ERROR", len));
+      *err = CURLE_SEND_ERROR;
+      nwritten = -1;
+    }
+    else {
+      *err = CURLE_OK;
+    }
+  }
+
+  if(cf_flush_egress(cf, data)) {
+    *err = CURLE_SEND_ERROR;
+    return -1;
+  }
+
+  return nwritten;
+}
+
+static bool stream_is_writeable(struct Curl_cfilter *cf,
+                                struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  struct HTTP *stream = data->req.p.http;
+
+  /* surely, there must be a better way */
+  quiche_stream_iter *qiter = quiche_conn_writable(ctx->qconn);
+  if(qiter) {
+    uint64_t stream_id;
+    while(quiche_stream_iter_next(qiter, &stream_id)) {
+      if(stream_id == (uint64_t)stream->stream3_id)
+        return TRUE;
+    }
+    quiche_stream_iter_free(qiter);
+  }
+  return FALSE;
+}
+
+static int cf_quiche_get_select_socks(struct Curl_cfilter *cf,
+                                      struct Curl_easy *data,
+                                      curl_socket_t *socks)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  struct SingleRequest *k = &data->req;
+  int rv = GETSOCK_BLANK;
+
+  socks[0] = ctx->q.sockfd;
+
+  /* in an HTTP/3 connection we can basically always get a frame so we should
+     always be ready for one */
+  rv |= GETSOCK_READSOCK(0);
+
+  /* we're still uploading or the HTTP/3 layer wants to send data */
+  if(((k->keepon & KEEP_SENDBITS) == KEEP_SEND)
+     && stream_is_writeable(cf, data))
+    rv |= GETSOCK_WRITESOCK(0);
+
+  return rv;
+}
+
+/*
+ * Called from transfer.c:data_pending to know if we should keep looping
+ * to receive more data from the connection.
+ */
+static bool cf_quiche_data_pending(struct Curl_cfilter *cf,
+                                   const struct Curl_easy *data)
+{
+  struct HTTP *stream = data->req.p.http;
+
+  if(stream->pending) {
+    DEBUGF(LOG_CF((struct Curl_easy *)data, cf,
+                   "[h3sid=%"PRId64"] has event pending", stream->stream3_id));
+    return TRUE;
+  }
+  if(stream->h3_recving_data) {
+    DEBUGF(LOG_CF((struct Curl_easy *)data, cf,
+                   "[h3sid=%"PRId64"] is receiving DATA", stream->stream3_id));
+    return TRUE;
+  }
+  if(data->state.drain) {
+    DEBUGF(LOG_CF((struct Curl_easy *)data, cf,
+                   "[h3sid=%"PRId64"] is draining", stream->stream3_id));
+    return TRUE;
+  }
+  return FALSE;
+}
+
+static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf,
+                                     struct Curl_easy *data,
+                                     int event, int arg1, void *arg2)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+
+  (void)arg1;
+  (void)arg2;
+  switch(event) {
+  case CF_CTRL_DATA_DONE: {
+    struct HTTP *stream = data->req.p.http;
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"] easy handle is %s",
+                  stream->stream3_id, arg1? "cancelled" : "done"));
+    h3_clear_pending(data);
+    break;
+  }
+  case CF_CTRL_DATA_DONE_SEND: {
+    struct HTTP *stream = data->req.p.http;
+    ssize_t sent;
+    stream->upload_done = TRUE;
+    sent = quiche_h3_send_body(ctx->h3c, ctx->qconn, stream->stream3_id,
+                               NULL, 0, TRUE);
+    DEBUGF(LOG_CF(data, cf, "[h3sid=%"PRId64"] send_body FINISHED",
+                  stream->stream3_id));
+    if(sent < 0)
+      return CURLE_SEND_ERROR;
+    break;
+  }
+  case CF_CTRL_DATA_IDLE:
+    /* anything to do? */
+    break;
+  default:
+    break;
+  }
+  return result;
+}
+
+static CURLcode cf_verify_peer(struct Curl_cfilter *cf,
+                               struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+
+  cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+  cf->conn->httpversion = 30;
+  cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+
+  if(cf->conn->ssl_config.verifyhost) {
+    X509 *server_cert;
+    server_cert = SSL_get_peer_certificate(ctx->ssl);
+    if(!server_cert) {
+      result = CURLE_PEER_FAILED_VERIFICATION;
+      goto out;
+    }
+    result = Curl_ossl_verifyhost(data, cf->conn, server_cert);
+    X509_free(server_cert);
+    if(result)
+      goto out;
+  }
+  else
+    DEBUGF(LOG_CF(data, cf, "Skipped certificate verification"));
+
+  ctx->h3config = quiche_h3_config_new();
+  if(!ctx->h3config) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+  /* Create a new HTTP/3 connection on the QUIC connection. */
+  ctx->h3c = quiche_h3_conn_new_with_transport(ctx->qconn, ctx->h3config);
+  if(!ctx->h3c) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  if(data->set.ssl.certinfo)
+    /* asked to gather certificate info */
+    (void)Curl_ossl_certchain(data, ctx->ssl);
+
+out:
+  if(result) {
+    if(ctx->h3config) {
+      quiche_h3_config_free(ctx->h3config);
+      ctx->h3config = NULL;
+    }
+    if(ctx->h3c) {
+      quiche_h3_conn_free(ctx->h3c);
+      ctx->h3c = NULL;
+    }
+  }
+  return result;
+}
+
+static CURLcode cf_connect_start(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  int rv;
+  CURLcode result;
+  const struct Curl_sockaddr_ex *sockaddr;
+
+  DEBUGASSERT(ctx->q.sockfd != CURL_SOCKET_BAD);
+
+#ifdef DEBUG_QUICHE
+  /* initialize debug log callback only once */
+  static int debug_log_init = 0;
+  if(!debug_log_init) {
+    quiche_enable_debug_logging(quiche_debug_log, NULL);
+    debug_log_init = 1;
+  }
+#endif
+
+  result = vquic_ctx_init(&ctx->q, MAX_UDP_PAYLOAD_SIZE * MAX_PKT_BURST);
+  if(result)
+    return result;
+
+  ctx->cfg = quiche_config_new(QUICHE_PROTOCOL_VERSION);
+  if(!ctx->cfg) {
+    failf(data, "can't create quiche config");
+    return CURLE_FAILED_INIT;
+  }
+  quiche_config_set_max_idle_timeout(ctx->cfg, QUIC_IDLE_TIMEOUT);
+  quiche_config_set_initial_max_data(ctx->cfg, QUIC_MAX_DATA);
+  quiche_config_set_initial_max_stream_data_bidi_local(
+    ctx->cfg, QUIC_MAX_DATA);
+  quiche_config_set_initial_max_stream_data_bidi_remote(
+    ctx->cfg, QUIC_MAX_DATA);
+  quiche_config_set_initial_max_stream_data_uni(ctx->cfg, QUIC_MAX_DATA);
+  quiche_config_set_initial_max_streams_bidi(ctx->cfg, QUIC_MAX_STREAMS);
+  quiche_config_set_initial_max_streams_uni(ctx->cfg, QUIC_MAX_STREAMS);
+  quiche_config_set_application_protos(ctx->cfg,
+                                       (uint8_t *)
+                                       QUICHE_H3_APPLICATION_PROTOCOL,
+                                       sizeof(QUICHE_H3_APPLICATION_PROTOCOL)
+                                       - 1);
+
+  DEBUGASSERT(!ctx->ssl);
+  DEBUGASSERT(!ctx->sslctx);
+  ctx->sslctx = quic_ssl_ctx(data);
+  if(!ctx->sslctx)
+    return CURLE_QUIC_CONNECT_ERROR;
+  ctx->ssl = SSL_new(ctx->sslctx);
+  if(!ctx->ssl)
+    return CURLE_QUIC_CONNECT_ERROR;
+
+  SSL_set_app_data(ctx->ssl, cf);
+  SSL_set_tlsext_host_name(ctx->ssl, cf->conn->host.name);
+
+  result = Curl_rand(data, ctx->scid, sizeof(ctx->scid));
+  if(result)
+    return result;
+
+  Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd,
+                      &sockaddr, NULL, NULL, NULL, NULL);
+  ctx->q.local_addrlen = sizeof(ctx->q.local_addr);
+  rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr,
+                   &ctx->q.local_addrlen);
+  if(rv == -1)
+    return CURLE_QUIC_CONNECT_ERROR;
+
+  ctx->qconn = quiche_conn_new_with_tls((const uint8_t *)ctx->scid,
+                                      sizeof(ctx->scid), NULL, 0,
+                                      (struct sockaddr *)&ctx->q.local_addr,
+                                      ctx->q.local_addrlen,
+                                      &sockaddr->sa_addr, sockaddr->addrlen,
+                                      ctx->cfg, ctx->ssl, false);
+  if(!ctx->qconn) {
+    failf(data, "can't create quiche connection");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Known to not work on Windows */
+#if !defined(WIN32) && defined(HAVE_QUICHE_CONN_SET_QLOG_FD)
+  {
+    int qfd;
+    (void)Curl_qlogdir(data, ctx->scid, sizeof(ctx->scid), &qfd);
+    if(qfd != -1)
+      quiche_conn_set_qlog_fd(ctx->qconn, qfd,
+                              "qlog title", "curl qlog");
+  }
+#endif
+
+  result = cf_flush_egress(cf, data);
+  if(result)
+    return result;
+
+  {
+    unsigned char alpn_protocols[] = QUICHE_H3_APPLICATION_PROTOCOL;
+    unsigned alpn_len, offset = 0;
+
+    /* Replace each ALPN length prefix by a comma. */
+    while(offset < sizeof(alpn_protocols) - 1) {
+      alpn_len = alpn_protocols[offset];
+      alpn_protocols[offset] = ',';
+      offset += 1 + alpn_len;
+    }
+
+    DEBUGF(LOG_CF(data, cf, "Sent QUIC client Initial, ALPN: %s",
+                   alpn_protocols + 1));
+  }
+
+  return CURLE_OK;
+}
+
+static CURLcode cf_quiche_connect(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  bool blocking, bool *done)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+  CURLcode result = CURLE_OK;
+  struct curltime now;
+
+  if(cf->connected) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  /* Connect the UDP filter first */
+  if(!cf->next->connected) {
+    result = Curl_conn_cf_connect(cf->next, data, blocking, done);
+    if(result || !*done)
+      return result;
+  }
+
+  *done = FALSE;
+  now = Curl_now();
+
+  if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) {
+    /* Not time yet to attempt the next connect */
+    DEBUGF(LOG_CF(data, cf, "waiting for reconnect time"));
+    goto out;
+  }
+
+  if(!ctx->qconn) {
+    result = cf_connect_start(cf, data);
+    if(result)
+      goto out;
+    ctx->started_at = now;
+    result = cf_flush_egress(cf, data);
+    /* we do not expect to be able to recv anything yet */
+    goto out;
+  }
+
+  result = cf_process_ingress(cf, data);
+  if(result)
+    goto out;
+
+  result = cf_flush_egress(cf, data);
+  if(result)
+    goto out;
+
+  if(quiche_conn_is_established(ctx->qconn)) {
+    DEBUGF(LOG_CF(data, cf, "handshake complete after %dms",
+           (int)Curl_timediff(now, ctx->started_at)));
+    ctx->handshake_at = now;
+    result = cf_verify_peer(cf, data);
+    if(!result) {
+      DEBUGF(LOG_CF(data, cf, "peer verified"));
+      cf->connected = TRUE;
+      cf->conn->alpn = CURL_HTTP_VERSION_3;
+      *done = TRUE;
+      connkeep(cf->conn, "HTTP/3 default");
+    }
+  }
+  else if(quiche_conn_is_draining(ctx->qconn)) {
+    /* When a QUIC server instance is shutting down, it may send us a
+     * CONNECTION_CLOSE right away. Our connection then enters the DRAINING
+     * state.
+     * This may be a stopping of the service or it may be that the server
+     * is reloading and a new instance will start serving soon.
+     * In any case, we tear down our socket and start over with a new one.
+     * We re-open the underlying UDP cf right now, but do not start
+     * connecting until called again.
+     */
+    int reconn_delay_ms = 200;
+
+    DEBUGF(LOG_CF(data, cf, "connect, remote closed, reconnect after %dms",
+                  reconn_delay_ms));
+    Curl_conn_cf_close(cf->next, data);
+    cf_quiche_ctx_clear(ctx);
+    result = Curl_conn_cf_connect(cf->next, data, FALSE, done);
+    if(!result && *done) {
+      *done = FALSE;
+      ctx->reconnect_at = Curl_now();
+      ctx->reconnect_at.tv_usec += reconn_delay_ms * 1000;
+      Curl_expire(data, reconn_delay_ms, EXPIRE_QUIC);
+      result = CURLE_OK;
+    }
+  }
+
+out:
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+  if(result && result != CURLE_AGAIN) {
+    const char *r_ip;
+    int r_port;
+
+    Curl_cf_socket_peek(cf->next, data, NULL, NULL,
+                        &r_ip, &r_port, NULL, NULL);
+    infof(data, "connect to %s port %u failed: %s",
+          r_ip, r_port, curl_easy_strerror(result));
+  }
+#endif
+  return result;
+}
+
+static void cf_quiche_close(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+
+  (void)data;
+  if(ctx) {
+    if(ctx->qconn) {
+      (void)quiche_conn_close(ctx->qconn, TRUE, 0, NULL, 0);
+      /* flushing the egress is not a failsafe way to deliver all the
+         outstanding packets, but we also don't want to get stuck here... */
+      (void)cf_flush_egress(cf, data);
+    }
+    cf_quiche_ctx_clear(ctx);
+  }
+}
+
+static void cf_quiche_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+
+  (void)data;
+  cf_quiche_ctx_clear(ctx);
+  free(ctx);
+  cf->ctx = NULL;
+}
+
+static CURLcode cf_quiche_query(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                int query, int *pres1, void *pres2)
+{
+  struct cf_quiche_ctx *ctx = cf->ctx;
+
+  switch(query) {
+  case CF_QUERY_MAX_CONCURRENT: {
+    uint64_t max_streams = CONN_INUSE(cf->conn);
+    if(!ctx->goaway) {
+      max_streams += quiche_conn_peer_streams_left_bidi(ctx->qconn);
+    }
+    *pres1 = (max_streams > INT_MAX)? INT_MAX : (int)max_streams;
+    DEBUGF(LOG_CF(data, cf, "query: MAX_CONCURRENT -> %d", *pres1));
+    return CURLE_OK;
+  }
+  case CF_QUERY_CONNECT_REPLY_MS:
+    if(ctx->got_first_byte) {
+      timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at);
+      *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX;
+    }
+    else
+      *pres1 = -1;
+    return CURLE_OK;
+  case CF_QUERY_TIMER_CONNECT: {
+    struct curltime *when = pres2;
+    if(ctx->got_first_byte)
+      *when = ctx->first_byte_at;
+    return CURLE_OK;
+  }
+  case CF_QUERY_TIMER_APPCONNECT: {
+    struct curltime *when = pres2;
+    if(cf->connected)
+      *when = ctx->handshake_at;
+    return CURLE_OK;
+  }
+  default:
+    break;
+  }
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
+}
+
+static bool cf_quiche_conn_is_alive(struct Curl_cfilter *cf,
+                                    struct Curl_easy *data,
+                                    bool *input_pending)
+{
+  bool alive = TRUE;
+
+  *input_pending = FALSE;
+  if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
+    return FALSE;
+
+  if(*input_pending) {
+    /* This happens before we've sent off a request and the connection is
+       not in use by any other transfer, there shouldn't be any data here,
+       only "protocol frames" */
+    *input_pending = FALSE;
+    Curl_attach_connection(data, cf->conn);
+    if(cf_process_ingress(cf, data))
+      alive = FALSE;
+    else {
+      alive = TRUE;
+    }
+    Curl_detach_connection(data);
+  }
+
+  return alive;
+}
+
+struct Curl_cftype Curl_cft_http3 = {
+  "HTTP/3",
+  CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX,
+  0,
+  cf_quiche_destroy,
+  cf_quiche_connect,
+  cf_quiche_close,
+  Curl_cf_def_get_host,
+  cf_quiche_get_select_socks,
+  cf_quiche_data_pending,
+  cf_quiche_send,
+  cf_quiche_recv,
+  cf_quiche_data_event,
+  cf_quiche_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  cf_quiche_query,
+};
+
+CURLcode Curl_cf_quiche_create(struct Curl_cfilter **pcf,
+                               struct Curl_easy *data,
+                               struct connectdata *conn,
+                               const struct Curl_addrinfo *ai)
+{
+  struct cf_quiche_ctx *ctx = NULL;
+  struct Curl_cfilter *cf = NULL, *udp_cf = NULL;
+  CURLcode result;
+
+  (void)data;
+  (void)conn;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+
+  result = Curl_cf_create(&cf, &Curl_cft_http3, ctx);
+  if(result)
+    goto out;
+
+  result = Curl_cf_udp_create(&udp_cf, data, conn, ai, TRNSPRT_QUIC);
+  if(result)
+    goto out;
+
+  udp_cf->conn = cf->conn;
+  udp_cf->sockindex = cf->sockindex;
+  cf->next = udp_cf;
+
+out:
+  *pcf = (!result)? cf : NULL;
+  if(result) {
+    if(udp_cf)
+      Curl_conn_cf_discard(udp_cf, data);
+    Curl_safefree(cf);
+    Curl_safefree(ctx);
+  }
+
+  return result;
+}
+
+bool Curl_conn_is_quiche(const struct Curl_easy *data,
+                         const struct connectdata *conn,
+                         int sockindex)
+{
+  struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL;
+
+  (void)data;
+  for(; cf; cf = cf->next) {
+    if(cf->cft == &Curl_cft_http3)
+      return TRUE;
+    if(cf->cft->flags & CF_TYPE_IP_CONNECT)
+      return FALSE;
+  }
+  return FALSE;
+}
+
+#endif
diff --git a/lib/vquic/quiche.h b/lib/vquic/curl_quiche.h
index 2da65f5f4..bce781c1b 100644
--- a/lib/vquic/quiche.h
+++ b/lib/vquic/curl_quiche.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_VQUIC_QUICHE_H
-#define HEADER_CURL_VQUIC_QUICHE_H
+#ifndef HEADER_CURL_VQUIC_CURL_QUICHE_H
+#define HEADER_CURL_VQUIC_CURL_QUICHE_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -31,28 +31,20 @@
 #include <quiche.h>
 #include <openssl/ssl.h>
 
-struct quic_handshake {
-  char *buf;       /* pointer to the buffer */
-  size_t alloclen; /* size of allocation */
-  size_t len;      /* size of content in buffer */
-  size_t nread;    /* how many bytes have been read */
-};
-
-struct quicsocket {
-  quiche_config *cfg;
-  quiche_conn *conn;
-  quiche_h3_conn *h3c;
-  quiche_h3_config *h3config;
-  uint8_t scid[QUICHE_MAX_CONN_ID_LEN];
-  curl_socket_t sockfd;
-  uint32_t version;
-  SSL_CTX *sslctx;
-  SSL *ssl;
-  bool h3_recving; /* TRUE when in h3-body-reading state */
-  struct sockaddr_storage local_addr;
-  socklen_t local_addrlen;
-};
+struct Curl_cfilter;
+struct Curl_easy;
+
+void Curl_quiche_ver(char *p, size_t len);
+
+CURLcode Curl_cf_quiche_create(struct Curl_cfilter **pcf,
+                               struct Curl_easy *data,
+                               struct connectdata *conn,
+                               const struct Curl_addrinfo *ai);
+
+bool Curl_conn_is_quiche(const struct Curl_easy *data,
+                         const struct connectdata *conn,
+                         int sockindex);
 
 #endif
 
-#endif /* HEADER_CURL_VQUIC_QUICHE_H */
+#endif /* HEADER_CURL_VQUIC_CURL_QUICHE_H */
diff --git a/lib/vquic/msh3.c b/lib/vquic/msh3.c
deleted file mode 100644
index c3e58e726..000000000
--- a/lib/vquic/msh3.c
+++ /dev/null
@@ -1,527 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_MSH3
-
-#include "urldata.h"
-#include "timeval.h"
-#include "multiif.h"
-#include "sendf.h"
-#include "connect.h"
-#include "h2h3.h"
-#include "msh3.h"
-
-/* The last 3 #include files should be in this order */
-#include "curl_printf.h"
-#include "curl_memory.h"
-#include "memdebug.h"
-
-/* #define DEBUG_HTTP3 1 */
-#ifdef DEBUG_HTTP3
-#define H3BUGF(x) x
-#else
-#define H3BUGF(x) do { } while(0)
-#endif
-
-#define MSH3_REQ_INIT_BUF_LEN 8192
-
-static CURLcode msh3_do_it(struct Curl_easy *data, bool *done);
-static int msh3_getsock(struct Curl_easy *data,
-                        struct connectdata *conn, curl_socket_t *socks);
-static CURLcode msh3_disconnect(struct Curl_easy *data,
-                                struct connectdata *conn,
-                                bool dead_connection);
-static unsigned int msh3_conncheck(struct Curl_easy *data,
-                                   struct connectdata *conn,
-                                   unsigned int checks_to_perform);
-static Curl_recv msh3_stream_recv;
-static Curl_send msh3_stream_send;
-static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request,
-                                           void *IfContext,
-                                           const MSH3_HEADER *Header);
-static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request,
-                                        void *IfContext, uint32_t Length,
-                                        const uint8_t *Data);
-static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext,
-                                    bool Aborted, uint64_t AbortError);
-static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext);
-
-static const struct Curl_handler msh3_curl_handler_http3 = {
-  "HTTPS",                              /* scheme */
-  ZERO_NULL,                            /* setup_connection */
-  msh3_do_it,                           /* do_it */
-  Curl_http_done,                       /* done */
-  ZERO_NULL,                            /* do_more */
-  ZERO_NULL,                            /* connect_it */
-  ZERO_NULL,                            /* connecting */
-  ZERO_NULL,                            /* doing */
-  msh3_getsock,                         /* proto_getsock */
-  msh3_getsock,                         /* doing_getsock */
-  ZERO_NULL,                            /* domore_getsock */
-  msh3_getsock,                         /* perform_getsock */
-  msh3_disconnect,                      /* disconnect */
-  ZERO_NULL,                            /* readwrite */
-  msh3_conncheck,                       /* connection_check */
-  ZERO_NULL,                            /* attach connection */
-  PORT_HTTP,                            /* defport */
-  CURLPROTO_HTTPS,                      /* protocol */
-  CURLPROTO_HTTP,                       /* family */
-  PROTOPT_SSL | PROTOPT_STREAM          /* flags */
-};
-
-static const MSH3_REQUEST_IF msh3_request_if = {
-  msh3_header_received,
-  msh3_data_received,
-  msh3_complete,
-  msh3_shutdown
-};
-
-void Curl_quic_ver(char *p, size_t len)
-{
-  uint32_t v[4];
-  MsH3Version(v);
-  (void)msnprintf(p, len, "msh3/%d.%d.%d.%d", v[0], v[1], v[2], v[3]);
-}
-
-CURLcode Curl_quic_connect(struct Curl_easy *data,
-                           struct connectdata *conn,
-                           curl_socket_t sockfd,
-                           int sockindex,
-                           const struct sockaddr *addr,
-                           socklen_t addrlen)
-{
-  struct quicsocket *qs = &conn->hequic[sockindex];
-  bool insecure = !conn->ssl_config.verifypeer;
-  memset(qs, 0, sizeof(*qs));
-
-  (void)sockfd;
-  (void)addr; /* TODO - Pass address along */
-  (void)addrlen;
-
-  H3BUGF(infof(data, "creating new api/connection"));
-
-  qs->api = MsH3ApiOpen();
-  if(!qs->api) {
-    failf(data, "can't create msh3 api");
-    return CURLE_FAILED_INIT;
-  }
-
-  qs->conn = MsH3ConnectionOpen(qs->api,
-                                conn->host.name,
-                                (uint16_t)conn->remote_port,
-                                insecure);
-  if(!qs->conn) {
-    failf(data, "can't create msh3 connection");
-    if(qs->api) {
-      MsH3ApiClose(qs->api);
-    }
-    return CURLE_FAILED_INIT;
-  }
-
-  return CURLE_OK;
-}
-
-CURLcode Curl_quic_is_connected(struct Curl_easy *data,
-                                struct connectdata *conn,
-                                int sockindex,
-                                bool *connected)
-{
-  struct quicsocket *qs = &conn->hequic[sockindex];
-  MSH3_CONNECTION_STATE state;
-
-  state = MsH3ConnectionGetState(qs->conn, false);
-  if(state == MSH3_CONN_HANDSHAKE_FAILED || state == MSH3_CONN_DISCONNECTED) {
-    failf(data, "failed to connect, state=%u", (uint32_t)state);
-    return CURLE_COULDNT_CONNECT;
-  }
-
-  if(state == MSH3_CONN_CONNECTED) {
-    H3BUGF(infof(data, "connection connected"));
-    *connected = true;
-    conn->quic = qs;
-    conn->recv[sockindex] = msh3_stream_recv;
-    conn->send[sockindex] = msh3_stream_send;
-    conn->handler = &msh3_curl_handler_http3;
-    conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
-    conn->httpversion = 30;
-    conn->bundle->multiuse = BUNDLE_MULTIPLEX;
-    /* TODO - Clean up other happy-eyeballs connection(s)? */
-  }
-
-  return CURLE_OK;
-}
-
-static int msh3_getsock(struct Curl_easy *data,
-                        struct connectdata *conn, curl_socket_t *socks)
-{
-  struct HTTP *stream = data->req.p.http;
-  int bitmap = GETSOCK_BLANK;
-
-  socks[0] = conn->sock[FIRSTSOCKET];
-
-  if(stream->recv_error) {
-    bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
-    data->state.drain++;
-  }
-  else if(stream->recv_header_len || stream->recv_data_len) {
-    bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
-    data->state.drain++;
-  }
-
-  H3BUGF(infof(data, "msh3_getsock %u", (uint32_t)data->state.drain));
-
-  return bitmap;
-}
-
-static CURLcode msh3_do_it(struct Curl_easy *data, bool *done)
-{
-  struct HTTP *stream = data->req.p.http;
-  H3BUGF(infof(data, "msh3_do_it"));
-  stream->recv_buf = malloc(MSH3_REQ_INIT_BUF_LEN);
-  if(!stream->recv_buf) {
-    return CURLE_OUT_OF_MEMORY;
-  }
-  stream->req = ZERO_NULL;
-  msh3_lock_initialize(&stream->recv_lock);
-  stream->recv_buf_alloc = MSH3_REQ_INIT_BUF_LEN;
-  stream->recv_header_len = 0;
-  stream->recv_header_complete = false;
-  stream->recv_data_len = 0;
-  stream->recv_data_complete = false;
-  stream->recv_error = CURLE_OK;
-  return Curl_http(data, done);
-}
-
-static unsigned int msh3_conncheck(struct Curl_easy *data,
-                                   struct connectdata *conn,
-                                   unsigned int checks_to_perform)
-{
-  (void)data;
-  (void)conn;
-  (void)checks_to_perform;
-  H3BUGF(infof(data, "msh3_conncheck"));
-  return CONNRESULT_NONE;
-}
-
-static void disconnect(struct quicsocket *qs)
-{
-  if(qs->conn) {
-    MsH3ConnectionClose(qs->conn);
-    qs->conn = ZERO_NULL;
-  }
-  if(qs->api) {
-    MsH3ApiClose(qs->api);
-    qs->api = ZERO_NULL;
-  }
-}
-
-static CURLcode msh3_disconnect(struct Curl_easy *data,
-                                struct connectdata *conn, bool dead_connection)
-{
-  (void)data;
-  (void)dead_connection;
-  H3BUGF(infof(data, "disconnecting (msh3)"));
-  disconnect(conn->quic);
-  return CURLE_OK;
-}
-
-void Curl_quic_disconnect(struct Curl_easy *data, struct connectdata *conn,
-                          int tempindex)
-{
-  (void)data;
-  if(conn->transport == TRNSPRT_QUIC) {
-    H3BUGF(infof(data, "disconnecting QUIC index %u", tempindex));
-    disconnect(&conn->hequic[tempindex]);
-  }
-}
-
-/* Requires stream->recv_lock to be held */
-static bool msh3request_ensure_room(struct HTTP *stream, size_t len)
-{
-  uint8_t *new_recv_buf;
-  const size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len;
-  if(cur_recv_len + len > stream->recv_buf_alloc) {
-    size_t new_recv_buf_alloc_len = stream->recv_buf_alloc;
-    do {
-      new_recv_buf_alloc_len <<= 1; /* TODO - handle overflow */
-    } while(cur_recv_len + len > new_recv_buf_alloc_len);
-    new_recv_buf = malloc(new_recv_buf_alloc_len);
-    if(!new_recv_buf) {
-      return false;
-    }
-    if(cur_recv_len) {
-      memcpy(new_recv_buf, stream->recv_buf, cur_recv_len);
-    }
-    stream->recv_buf_alloc = new_recv_buf_alloc_len;
-    free(stream->recv_buf);
-    stream->recv_buf = new_recv_buf;
-  }
-  return true;
-}
-
-static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request,
-                                           void *IfContext,
-                                           const MSH3_HEADER *Header)
-{
-  struct HTTP *stream = IfContext;
-  size_t total_len;
-  (void)Request;
-
-  if(stream->recv_header_complete) {
-    H3BUGF(printf("* ignoring header after data\n"));
-    return;
-  }
-
-  msh3_lock_acquire(&stream->recv_lock);
-
-  if((Header->NameLength == 7) &&
-     !strncmp(H2H3_PSEUDO_STATUS, (char *)Header->Name, 7)) {
-     total_len = 9 + Header->ValueLength;
-    if(!msh3request_ensure_room(stream, total_len)) {
-      /* TODO - handle error */
-      goto release_lock;
-    }
-    msnprintf((char *)stream->recv_buf + stream->recv_header_len,
-              stream->recv_buf_alloc - stream->recv_header_len,
-              "HTTP/3 %.*s\n", (int)Header->ValueLength, Header->Value);
-  }
-  else {
-    total_len = Header->NameLength + 4 + Header->ValueLength;
-    if(!msh3request_ensure_room(stream, total_len)) {
-      /* TODO - handle error */
-      goto release_lock;
-    }
-    msnprintf((char *)stream->recv_buf + stream->recv_header_len,
-              stream->recv_buf_alloc - stream->recv_header_len,
-              "%.*s: %.*s\n",
-              (int)Header->NameLength, Header->Name,
-              (int)Header->ValueLength, Header->Value);
-  }
-
-  stream->recv_header_len += total_len - 1; /* don't include null-terminator */
-
-release_lock:
-  msh3_lock_release(&stream->recv_lock);
-}
-
-static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request,
-                                         void *IfContext, uint32_t Length,
-                                         const uint8_t *Data)
-{
-  struct HTTP *stream = IfContext;
-  size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len;
-  (void)Request;
-  H3BUGF(printf("* msh3_data_received %u. %zu buffered, %zu allocated\n",
-                Length, cur_recv_len, stream->recv_buf_alloc));
-  msh3_lock_acquire(&stream->recv_lock);
-  if(!stream->recv_header_complete) {
-    H3BUGF(printf("* Headers complete!\n"));
-    if(!msh3request_ensure_room(stream, 2)) {
-      /* TODO - handle error */
-      goto release_lock;
-    }
-    stream->recv_buf[stream->recv_header_len++] = '\r';
-    stream->recv_buf[stream->recv_header_len++] = '\n';
-    stream->recv_header_complete = true;
-    cur_recv_len += 2;
-  }
-  if(!msh3request_ensure_room(stream, Length)) {
-    /* TODO - handle error */
-    goto release_lock;
-  }
-  memcpy(stream->recv_buf + cur_recv_len, Data, Length);
-  stream->recv_data_len += (size_t)Length;
-release_lock:
-  msh3_lock_release(&stream->recv_lock);
-}
-
-static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext,
-                                    bool Aborted, uint64_t AbortError)
-{
-  struct HTTP *stream = IfContext;
-  (void)Request;
-  (void)AbortError;
-  H3BUGF(printf("* msh3_complete, aborted=%s\n", Aborted ? "true" : "false"));
-  msh3_lock_acquire(&stream->recv_lock);
-  if(Aborted) {
-    stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */
-  }
-  stream->recv_header_complete = true;
-  stream->recv_data_complete = true;
-  msh3_lock_release(&stream->recv_lock);
-}
-
-static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext)
-{
-  struct HTTP *stream = IfContext;
-  (void)Request;
-  (void)stream;
-}
-
-static ssize_t msh3_stream_send(struct Curl_easy *data,
-                                int sockindex,
-                                const void *mem,
-                                size_t len,
-                                CURLcode *curlcode)
-{
-  struct connectdata *conn = data->conn;
-  struct HTTP *stream = data->req.p.http;
-  struct quicsocket *qs = conn->quic;
-  struct h2h3req *hreq;
-
-  (void)sockindex;
-  /* Sizes must match for cast below to work" */
-  DEBUGASSERT(sizeof(MSH3_HEADER) == sizeof(struct h2h3pseudo));
-
-  H3BUGF(infof(data, "msh3_stream_send %zu", len));
-
-  if(!stream->req) {
-    *curlcode = Curl_pseudo_headers(data, mem, len, &hreq);
-    if(*curlcode) {
-      failf(data, "Curl_pseudo_headers failed");
-      return -1;
-    }
-    H3BUGF(infof(data, "starting request with %zu headers", hreq->entries));
-    stream->req = MsH3RequestOpen(qs->conn, &msh3_request_if, stream,
-                                 (MSH3_HEADER*)hreq->header, hreq->entries);
-    Curl_pseudo_free(hreq);
-    if(!stream->req) {
-      failf(data, "request open failed");
-      *curlcode = CURLE_SEND_ERROR;
-      return -1;
-    }
-    *curlcode = CURLE_OK;
-    return len;
-  }
-  H3BUGF(infof(data, "send %zd body bytes on request %p", len,
-               (void *)stream->req));
-  *curlcode = CURLE_SEND_ERROR;
-  return -1;
-}
-
-static ssize_t msh3_stream_recv(struct Curl_easy *data,
-                                int sockindex,
-                                char *buf,
-                                size_t buffersize,
-                                CURLcode *curlcode)
-{
-  struct HTTP *stream = data->req.p.http;
-  size_t outsize = 0;
-  (void)sockindex;
-  H3BUGF(infof(data, "msh3_stream_recv %zu", buffersize));
-
-  if(stream->recv_error) {
-    failf(data, "request aborted");
-    *curlcode = stream->recv_error;
-    return -1;
-  }
-
-  msh3_lock_acquire(&stream->recv_lock);
-
-  if(stream->recv_header_len) {
-    outsize = buffersize;
-    if(stream->recv_header_len < outsize) {
-      outsize = stream->recv_header_len;
-    }
-    memcpy(buf, stream->recv_buf, outsize);
-    if(outsize < stream->recv_header_len + stream->recv_data_len) {
-      memmove(stream->recv_buf, stream->recv_buf + outsize,
-              stream->recv_header_len + stream->recv_data_len - outsize);
-    }
-    stream->recv_header_len -= outsize;
-    H3BUGF(infof(data, "returned %zu bytes of headers", outsize));
-  }
-  else if(stream->recv_data_len) {
-    outsize = buffersize;
-    if(stream->recv_data_len < outsize) {
-      outsize = stream->recv_data_len;
-    }
-    memcpy(buf, stream->recv_buf, outsize);
-    if(outsize < stream->recv_data_len) {
-      memmove(stream->recv_buf, stream->recv_buf + outsize,
-              stream->recv_data_len - outsize);
-    }
-    stream->recv_data_len -= outsize;
-    H3BUGF(infof(data, "returned %zu bytes of data", outsize));
-  }
-  else if(stream->recv_data_complete) {
-    H3BUGF(infof(data, "receive complete"));
-  }
-
-  msh3_lock_release(&stream->recv_lock);
-
-  return (ssize_t)outsize;
-}
-
-CURLcode Curl_quic_done_sending(struct Curl_easy *data)
-{
-  struct connectdata *conn = data->conn;
-  H3BUGF(infof(data, "Curl_quic_done_sending"));
-  if(conn->handler == &msh3_curl_handler_http3) {
-    struct HTTP *stream = data->req.p.http;
-    stream->upload_done = TRUE;
-  }
-
-  return CURLE_OK;
-}
-
-void Curl_quic_done(struct Curl_easy *data, bool premature)
-{
-  struct HTTP *stream = data->req.p.http;
-  (void)premature;
-  H3BUGF(infof(data, "Curl_quic_done"));
-  if(stream) {
-    if(stream->recv_buf) {
-      Curl_safefree(stream->recv_buf);
-      msh3_lock_uninitialize(&stream->recv_lock);
-    }
-    if(stream->req) {
-      MsH3RequestClose(stream->req);
-      stream->req = ZERO_NULL;
-    }
-  }
-}
-
-bool Curl_quic_data_pending(const struct Curl_easy *data)
-{
-  struct HTTP *stream = data->req.p.http;
-  H3BUGF(infof((struct Curl_easy *)data, "Curl_quic_data_pending"));
-  return stream->recv_header_len || stream->recv_data_len;
-}
-
-/*
- * Called from transfer.c:Curl_readwrite when neither HTTP level read
- * nor write is performed. It is a good place to handle timer expiry
- * for QUIC transport.
- */
-CURLcode Curl_quic_idle(struct Curl_easy *data)
-{
-  (void)data;
-  H3BUGF(infof(data, "Curl_quic_idle"));
-  return CURLE_OK;
-}
-
-#endif /* USE_MSH3 */
diff --git a/lib/vquic/ngtcp2.c b/lib/vquic/ngtcp2.c
deleted file mode 100644
index f16b46994..000000000
--- a/lib/vquic/ngtcp2.c
+++ /dev/null
@@ -1,2266 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_NGTCP2
-#include <ngtcp2/ngtcp2.h>
-#include <nghttp3/nghttp3.h>
-
-#ifdef USE_OPENSSL
-#include <openssl/err.h>
-#ifdef OPENSSL_IS_BORINGSSL
-#include <ngtcp2/ngtcp2_crypto_boringssl.h>
-#else
-#include <ngtcp2/ngtcp2_crypto_openssl.h>
-#endif
-#include "vtls/openssl.h"
-#elif defined(USE_GNUTLS)
-#include <ngtcp2/ngtcp2_crypto_gnutls.h>
-#include "vtls/gtls.h"
-#elif defined(USE_WOLFSSL)
-#include <ngtcp2/ngtcp2_crypto_wolfssl.h>
-#include "vtls/wolfssl.h"
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "strdup.h"
-#include "rand.h"
-#include "ngtcp2.h"
-#include "multiif.h"
-#include "strcase.h"
-#include "cfilters.h"
-#include "connect.h"
-#include "strerror.h"
-#include "dynbuf.h"
-#include "vquic.h"
-#include "h2h3.h"
-#include "vtls/keylog.h"
-#include "vtls/vtls.h"
-
-/* The last 3 #include files should be in this order */
-#include "curl_printf.h"
-#include "curl_memory.h"
-#include "memdebug.h"
-
-/* #define DEBUG_NGTCP2 */
-#ifdef CURLDEBUG
-#define DEBUG_HTTP3
-#endif
-#ifdef DEBUG_HTTP3
-#define H3BUGF(x) x
-#else
-#define H3BUGF(x) do { } while(0)
-#endif
-
-#define H3_ALPN_H3_29 "\x5h3-29"
-#define H3_ALPN_H3 "\x2h3"
-
-/*
- * This holds outgoing HTTP/3 stream data that is used by nghttp3 until acked.
- * It is used as a circular buffer. Add new bytes at the end until it reaches
- * the far end, then start over at index 0 again.
- */
-
-#define H3_SEND_SIZE (256*1024)
-struct h3out {
-  uint8_t buf[H3_SEND_SIZE];
-  size_t used;   /* number of bytes used in the buffer */
-  size_t windex; /* index in the buffer where to start writing the next
-                    data block */
-};
-
-#define QUIC_MAX_STREAMS (256*1024)
-#define QUIC_MAX_DATA (1*1024*1024)
-#define QUIC_IDLE_TIMEOUT (60*NGTCP2_SECONDS)
-
-#ifdef USE_OPENSSL
-#define QUIC_CIPHERS                                                          \
-  "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_"               \
-  "POLY1305_SHA256:TLS_AES_128_CCM_SHA256"
-#define QUIC_GROUPS "P-256:X25519:P-384:P-521"
-#elif defined(USE_GNUTLS)
-#define QUIC_PRIORITY \
-  "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \
-  "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \
-  "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \
-  "%DISABLE_TLS13_COMPAT_MODE"
-#elif defined(USE_WOLFSSL)
-#define QUIC_CIPHERS                                                          \
-  "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_"               \
-  "POLY1305_SHA256:TLS_AES_128_CCM_SHA256"
-#define QUIC_GROUPS "P-256:P-384:P-521"
-#endif
-
-/* ngtcp2 default congestion controller does not perform pacing. Limit
-   the maximum packet burst to MAX_PKT_BURST packets. */
-#define MAX_PKT_BURST 10
-
-static CURLcode ng_process_ingress(struct Curl_easy *data,
-                                   curl_socket_t sockfd,
-                                   struct quicsocket *qs);
-static CURLcode ng_flush_egress(struct Curl_easy *data, int sockfd,
-                                struct quicsocket *qs);
-static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
-                                   uint64_t datalen, void *user_data,
-                                   void *stream_user_data);
-
-static ngtcp2_conn *get_conn(ngtcp2_crypto_conn_ref *conn_ref)
-{
-  struct quicsocket *qs = conn_ref->user_data;
-  return qs->qconn;
-}
-
-static ngtcp2_tstamp timestamp(void)
-{
-  struct curltime ct = Curl_now();
-  return ct.tv_sec * NGTCP2_SECONDS + ct.tv_usec * NGTCP2_MICROSECONDS;
-}
-
-#ifdef DEBUG_NGTCP2
-static void quic_printf(void *user_data, const char *fmt, ...)
-{
-  va_list ap;
-  (void)user_data; /* TODO, use this to do infof() instead long-term */
-  va_start(ap, fmt);
-  vfprintf(stderr, fmt, ap);
-  va_end(ap);
-  fprintf(stderr, "\n");
-}
-#endif
-
-static void qlog_callback(void *user_data, uint32_t flags,
-                          const void *data, size_t datalen)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  (void)flags;
-  if(qs->qlogfd != -1) {
-    ssize_t rc = write(qs->qlogfd, data, datalen);
-    if(rc == -1) {
-      /* on write error, stop further write attempts */
-      close(qs->qlogfd);
-      qs->qlogfd = -1;
-    }
-  }
-
-}
-
-static void quic_settings(struct quicsocket *qs,
-                          uint64_t stream_buffer_size)
-{
-  ngtcp2_settings *s = &qs->settings;
-  ngtcp2_transport_params *t = &qs->transport_params;
-  ngtcp2_settings_default(s);
-  ngtcp2_transport_params_default(t);
-#ifdef DEBUG_NGTCP2
-  s->log_printf = quic_printf;
-#else
-  s->log_printf = NULL;
-#endif
-  s->initial_ts = timestamp();
-  t->initial_max_stream_data_bidi_local = stream_buffer_size;
-  t->initial_max_stream_data_bidi_remote = QUIC_MAX_STREAMS;
-  t->initial_max_stream_data_uni = QUIC_MAX_STREAMS;
-  t->initial_max_data = QUIC_MAX_DATA;
-  t->initial_max_streams_bidi = 1;
-  t->initial_max_streams_uni = 3;
-  t->max_idle_timeout = QUIC_IDLE_TIMEOUT;
-  if(qs->qlogfd != -1) {
-    s->qlog.write = qlog_callback;
-  }
-}
-
-#ifdef USE_OPENSSL
-static void keylog_callback(const SSL *ssl, const char *line)
-{
-  (void)ssl;
-  Curl_tls_keylog_write_line(line);
-}
-#elif defined(USE_GNUTLS)
-static int keylog_callback(gnutls_session_t session, const char *label,
-                    const gnutls_datum_t *secret)
-{
-  gnutls_datum_t crandom;
-  gnutls_datum_t srandom;
-
-  gnutls_session_get_random(session, &crandom, &srandom);
-  if(crandom.size != 32) {
-    return -1;
-  }
-
-  Curl_tls_keylog_write(label, crandom.data, secret->data, secret->size);
-  return 0;
-}
-#elif defined(USE_WOLFSSL)
-#if defined(HAVE_SECRET_CALLBACK)
-static void keylog_callback(const WOLFSSL *ssl, const char *line)
-{
-  (void)ssl;
-  Curl_tls_keylog_write_line(line);
-}
-#endif
-#endif
-
-static int init_ngh3_conn(struct quicsocket *qs);
-
-#ifdef USE_OPENSSL
-static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
-{
-  struct connectdata *conn = data->conn;
-  SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
-
-#ifdef OPENSSL_IS_BORINGSSL
-  if(ngtcp2_crypto_boringssl_configure_client_context(ssl_ctx) != 0) {
-    failf(data, "ngtcp2_crypto_boringssl_configure_client_context failed");
-    return NULL;
-  }
-#else
-  if(ngtcp2_crypto_openssl_configure_client_context(ssl_ctx) != 0) {
-    failf(data, "ngtcp2_crypto_openssl_configure_client_context failed");
-    return NULL;
-  }
-#endif
-
-  SSL_CTX_set_default_verify_paths(ssl_ctx);
-
-#ifdef OPENSSL_IS_BORINGSSL
-  if(SSL_CTX_set1_curves_list(ssl_ctx, QUIC_GROUPS) != 1) {
-    failf(data, "SSL_CTX_set1_curves_list failed");
-    return NULL;
-  }
-#else
-  if(SSL_CTX_set_ciphersuites(ssl_ctx, QUIC_CIPHERS) != 1) {
-    char error_buffer[256];
-    ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
-    failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer);
-    return NULL;
-  }
-
-  if(SSL_CTX_set1_groups_list(ssl_ctx, QUIC_GROUPS) != 1) {
-    failf(data, "SSL_CTX_set1_groups_list failed");
-    return NULL;
-  }
-#endif
-
-  /* Open the file if a TLS or QUIC backend has not done this before. */
-  Curl_tls_keylog_open();
-  if(Curl_tls_keylog_enabled()) {
-    SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
-  }
-
-  if(conn->ssl_config.verifypeer) {
-    const char * const ssl_cafile = conn->ssl_config.CAfile;
-    const char * const ssl_capath = conn->ssl_config.CApath;
-
-    if(ssl_cafile || ssl_capath) {
-      SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-      /* tell OpenSSL where to find CA certificates that are used to verify
-         the server's certificate. */
-      if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
-        /* Fail if we insist on successfully verifying the server. */
-        failf(data, "error setting certificate verify locations:"
-              "  CAfile: %s CApath: %s",
-              ssl_cafile ? ssl_cafile : "none",
-              ssl_capath ? ssl_capath : "none");
-        return NULL;
-      }
-      infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
-      infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-    }
-#ifdef CURL_CA_FALLBACK
-    else {
-      /* verifying the peer without any CA certificates won't work so
-         use openssl's built-in default as fallback */
-      SSL_CTX_set_default_verify_paths(ssl_ctx);
-    }
-#endif
-  }
-  return ssl_ctx;
-}
-
-static CURLcode quic_set_client_cert(struct Curl_easy *data,
-                                     struct quicsocket *qs)
-{
-  SSL_CTX *ssl_ctx = qs->sslctx;
-  const struct ssl_config_data *ssl_config;
-
-  ssl_config = Curl_ssl_get_config(data, FIRSTSOCKET);
-  DEBUGASSERT(ssl_config);
-
-  if(ssl_config->primary.clientcert || ssl_config->primary.cert_blob
-     || ssl_config->cert_type) {
-    return Curl_ossl_set_client_cert(
-        data, ssl_ctx, ssl_config->primary.clientcert,
-        ssl_config->primary.cert_blob, ssl_config->cert_type,
-        ssl_config->key, ssl_config->key_blob,
-        ssl_config->key_type, ssl_config->key_passwd);
-  }
-
-  return CURLE_OK;
-}
-
-/** SSL callbacks ***/
-
-static CURLcode quic_init_ssl(struct quicsocket *qs,
-                              struct Curl_easy *data,
-                              struct connectdata *conn)
-{
-  const uint8_t *alpn = NULL;
-  size_t alpnlen = 0;
-  /* this will need some attention when HTTPS proxy over QUIC get fixed */
-  const char * const hostname = qs->conn->host.name;
-
-  (void)data;
-  (void)conn;
-  DEBUGASSERT(!qs->ssl);
-  qs->ssl = SSL_new(qs->sslctx);
-
-  SSL_set_app_data(qs->ssl, &qs->conn_ref);
-  SSL_set_connect_state(qs->ssl);
-  SSL_set_quic_use_legacy_codepoint(qs->ssl, 0);
-
-  alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3;
-  alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1;
-  if(alpn)
-    SSL_set_alpn_protos(qs->ssl, alpn, (int)alpnlen);
-
-  /* set SNI */
-  SSL_set_tlsext_host_name(qs->ssl, hostname);
-  return CURLE_OK;
-}
-#elif defined(USE_GNUTLS)
-static CURLcode quic_init_ssl(struct quicsocket *qs,
-                              struct Curl_easy *data,
-                              struct connectdata *conn)
-{
-  CURLcode result;
-  gnutls_datum_t alpn[2];
-  /* this will need some attention when HTTPS proxy over QUIC get fixed */
-  const char * const hostname = qs->conn->host.name;
-  long * const pverifyresult = &data->set.ssl.certverifyresult;
-  int rc;
-
-  DEBUGASSERT(qs->gtls == NULL);
-  qs->gtls = calloc(1, sizeof(*(qs->gtls)));
-  if(!qs->gtls)
-    return CURLE_OUT_OF_MEMORY;
-
-  result = gtls_client_init(data, &conn->ssl_config, &data->set.ssl,
-                            hostname, qs->gtls, pverifyresult);
-  if(result)
-    return result;
-
-  gnutls_session_set_ptr(qs->gtls->session, &qs->conn_ref);
-
-  if(ngtcp2_crypto_gnutls_configure_client_session(qs->gtls->session) != 0) {
-    H3BUGF(fprintf(stderr,
-                   "ngtcp2_crypto_gnutls_configure_client_session failed\n"));
-    return CURLE_QUIC_CONNECT_ERROR;
-  }
-
-  rc = gnutls_priority_set_direct(qs->gtls->session, QUIC_PRIORITY, NULL);
-  if(rc < 0) {
-    H3BUGF(fprintf(stderr, "gnutls_priority_set_direct failed: %s\n",
-                   gnutls_strerror(rc)));
-    return CURLE_QUIC_CONNECT_ERROR;
-  }
-
-  /* Open the file if a TLS or QUIC backend has not done this before. */
-  Curl_tls_keylog_open();
-  if(Curl_tls_keylog_enabled()) {
-    gnutls_session_set_keylog_function(qs->gtls->session, keylog_callback);
-  }
-
-  /* strip the first byte (the length) from NGHTTP3_ALPN_H3 */
-  alpn[0].data = (unsigned char *)H3_ALPN_H3_29 + 1;
-  alpn[0].size = sizeof(H3_ALPN_H3_29) - 2;
-  alpn[1].data = (unsigned char *)H3_ALPN_H3 + 1;
-  alpn[1].size = sizeof(H3_ALPN_H3) - 2;
-
-  gnutls_alpn_set_protocols(qs->gtls->session, alpn, 2, GNUTLS_ALPN_MANDATORY);
-
-  return CURLE_OK;
-}
-#elif defined(USE_WOLFSSL)
-
-static WOLFSSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
-{
-  struct connectdata *conn = data->conn;
-  WOLFSSL_CTX *ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
-
-  if(ngtcp2_crypto_wolfssl_configure_client_context(ssl_ctx) != 0) {
-    failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed");
-    return NULL;
-  }
-
-  wolfSSL_CTX_set_default_verify_paths(ssl_ctx);
-
-  if(wolfSSL_CTX_set_cipher_list(ssl_ctx, QUIC_CIPHERS) != 1) {
-    char error_buffer[256];
-    ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer));
-    failf(data, "SSL_CTX_set_ciphersuites: %s", error_buffer);
-    return NULL;
-  }
-
-  if(wolfSSL_CTX_set1_groups_list(ssl_ctx, (char *)QUIC_GROUPS) != 1) {
-    failf(data, "SSL_CTX_set1_groups_list failed");
-    return NULL;
-  }
-
-  /* Open the file if a TLS or QUIC backend has not done this before. */
-  Curl_tls_keylog_open();
-  if(Curl_tls_keylog_enabled()) {
-#if defined(HAVE_SECRET_CALLBACK)
-    wolfSSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
-#else
-    failf(data, "wolfSSL was built without keylog callback");
-    return NULL;
-#endif
-  }
-
-  if(conn->ssl_config.verifypeer) {
-    const char * const ssl_cafile = conn->ssl_config.CAfile;
-    const char * const ssl_capath = conn->ssl_config.CApath;
-
-    if(ssl_cafile || ssl_capath) {
-      wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-      /* tell wolfSSL where to find CA certificates that are used to verify
-         the server's certificate. */
-      if(!wolfSSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
-        /* Fail if we insist on successfully verifying the server. */
-        failf(data, "error setting certificate verify locations:"
-              "  CAfile: %s CApath: %s",
-              ssl_cafile ? ssl_cafile : "none",
-              ssl_capath ? ssl_capath : "none");
-        return NULL;
-      }
-      infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
-      infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-    }
-#ifdef CURL_CA_FALLBACK
-    else {
-      /* verifying the peer without any CA certificates won't work so
-         use wolfssl's built-in default as fallback */
-      wolfSSL_CTX_set_default_verify_paths(ssl_ctx);
-    }
-#endif
-  }
-  else {
-    wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
-  }
-
-  return ssl_ctx;
-}
-
-/** SSL callbacks ***/
-
-static CURLcode quic_init_ssl(struct quicsocket *qs,
-                              struct Curl_easy *data,
-                              struct connectdata *conn)
-{
-  const uint8_t *alpn = NULL;
-  size_t alpnlen = 0;
-  /* this will need some attention when HTTPS proxy over QUIC get fixed */
-  const char * const hostname = qs->conn->host.name;
-
-  (void)data;
-  (void)conn;
-  DEBUGASSERT(!qs->ssl);
-  qs->ssl = SSL_new(qs->sslctx);
-
-  wolfSSL_set_app_data(qs->ssl, &qs->conn_ref);
-  wolfSSL_set_connect_state(qs->ssl);
-  wolfSSL_set_quic_use_legacy_codepoint(qs->ssl, 0);
-
-  alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3;
-  alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1;
-  if(alpn)
-    wolfSSL_set_alpn_protos(qs->ssl, alpn, (int)alpnlen);
-
-  /* set SNI */
-  wolfSSL_UseSNI(qs->ssl, WOLFSSL_SNI_HOST_NAME,
-                 hostname, (unsigned short)strlen(hostname));
-
-  return CURLE_OK;
-}
-#endif /* defined(USE_WOLFSSL) */
-
-static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data)
-{
-  (void)user_data;
-  (void)tconn;
-  return 0;
-}
-
-static void extend_stream_window(ngtcp2_conn *tconn,
-                                 struct HTTP *stream)
-{
-  size_t thismuch = stream->unacked_window;
-  ngtcp2_conn_extend_max_stream_offset(tconn, stream->stream3_id, thismuch);
-  ngtcp2_conn_extend_max_offset(tconn, thismuch);
-  stream->unacked_window = 0;
-}
-
-
-static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags,
-                               int64_t stream_id, uint64_t offset,
-                               const uint8_t *buf, size_t buflen,
-                               void *user_data, void *stream_user_data)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  nghttp3_ssize nconsumed;
-  int fin = (flags & NGTCP2_STREAM_DATA_FLAG_FIN) ? 1 : 0;
-  (void)offset;
-  (void)stream_user_data;
-
-  nconsumed =
-    nghttp3_conn_read_stream(qs->h3conn, stream_id, buf, buflen, fin);
-  if(nconsumed < 0) {
-    ngtcp2_connection_close_error_set_application_error(
-        &qs->last_error, nghttp3_err_infer_quic_app_error_code((int)nconsumed),
-        NULL, 0);
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  /* number of bytes inside buflen which consists of framing overhead
-   * including QPACK HEADERS. In other words, it does not consume payload of
-   * DATA frame. */
-  ngtcp2_conn_extend_max_stream_offset(tconn, stream_id, nconsumed);
-  ngtcp2_conn_extend_max_offset(tconn, nconsumed);
-
-  return 0;
-}
-
-static int
-cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id,
-                            uint64_t offset, uint64_t datalen, void *user_data,
-                            void *stream_user_data)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  int rv;
-  (void)stream_id;
-  (void)tconn;
-  (void)offset;
-  (void)datalen;
-  (void)stream_user_data;
-
-  rv = nghttp3_conn_add_ack_offset(qs->h3conn, stream_id, datalen);
-  if(rv) {
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static int cb_stream_close(ngtcp2_conn *tconn, uint32_t flags,
-                           int64_t stream_id, uint64_t app_error_code,
-                           void *user_data, void *stream_user_data)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  int rv;
-  (void)tconn;
-  (void)stream_user_data;
-  /* stream is closed... */
-
-  if(!(flags & NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET)) {
-    app_error_code = NGHTTP3_H3_NO_ERROR;
-  }
-
-  rv = nghttp3_conn_close_stream(qs->h3conn, stream_id,
-                                 app_error_code);
-  if(rv) {
-    ngtcp2_connection_close_error_set_application_error(
-        &qs->last_error, nghttp3_err_infer_quic_app_error_code(rv), NULL, 0);
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static int cb_stream_reset(ngtcp2_conn *tconn, int64_t stream_id,
-                           uint64_t final_size, uint64_t app_error_code,
-                           void *user_data, void *stream_user_data)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  int rv;
-  (void)tconn;
-  (void)final_size;
-  (void)app_error_code;
-  (void)stream_user_data;
-
-  rv = nghttp3_conn_shutdown_stream_read(qs->h3conn, stream_id);
-  if(rv) {
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static int cb_stream_stop_sending(ngtcp2_conn *tconn, int64_t stream_id,
-                                  uint64_t app_error_code, void *user_data,
-                                  void *stream_user_data)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  int rv;
-  (void)tconn;
-  (void)app_error_code;
-  (void)stream_user_data;
-
-  rv = nghttp3_conn_shutdown_stream_read(qs->h3conn, stream_id);
-  if(rv) {
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static int cb_extend_max_local_streams_bidi(ngtcp2_conn *tconn,
-                                            uint64_t max_streams,
-                                            void *user_data)
-{
-  (void)tconn;
-  (void)max_streams;
-  (void)user_data;
-
-  return 0;
-}
-
-static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t stream_id,
-                                     uint64_t max_data, void *user_data,
-                                     void *stream_user_data)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  int rv;
-  (void)tconn;
-  (void)max_data;
-  (void)stream_user_data;
-
-  rv = nghttp3_conn_unblock_stream(qs->h3conn, stream_id);
-  if(rv) {
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static void cb_rand(uint8_t *dest, size_t destlen,
-                    const ngtcp2_rand_ctx *rand_ctx)
-{
-  CURLcode result;
-  (void)rand_ctx;
-
-  result = Curl_rand(NULL, dest, destlen);
-  if(result) {
-    /* cb_rand is only used for non-cryptographic context.  If Curl_rand
-       failed, just fill 0 and call it *random*. */
-    memset(dest, 0, destlen);
-  }
-}
-
-static int cb_get_new_connection_id(ngtcp2_conn *tconn, ngtcp2_cid *cid,
-                                    uint8_t *token, size_t cidlen,
-                                    void *user_data)
-{
-  CURLcode result;
-  (void)tconn;
-  (void)user_data;
-
-  result = Curl_rand(NULL, cid->data, cidlen);
-  if(result)
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  cid->datalen = cidlen;
-
-  result = Curl_rand(NULL, token, NGTCP2_STATELESS_RESET_TOKENLEN);
-  if(result)
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-
-  return 0;
-}
-
-static int cb_recv_rx_key(ngtcp2_conn *tconn, ngtcp2_crypto_level level,
-                          void *user_data)
-{
-  struct quicsocket *qs = (struct quicsocket *)user_data;
-  (void)tconn;
-
-  if(level != NGTCP2_CRYPTO_LEVEL_APPLICATION) {
-    return 0;
-  }
-
-  if(init_ngh3_conn(qs) != CURLE_OK) {
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static ngtcp2_callbacks ng_callbacks = {
-  ngtcp2_crypto_client_initial_cb,
-  NULL, /* recv_client_initial */
-  ngtcp2_crypto_recv_crypto_data_cb,
-  cb_handshake_completed,
-  NULL, /* recv_version_negotiation */
-  ngtcp2_crypto_encrypt_cb,
-  ngtcp2_crypto_decrypt_cb,
-  ngtcp2_crypto_hp_mask_cb,
-  cb_recv_stream_data,
-  cb_acked_stream_data_offset,
-  NULL, /* stream_open */
-  cb_stream_close,
-  NULL, /* recv_stateless_reset */
-  ngtcp2_crypto_recv_retry_cb,
-  cb_extend_max_local_streams_bidi,
-  NULL, /* extend_max_local_streams_uni */
-  cb_rand,
-  cb_get_new_connection_id,
-  NULL, /* remove_connection_id */
-  ngtcp2_crypto_update_key_cb, /* update_key */
-  NULL, /* path_validation */
-  NULL, /* select_preferred_addr */
-  cb_stream_reset,
-  NULL, /* extend_max_remote_streams_bidi */
-  NULL, /* extend_max_remote_streams_uni */
-  cb_extend_max_stream_data,
-  NULL, /* dcid_status */
-  NULL, /* handshake_confirmed */
-  NULL, /* recv_new_token */
-  ngtcp2_crypto_delete_crypto_aead_ctx_cb,
-  ngtcp2_crypto_delete_crypto_cipher_ctx_cb,
-  NULL, /* recv_datagram */
-  NULL, /* ack_datagram */
-  NULL, /* lost_datagram */
-  ngtcp2_crypto_get_path_challenge_data_cb,
-  cb_stream_stop_sending,
-  NULL, /* version_negotiation */
-  cb_recv_rx_key,
-  NULL, /* recv_tx_key */
-  NULL, /* early_data_rejected */
-};
-
-/*
- * Might be called twice for happy eyeballs.
- */
-CURLcode Curl_quic_connect(struct Curl_easy *data,
-                           struct connectdata *conn,
-                           curl_socket_t sockfd,
-                           int sockindex,
-                           const struct sockaddr *addr,
-                           socklen_t addrlen)
-{
-  int rc;
-  int rv;
-  CURLcode result;
-  ngtcp2_path path; /* TODO: this must be initialized properly */
-  struct quicsocket *qs = &conn->hequic[sockindex];
-  char ipbuf[40];
-  int port;
-  int qfd;
-
-  if(qs->conn)
-    Curl_quic_disconnect(data, conn, sockindex);
-  qs->conn = conn;
-
-  /* extract the used address as a string */
-  if(!Curl_addr2string((struct sockaddr*)addr, addrlen, ipbuf, &port)) {
-    char buffer[STRERROR_LEN];
-    failf(data, "ssrem inet_ntop() failed with errno %d: %s",
-          SOCKERRNO, Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-  }
-
-  infof(data, "Connect socket %d over QUIC to %s:%d",
-        sockfd, ipbuf, port);
-
-  qs->version = NGTCP2_PROTO_VER_MAX;
-#ifdef USE_OPENSSL
-  qs->sslctx = quic_ssl_ctx(data);
-  if(!qs->sslctx)
-    return CURLE_QUIC_CONNECT_ERROR;
-
-  result = quic_set_client_cert(data, qs);
-  if(result)
-    return result;
-#elif defined(USE_WOLFSSL)
-  qs->sslctx = quic_ssl_ctx(data);
-  if(!qs->sslctx)
-    return CURLE_QUIC_CONNECT_ERROR;
-#endif
-
-  result = quic_init_ssl(qs, data, conn);
-  if(result)
-    return result;
-
-  qs->dcid.datalen = NGTCP2_MAX_CIDLEN;
-  result = Curl_rand(data, qs->dcid.data, NGTCP2_MAX_CIDLEN);
-  if(result)
-    return result;
-
-  qs->scid.datalen = NGTCP2_MAX_CIDLEN;
-  result = Curl_rand(data, qs->scid.data, NGTCP2_MAX_CIDLEN);
-  if(result)
-    return result;
-
-  (void)Curl_qlogdir(data, qs->scid.data, NGTCP2_MAX_CIDLEN, &qfd);
-  qs->qlogfd = qfd; /* -1 if failure above */
-  quic_settings(qs, data->set.buffer_size);
-
-  qs->local_addrlen = sizeof(qs->local_addr);
-  rv = getsockname(sockfd, (struct sockaddr *)&qs->local_addr,
-                   &qs->local_addrlen);
-  if(rv == -1)
-    return CURLE_QUIC_CONNECT_ERROR;
-
-  ngtcp2_addr_init(&path.local, (struct sockaddr *)&qs->local_addr,
-                   qs->local_addrlen);
-  ngtcp2_addr_init(&path.remote, addr, addrlen);
-
-  rc = ngtcp2_conn_client_new(&qs->qconn, &qs->dcid, &qs->scid, &path,
-                              NGTCP2_PROTO_VER_V1, &ng_callbacks,
-                              &qs->settings, &qs->transport_params, NULL, qs);
-  if(rc)
-    return CURLE_QUIC_CONNECT_ERROR;
-
-#ifdef USE_GNUTLS
-  ngtcp2_conn_set_tls_native_handle(qs->qconn, qs->gtls->session);
-#else
-  ngtcp2_conn_set_tls_native_handle(qs->qconn, qs->ssl);
-#endif
-
-  ngtcp2_connection_close_error_default(&qs->last_error);
-
-#if defined(__linux__) && defined(UDP_SEGMENT) && defined(HAVE_SENDMSG)
-  qs->no_gso = FALSE;
-#else
-  qs->no_gso = TRUE;
-#endif
-
-  qs->num_blocked_pkt = 0;
-  qs->num_blocked_pkt_sent = 0;
-  memset(&qs->blocked_pkt, 0, sizeof(qs->blocked_pkt));
-
-  qs->pktbuflen = NGTCP2_MAX_PMTUD_UDP_PAYLOAD_SIZE * MAX_PKT_BURST;
-  qs->pktbuf = malloc(qs->pktbuflen);
-  if(!qs->pktbuf) {
-    ngtcp2_conn_del(qs->qconn);
-    qs->qconn = NULL;
-    return CURLE_OUT_OF_MEMORY;
-  }
-
-  qs->conn_ref.get_conn = get_conn;
-  qs->conn_ref.user_data = qs;
-
-  return CURLE_OK;
-}
-
-/*
- * Store ngtcp2 version info in this buffer.
- */
-void Curl_quic_ver(char *p, size_t len)
-{
-  const ngtcp2_info *ng2 = ngtcp2_version(0);
-  const nghttp3_info *ht3 = nghttp3_version(0);
-  (void)msnprintf(p, len, "ngtcp2/%s nghttp3/%s",
-                  ng2->version_str, ht3->version_str);
-}
-
-static int ng_getsock(struct Curl_easy *data, struct connectdata *conn,
-                      curl_socket_t *socks)
-{
-  struct SingleRequest *k = &data->req;
-  int bitmap = GETSOCK_BLANK;
-  struct HTTP *stream = data->req.p.http;
-  struct quicsocket *qs = conn->quic;
-
-  socks[0] = conn->sock[FIRSTSOCKET];
-
-  /* in an HTTP/2 connection we can basically always get a frame so we should
-     always be ready for one */
-  bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
-
-  /* we're still uploading or the HTTP/2 layer wants to send data */
-  if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND &&
-     (!stream->h3out || stream->h3out->used < H3_SEND_SIZE) &&
-     ngtcp2_conn_get_cwnd_left(qs->qconn) &&
-     ngtcp2_conn_get_max_data_left(qs->qconn) &&
-     nghttp3_conn_is_stream_writable(qs->h3conn, stream->stream3_id))
-    bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
-
-  return bitmap;
-}
-
-static void qs_disconnect(struct quicsocket *qs)
-{
-  char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE];
-  ngtcp2_tstamp ts;
-  ngtcp2_ssize rc;
-
-  if(!qs->conn) /* already closed */
-    return;
-  ts = timestamp();
-  rc = ngtcp2_conn_write_connection_close(qs->qconn, NULL, /* path */
-                                          NULL, /* pkt_info */
-                                          (uint8_t *)buffer, sizeof(buffer),
-                                          &qs->last_error, ts);
-  if(rc > 0) {
-    while((send(qs->conn->sock[FIRSTSOCKET], buffer, rc, 0) == -1) &&
-          SOCKERRNO == EINTR);
-  }
-
-  qs->conn = NULL;
-  if(qs->qlogfd != -1) {
-    close(qs->qlogfd);
-    qs->qlogfd = -1;
-  }
-#ifdef USE_OPENSSL
-  if(qs->ssl)
-    SSL_free(qs->ssl);
-  qs->ssl = NULL;
-  SSL_CTX_free(qs->sslctx);
-#elif defined(USE_GNUTLS)
-  if(qs->gtls) {
-    if(qs->gtls->cred)
-      gnutls_certificate_free_credentials(qs->gtls->cred);
-    if(qs->gtls->session)
-      gnutls_deinit(qs->gtls->session);
-    free(qs->gtls);
-    qs->gtls = NULL;
-  }
-#elif defined(USE_WOLFSSL)
-  if(qs->ssl)
-    wolfSSL_free(qs->ssl);
-  qs->ssl = NULL;
-  wolfSSL_CTX_free(qs->sslctx);
-#endif
-  free(qs->pktbuf);
-  nghttp3_conn_del(qs->h3conn);
-  ngtcp2_conn_del(qs->qconn);
-}
-
-void Curl_quic_disconnect(struct Curl_easy *data,
-                          struct connectdata *conn,
-                          int tempindex)
-{
-  (void)data;
-  if(conn->transport == TRNSPRT_QUIC)
-    qs_disconnect(&conn->hequic[tempindex]);
-}
-
-static CURLcode ng_disconnect(struct Curl_easy *data,
-                              struct connectdata *conn,
-                              bool dead_connection)
-{
-  (void)dead_connection;
-  Curl_quic_disconnect(data, conn, 0);
-  Curl_quic_disconnect(data, conn, 1);
-  return CURLE_OK;
-}
-
-static unsigned int ng_conncheck(struct Curl_easy *data,
-                                 struct connectdata *conn,
-                                 unsigned int checks_to_perform)
-{
-  (void)data;
-  (void)conn;
-  (void)checks_to_perform;
-  return CONNRESULT_NONE;
-}
-
-static const struct Curl_handler Curl_handler_http3 = {
-  "HTTPS",                              /* scheme */
-  ZERO_NULL,                            /* setup_connection */
-  Curl_http,                            /* do_it */
-  Curl_http_done,                       /* done */
-  ZERO_NULL,                            /* do_more */
-  ZERO_NULL,                            /* connect_it */
-  ZERO_NULL,                            /* connecting */
-  ZERO_NULL,                            /* doing */
-  ng_getsock,                           /* proto_getsock */
-  ng_getsock,                           /* doing_getsock */
-  ZERO_NULL,                            /* domore_getsock */
-  ng_getsock,                           /* perform_getsock */
-  ng_disconnect,                        /* disconnect */
-  ZERO_NULL,                            /* readwrite */
-  ng_conncheck,                         /* connection_check */
-  ZERO_NULL,                            /* attach connection */
-  PORT_HTTP,                            /* defport */
-  CURLPROTO_HTTPS,                      /* protocol */
-  CURLPROTO_HTTP,                       /* family */
-  PROTOPT_SSL | PROTOPT_STREAM          /* flags */
-};
-
-static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id,
-                              uint64_t app_error_code, void *user_data,
-                              void *stream_user_data)
-{
-  struct Curl_easy *data = stream_user_data;
-  struct HTTP *stream = data->req.p.http;
-  (void)conn;
-  (void)stream_id;
-  (void)app_error_code;
-  (void)user_data;
-  H3BUGF(infof(data, "cb_h3_stream_close CALLED"));
-
-  stream->closed = TRUE;
-  stream->error3 = app_error_code;
-  Curl_expire(data, 0, EXPIRE_QUIC);
-  /* make sure that ngh3_stream_recv is called again to complete the transfer
-     even if there are no more packets to be received from the server. */
-  data->state.drain = 1;
-  return 0;
-}
-
-/*
- * write_data() copies data to the stream's receive buffer. If not enough
- * space is available in the receive buffer, it copies the rest to the
- * stream's overflow buffer.
- */
-static CURLcode write_data(struct HTTP *stream, const void *mem, size_t memlen)
-{
-  CURLcode result = CURLE_OK;
-  const char *buf = mem;
-  size_t ncopy = memlen;
-  /* copy as much as possible to the receive buffer */
-  if(stream->len) {
-    size_t len = CURLMIN(ncopy, stream->len);
-    memcpy(stream->mem, buf, len);
-    stream->len -= len;
-    stream->memlen += len;
-    stream->mem += len;
-    buf += len;
-    ncopy -= len;
-  }
-  /* copy the rest to the overflow buffer */
-  if(ncopy)
-    result = Curl_dyn_addn(&stream->overflow, buf, ncopy);
-  return result;
-}
-
-static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream_id,
-                           const uint8_t *buf, size_t buflen,
-                           void *user_data, void *stream_user_data)
-{
-  struct Curl_easy *data = stream_user_data;
-  struct HTTP *stream = data->req.p.http;
-  CURLcode result = CURLE_OK;
-  (void)conn;
-
-  result = write_data(stream, buf, buflen);
-  if(result) {
-    return -1;
-  }
-  stream->unacked_window += buflen;
-  (void)stream_id;
-  (void)user_data;
-  return 0;
-}
-
-static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream_id,
-                                  size_t consumed, void *user_data,
-                                  void *stream_user_data)
-{
-  struct quicsocket *qs = user_data;
-  (void)conn;
-  (void)stream_user_data;
-  (void)stream_id;
-
-  ngtcp2_conn_extend_max_stream_offset(qs->qconn, stream_id, consumed);
-  ngtcp2_conn_extend_max_offset(qs->qconn, consumed);
-  return 0;
-}
-
-/* Decode HTTP status code.  Returns -1 if no valid status code was
-   decoded. (duplicate from http2.c) */
-static int decode_status_code(const uint8_t *value, size_t len)
-{
-  int i;
-  int res;
-
-  if(len != 3) {
-    return -1;
-  }
-
-  res = 0;
-
-  for(i = 0; i < 3; ++i) {
-    char c = value[i];
-
-    if(c < '0' || c > '9') {
-      return -1;
-    }
-
-    res *= 10;
-    res += c - '0';
-  }
-
-  return res;
-}
-
-static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id,
-                             int fin, void *user_data, void *stream_user_data)
-{
-  struct Curl_easy *data = stream_user_data;
-  struct HTTP *stream = data->req.p.http;
-  CURLcode result = CURLE_OK;
-  (void)conn;
-  (void)stream_id;
-  (void)user_data;
-  (void)fin;
-
-  /* add a CRLF only if we've received some headers */
-  if(stream->firstheader) {
-    result = write_data(stream, "\r\n", 2);
-    if(result) {
-      return -1;
-    }
-  }
-
-  if(stream->status_code / 100 != 1) {
-    stream->bodystarted = TRUE;
-  }
-  return 0;
-}
-
-static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id,
-                             int32_t token, nghttp3_rcbuf *name,
-                             nghttp3_rcbuf *value, uint8_t flags,
-                             void *user_data, void *stream_user_data)
-{
-  nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name);
-  nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value);
-  struct Curl_easy *data = stream_user_data;
-  struct HTTP *stream = data->req.p.http;
-  CURLcode result = CURLE_OK;
-  (void)conn;
-  (void)stream_id;
-  (void)token;
-  (void)flags;
-  (void)user_data;
-
-  if(token == NGHTTP3_QPACK_TOKEN__STATUS) {
-    char line[14]; /* status line is always 13 characters long */
-    size_t ncopy;
-    stream->status_code = decode_status_code(h3val.base, h3val.len);
-    DEBUGASSERT(stream->status_code != -1);
-    ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n",
-                      stream->status_code);
-    result = write_data(stream, line, ncopy);
-    if(result) {
-      return -1;
-    }
-  }
-  else {
-    /* store as an HTTP1-style header */
-    result = write_data(stream, h3name.base, h3name.len);
-    if(result) {
-      return -1;
-    }
-    result = write_data(stream, ": ", 2);
-    if(result) {
-      return -1;
-    }
-    result = write_data(stream, h3val.base, h3val.len);
-    if(result) {
-      return -1;
-    }
-    result = write_data(stream, "\r\n", 2);
-    if(result) {
-      return -1;
-    }
-  }
-
-  stream->firstheader = TRUE;
-  return 0;
-}
-
-static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t stream_id,
-                              uint64_t app_error_code, void *user_data,
-                              void *stream_user_data)
-{
-  struct quicsocket *qs = user_data;
-  int rv;
-  (void)conn;
-  (void)stream_user_data;
-
-  rv = ngtcp2_conn_shutdown_stream_read(qs->qconn, stream_id, app_error_code);
-  if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) {
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t stream_id,
-                              uint64_t app_error_code, void *user_data,
-                              void *stream_user_data) {
-  struct quicsocket *qs = user_data;
-  int rv;
-  (void)conn;
-  (void)stream_user_data;
-
-  rv = ngtcp2_conn_shutdown_stream_write(qs->qconn, stream_id, app_error_code);
-  if(rv && rv != NGTCP2_ERR_STREAM_NOT_FOUND) {
-    return NGTCP2_ERR_CALLBACK_FAILURE;
-  }
-
-  return 0;
-}
-
-static nghttp3_callbacks ngh3_callbacks = {
-  cb_h3_acked_stream_data, /* acked_stream_data */
-  cb_h3_stream_close,
-  cb_h3_recv_data,
-  cb_h3_deferred_consume,
-  NULL, /* begin_headers */
-  cb_h3_recv_header,
-  cb_h3_end_headers,
-  NULL, /* begin_trailers */
-  cb_h3_recv_header,
-  NULL, /* end_trailers */
-  cb_h3_stop_sending,
-  NULL, /* end_stream */
-  cb_h3_reset_stream,
-  NULL /* shutdown */
-};
-
-static int init_ngh3_conn(struct quicsocket *qs)
-{
-  CURLcode result;
-  int rc;
-  int64_t ctrl_stream_id, qpack_enc_stream_id, qpack_dec_stream_id;
-
-  if(ngtcp2_conn_get_max_local_streams_uni(qs->qconn) < 3) {
-    return CURLE_QUIC_CONNECT_ERROR;
-  }
-
-  nghttp3_settings_default(&qs->h3settings);
-
-  rc = nghttp3_conn_client_new(&qs->h3conn,
-                               &ngh3_callbacks,
-                               &qs->h3settings,
-                               nghttp3_mem_default(),
-                               qs);
-  if(rc) {
-    result = CURLE_OUT_OF_MEMORY;
-    goto fail;
-  }
-
-  rc = ngtcp2_conn_open_uni_stream(qs->qconn, &ctrl_stream_id, NULL);
-  if(rc) {
-    result = CURLE_QUIC_CONNECT_ERROR;
-    goto fail;
-  }
-
-  rc = nghttp3_conn_bind_control_stream(qs->h3conn, ctrl_stream_id);
-  if(rc) {
-    result = CURLE_QUIC_CONNECT_ERROR;
-    goto fail;
-  }
-
-  rc = ngtcp2_conn_open_uni_stream(qs->qconn, &qpack_enc_stream_id, NULL);
-  if(rc) {
-    result = CURLE_QUIC_CONNECT_ERROR;
-    goto fail;
-  }
-
-  rc = ngtcp2_conn_open_uni_stream(qs->qconn, &qpack_dec_stream_id, NULL);
-  if(rc) {
-    result = CURLE_QUIC_CONNECT_ERROR;
-    goto fail;
-  }
-
-  rc = nghttp3_conn_bind_qpack_streams(qs->h3conn, qpack_enc_stream_id,
-                                       qpack_dec_stream_id);
-  if(rc) {
-    result = CURLE_QUIC_CONNECT_ERROR;
-    goto fail;
-  }
-
-  return CURLE_OK;
-  fail:
-
-  return result;
-}
-
-static Curl_recv ngh3_stream_recv;
-static Curl_send ngh3_stream_send;
-
-static size_t drain_overflow_buffer(struct HTTP *stream)
-{
-  size_t overlen = Curl_dyn_len(&stream->overflow);
-  size_t ncopy = CURLMIN(overlen, stream->len);
-  if(ncopy > 0) {
-    memcpy(stream->mem, Curl_dyn_ptr(&stream->overflow), ncopy);
-    stream->len -= ncopy;
-    stream->mem += ncopy;
-    stream->memlen += ncopy;
-    if(ncopy != overlen)
-      /* make the buffer only keep the tail */
-      (void)Curl_dyn_tail(&stream->overflow, overlen - ncopy);
-    else
-      Curl_dyn_reset(&stream->overflow);
-  }
-  return ncopy;
-}
-
-/* incoming data frames on the h3 stream */
-static ssize_t ngh3_stream_recv(struct Curl_easy *data,
-                                int sockindex,
-                                char *buf,
-                                size_t buffersize,
-                                CURLcode *curlcode)
-{
-  struct connectdata *conn = data->conn;
-  curl_socket_t sockfd = conn->sock[sockindex];
-  struct HTTP *stream = data->req.p.http;
-  struct quicsocket *qs = conn->quic;
-
-  if(!stream->memlen) {
-    /* remember where to store incoming data for this stream and how big the
-       buffer is */
-    stream->mem = buf;
-    stream->len = buffersize;
-  }
-  /* else, there's data in the buffer already */
-
-  /* if there's data in the overflow buffer from a previous call, copy as much
-     as possible to the receive buffer before receiving more */
-  drain_overflow_buffer(stream);
-
-  if(ng_process_ingress(data, sockfd, qs)) {
-    *curlcode = CURLE_RECV_ERROR;
-    return -1;
-  }
-  if(ng_flush_egress(data, sockfd, qs)) {
-    *curlcode = CURLE_SEND_ERROR;
-    return -1;
-  }
-
-  if(stream->memlen) {
-    ssize_t memlen = stream->memlen;
-    /* data arrived */
-    *curlcode = CURLE_OK;
-    /* reset to allow more data to come */
-    stream->memlen = 0;
-    stream->mem = buf;
-    stream->len = buffersize;
-    /* extend the stream window with the data we're consuming and send out
-       any additional packets to tell the server that we can receive more */
-    extend_stream_window(qs->qconn, stream);
-    if(ng_flush_egress(data, sockfd, qs)) {
-      *curlcode = CURLE_SEND_ERROR;
-      return -1;
-    }
-    return memlen;
-  }
-
-  if(stream->closed) {
-    if(stream->error3 != NGHTTP3_H3_NO_ERROR) {
-      failf(data,
-            "HTTP/3 stream %" PRId64 " was not closed cleanly: (err %" PRIu64
-            ")",
-            stream->stream3_id, stream->error3);
-      *curlcode = CURLE_HTTP3;
-      return -1;
-    }
-
-    if(!stream->bodystarted) {
-      failf(data,
-            "HTTP/3 stream %" PRId64 " was closed cleanly, but before getting"
-            " all response header fields, treated as error",
-            stream->stream3_id);
-      *curlcode = CURLE_HTTP3;
-      return -1;
-    }
-
-    *curlcode = CURLE_OK;
-    return 0;
-  }
-
-  infof(data, "ngh3_stream_recv returns 0 bytes and EAGAIN");
-  *curlcode = CURLE_AGAIN;
-  return -1;
-}
-
-/* this amount of data has now been acked on this stream */
-static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id,
-                                   uint64_t datalen, void *user_data,
-                                   void *stream_user_data)
-{
-  struct Curl_easy *data = stream_user_data;
-  struct HTTP *stream = data->req.p.http;
-  (void)user_data;
-
-  if(!data->set.postfields) {
-    stream->h3out->used -= datalen;
-    H3BUGF(infof(data,
-                 "cb_h3_acked_stream_data, %zd bytes, %zd left unacked",
-                 datalen, stream->h3out->used));
-    DEBUGASSERT(stream->h3out->used < H3_SEND_SIZE);
-
-    if(stream->h3out->used == 0) {
-      int rv = nghttp3_conn_resume_stream(conn, stream_id);
-      if(rv) {
-        return NGTCP2_ERR_CALLBACK_FAILURE;
-      }
-    }
-  }
-  return 0;
-}
-
-static nghttp3_ssize cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id,
-                                        nghttp3_vec *vec, size_t veccnt,
-                                        uint32_t *pflags, void *user_data,
-                                        void *stream_user_data)
-{
-  struct Curl_easy *data = stream_user_data;
-  size_t nread;
-  struct HTTP *stream = data->req.p.http;
-  (void)conn;
-  (void)stream_id;
-  (void)user_data;
-  (void)veccnt;
-
-  if(data->set.postfields) {
-    vec[0].base = data->set.postfields;
-    vec[0].len = data->state.infilesize;
-    *pflags = NGHTTP3_DATA_FLAG_EOF;
-    return 1;
-  }
-
-  if(stream->upload_len && H3_SEND_SIZE <= stream->h3out->used) {
-    return NGHTTP3_ERR_WOULDBLOCK;
-  }
-
-  nread = CURLMIN(stream->upload_len, H3_SEND_SIZE - stream->h3out->used);
-  if(nread > 0) {
-    /* nghttp3 wants us to hold on to the data until it tells us it is okay to
-       delete it. Append the data at the end of the h3out buffer. Since we can
-       only return consecutive data, copy the amount that fits and the next
-       part comes in next invoke. */
-    struct h3out *out = stream->h3out;
-    if(nread + out->windex > H3_SEND_SIZE)
-      nread = H3_SEND_SIZE - out->windex;
-
-    memcpy(&out->buf[out->windex], stream->upload_mem, nread);
-
-    /* that's the chunk we return to nghttp3 */
-    vec[0].base = &out->buf[out->windex];
-    vec[0].len = nread;
-
-    out->windex += nread;
-    out->used += nread;
-
-    if(out->windex == H3_SEND_SIZE)
-      out->windex = 0; /* wrap */
-    stream->upload_mem += nread;
-    stream->upload_len -= nread;
-    if(data->state.infilesize != -1) {
-      stream->upload_left -= nread;
-      if(!stream->upload_left)
-        *pflags = NGHTTP3_DATA_FLAG_EOF;
-    }
-    H3BUGF(infof(data, "cb_h3_readfunction %zd bytes%s (at %zd unacked)",
-                 nread, *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"",
-                 out->used));
-  }
-  if(stream->upload_done && !stream->upload_len &&
-     (stream->upload_left <= 0)) {
-    H3BUGF(infof(data, "cb_h3_readfunction sets EOF"));
-    *pflags = NGHTTP3_DATA_FLAG_EOF;
-    return nread ? 1 : 0;
-  }
-  else if(!nread) {
-    return NGHTTP3_ERR_WOULDBLOCK;
-  }
-  return 1;
-}
-
-/* Index where :authority header field will appear in request header
-   field list. */
-#define AUTHORITY_DST_IDX 3
-
-static CURLcode http_request(struct Curl_easy *data, const void *mem,
-                             size_t len)
-{
-  struct connectdata *conn = data->conn;
-  struct HTTP *stream = data->req.p.http;
-  size_t nheader;
-  struct quicsocket *qs = conn->quic;
-  CURLcode result = CURLE_OK;
-  nghttp3_nv *nva = NULL;
-  int64_t stream3_id;
-  int rc;
-  struct h3out *h3out = NULL;
-  struct h2h3req *hreq = NULL;
-
-  rc = ngtcp2_conn_open_bidi_stream(qs->qconn, &stream3_id, NULL);
-  if(rc) {
-    failf(data, "can get bidi streams");
-    result = CURLE_SEND_ERROR;
-    goto fail;
-  }
-
-  stream->stream3_id = stream3_id;
-  stream->h3req = TRUE; /* senf off! */
-  Curl_dyn_init(&stream->overflow, CURL_MAX_READ_SIZE);
-
-  result = Curl_pseudo_headers(data, mem, len, &hreq);
-  if(result)
-    goto fail;
-  nheader = hreq->entries;
-
-  nva = malloc(sizeof(nghttp3_nv) * nheader);
-  if(!nva) {
-    result = CURLE_OUT_OF_MEMORY;
-    goto fail;
-  }
-  else {
-    unsigned int i;
-    for(i = 0; i < nheader; i++) {
-      nva[i].name = (unsigned char *)hreq->header[i].name;
-      nva[i].namelen = hreq->header[i].namelen;
-      nva[i].value = (unsigned char *)hreq->header[i].value;
-      nva[i].valuelen = hreq->header[i].valuelen;
-      nva[i].flags = NGHTTP3_NV_FLAG_NONE;
-    }
-  }
-
-  switch(data->state.httpreq) {
-  case HTTPREQ_POST:
-  case HTTPREQ_POST_FORM:
-  case HTTPREQ_POST_MIME:
-  case HTTPREQ_PUT: {
-    nghttp3_data_reader data_reader;
-    if(data->state.infilesize != -1)
-      stream->upload_left = data->state.infilesize;
-    else
-      /* data sending without specifying the data amount up front */
-      stream->upload_left = -1; /* unknown, but not zero */
-
-    data_reader.read_data = cb_h3_readfunction;
-
-    h3out = calloc(sizeof(struct h3out), 1);
-    if(!h3out) {
-      result = CURLE_OUT_OF_MEMORY;
-      goto fail;
-    }
-    stream->h3out = h3out;
-
-    rc = nghttp3_conn_submit_request(qs->h3conn, stream->stream3_id,
-                                     nva, nheader, &data_reader, data);
-    if(rc) {
-      result = CURLE_SEND_ERROR;
-      goto fail;
-    }
-    break;
-  }
-  default:
-    stream->upload_left = 0; /* nothing left to send */
-    rc = nghttp3_conn_submit_request(qs->h3conn, stream->stream3_id,
-                                     nva, nheader, NULL, data);
-    if(rc) {
-      result = CURLE_SEND_ERROR;
-      goto fail;
-    }
-    break;
-  }
-
-  Curl_safefree(nva);
-
-  infof(data, "Using HTTP/3 Stream ID: %x (easy handle %p)",
-        stream3_id, (void *)data);
-
-  Curl_pseudo_free(hreq);
-  return CURLE_OK;
-
-fail:
-  free(nva);
-  Curl_pseudo_free(hreq);
-  return result;
-}
-static ssize_t ngh3_stream_send(struct Curl_easy *data,
-                                int sockindex,
-                                const void *mem,
-                                size_t len,
-                                CURLcode *curlcode)
-{
-  ssize_t sent = 0;
-  struct connectdata *conn = data->conn;
-  struct quicsocket *qs = conn->quic;
-  curl_socket_t sockfd = conn->sock[sockindex];
-  struct HTTP *stream = data->req.p.http;
-
-  if(stream->closed) {
-    *curlcode = CURLE_HTTP3;
-    return -1;
-  }
-
-  if(!stream->h3req) {
-    CURLcode result = http_request(data, mem, len);
-    if(result) {
-      *curlcode = CURLE_SEND_ERROR;
-      return -1;
-    }
-    /* Assume that mem of length len only includes HTTP/1.1 style
-       header fields.  In other words, it does not contain request
-       body. */
-    sent = len;
-  }
-  else {
-    H3BUGF(infof(data, "ngh3_stream_send() wants to send %zd bytes",
-                 len));
-    if(!stream->upload_len) {
-      stream->upload_mem = mem;
-      stream->upload_len = len;
-      (void)nghttp3_conn_resume_stream(qs->h3conn, stream->stream3_id);
-    }
-    else {
-      *curlcode = CURLE_AGAIN;
-      return -1;
-    }
-  }
-
-  if(ng_flush_egress(data, sockfd, qs)) {
-    *curlcode = CURLE_SEND_ERROR;
-    return -1;
-  }
-
-  /* Reset post upload buffer after resumed. */
-  if(stream->upload_mem) {
-    if(data->set.postfields) {
-      sent = len;
-    }
-    else {
-      sent = len - stream->upload_len;
-    }
-
-    stream->upload_mem = NULL;
-    stream->upload_len = 0;
-
-    if(sent == 0) {
-      *curlcode = CURLE_AGAIN;
-      return -1;
-    }
-  }
-
-  *curlcode = CURLE_OK;
-  return sent;
-}
-
-static CURLcode ng_has_connected(struct Curl_easy *data,
-                                 struct connectdata *conn, int tempindex)
-{
-  CURLcode result = CURLE_OK;
-  const char *hostname, *disp_hostname;
-  int port;
-  char *snihost;
-
-  Curl_conn_get_host(data, FIRSTSOCKET, &hostname, &disp_hostname, &port);
-  snihost = Curl_ssl_snihost(data, hostname, NULL);
-  if(!snihost)
-      return CURLE_PEER_FAILED_VERIFICATION;
-
-  conn->recv[FIRSTSOCKET] = ngh3_stream_recv;
-  conn->send[FIRSTSOCKET] = ngh3_stream_send;
-  conn->handler = &Curl_handler_http3;
-  conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
-  conn->httpversion = 30;
-  conn->bundle->multiuse = BUNDLE_MULTIPLEX;
-  conn->quic = &conn->hequic[tempindex];
-
-  if(conn->ssl_config.verifyhost) {
-#ifdef USE_OPENSSL
-    X509 *server_cert;
-    server_cert = SSL_get_peer_certificate(conn->quic->ssl);
-    if(!server_cert) {
-      return CURLE_PEER_FAILED_VERIFICATION;
-    }
-    result = Curl_ossl_verifyhost(data, conn, server_cert);
-    X509_free(server_cert);
-    if(result)
-      return result;
-#elif defined(USE_GNUTLS)
-    result = Curl_gtls_verifyserver(data, conn->quic->gtls->session,
-                                    &conn->ssl_config, &data->set.ssl,
-                                    hostname, disp_hostname,
-                                    data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
-    if(result)
-      return result;
-#elif defined(USE_WOLFSSL)
-    if(wolfSSL_check_domain_name(conn->quic->ssl, snihost) == SSL_FAILURE)
-      return CURLE_PEER_FAILED_VERIFICATION;
-#endif
-    infof(data, "Verified certificate just fine");
-  }
-  else
-    infof(data, "Skipped certificate verification");
-#ifdef USE_OPENSSL
-  if(data->set.ssl.certinfo)
-    /* asked to gather certificate info */
-    (void)Curl_ossl_certchain(data, conn->quic->ssl);
-#endif
-  return result;
-}
-
-/*
- * There can be multiple connection attempts going on in parallel.
- */
-CURLcode Curl_quic_is_connected(struct Curl_easy *data,
-                                struct connectdata *conn,
-                                int sockindex,
-                                bool *done)
-{
-  CURLcode result;
-  struct quicsocket *qs = &conn->hequic[sockindex];
-  curl_socket_t sockfd = conn->tempsock[sockindex];
-
-  result = ng_process_ingress(data, sockfd, qs);
-  if(result)
-    goto error;
-
-  result = ng_flush_egress(data, sockfd, qs);
-  if(result)
-    goto error;
-
-  if(ngtcp2_conn_get_handshake_completed(qs->qconn)) {
-    result = ng_has_connected(data, conn, sockindex);
-    if(!result)
-      *done = TRUE;
-  }
-
-  return result;
-  error:
-  (void)qs_disconnect(qs);
-  return result;
-
-}
-
-static CURLcode ng_process_ingress(struct Curl_easy *data,
-                                   curl_socket_t sockfd,
-                                   struct quicsocket *qs)
-{
-  ssize_t recvd;
-  int rv;
-  uint8_t buf[65536];
-  size_t bufsize = sizeof(buf);
-  struct sockaddr_storage remote_addr;
-  socklen_t remote_addrlen;
-  ngtcp2_path path;
-  ngtcp2_tstamp ts = timestamp();
-  ngtcp2_pkt_info pi = { 0 };
-
-  for(;;) {
-    remote_addrlen = sizeof(remote_addr);
-    while((recvd = recvfrom(sockfd, (char *)buf, bufsize, 0,
-                            (struct sockaddr *)&remote_addr,
-                            &remote_addrlen)) == -1 &&
-          SOCKERRNO == EINTR)
-      ;
-    if(recvd == -1) {
-      if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK)
-        break;
-
-      failf(data, "ngtcp2: recvfrom() unexpectedly returned %zd", recvd);
-      return CURLE_RECV_ERROR;
-    }
-
-    ngtcp2_addr_init(&path.local, (struct sockaddr *)&qs->local_addr,
-                     qs->local_addrlen);
-    ngtcp2_addr_init(&path.remote, (struct sockaddr *)&remote_addr,
-                     remote_addrlen);
-
-    rv = ngtcp2_conn_read_pkt(qs->qconn, &path, &pi, buf, recvd, ts);
-    if(rv) {
-      if(!qs->last_error.error_code) {
-        if(rv == NGTCP2_ERR_CRYPTO) {
-          ngtcp2_connection_close_error_set_transport_error_tls_alert(
-              &qs->last_error, ngtcp2_conn_get_tls_alert(qs->qconn), NULL, 0);
-        }
-        else {
-          ngtcp2_connection_close_error_set_transport_error_liberr(
-              &qs->last_error, rv, NULL, 0);
-        }
-      }
-
-      if(rv == NGTCP2_ERR_CRYPTO)
-        /* this is a "TLS problem", but a failed certificate verification
-           is a common reason for this */
-        return CURLE_PEER_FAILED_VERIFICATION;
-      return CURLE_RECV_ERROR;
-    }
-  }
-
-  return CURLE_OK;
-}
-
-static CURLcode do_sendmsg(size_t *sent, struct Curl_easy *data, int sockfd,
-                           struct quicsocket *qs, const uint8_t *pkt,
-                           size_t pktlen, size_t gsolen);
-
-static CURLcode send_packet_no_gso(size_t *psent, struct Curl_easy *data,
-                                   int sockfd, struct quicsocket *qs,
-                                   const uint8_t *pkt, size_t pktlen,
-                                   size_t gsolen)
-{
-  const uint8_t *p, *end = pkt + pktlen;
-  size_t sent;
-
-  *psent = 0;
-
-  for(p = pkt; p < end; p += gsolen) {
-    size_t len = CURLMIN(gsolen, (size_t)(end - p));
-    CURLcode curlcode = do_sendmsg(&sent, data, sockfd, qs, p, len, len);
-    if(curlcode != CURLE_OK) {
-      return curlcode;
-    }
-    *psent += sent;
-  }
-
-  return CURLE_OK;
-}
-
-static CURLcode do_sendmsg(size_t *psent, struct Curl_easy *data, int sockfd,
-                           struct quicsocket *qs, const uint8_t *pkt,
-                           size_t pktlen, size_t gsolen)
-{
-#ifdef HAVE_SENDMSG
-  struct iovec msg_iov;
-  struct msghdr msg = {0};
-  ssize_t sent;
-#if defined(__linux__) && defined(UDP_SEGMENT)
-  uint8_t msg_ctrl[32];
-  struct cmsghdr *cm;
-#endif
-
-  *psent = 0;
-  msg_iov.iov_base = (uint8_t *)pkt;
-  msg_iov.iov_len = pktlen;
-  msg.msg_iov = &msg_iov;
-  msg.msg_iovlen = 1;
-
-#if defined(__linux__) && defined(UDP_SEGMENT)
-  if(pktlen > gsolen) {
-    /* Only set this, when we need it. macOS, for example,
-     * does not seem to like a msg_control of length 0. */
-    msg.msg_control = msg_ctrl;
-    assert(sizeof(msg_ctrl) >= CMSG_SPACE(sizeof(uint16_t)));
-    msg.msg_controllen = CMSG_SPACE(sizeof(uint16_t));
-    cm = CMSG_FIRSTHDR(&msg);
-    cm->cmsg_level = SOL_UDP;
-    cm->cmsg_type = UDP_SEGMENT;
-    cm->cmsg_len = CMSG_LEN(sizeof(uint16_t));
-    *(uint16_t *)(void *)CMSG_DATA(cm) = gsolen & 0xffff;
-  }
-#endif
-
-
-  while((sent = sendmsg(sockfd, &msg, 0)) == -1 && SOCKERRNO == EINTR)
-    ;
-
-  if(sent == -1) {
-    switch(SOCKERRNO) {
-    case EAGAIN:
-#if EAGAIN != EWOULDBLOCK
-    case EWOULDBLOCK:
-#endif
-      return CURLE_AGAIN;
-    case EMSGSIZE:
-      /* UDP datagram is too large; caused by PMTUD. Just let it be lost. */
-      break;
-    case EIO:
-      if(pktlen > gsolen) {
-        /* GSO failure */
-        failf(data, "sendmsg() returned %zd (errno %d); disable GSO", sent,
-              SOCKERRNO);
-        qs->no_gso = TRUE;
-        return send_packet_no_gso(psent, data, sockfd, qs, pkt, pktlen,
-                                  gsolen);
-      }
-      /* FALLTHROUGH */
-    default:
-      failf(data, "sendmsg() returned %zd (errno %d)", sent, SOCKERRNO);
-      return CURLE_SEND_ERROR;
-    }
-  }
-  else {
-    assert(pktlen == (size_t)sent);
-  }
-#else
-  ssize_t sent;
-  (void)qs;
-  (void)gsolen;
-
-  *psent = 0;
-
-  while((sent = send(sockfd, (const char *)pkt, pktlen, 0)) == -1 &&
-        SOCKERRNO == EINTR)
-    ;
-
-  if(sent == -1) {
-    if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
-      return CURLE_AGAIN;
-    }
-    else {
-      failf(data, "send() returned %zd (errno %d)", sent, SOCKERRNO);
-      if(SOCKERRNO != EMSGSIZE) {
-        return CURLE_SEND_ERROR;
-      }
-      /* UDP datagram is too large; caused by PMTUD. Just let it be
-         lost. */
-    }
-  }
-#endif
-
-  *psent = pktlen;
-
-  return CURLE_OK;
-}
-
-static CURLcode send_packet(size_t *psent, struct Curl_easy *data, int sockfd,
-                            struct quicsocket *qs, const uint8_t *pkt,
-                            size_t pktlen, size_t gsolen)
-{
-  if(qs->no_gso && pktlen > gsolen) {
-    return send_packet_no_gso(psent, data, sockfd, qs, pkt, pktlen, gsolen);
-  }
-
-  return do_sendmsg(psent, data, sockfd, qs, pkt, pktlen, gsolen);
-}
-
-static void push_blocked_pkt(struct quicsocket *qs, const uint8_t *pkt,
-                             size_t pktlen, size_t gsolen)
-{
-  struct blocked_pkt *blkpkt;
-
-  assert(qs->num_blocked_pkt <
-         sizeof(qs->blocked_pkt) / sizeof(qs->blocked_pkt[0]));
-
-  blkpkt = &qs->blocked_pkt[qs->num_blocked_pkt++];
-
-  blkpkt->pkt = pkt;
-  blkpkt->pktlen = pktlen;
-  blkpkt->gsolen = gsolen;
-}
-
-static CURLcode send_blocked_pkt(struct Curl_easy *data, int sockfd,
-                                 struct quicsocket *qs)
-{
-  size_t sent;
-  CURLcode curlcode;
-  struct blocked_pkt *blkpkt;
-
-  for(; qs->num_blocked_pkt_sent < qs->num_blocked_pkt;
-      ++qs->num_blocked_pkt_sent) {
-    blkpkt = &qs->blocked_pkt[qs->num_blocked_pkt_sent];
-    curlcode = send_packet(&sent, data, sockfd, qs, blkpkt->pkt,
-                           blkpkt->pktlen, blkpkt->gsolen);
-
-    if(curlcode) {
-      if(curlcode == CURLE_AGAIN) {
-        blkpkt->pkt += sent;
-        blkpkt->pktlen -= sent;
-      }
-      return curlcode;
-    }
-  }
-
-  qs->num_blocked_pkt = 0;
-  qs->num_blocked_pkt_sent = 0;
-
-  return CURLE_OK;
-}
-
-static CURLcode ng_flush_egress(struct Curl_easy *data,
-                                int sockfd,
-                                struct quicsocket *qs)
-{
-  int rv;
-  size_t sent;
-  ngtcp2_ssize outlen;
-  uint8_t *outpos = qs->pktbuf;
-  size_t max_udp_payload_size =
-      ngtcp2_conn_get_max_tx_udp_payload_size(qs->qconn);
-  size_t path_max_udp_payload_size =
-      ngtcp2_conn_get_path_max_tx_udp_payload_size(qs->qconn);
-  size_t max_pktcnt =
-      CURLMIN(MAX_PKT_BURST, qs->pktbuflen / max_udp_payload_size);
-  size_t pktcnt = 0;
-  size_t gsolen;
-  ngtcp2_path_storage ps;
-  ngtcp2_tstamp ts = timestamp();
-  ngtcp2_tstamp expiry;
-  ngtcp2_duration timeout;
-  int64_t stream_id;
-  nghttp3_ssize veccnt;
-  int fin;
-  nghttp3_vec vec[16];
-  ngtcp2_ssize ndatalen;
-  uint32_t flags;
-  CURLcode curlcode;
-
-  rv = ngtcp2_conn_handle_expiry(qs->qconn, ts);
-  if(rv) {
-    failf(data, "ngtcp2_conn_handle_expiry returned error: %s",
-          ngtcp2_strerror(rv));
-    ngtcp2_connection_close_error_set_transport_error_liberr(&qs->last_error,
-                                                             rv, NULL, 0);
-    return CURLE_SEND_ERROR;
-  }
-
-  if(qs->num_blocked_pkt) {
-    curlcode = send_blocked_pkt(data, sockfd, qs);
-    if(curlcode) {
-      if(curlcode == CURLE_AGAIN) {
-        Curl_expire(data, 1, EXPIRE_QUIC);
-        return CURLE_OK;
-      }
-      return curlcode;
-    }
-  }
-
-  ngtcp2_path_storage_zero(&ps);
-
-  for(;;) {
-    veccnt = 0;
-    stream_id = -1;
-    fin = 0;
-
-    if(qs->h3conn && ngtcp2_conn_get_max_data_left(qs->qconn)) {
-      veccnt = nghttp3_conn_writev_stream(qs->h3conn, &stream_id, &fin, vec,
-                                          sizeof(vec) / sizeof(vec[0]));
-      if(veccnt < 0) {
-        failf(data, "nghttp3_conn_writev_stream returned error: %s",
-              nghttp3_strerror((int)veccnt));
-        ngtcp2_connection_close_error_set_application_error(
-            &qs->last_error,
-            nghttp3_err_infer_quic_app_error_code((int)veccnt), NULL, 0);
-        return CURLE_SEND_ERROR;
-      }
-    }
-
-    flags = NGTCP2_WRITE_STREAM_FLAG_MORE |
-            (fin ? NGTCP2_WRITE_STREAM_FLAG_FIN : 0);
-    outlen = ngtcp2_conn_writev_stream(qs->qconn, &ps.path, NULL, outpos,
-                                       max_udp_payload_size,
-                                       &ndatalen, flags, stream_id,
-                                       (const ngtcp2_vec *)vec, veccnt, ts);
-    if(outlen == 0) {
-      if(outpos != qs->pktbuf) {
-        curlcode = send_packet(&sent, data, sockfd, qs, qs->pktbuf,
-                               outpos - qs->pktbuf, gsolen);
-        if(curlcode) {
-          if(curlcode == CURLE_AGAIN) {
-            push_blocked_pkt(qs, qs->pktbuf + sent, outpos - qs->pktbuf - sent,
-                             gsolen);
-            Curl_expire(data, 1, EXPIRE_QUIC);
-            return CURLE_OK;
-          }
-          return curlcode;
-        }
-      }
-
-      break;
-    }
-    if(outlen < 0) {
-      switch(outlen) {
-      case NGTCP2_ERR_STREAM_DATA_BLOCKED:
-        assert(ndatalen == -1);
-        nghttp3_conn_block_stream(qs->h3conn, stream_id);
-        continue;
-      case NGTCP2_ERR_STREAM_SHUT_WR:
-        assert(ndatalen == -1);
-        nghttp3_conn_shutdown_stream_write(qs->h3conn, stream_id);
-        continue;
-      case NGTCP2_ERR_WRITE_MORE:
-        assert(ndatalen >= 0);
-        rv = nghttp3_conn_add_write_offset(qs->h3conn, stream_id, ndatalen);
-        if(rv) {
-          failf(data, "nghttp3_conn_add_write_offset returned error: %s\n",
-                nghttp3_strerror(rv));
-          return CURLE_SEND_ERROR;
-        }
-        continue;
-      default:
-        assert(ndatalen == -1);
-        failf(data, "ngtcp2_conn_writev_stream returned error: %s",
-              ngtcp2_strerror((int)outlen));
-        ngtcp2_connection_close_error_set_transport_error_liberr(
-            &qs->last_error, (int)outlen, NULL, 0);
-        return CURLE_SEND_ERROR;
-      }
-    }
-    else if(ndatalen >= 0) {
-      rv = nghttp3_conn_add_write_offset(qs->h3conn, stream_id, ndatalen);
-      if(rv) {
-        failf(data, "nghttp3_conn_add_write_offset returned error: %s\n",
-              nghttp3_strerror(rv));
-        return CURLE_SEND_ERROR;
-      }
-    }
-
-    outpos += outlen;
-
-    if(pktcnt == 0) {
-      gsolen = outlen;
-    }
-    else if((size_t)outlen > gsolen ||
-            (gsolen > path_max_udp_payload_size &&
-             (size_t)outlen != gsolen)) {
-      /* Packet larger than path_max_udp_payload_size is PMTUD probe
-         packet and it might not be sent because of EMSGSIZE. Send
-         them separately to minimize the loss. */
-      curlcode = send_packet(&sent, data, sockfd, qs, qs->pktbuf,
-                             outpos - outlen - qs->pktbuf, gsolen);
-      if(curlcode) {
-        if(curlcode == CURLE_AGAIN) {
-          push_blocked_pkt(qs, qs->pktbuf + sent,
-                           outpos - outlen - qs->pktbuf - sent, gsolen);
-          push_blocked_pkt(qs, outpos - outlen, outlen, outlen);
-          Curl_expire(data, 1, EXPIRE_QUIC);
-          return CURLE_OK;
-        }
-        return curlcode;
-      }
-      curlcode = send_packet(&sent, data, sockfd, qs, outpos - outlen, outlen,
-                             outlen);
-      if(curlcode) {
-        if(curlcode == CURLE_AGAIN) {
-          assert(0 == sent);
-          push_blocked_pkt(qs, outpos - outlen, outlen, outlen);
-          Curl_expire(data, 1, EXPIRE_QUIC);
-          return CURLE_OK;
-        }
-        return curlcode;
-      }
-
-      pktcnt = 0;
-      outpos = qs->pktbuf;
-      continue;
-    }
-
-    if(++pktcnt >= max_pktcnt || (size_t)outlen < gsolen) {
-      curlcode = send_packet(&sent, data, sockfd, qs, qs->pktbuf,
-                             outpos - qs->pktbuf, gsolen);
-      if(curlcode) {
-        if(curlcode == CURLE_AGAIN) {
-          push_blocked_pkt(qs, qs->pktbuf + sent, outpos - qs->pktbuf - sent,
-                           gsolen);
-          Curl_expire(data, 1, EXPIRE_QUIC);
-          return CURLE_OK;
-        }
-        return curlcode;
-      }
-
-      pktcnt = 0;
-      outpos = qs->pktbuf;
-    }
-  }
-
-  expiry = ngtcp2_conn_get_expiry(qs->qconn);
-  if(expiry != UINT64_MAX) {
-    if(expiry <= ts) {
-      timeout = 0;
-    }
-    else {
-      timeout = expiry - ts;
-      if(timeout % NGTCP2_MILLISECONDS) {
-        timeout += NGTCP2_MILLISECONDS;
-      }
-    }
-    Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC);
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Called from transfer.c:done_sending when we stop HTTP/3 uploading.
- */
-CURLcode Curl_quic_done_sending(struct Curl_easy *data)
-{
-  struct connectdata *conn = data->conn;
-  DEBUGASSERT(conn);
-  if(conn->handler == &Curl_handler_http3) {
-    /* only for HTTP/3 transfers */
-    struct HTTP *stream = data->req.p.http;
-    struct quicsocket *qs = conn->quic;
-    stream->upload_done = TRUE;
-    (void)nghttp3_conn_resume_stream(qs->h3conn, stream->stream3_id);
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Called from http.c:Curl_http_done when a request completes.
- */
-void Curl_quic_done(struct Curl_easy *data, bool premature)
-{
-  (void)premature;
-  if(data->conn->handler == &Curl_handler_http3) {
-    /* only for HTTP/3 transfers */
-    struct HTTP *stream = data->req.p.http;
-    Curl_dyn_free(&stream->overflow);
-    free(stream->h3out);
-  }
-}
-
-/*
- * Called from transfer.c:data_pending to know if we should keep looping
- * to receive more data from the connection.
- */
-bool Curl_quic_data_pending(const struct Curl_easy *data)
-{
-  /* We may have received more data than we're able to hold in the receive
-     buffer and allocated an overflow buffer. Since it's possible that
-     there's no more data coming on the socket, we need to keep reading
-     until the overflow buffer is empty. */
-  const struct HTTP *stream = data->req.p.http;
-  return Curl_dyn_len(&stream->overflow) > 0;
-}
-
-/*
- * Called from transfer.c:Curl_readwrite when neither HTTP level read
- * nor write is performed. It is a good place to handle timer expiry
- * for QUIC transport.
- */
-CURLcode Curl_quic_idle(struct Curl_easy *data)
-{
-  struct connectdata *conn = data->conn;
-  curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
-  struct quicsocket *qs = conn->quic;
-
-  if(ngtcp2_conn_get_expiry(qs->qconn) > timestamp()) {
-    return CURLE_OK;
-  }
-
-  if(ng_flush_egress(data, sockfd, qs)) {
-    return CURLE_SEND_ERROR;
-  }
-
-  return CURLE_OK;
-}
-
-#endif
diff --git a/lib/vquic/quiche.c b/lib/vquic/quiche.c
deleted file mode 100644
index 2b9a0410f..000000000
--- a/lib/vquic/quiche.c
+++ /dev/null
@@ -1,892 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_QUICHE
-#include <quiche.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include "urldata.h"
-#include "sendf.h"
-#include "strdup.h"
-#include "rand.h"
-#include "quic.h"
-#include "strcase.h"
-#include "multiif.h"
-#include "connect.h"
-#include "strerror.h"
-#include "vquic.h"
-#include "transfer.h"
-#include "h2h3.h"
-#include "vtls/openssl.h"
-#include "vtls/keylog.h"
-
-/* The last 3 #include files should be in this order */
-#include "curl_printf.h"
-#include "curl_memory.h"
-#include "memdebug.h"
-
-#define DEBUG_HTTP3
-/* #define DEBUG_QUICHE */
-#ifdef DEBUG_HTTP3
-#define H3BUGF(x) x
-#else
-#define H3BUGF(x) do { } while(0)
-#endif
-
-#define QUIC_MAX_STREAMS (256*1024)
-#define QUIC_MAX_DATA (1*1024*1024)
-#define QUIC_IDLE_TIMEOUT (60 * 1000) /* milliseconds */
-
-static CURLcode process_ingress(struct Curl_easy *data,
-                                curl_socket_t sockfd,
-                                struct quicsocket *qs);
-
-static CURLcode flush_egress(struct Curl_easy *data, curl_socket_t sockfd,
-                             struct quicsocket *qs);
-
-static CURLcode http_request(struct Curl_easy *data, const void *mem,
-                             size_t len);
-static Curl_recv h3_stream_recv;
-static Curl_send h3_stream_send;
-
-static int quiche_getsock(struct Curl_easy *data,
-                          struct connectdata *conn, curl_socket_t *socks)
-{
-  struct SingleRequest *k = &data->req;
-  int bitmap = GETSOCK_BLANK;
-
-  socks[0] = conn->sock[FIRSTSOCKET];
-
-  /* in an HTTP/2 connection we can basically always get a frame so we should
-     always be ready for one */
-  bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
-
-  /* we're still uploading or the HTTP/2 layer wants to send data */
-  if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND)
-    bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
-
-  return bitmap;
-}
-
-static CURLcode qs_disconnect(struct Curl_easy *data,
-                              struct quicsocket *qs)
-{
-  DEBUGASSERT(qs);
-  if(qs->conn) {
-    (void)quiche_conn_close(qs->conn, TRUE, 0, NULL, 0);
-    /* flushing the egress is not a failsafe way to deliver all the
-       outstanding packets, but we also don't want to get stuck here... */
-    (void)flush_egress(data, qs->sockfd, qs);
-    quiche_conn_free(qs->conn);
-    qs->conn = NULL;
-  }
-  if(qs->h3config)
-    quiche_h3_config_free(qs->h3config);
-  if(qs->h3c)
-    quiche_h3_conn_free(qs->h3c);
-  if(qs->cfg) {
-    quiche_config_free(qs->cfg);
-    qs->cfg = NULL;
-  }
-  return CURLE_OK;
-}
-
-static CURLcode quiche_disconnect(struct Curl_easy *data,
-                                  struct connectdata *conn,
-                                  bool dead_connection)
-{
-  struct quicsocket *qs = conn->quic;
-  (void)dead_connection;
-  return qs_disconnect(data, qs);
-}
-
-void Curl_quic_disconnect(struct Curl_easy *data,
-                          struct connectdata *conn,
-                          int tempindex)
-{
-  if(conn->transport == TRNSPRT_QUIC)
-    qs_disconnect(data, &conn->hequic[tempindex]);
-}
-
-static unsigned int quiche_conncheck(struct Curl_easy *data,
-                                     struct connectdata *conn,
-                                     unsigned int checks_to_perform)
-{
-  (void)data;
-  (void)conn;
-  (void)checks_to_perform;
-  return CONNRESULT_NONE;
-}
-
-static CURLcode quiche_do(struct Curl_easy *data, bool *done)
-{
-  struct HTTP *stream = data->req.p.http;
-  stream->h3req = FALSE; /* not sent */
-  return Curl_http(data, done);
-}
-
-static const struct Curl_handler Curl_handler_http3 = {
-  "HTTPS",                              /* scheme */
-  ZERO_NULL,                            /* setup_connection */
-  quiche_do,                            /* do_it */
-  Curl_http_done,                       /* done */
-  ZERO_NULL,                            /* do_more */
-  ZERO_NULL,                            /* connect_it */
-  ZERO_NULL,                            /* connecting */
-  ZERO_NULL,                            /* doing */
-  quiche_getsock,                       /* proto_getsock */
-  quiche_getsock,                       /* doing_getsock */
-  ZERO_NULL,                            /* domore_getsock */
-  quiche_getsock,                       /* perform_getsock */
-  quiche_disconnect,                    /* disconnect */
-  ZERO_NULL,                            /* readwrite */
-  quiche_conncheck,                     /* connection_check */
-  ZERO_NULL,                            /* attach connection */
-  PORT_HTTP,                            /* defport */
-  CURLPROTO_HTTPS,                      /* protocol */
-  CURLPROTO_HTTP,                       /* family */
-  PROTOPT_SSL | PROTOPT_STREAM          /* flags */
-};
-
-#ifdef DEBUG_QUICHE
-static void quiche_debug_log(const char *line, void *argp)
-{
-  (void)argp;
-  fprintf(stderr, "%s\n", line);
-}
-#endif
-
-static void keylog_callback(const SSL *ssl, const char *line)
-{
-  (void)ssl;
-  Curl_tls_keylog_write_line(line);
-}
-
-static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data)
-{
-  SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method());
-
-  SSL_CTX_set_alpn_protos(ssl_ctx,
-                          (const uint8_t *)QUICHE_H3_APPLICATION_PROTOCOL,
-                          sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1);
-
-  SSL_CTX_set_default_verify_paths(ssl_ctx);
-
-  /* Open the file if a TLS or QUIC backend has not done this before. */
-  Curl_tls_keylog_open();
-  if(Curl_tls_keylog_enabled()) {
-    SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback);
-  }
-
-  {
-    struct connectdata *conn = data->conn;
-    if(conn->ssl_config.verifypeer) {
-      const char * const ssl_cafile = conn->ssl_config.CAfile;
-      const char * const ssl_capath = conn->ssl_config.CApath;
-      if(ssl_cafile || ssl_capath) {
-        SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
-        /* tell OpenSSL where to find CA certificates that are used to verify
-           the server's certificate. */
-        if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) {
-          /* Fail if we insist on successfully verifying the server. */
-          failf(data, "error setting certificate verify locations:"
-                "  CAfile: %s CApath: %s",
-                ssl_cafile ? ssl_cafile : "none",
-                ssl_capath ? ssl_capath : "none");
-          return NULL;
-        }
-        infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
-        infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-      }
-#ifdef CURL_CA_FALLBACK
-      else {
-        /* verifying the peer without any CA certificates won't work so
-           use openssl's built-in default as fallback */
-        SSL_CTX_set_default_verify_paths(ssl_ctx);
-      }
-#endif
-    }
-  }
-  return ssl_ctx;
-}
-
-static int quic_init_ssl(struct quicsocket *qs, struct connectdata *conn)
-{
-  /* this will need some attention when HTTPS proxy over QUIC get fixed */
-  const char * const hostname = conn->host.name;
-
-  DEBUGASSERT(!qs->ssl);
-  qs->ssl = SSL_new(qs->sslctx);
-
-  SSL_set_app_data(qs->ssl, qs);
-
-  /* set SNI */
-  SSL_set_tlsext_host_name(qs->ssl, hostname);
-  return 0;
-}
-
-
-CURLcode Curl_quic_connect(struct Curl_easy *data,
-                           struct connectdata *conn, curl_socket_t sockfd,
-                           int sockindex,
-                           const struct sockaddr *addr, socklen_t addrlen)
-{
-  CURLcode result;
-  struct quicsocket *qs = &conn->hequic[sockindex];
-  char ipbuf[40];
-  int port;
-  int rv;
-
-#ifdef DEBUG_QUICHE
-  /* initialize debug log callback only once */
-  static int debug_log_init = 0;
-  if(!debug_log_init) {
-    quiche_enable_debug_logging(quiche_debug_log, NULL);
-    debug_log_init = 1;
-  }
-#endif
-
-  (void)addr;
-  (void)addrlen;
-
-  qs->sockfd = sockfd;
-  qs->cfg = quiche_config_new(QUICHE_PROTOCOL_VERSION);
-  if(!qs->cfg) {
-    failf(data, "can't create quiche config");
-    return CURLE_FAILED_INIT;
-  }
-
-  quiche_config_set_max_idle_timeout(qs->cfg, QUIC_IDLE_TIMEOUT);
-  quiche_config_set_initial_max_data(qs->cfg, QUIC_MAX_DATA);
-  quiche_config_set_initial_max_stream_data_bidi_local(qs->cfg, QUIC_MAX_DATA);
-  quiche_config_set_initial_max_stream_data_bidi_remote(qs->cfg,
-                                                        QUIC_MAX_DATA);
-  quiche_config_set_initial_max_stream_data_uni(qs->cfg, QUIC_MAX_DATA);
-  quiche_config_set_initial_max_streams_bidi(qs->cfg, QUIC_MAX_STREAMS);
-  quiche_config_set_initial_max_streams_uni(qs->cfg, QUIC_MAX_STREAMS);
-  quiche_config_set_application_protos(qs->cfg,
-                                       (uint8_t *)
-                                       QUICHE_H3_APPLICATION_PROTOCOL,
-                                       sizeof(QUICHE_H3_APPLICATION_PROTOCOL)
-                                       - 1);
-
-  qs->sslctx = quic_ssl_ctx(data);
-  if(!qs->sslctx)
-    return CURLE_QUIC_CONNECT_ERROR;
-
-  if(quic_init_ssl(qs, conn))
-    return CURLE_QUIC_CONNECT_ERROR;
-
-  result = Curl_rand(data, qs->scid, sizeof(qs->scid));
-  if(result)
-    return result;
-
-  qs->local_addrlen = sizeof(qs->local_addr);
-  rv = getsockname(sockfd, (struct sockaddr *)&qs->local_addr,
-                   &qs->local_addrlen);
-  if(rv == -1)
-    return CURLE_QUIC_CONNECT_ERROR;
-
-  qs->conn = quiche_conn_new_with_tls((const uint8_t *) qs->scid,
-                                      sizeof(qs->scid), NULL, 0,
-                                      (struct sockaddr *)&qs->local_addr,
-                                      qs->local_addrlen, addr, addrlen,
-                                      qs->cfg, qs->ssl, false);
-  if(!qs->conn) {
-    failf(data, "can't create quiche connection");
-    return CURLE_OUT_OF_MEMORY;
-  }
-
-  /* Known to not work on Windows */
-#if !defined(WIN32) && defined(HAVE_QUICHE_CONN_SET_QLOG_FD)
-  {
-    int qfd;
-    (void)Curl_qlogdir(data, qs->scid, sizeof(qs->scid), &qfd);
-    if(qfd != -1)
-      quiche_conn_set_qlog_fd(qs->conn, qfd,
-                              "qlog title", "curl qlog");
-  }
-#endif
-
-  result = flush_egress(data, sockfd, qs);
-  if(result)
-    return result;
-
-  /* extract the used address as a string */
-  if(!Curl_addr2string((struct sockaddr*)addr, addrlen, ipbuf, &port)) {
-    char buffer[STRERROR_LEN];
-    failf(data, "ssrem inet_ntop() failed with errno %d: %s",
-          SOCKERRNO, Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
-    return CURLE_BAD_FUNCTION_ARGUMENT;
-  }
-
-  infof(data, "Connect socket %d over QUIC to %s:%ld",
-        sockfd, ipbuf, port);
-
-  Curl_persistconninfo(data, conn, NULL, -1);
-
-  {
-    unsigned char alpn_protocols[] = QUICHE_H3_APPLICATION_PROTOCOL;
-    unsigned alpn_len, offset = 0;
-
-    /* Replace each ALPN length prefix by a comma. */
-    while(offset < sizeof(alpn_protocols) - 1) {
-      alpn_len = alpn_protocols[offset];
-      alpn_protocols[offset] = ',';
-      offset += 1 + alpn_len;
-    }
-
-    infof(data, "Sent QUIC client Initial, ALPN: %s",
-          alpn_protocols + 1);
-  }
-
-  return CURLE_OK;
-}
-
-static CURLcode quiche_has_connected(struct Curl_easy *data,
-                                     struct connectdata *conn,
-                                     int sockindex,
-                                     int tempindex)
-{
-  CURLcode result;
-  struct quicsocket *qs = conn->quic = &conn->hequic[tempindex];
-
-  conn->recv[sockindex] = h3_stream_recv;
-  conn->send[sockindex] = h3_stream_send;
-  conn->handler = &Curl_handler_http3;
-  conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
-  conn->httpversion = 30;
-  conn->bundle->multiuse = BUNDLE_MULTIPLEX;
-
-  if(conn->ssl_config.verifyhost) {
-    X509 *server_cert;
-    server_cert = SSL_get_peer_certificate(qs->ssl);
-    if(!server_cert) {
-      return CURLE_PEER_FAILED_VERIFICATION;
-    }
-    result = Curl_ossl_verifyhost(data, conn, server_cert);
-    X509_free(server_cert);
-    if(result)
-      return result;
-    infof(data, "Verified certificate just fine");
-  }
-  else
-    infof(data, "Skipped certificate verification");
-
-  qs->h3config = quiche_h3_config_new();
-  if(!qs->h3config)
-    return CURLE_OUT_OF_MEMORY;
-
-  /* Create a new HTTP/3 connection on the QUIC connection. */
-  qs->h3c = quiche_h3_conn_new_with_transport(qs->conn, qs->h3config);
-  if(!qs->h3c) {
-    result = CURLE_OUT_OF_MEMORY;
-    goto fail;
-  }
-  if(conn->hequic[1-tempindex].cfg) {
-    qs = &conn->hequic[1-tempindex];
-    quiche_config_free(qs->cfg);
-    quiche_conn_free(qs->conn);
-    qs->cfg = NULL;
-    qs->conn = NULL;
-  }
-  if(data->set.ssl.certinfo)
-    /* asked to gather certificate info */
-    (void)Curl_ossl_certchain(data, qs->ssl);
-
-  return CURLE_OK;
-  fail:
-  quiche_h3_config_free(qs->h3config);
-  quiche_h3_conn_free(qs->h3c);
-  return result;
-}
-
-/*
- * This function gets polled to check if this QUIC connection has connected.
- */
-CURLcode Curl_quic_is_connected(struct Curl_easy *data,
-                                struct connectdata *conn,
-                                int sockindex,
-                                bool *done)
-{
-  CURLcode result;
-  struct quicsocket *qs = &conn->hequic[sockindex];
-  curl_socket_t sockfd = conn->tempsock[sockindex];
-
-  result = process_ingress(data, sockfd, qs);
-  if(result)
-    goto error;
-
-  result = flush_egress(data, sockfd, qs);
-  if(result)
-    goto error;
-
-  if(quiche_conn_is_established(qs->conn)) {
-    *done = TRUE;
-    result = quiche_has_connected(data, conn, 0, sockindex);
-    DEBUGF(infof(data, "quiche established connection"));
-  }
-
-  return result;
-  error:
-  qs_disconnect(data, qs);
-  return result;
-}
-
-static CURLcode process_ingress(struct Curl_easy *data, int sockfd,
-                                struct quicsocket *qs)
-{
-  ssize_t recvd;
-  uint8_t *buf = (uint8_t *)data->state.buffer;
-  size_t bufsize = data->set.buffer_size;
-  struct sockaddr_storage from;
-  socklen_t from_len;
-  quiche_recv_info recv_info;
-
-  DEBUGASSERT(qs->conn);
-
-  /* in case the timeout expired */
-  quiche_conn_on_timeout(qs->conn);
-
-  do {
-    from_len = sizeof(from);
-
-    recvd = recvfrom(sockfd, buf, bufsize, 0,
-                     (struct sockaddr *)&from, &from_len);
-
-    if((recvd < 0) && ((SOCKERRNO == EAGAIN) || (SOCKERRNO == EWOULDBLOCK)))
-      break;
-
-    if(recvd < 0) {
-      failf(data, "quiche: recvfrom() unexpectedly returned %zd "
-            "(errno: %d, socket %d)", recvd, SOCKERRNO, sockfd);
-      return CURLE_RECV_ERROR;
-    }
-
-    recv_info.from = (struct sockaddr *) &from;
-    recv_info.from_len = from_len;
-    recv_info.to = (struct sockaddr *) &qs->local_addr;
-    recv_info.to_len = qs->local_addrlen;
-
-    recvd = quiche_conn_recv(qs->conn, buf, recvd, &recv_info);
-    if(recvd == QUICHE_ERR_DONE)
-      break;
-
-    if(recvd < 0) {
-      if(QUICHE_ERR_TLS_FAIL == recvd) {
-        long verify_ok = SSL_get_verify_result(qs->ssl);
-        if(verify_ok != X509_V_OK) {
-          failf(data, "SSL certificate problem: %s",
-                X509_verify_cert_error_string(verify_ok));
-
-          return CURLE_PEER_FAILED_VERIFICATION;
-        }
-      }
-
-      failf(data, "quiche_conn_recv() == %zd", recvd);
-
-      return CURLE_RECV_ERROR;
-    }
-  } while(1);
-
-  return CURLE_OK;
-}
-
-/*
- * flush_egress drains the buffers and sends off data.
- * Calls failf() on errors.
- */
-static CURLcode flush_egress(struct Curl_easy *data, int sockfd,
-                             struct quicsocket *qs)
-{
-  ssize_t sent;
-  uint8_t out[1200];
-  int64_t timeout_ns;
-  quiche_send_info send_info;
-
-  do {
-    sent = quiche_conn_send(qs->conn, out, sizeof(out), &send_info);
-    if(sent == QUICHE_ERR_DONE)
-      break;
-
-    if(sent < 0) {
-      failf(data, "quiche_conn_send returned %zd", sent);
-      return CURLE_SEND_ERROR;
-    }
-
-    sent = send(sockfd, out, sent, 0);
-    if(sent < 0) {
-      failf(data, "send() returned %zd", sent);
-      return CURLE_SEND_ERROR;
-    }
-  } while(1);
-
-  /* time until the next timeout event, as nanoseconds. */
-  timeout_ns = quiche_conn_timeout_as_nanos(qs->conn);
-  if(timeout_ns)
-    /* expire uses milliseconds */
-    Curl_expire(data, (timeout_ns + 999999) / 1000000, EXPIRE_QUIC);
-
-  return CURLE_OK;
-}
-
-struct h3h1header {
-  char *dest;
-  size_t destlen; /* left to use */
-  size_t nlen; /* used */
-};
-
-static int cb_each_header(uint8_t *name, size_t name_len,
-                          uint8_t *value, size_t value_len,
-                          void *argp)
-{
-  struct h3h1header *headers = (struct h3h1header *)argp;
-  size_t olen = 0;
-
-  if((name_len == 7) && !strncmp(H2H3_PSEUDO_STATUS, (char *)name, 7)) {
-    msnprintf(headers->dest,
-              headers->destlen, "HTTP/3 %.*s\n",
-              (int) value_len, value);
-  }
-  else if(!headers->nlen) {
-    return CURLE_HTTP3;
-  }
-  else {
-    msnprintf(headers->dest,
-              headers->destlen, "%.*s: %.*s\n",
-              (int)name_len, name, (int) value_len, value);
-  }
-  olen = strlen(headers->dest);
-  headers->destlen -= olen;
-  headers->nlen += olen;
-  headers->dest += olen;
-  return 0;
-}
-
-static ssize_t h3_stream_recv(struct Curl_easy *data,
-                              int sockindex,
-                              char *buf,
-                              size_t buffersize,
-                              CURLcode *curlcode)
-{
-  ssize_t recvd = -1;
-  ssize_t rcode;
-  struct connectdata *conn = data->conn;
-  struct quicsocket *qs = conn->quic;
-  curl_socket_t sockfd = conn->sock[sockindex];
-  quiche_h3_event *ev;
-  int rc;
-  struct h3h1header headers;
-  struct HTTP *stream = data->req.p.http;
-  headers.dest = buf;
-  headers.destlen = buffersize;
-  headers.nlen = 0;
-
-  if(process_ingress(data, sockfd, qs)) {
-    infof(data, "h3_stream_recv returns on ingress");
-    *curlcode = CURLE_RECV_ERROR;
-    return -1;
-  }
-
-  if(qs->h3_recving) {
-    /* body receiving state */
-    rcode = quiche_h3_recv_body(qs->h3c, qs->conn, stream->stream3_id,
-                                (unsigned char *)buf, buffersize);
-    if(rcode <= 0) {
-      recvd = -1;
-      qs->h3_recving = FALSE;
-      /* fall through into the while loop below */
-    }
-    else
-      recvd = rcode;
-  }
-
-  while(recvd < 0) {
-    int64_t s = quiche_h3_conn_poll(qs->h3c, qs->conn, &ev);
-    if(s < 0)
-      /* nothing more to do */
-      break;
-
-    if(s != stream->stream3_id) {
-      /* another transfer, ignore for now */
-      infof(data, "Got h3 for stream %u, expects %u",
-            s, stream->stream3_id);
-      continue;
-    }
-
-    switch(quiche_h3_event_type(ev)) {
-    case QUICHE_H3_EVENT_HEADERS:
-      rc = quiche_h3_event_for_each_header(ev, cb_each_header, &headers);
-      if(rc) {
-        *curlcode = rc;
-        failf(data, "Error in HTTP/3 response header");
-        break;
-      }
-      recvd = headers.nlen;
-      break;
-    case QUICHE_H3_EVENT_DATA:
-      if(!stream->firstbody) {
-        /* add a header-body separator CRLF */
-        buf[0] = '\r';
-        buf[1] = '\n';
-        buf += 2;
-        buffersize -= 2;
-        stream->firstbody = TRUE;
-        recvd = 2; /* two bytes already */
-      }
-      else
-        recvd = 0;
-      rcode = quiche_h3_recv_body(qs->h3c, qs->conn, s, (unsigned char *)buf,
-                                  buffersize);
-      if(rcode <= 0) {
-        recvd = -1;
-        break;
-      }
-      qs->h3_recving = TRUE;
-      recvd += rcode;
-      break;
-
-    case QUICHE_H3_EVENT_RESET:
-      streamclose(conn, "Stream reset");
-      *curlcode = CURLE_PARTIAL_FILE;
-      return -1;
-
-    case QUICHE_H3_EVENT_FINISHED:
-      streamclose(conn, "End of stream");
-      recvd = 0; /* end of stream */
-      break;
-    default:
-      break;
-    }
-
-    quiche_h3_event_free(ev);
-  }
-  if(flush_egress(data, sockfd, qs)) {
-    *curlcode = CURLE_SEND_ERROR;
-    return -1;
-  }
-
-  *curlcode = (-1 == recvd)? CURLE_AGAIN : CURLE_OK;
-  if(recvd >= 0)
-    /* Get this called again to drain the event queue */
-    Curl_expire(data, 0, EXPIRE_QUIC);
-
-  data->state.drain = (recvd >= 0) ? 1 : 0;
-  return recvd;
-}
-
-static ssize_t h3_stream_send(struct Curl_easy *data,
-                              int sockindex,
-                              const void *mem,
-                              size_t len,
-                              CURLcode *curlcode)
-{
-  ssize_t sent;
-  struct connectdata *conn = data->conn;
-  struct quicsocket *qs = conn->quic;
-  curl_socket_t sockfd = conn->sock[sockindex];
-  struct HTTP *stream = data->req.p.http;
-
-  if(!stream->h3req) {
-    CURLcode result = http_request(data, mem, len);
-    if(result) {
-      *curlcode = CURLE_SEND_ERROR;
-      return -1;
-    }
-    sent = len;
-  }
-  else {
-    sent = quiche_h3_send_body(qs->h3c, qs->conn, stream->stream3_id,
-                               (uint8_t *)mem, len, FALSE);
-    if(sent == QUICHE_H3_ERR_DONE) {
-      sent = 0;
-    }
-    else if(sent < 0) {
-      *curlcode = CURLE_SEND_ERROR;
-      return -1;
-    }
-  }
-
-  if(flush_egress(data, sockfd, qs)) {
-    *curlcode = CURLE_SEND_ERROR;
-    return -1;
-  }
-
-  *curlcode = CURLE_OK;
-  return sent;
-}
-
-/*
- * Store quiche version info in this buffer.
- */
-void Curl_quic_ver(char *p, size_t len)
-{
-  (void)msnprintf(p, len, "quiche/%s", quiche_version());
-}
-
-/* Index where :authority header field will appear in request header
-   field list. */
-#define AUTHORITY_DST_IDX 3
-
-static CURLcode http_request(struct Curl_easy *data, const void *mem,
-                             size_t len)
-{
-  struct connectdata *conn = data->conn;
-  struct HTTP *stream = data->req.p.http;
-  size_t nheader;
-  int64_t stream3_id;
-  quiche_h3_header *nva = NULL;
-  struct quicsocket *qs = conn->quic;
-  CURLcode result = CURLE_OK;
-  struct h2h3req *hreq = NULL;
-
-  stream->h3req = TRUE; /* senf off! */
-
-  result = Curl_pseudo_headers(data, mem, len, &hreq);
-  if(result)
-    goto fail;
-  nheader = hreq->entries;
-
-  nva = malloc(sizeof(quiche_h3_header) * nheader);
-  if(!nva) {
-    result = CURLE_OUT_OF_MEMORY;
-    goto fail;
-  }
-  else {
-    unsigned int i;
-    for(i = 0; i < nheader; i++) {
-      nva[i].name = (unsigned char *)hreq->header[i].name;
-      nva[i].name_len = hreq->header[i].namelen;
-      nva[i].value = (unsigned char *)hreq->header[i].value;
-      nva[i].value_len = hreq->header[i].valuelen;
-    }
-  }
-
-  switch(data->state.httpreq) {
-  case HTTPREQ_POST:
-  case HTTPREQ_POST_FORM:
-  case HTTPREQ_POST_MIME:
-  case HTTPREQ_PUT:
-    if(data->state.infilesize != -1)
-      stream->upload_left = data->state.infilesize;
-    else
-      /* data sending without specifying the data amount up front */
-      stream->upload_left = -1; /* unknown, but not zero */
-
-    stream3_id = quiche_h3_send_request(qs->h3c, qs->conn, nva, nheader,
-                                        stream->upload_left ? FALSE: TRUE);
-    if((stream3_id >= 0) && data->set.postfields) {
-      ssize_t sent = quiche_h3_send_body(qs->h3c, qs->conn, stream3_id,
-                                         (uint8_t *)data->set.postfields,
-                                         stream->upload_left, TRUE);
-      if(sent <= 0) {
-        failf(data, "quiche_h3_send_body failed");
-        result = CURLE_SEND_ERROR;
-      }
-      stream->upload_left = 0; /* nothing left to send */
-    }
-    break;
-  default:
-    stream3_id = quiche_h3_send_request(qs->h3c, qs->conn, nva, nheader,
-                                        TRUE);
-    break;
-  }
-
-  Curl_safefree(nva);
-
-  if(stream3_id < 0) {
-    H3BUGF(infof(data, "quiche_h3_send_request returned %d",
-                 stream3_id));
-    result = CURLE_SEND_ERROR;
-    goto fail;
-  }
-
-  infof(data, "Using HTTP/3 Stream ID: %x (easy handle %p)",
-        stream3_id, (void *)data);
-  stream->stream3_id = stream3_id;
-
-  Curl_pseudo_free(hreq);
-  return CURLE_OK;
-
-fail:
-  free(nva);
-  Curl_pseudo_free(hreq);
-  return result;
-}
-
-/*
- * Called from transfer.c:done_sending when we stop HTTP/3 uploading.
- */
-CURLcode Curl_quic_done_sending(struct Curl_easy *data)
-{
-  struct connectdata *conn = data->conn;
-  DEBUGASSERT(conn);
-  if(conn->handler == &Curl_handler_http3) {
-    /* only for HTTP/3 transfers */
-    ssize_t sent;
-    struct HTTP *stream = data->req.p.http;
-    struct quicsocket *qs = conn->quic;
-    stream->upload_done = TRUE;
-    sent = quiche_h3_send_body(qs->h3c, qs->conn, stream->stream3_id,
-                               NULL, 0, TRUE);
-    if(sent < 0)
-      return CURLE_SEND_ERROR;
-  }
-
-  return CURLE_OK;
-}
-
-/*
- * Called from http.c:Curl_http_done when a request completes.
- */
-void Curl_quic_done(struct Curl_easy *data, bool premature)
-{
-  (void)data;
-  (void)premature;
-}
-
-/*
- * Called from transfer.c:data_pending to know if we should keep looping
- * to receive more data from the connection.
- */
-bool Curl_quic_data_pending(const struct Curl_easy *data)
-{
-  (void)data;
-  return FALSE;
-}
-
-/*
- * Called from transfer.c:Curl_readwrite when neither HTTP level read
- * nor write is performed. It is a good place to handle timer expiry
- * for QUIC transport.
- */
-CURLcode Curl_quic_idle(struct Curl_easy *data)
-{
-  (void)data;
-  return CURLE_OK;
-}
-
-#endif
diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c
index e52a4f301..bbdeabd69 100644
--- a/lib/vquic/vquic.c
+++ b/lib/vquic/vquic.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,15 +24,26 @@
 
 #include "curl_setup.h"
 
-#ifdef ENABLE_QUIC
-
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include "urldata.h"
 #include "dynbuf.h"
-#include "curl_printf.h"
+#include "cfilters.h"
+#include "curl_log.h"
+#include "curl_msh3.h"
+#include "curl_ngtcp2.h"
+#include "curl_quiche.h"
 #include "vquic.h"
+#include "vquic_int.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+
+#ifdef ENABLE_QUIC
 
 #ifdef O_BINARY
 #define QLOGMODE O_WRONLY|O_CREAT|O_BINARY
@@ -40,6 +51,232 @@
 #define QLOGMODE O_WRONLY|O_CREAT
 #endif
 
+void Curl_quic_ver(char *p, size_t len)
+{
+#ifdef USE_NGTCP2
+  Curl_ngtcp2_ver(p, len);
+#elif defined(USE_QUICHE)
+  Curl_quiche_ver(p, len);
+#elif defined(USE_MSH3)
+  Curl_msh3_ver(p, len);
+#endif
+}
+
+CURLcode vquic_ctx_init(struct cf_quic_ctx *qctx, size_t pktbuflen)
+{
+  qctx->num_blocked_pkt = 0;
+  qctx->num_blocked_pkt_sent = 0;
+  memset(&qctx->blocked_pkt, 0, sizeof(qctx->blocked_pkt));
+
+  qctx->pktbuflen = pktbuflen;
+  qctx->pktbuf = malloc(qctx->pktbuflen);
+  if(!qctx->pktbuf)
+    return CURLE_OUT_OF_MEMORY;
+
+#if defined(__linux__) && defined(UDP_SEGMENT) && defined(HAVE_SENDMSG)
+  qctx->no_gso = FALSE;
+#else
+  qctx->no_gso = TRUE;
+#endif
+
+  return CURLE_OK;
+}
+
+void vquic_ctx_free(struct cf_quic_ctx *qctx)
+{
+  free(qctx->pktbuf);
+  qctx->pktbuf = NULL;
+}
+
+static CURLcode send_packet_no_gso(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+                                   struct cf_quic_ctx *qctx,
+                                   const uint8_t *pkt, size_t pktlen,
+                                   size_t gsolen, size_t *psent);
+
+static CURLcode do_sendmsg(struct Curl_cfilter *cf,
+                           struct Curl_easy *data,
+                           struct cf_quic_ctx *qctx,
+                           const uint8_t *pkt, size_t pktlen, size_t gsolen,
+                           size_t *psent)
+{
+#ifdef HAVE_SENDMSG
+  struct iovec msg_iov;
+  struct msghdr msg = {0};
+  ssize_t sent;
+#if defined(__linux__) && defined(UDP_SEGMENT)
+  uint8_t msg_ctrl[32];
+  struct cmsghdr *cm;
+#endif
+
+  *psent = 0;
+  msg_iov.iov_base = (uint8_t *)pkt;
+  msg_iov.iov_len = pktlen;
+  msg.msg_iov = &msg_iov;
+  msg.msg_iovlen = 1;
+
+#if defined(__linux__) && defined(UDP_SEGMENT)
+  if(pktlen > gsolen) {
+    /* Only set this, when we need it. macOS, for example,
+     * does not seem to like a msg_control of length 0. */
+    msg.msg_control = msg_ctrl;
+    assert(sizeof(msg_ctrl) >= CMSG_SPACE(sizeof(uint16_t)));
+    msg.msg_controllen = CMSG_SPACE(sizeof(uint16_t));
+    cm = CMSG_FIRSTHDR(&msg);
+    cm->cmsg_level = SOL_UDP;
+    cm->cmsg_type = UDP_SEGMENT;
+    cm->cmsg_len = CMSG_LEN(sizeof(uint16_t));
+    *(uint16_t *)(void *)CMSG_DATA(cm) = gsolen & 0xffff;
+  }
+#endif
+
+
+  while((sent = sendmsg(qctx->sockfd, &msg, 0)) == -1 && SOCKERRNO == EINTR)
+    ;
+
+  if(sent == -1) {
+    switch(SOCKERRNO) {
+    case EAGAIN:
+#if EAGAIN != EWOULDBLOCK
+    case EWOULDBLOCK:
+#endif
+      return CURLE_AGAIN;
+    case EMSGSIZE:
+      /* UDP datagram is too large; caused by PMTUD. Just let it be lost. */
+      break;
+    case EIO:
+      if(pktlen > gsolen) {
+        /* GSO failure */
+        failf(data, "sendmsg() returned %zd (errno %d); disable GSO", sent,
+              SOCKERRNO);
+        qctx->no_gso = TRUE;
+        return send_packet_no_gso(cf, data, qctx, pkt, pktlen, gsolen, psent);
+      }
+      /* FALLTHROUGH */
+    default:
+      failf(data, "sendmsg() returned %zd (errno %d)", sent, SOCKERRNO);
+      return CURLE_SEND_ERROR;
+    }
+  }
+  else {
+    assert(pktlen == (size_t)sent);
+  }
+#else
+  ssize_t sent;
+  (void)gsolen;
+
+  *psent = 0;
+
+  while((sent = send(qctx->sockfd,
+                     (const char *)pkt, (SEND_TYPE_ARG3)pktlen, 0)) == -1 &&
+        SOCKERRNO == EINTR)
+    ;
+
+  if(sent == -1) {
+    if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
+      return CURLE_AGAIN;
+    }
+    else {
+      failf(data, "send() returned %zd (errno %d)", sent, SOCKERRNO);
+      if(SOCKERRNO != EMSGSIZE) {
+        return CURLE_SEND_ERROR;
+      }
+      /* UDP datagram is too large; caused by PMTUD. Just let it be
+         lost. */
+    }
+  }
+#endif
+  (void)cf;
+  *psent = pktlen;
+
+  return CURLE_OK;
+}
+
+static CURLcode send_packet_no_gso(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+                                   struct cf_quic_ctx *qctx,
+                                   const uint8_t *pkt, size_t pktlen,
+                                   size_t gsolen, size_t *psent)
+{
+  const uint8_t *p, *end = pkt + pktlen;
+  size_t sent;
+
+  *psent = 0;
+
+  for(p = pkt; p < end; p += gsolen) {
+    size_t len = CURLMIN(gsolen, (size_t)(end - p));
+    CURLcode curlcode = do_sendmsg(cf, data, qctx, p, len, len, &sent);
+    if(curlcode != CURLE_OK) {
+      return curlcode;
+    }
+    *psent += sent;
+  }
+
+  return CURLE_OK;
+}
+
+CURLcode vquic_send_packet(struct Curl_cfilter *cf,
+                           struct Curl_easy *data,
+                           struct cf_quic_ctx *qctx,
+                           const uint8_t *pkt, size_t pktlen, size_t gsolen,
+                           size_t *psent)
+{
+  if(qctx->no_gso && pktlen > gsolen) {
+    return send_packet_no_gso(cf, data, qctx, pkt, pktlen, gsolen, psent);
+  }
+
+  return do_sendmsg(cf, data, qctx, pkt, pktlen, gsolen, psent);
+}
+
+
+
+void vquic_push_blocked_pkt(struct Curl_cfilter *cf,
+                            struct cf_quic_ctx *qctx,
+                            const uint8_t *pkt, size_t pktlen, size_t gsolen)
+{
+  struct vquic_blocked_pkt *blkpkt;
+
+  (void)cf;
+  assert(qctx->num_blocked_pkt <
+         sizeof(qctx->blocked_pkt) / sizeof(qctx->blocked_pkt[0]));
+
+  blkpkt = &qctx->blocked_pkt[qctx->num_blocked_pkt++];
+
+  blkpkt->pkt = pkt;
+  blkpkt->pktlen = pktlen;
+  blkpkt->gsolen = gsolen;
+}
+
+CURLcode vquic_send_blocked_pkt(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                struct cf_quic_ctx *qctx)
+{
+  size_t sent;
+  CURLcode curlcode;
+  struct vquic_blocked_pkt *blkpkt;
+
+  (void)cf;
+  for(; qctx->num_blocked_pkt_sent < qctx->num_blocked_pkt;
+      ++qctx->num_blocked_pkt_sent) {
+    blkpkt = &qctx->blocked_pkt[qctx->num_blocked_pkt_sent];
+    curlcode = vquic_send_packet(cf, data, qctx, blkpkt->pkt,
+                                 blkpkt->pktlen, blkpkt->gsolen, &sent);
+
+    if(curlcode) {
+      if(curlcode == CURLE_AGAIN) {
+        blkpkt->pkt += sent;
+        blkpkt->pktlen -= sent;
+      }
+      return curlcode;
+    }
+  }
+
+  qctx->num_blocked_pkt = 0;
+  qctx->num_blocked_pkt_sent = 0;
+
+  return CURLE_OK;
+}
+
 /*
  * If the QLOGDIR environment variable is set, open and return a file
  * descriptor to write the log to.
@@ -84,4 +321,80 @@ CURLcode Curl_qlogdir(struct Curl_easy *data,
 
   return CURLE_OK;
 }
+
+CURLcode Curl_cf_quic_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             struct connectdata *conn,
+                             const struct Curl_addrinfo *ai,
+                             int transport)
+{
+  (void)transport;
+  DEBUGASSERT(transport == TRNSPRT_QUIC);
+#ifdef USE_NGTCP2
+  return Curl_cf_ngtcp2_create(pcf, data, conn, ai);
+#elif defined(USE_QUICHE)
+  return Curl_cf_quiche_create(pcf, data, conn, ai);
+#elif defined(USE_MSH3)
+  return Curl_cf_msh3_create(pcf, data, conn, ai);
+#else
+  *pcf = NULL;
+  (void)data;
+  (void)conn;
+  (void)ai;
+  return CURLE_NOT_BUILT_IN;
+#endif
+}
+
+bool Curl_conn_is_http3(const struct Curl_easy *data,
+                        const struct connectdata *conn,
+                        int sockindex)
+{
+#ifdef USE_NGTCP2
+  return Curl_conn_is_ngtcp2(data, conn, sockindex);
+#elif defined(USE_QUICHE)
+  return Curl_conn_is_quiche(data, conn, sockindex);
+#elif defined(USE_MSH3)
+  return Curl_conn_is_msh3(data, conn, sockindex);
+#else
+  return ((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+          (conn->httpversion == 30));
+#endif
+}
+
+CURLcode Curl_conn_may_http3(struct Curl_easy *data,
+                             const struct connectdata *conn)
+{
+  if(conn->transport == TRNSPRT_UNIX) {
+    /* cannot do QUIC over a unix domain socket */
+    return CURLE_QUIC_CONNECT_ERROR;
+  }
+  if(!(conn->handler->flags & PROTOPT_SSL)) {
+    failf(data, "HTTP/3 requested for non-HTTPS URL");
+    return CURLE_URL_MALFORMAT;
+  }
+#ifndef CURL_DISABLE_PROXY
+  if(conn->bits.socksproxy) {
+    failf(data, "HTTP/3 is not supported over a SOCKS proxy");
+    return CURLE_URL_MALFORMAT;
+  }
+  if(conn->bits.httpproxy && conn->bits.tunnel_proxy) {
+    failf(data, "HTTP/3 is not supported over a HTTP proxy");
+    return CURLE_URL_MALFORMAT;
+  }
 #endif
+
+  return CURLE_OK;
+}
+
+#else /* ENABLE_QUIC */
+
+CURLcode Curl_conn_may_http3(struct Curl_easy *data,
+                             const struct connectdata *conn)
+{
+  (void)conn;
+  (void)data;
+  DEBUGF(infof(data, "QUIC is not supported in this build"));
+  return CURLE_NOT_BUILT_IN;
+}
+
+#endif /* !ENABLE_QUIC */
diff --git a/lib/vquic/vquic.h b/lib/vquic/vquic.h
index 8f599a8f4..dc73957aa 100644
--- a/lib/vquic/vquic.h
+++ b/lib/vquic/vquic.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -27,10 +27,38 @@
 #include "curl_setup.h"
 
 #ifdef ENABLE_QUIC
+struct Curl_cfilter;
+struct Curl_easy;
+struct connectdata;
+struct Curl_addrinfo;
+
+void Curl_quic_ver(char *p, size_t len);
+
 CURLcode Curl_qlogdir(struct Curl_easy *data,
                       unsigned char *scid,
                       size_t scidlen,
                       int *qlogfdp);
-#endif
+
+
+CURLcode Curl_cf_quic_create(struct Curl_cfilter **pcf,
+                             struct Curl_easy *data,
+                             struct connectdata *conn,
+                             const struct Curl_addrinfo *ai,
+                             int transport);
+
+bool Curl_conn_is_http3(const struct Curl_easy *data,
+                        const struct connectdata *conn,
+                        int sockindex);
+
+extern struct Curl_cftype Curl_cft_http3;
+
+#else /* ENABLE_QUIC */
+
+#define Curl_conn_is_http3(a,b,c)   FALSE
+
+#endif /* !ENABLE_QUIC */
+
+CURLcode Curl_conn_may_http3(struct Curl_easy *data,
+                             const struct connectdata *conn);
 
 #endif /* HEADER_CURL_VQUIC_QUIC_H */
diff --git a/lib/vquic/ngtcp2.h b/lib/vquic/vquic_int.h
index 2265999e2..42aba39b0 100644
--- a/lib/vquic/ngtcp2.h
+++ b/lib/vquic/vquic_int.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_VQUIC_NGTCP2_H
-#define HEADER_CURL_VQUIC_NGTCP2_H
+#ifndef HEADER_CURL_VQUIC_QUIC_INT_H
+#define HEADER_CURL_VQUIC_QUIC_INT_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,68 +26,47 @@
 
 #include "curl_setup.h"
 
-#ifdef USE_NGTCP2
+#ifdef ENABLE_QUIC
 
-#ifdef HAVE_NETINET_UDP_H
-#include <netinet/udp.h>
-#endif
-
-#include <ngtcp2/ngtcp2_crypto.h>
-#include <nghttp3/nghttp3.h>
-#ifdef USE_OPENSSL
-#include <openssl/ssl.h>
-#elif defined(USE_WOLFSSL)
-#include <wolfssl/options.h>
-#include <wolfssl/ssl.h>
-#include <wolfssl/quic.h>
-#endif
-
-struct gtls_instance;
-
-struct blocked_pkt {
+struct vquic_blocked_pkt {
   const uint8_t *pkt;
   size_t pktlen;
   size_t gsolen;
 };
 
-struct quicsocket {
-  struct connectdata *conn; /* point back to the connection */
-  ngtcp2_conn *qconn;
-  ngtcp2_cid dcid;
-  ngtcp2_cid scid;
-  uint32_t version;
-  ngtcp2_settings settings;
-  ngtcp2_transport_params transport_params;
-  ngtcp2_connection_close_error last_error;
-  ngtcp2_crypto_conn_ref conn_ref;
-#ifdef USE_OPENSSL
-  SSL_CTX *sslctx;
-  SSL *ssl;
-#elif defined(USE_GNUTLS)
-  struct gtls_instance *gtls;
-#elif defined(USE_WOLFSSL)
-  WOLFSSL_CTX *sslctx;
-  WOLFSSL *ssl;
-#endif
+struct cf_quic_ctx {
+  curl_socket_t sockfd;
   struct sockaddr_storage local_addr;
   socklen_t local_addrlen;
-  bool no_gso;
+  struct vquic_blocked_pkt blocked_pkt[2];
   uint8_t *pktbuf;
-  size_t pktbuflen;
   /* the number of entries in blocked_pkt */
   size_t num_blocked_pkt;
-  /* the number of processed entries in blocked_pkt */
   size_t num_blocked_pkt_sent;
   /* the packets blocked by sendmsg (EAGAIN or EWOULDBLOCK) */
-  struct blocked_pkt blocked_pkt[2];
-
-  nghttp3_conn *h3conn;
-  nghttp3_settings h3settings;
-  int qlogfd;
+  size_t pktbuflen;
+  /* the number of processed entries in blocked_pkt */
+  bool no_gso;
 };
 
-#include "urldata.h"
+CURLcode vquic_ctx_init(struct cf_quic_ctx *qctx, size_t pktbuflen);
+void vquic_ctx_free(struct cf_quic_ctx *qctx);
+
+CURLcode vquic_send_packet(struct Curl_cfilter *cf,
+                           struct Curl_easy *data,
+                           struct cf_quic_ctx *qctx,
+                           const uint8_t *pkt, size_t pktlen, size_t gsolen,
+                           size_t *psent);
+
+void vquic_push_blocked_pkt(struct Curl_cfilter *cf,
+                            struct cf_quic_ctx *qctx,
+                            const uint8_t *pkt, size_t pktlen, size_t gsolen);
+
+CURLcode vquic_send_blocked_pkt(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                struct cf_quic_ctx *qctx);
+
 
-#endif
+#endif /* !ENABLE_QUIC */
 
-#endif /* HEADER_CURL_VQUIC_NGTCP2_H */
+#endif /* HEADER_CURL_VQUIC_QUIC_INT_H */
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index d9fa58acf..b31f741ba 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2017 - 2022 Red Hat, Inc.
+ * Copyright (C) Red Hat, Inc.
  *
  * Authors: Nikos Mavrogiannopoulos, Tomas Mraz, Stanislav Zidek,
  *          Robert Kolcun, Andreas Schneider
@@ -685,7 +685,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
   struct ssh_conn *sshc = &conn->proto.sshc;
   curl_socket_t sock = conn->sock[FIRSTSOCKET];
   int rc = SSH_NO_ERROR, err;
-  char *new_readdir_line;
   int seekerr = CURL_SEEKFUNC_OK;
   const char *err_msg;
   *block = 0;                   /* we're not blocking by default */
@@ -1432,7 +1431,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
       break;
 
     case SSH_SFTP_READDIR:
-
+      Curl_dyn_reset(&sshc->readdir_buf);
       if(sshc->readdir_attrs)
         sftp_attributes_free(sshc->readdir_attrs);
 
@@ -1468,17 +1467,12 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
                      sshc->readdir_len);
         }
         else {
-          sshc->readdir_currLen = strlen(sshc->readdir_longentry);
-          sshc->readdir_totalLen = 80 + sshc->readdir_currLen;
-          sshc->readdir_line = calloc(sshc->readdir_totalLen, 1);
-          if(!sshc->readdir_line) {
-            state(data, SSH_SFTP_CLOSE);
+          if(Curl_dyn_add(&sshc->readdir_buf, sshc->readdir_longentry)) {
             sshc->actualcode = CURLE_OUT_OF_MEMORY;
+            state(data, SSH_STOP);
             break;
           }
 
-          memcpy(sshc->readdir_line, sshc->readdir_longentry,
-                 sshc->readdir_currLen);
           if((sshc->readdir_attrs->flags & SSH_FILEXFER_ATTR_PERMISSIONS) &&
              ((sshc->readdir_attrs->permissions & SSH_S_IFMT) ==
               SSH_S_IFLNK)) {
@@ -1541,24 +1535,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
 
       Curl_safefree(sshc->readdir_linkPath);
 
-      /* get room for the filename and extra output */
-      sshc->readdir_totalLen += 4 + sshc->readdir_len;
-      new_readdir_line = Curl_saferealloc(sshc->readdir_line,
-                                          sshc->readdir_totalLen);
-      if(!new_readdir_line) {
-        sshc->readdir_line = NULL;
-        state(data, SSH_SFTP_CLOSE);
+      if(Curl_dyn_addf(&sshc->readdir_buf, " -> %s",
+                       sshc->readdir_filename)) {
         sshc->actualcode = CURLE_OUT_OF_MEMORY;
         break;
       }
-      sshc->readdir_line = new_readdir_line;
-
-      sshc->readdir_currLen += msnprintf(sshc->readdir_line +
-                                         sshc->readdir_currLen,
-                                         sshc->readdir_totalLen -
-                                         sshc->readdir_currLen,
-                                         " -> %s",
-                                         sshc->readdir_filename);
 
       sftp_attributes_free(sshc->readdir_link_attrs);
       sshc->readdir_link_attrs = NULL;
@@ -1568,21 +1549,19 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
       state(data, SSH_SFTP_READDIR_BOTTOM);
       /* FALLTHROUGH */
     case SSH_SFTP_READDIR_BOTTOM:
-      sshc->readdir_currLen += msnprintf(sshc->readdir_line +
-                                         sshc->readdir_currLen,
-                                         sshc->readdir_totalLen -
-                                         sshc->readdir_currLen, "\n");
-      result = Curl_client_write(data, CLIENTWRITE_BODY,
-                                 sshc->readdir_line,
-                                 sshc->readdir_currLen);
+      if(Curl_dyn_addn(&sshc->readdir_buf, "\n", 1))
+        result = CURLE_OUT_OF_MEMORY;
+      else
+        result = Curl_client_write(data, CLIENTWRITE_BODY,
+                                   Curl_dyn_ptr(&sshc->readdir_buf),
+                                   Curl_dyn_len(&sshc->readdir_buf));
 
       if(!result) {
         /* output debug output if that is requested */
-        Curl_debug(data, CURLINFO_DATA_OUT, sshc->readdir_line,
-                   sshc->readdir_currLen);
-        data->req.bytecount += sshc->readdir_currLen;
+        Curl_debug(data, CURLINFO_DATA_OUT, Curl_dyn_ptr(&sshc->readdir_buf),
+                   Curl_dyn_len(&sshc->readdir_buf));
+        data->req.bytecount += Curl_dyn_len(&sshc->readdir_buf);
       }
-      Curl_safefree(sshc->readdir_line);
       ssh_string_free_char(sshc->readdir_tmp);
       sshc->readdir_tmp = NULL;
 
@@ -2021,7 +2000,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
       Curl_safefree(sshc->rsa);
       Curl_safefree(sshc->quote_path1);
       Curl_safefree(sshc->quote_path2);
-      Curl_safefree(sshc->readdir_line);
+      Curl_dyn_free(&sshc->readdir_buf);
       Curl_safefree(sshc->readdir_linkPath);
       SSH_STRING_FREE_CHAR(sshc->homedir);
 
@@ -2166,11 +2145,12 @@ static CURLcode myssh_setup_connection(struct Curl_easy *data,
                                        struct connectdata *conn)
 {
   struct SSHPROTO *ssh;
-  (void)conn;
+  struct ssh_conn *sshc = &conn->proto.sshc;
 
   data->req.p.ssh = ssh = calloc(1, sizeof(struct SSHPROTO));
   if(!ssh)
     return CURLE_OUT_OF_MEMORY;
+  Curl_dyn_init(&sshc->readdir_buf, PATH_MAX * 2);
 
   return CURLE_OK;
 }
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index ce9229f8f..f1154dc47 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -100,10 +100,11 @@
 
 /* Local functions: */
 static const char *sftp_libssh2_strerror(unsigned long err);
+#ifdef CURL_LIBSSH2_DEBUG
 static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc);
 static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc);
 static LIBSSH2_FREE_FUNC(my_libssh2_free);
-
+#endif
 static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data);
 static CURLcode ssh_connect(struct Curl_easy *data, bool *done);
 static CURLcode ssh_multi_statemach(struct Curl_easy *data, bool *done);
@@ -144,7 +145,7 @@ const struct Curl_handler Curl_handler_scp = {
   scp_disconnect,                       /* disconnect */
   ZERO_NULL,                            /* readwrite */
   ZERO_NULL,                            /* connection_check */
-  ssh_attach,
+  ssh_attach,                           /* attach */
   PORT_SSH,                             /* defport */
   CURLPROTO_SCP,                        /* protocol */
   CURLPROTO_SCP,                        /* family */
@@ -173,7 +174,7 @@ const struct Curl_handler Curl_handler_sftp = {
   sftp_disconnect,                      /* disconnect */
   ZERO_NULL,                            /* readwrite */
   ZERO_NULL,                            /* connection_check */
-  ssh_attach,
+  ssh_attach,                           /* attach */
   PORT_SSH,                             /* defport */
   CURLPROTO_SFTP,                       /* protocol */
   CURLPROTO_SFTP,                       /* family */
@@ -283,6 +284,8 @@ static CURLcode libssh2_session_error_to_CURLE(int err)
   return CURLE_SSH;
 }
 
+#ifdef CURL_LIBSSH2_DEBUG
+
 static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc)
 {
   (void)abstract; /* arg not used */
@@ -302,6 +305,8 @@ static LIBSSH2_FREE_FUNC(my_libssh2_free)
     free(ptr);
 }
 
+#endif
+
 /*
  * SSH State machine related code
  */
@@ -840,6 +845,8 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data)
 #endif
   static const char * const hostkey_method_ssh_rsa
     = "ssh-rsa";
+  static const char * const hostkey_method_ssh_rsa_all
+    = "rsa-sha2-256,rsa-sha2-512,ssh-rsa";
   static const char * const hostkey_method_ssh_dss
     = "ssh-dss";
 
@@ -914,7 +921,16 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data)
         break;
 #endif
       case LIBSSH2_KNOWNHOST_KEY_SSHRSA:
-        hostkey_method = hostkey_method_ssh_rsa;
+#ifdef HAVE_LIBSSH2_VERSION
+        if(libssh2_version(0x010900))
+          /* since 1.9.0 libssh2_session_method_pref() works as expected */
+          hostkey_method = hostkey_method_ssh_rsa_all;
+        else
+#endif
+          /* old libssh2 which cannot correctly remove unsupported methods due
+           * to bug in src/kex.c or does not support the new methods anyways.
+           */
+          hostkey_method = hostkey_method_ssh_rsa;
         break;
       case LIBSSH2_KNOWNHOST_KEY_SSHDSS:
         hostkey_method = hostkey_method_ssh_dss;
@@ -2389,7 +2405,6 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
       result = Curl_dyn_addf(&sshp->readdir, " -> %s", sshp->readdir_filename);
 
       if(result) {
-        sshc->readdir_line = NULL;
         Curl_safefree(sshp->readdir_filename);
         Curl_safefree(sshp->readdir_longentry);
         state(data, SSH_SFTP_CLOSE);
@@ -2993,12 +3008,9 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
 
       Curl_safefree(sshc->rsa_pub);
       Curl_safefree(sshc->rsa);
-
       Curl_safefree(sshc->quote_path1);
       Curl_safefree(sshc->quote_path2);
-
       Curl_safefree(sshc->homedir);
-      Curl_safefree(sshc->readdir_line);
 
       /* the code we are about to return */
       result = sshc->actualcode;
@@ -3257,9 +3269,13 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
   sock = conn->sock[FIRSTSOCKET];
 #endif /* CURL_LIBSSH2_DEBUG */
 
+#ifdef CURL_LIBSSH2_DEBUG
   sshc->ssh_session = libssh2_session_init_ex(my_libssh2_malloc,
                                               my_libssh2_free,
                                               my_libssh2_realloc, data);
+#else
+  sshc->ssh_session = libssh2_session_init();
+#endif
   if(!sshc->ssh_session) {
     failf(data, "Failure initialising ssh session");
     return CURLE_FAILED_INIT;
diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h
index 13bb8aa2d..1e1b1379c 100644
--- a/lib/vssh/ssh.h
+++ b/lib/vssh/ssh.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -147,7 +147,6 @@ struct ssh_conn {
 
   char *homedir;              /* when doing SFTP we figure out home dir in the
                                  connect phase */
-  char *readdir_line;
   /* end of READDIR stuff */
 
   int secondCreateDirs;         /* counter use by the code to see if the
@@ -158,7 +157,8 @@ struct ssh_conn {
 
 #if defined(USE_LIBSSH)
   char *readdir_linkPath;
-  size_t readdir_len, readdir_totalLen, readdir_currLen;
+  size_t readdir_len;
+  struct dynbuf readdir_buf;
 /* our variables */
   unsigned kbd_state; /* 0 or 1 */
   ssh_key privkey;
diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c
index 6a8fb560d..17d59ecd2 100644
--- a/lib/vssh/wolfssh.c
+++ b/lib/vssh/wolfssh.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
index d9c0ce0ee..7e3eb79ce 100644
--- a/lib/vtls/bearssl.c
+++ b/lib/vtls/bearssl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org>
+ * Copyright (C) Michael Forney, <mforney@mforney.org>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -58,7 +58,7 @@ struct ssl_backend_data {
   unsigned char buf[BR_SSL_BUFSIZE_BIDI];
   br_x509_trust_anchor *anchors;
   size_t anchors_len;
-  const char *protocols[2];
+  const char *protocols[ALPN_ENTRIES_MAX];
   /* SSL client context is active */
   bool active;
   /* size of pending write, yet to be flushed */
@@ -691,29 +691,17 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf,
     Curl_ssl_sessionid_unlock(data);
   }
 
-  if(cf->conn->bits.tls_enable_alpn) {
-    int cur = 0;
-
-    /* NOTE: when adding more protocols here, increase the size of the
-     * protocols array in `struct ssl_backend_data`.
-     */
+  if(connssl->alpn) {
+    struct alpn_proto_buf proto;
+    size_t i;
 
-#ifdef USE_HTTP2
-    if(data->state.httpwant >= CURL_HTTP_VERSION_2
-#ifndef CURL_DISABLE_PROXY
-      && (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
-#endif
-      ) {
-      backend->protocols[cur++] = ALPN_H2;
-      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
+    for(i = 0; i < connssl->alpn->count; ++i) {
+      backend->protocols[i] = connssl->alpn->entries[i];
     }
-#endif
-
-    backend->protocols[cur++] = ALPN_HTTP_1_1;
-    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
-
-    br_ssl_engine_set_protocol_names(&backend->ctx.eng,
-                                     backend->protocols, cur);
+    br_ssl_engine_set_protocol_names(&backend->ctx.eng, backend->protocols,
+                                     connssl->alpn->count);
+    Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
   }
 
   if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
@@ -862,26 +850,11 @@ static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf,
   DEBUGASSERT(backend);
 
   if(cf->conn->bits.tls_enable_alpn) {
-    const char *protocol;
-
-    protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
-    if(protocol) {
-      infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, protocol);
+    const char *proto;
 
-#ifdef USE_HTTP2
-      if(!strcmp(protocol, ALPN_H2))
-        cf->conn->alpn = CURL_HTTP_VERSION_2;
-      else
-#endif
-      if(!strcmp(protocol, ALPN_HTTP_1_1))
-        cf->conn->alpn = CURL_HTTP_VERSION_1_1;
-      else
-        infof(data, "ALPN, unrecognized protocol %s", protocol);
-      Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                          BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
-    }
-    else
-      infof(data, VTLS_INFOF_NO_ALPN);
+    proto = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
+    Curl_alpn_set_negotiated(cf, data, (const unsigned char *)proto,
+                             proto? strlen(proto) : 0);
   }
 
   if(ssl_config->primary.sessionid) {
@@ -977,7 +950,7 @@ static CURLcode bearssl_connect_common(struct Curl_cfilter *cf,
 {
   CURLcode ret;
   struct ssl_connect_data *connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   timediff_t timeout_ms;
   int what;
 
diff --git a/lib/vtls/bearssl.h b/lib/vtls/bearssl.h
index 512535996..b3651b092 100644
--- a/lib/vtls/bearssl.h
+++ b/lib/vtls/bearssl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org>
+ * Copyright (C) Michael Forney, <mforney@mforney.org>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index 2074dcaa4..59fd27ce4 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -499,7 +499,7 @@ static void cancel_async_handshake(struct Curl_cfilter *cf,
   (void)data;
   DEBUGASSERT(BACKEND);
 
-  if(QsoCancelOperation(cf->conn->sock[cf->sockindex], 0) > 0)
+  if(QsoCancelOperation(Curl_conn_cf_get_socket(cf, data), 0) > 0)
     QsoWaitForIOCompletion(BACKEND->iocport, &cstat, (struct timeval *) NULL);
 }
 
@@ -532,7 +532,7 @@ static int pipe_ssloverssl(struct Curl_cfilter *cf, int directions)
   DEBUGASSERT(connssl_next->backend);
   n = 1;
   fds[0].fd = BACKEND->remotefd;
-  fds[1].fd = cf->conn->sock[cf->sockindex];
+  fds[1].fd = Curl_conn_cf_get_socket(cf, data);
 
   if(directions & SOS_READ) {
     fds[0].events |= POLLOUT;
@@ -847,7 +847,7 @@ static CURLcode gskit_connect_step1(struct Curl_cfilter *cf,
     result = set_numeric(data, BACKEND->handle, GSK_OS400_READ_TIMEOUT, 1);
   if(!result)
     result = set_numeric(data, BACKEND->handle, GSK_FD, BACKEND->localfd >= 0?
-                         BACKEND->localfd: cf->conn->sock[cf->sockindex]);
+                         BACKEND->localfd: Curl_conn_cf_get_socket(cf, data));
   if(!result)
     result = set_ciphers(cf, data, BACKEND->handle, &protoflags);
   if(!protoflags) {
@@ -1208,7 +1208,7 @@ static int gskit_shutdown(struct Curl_cfilter *cf,
 
   close_one(cf, data);
   rc = 0;
-  what = SOCKET_READABLE(cf->conn->sock[cf->sockindex],
+  what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data),
                          SSL_SHUTDOWN_TIMEOUT);
 
   while(loop--) {
@@ -1230,7 +1230,7 @@ static int gskit_shutdown(struct Curl_cfilter *cf,
        notify alert from the server. No way to gsk_secure_soc_read() now, so
        use read(). */
 
-    nread = read(cf->conn->sock[cf->sockindex], buf, sizeof(buf));
+    nread = read(Curl_conn_cf_get_socket(cf, data), buf, sizeof(buf));
 
     if(nread < 0) {
       char buffer[STRERROR_LEN];
@@ -1241,7 +1241,7 @@ static int gskit_shutdown(struct Curl_cfilter *cf,
     if(nread <= 0)
       break;
 
-    what = SOCKET_READABLE(cf->conn->sock[cf->sockindex], 0);
+    what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data), 0);
   }
 
   return rc;
diff --git a/lib/vtls/gskit.h b/lib/vtls/gskit.h
index cf923f6b8..c71e6a011 100644
--- a/lib/vtls/gskit.h
+++ b/lib/vtls/gskit.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 104dce609..07dfaa437 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -84,7 +84,7 @@ static ssize_t gtls_push(void *s, const void *buf, size_t blen)
 {
   struct Curl_cfilter *cf = s;
   struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nwritten;
   CURLcode result;
 
@@ -102,7 +102,7 @@ static ssize_t gtls_pull(void *s, void *buf, size_t blen)
 {
   struct Curl_cfilter *cf = s;
   struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nread;
   CURLcode result;
 
@@ -214,7 +214,7 @@ static CURLcode handshake(struct Curl_cfilter *cf,
   struct ssl_connect_data *connssl = cf->ctx;
   struct ssl_backend_data *backend = connssl->backend;
   gnutls_session_t session;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
 
   DEBUGASSERT(backend);
   session = backend->gtls.session;
@@ -434,12 +434,10 @@ CURLcode gtls_client_init(struct Curl_easy *data,
   }
 
 #ifdef USE_GNUTLS_SRP
-  if((config->authtype == CURL_TLSAUTH_SRP) &&
-     Curl_auth_allowed_to_host(data)) {
+  if(config->username && Curl_auth_allowed_to_host(data)) {
     infof(data, "Using TLS-SRP username: %s", config->username);
 
-    rc = gnutls_srp_allocate_client_credentials(
-           &gtls->srp_client_cred);
+    rc = gnutls_srp_allocate_client_credentials(&gtls->srp_client_cred);
     if(rc != GNUTLS_E_SUCCESS) {
       failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
             gnutls_strerror(rc));
@@ -581,7 +579,7 @@ CURLcode gtls_client_init(struct Curl_easy *data,
 #ifdef USE_GNUTLS_SRP
   /* Only add SRP to the cipher list if SRP is requested. Otherwise
    * GnuTLS will disable TLS 1.3 support. */
-  if(config->authtype == CURL_TLSAUTH_SRP) {
+  if(config->username) {
     size_t len = strlen(prioritylist);
 
     char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1);
@@ -646,7 +644,7 @@ CURLcode gtls_client_init(struct Curl_easy *data,
 
 #ifdef USE_GNUTLS_SRP
   /* put the credentials to the current session */
-  if(config->authtype == CURL_TLSAUTH_SRP) {
+  if(config->username) {
     rc = gnutls_credentials_set(gtls->session, GNUTLS_CRD_SRP,
                                 gtls->srp_client_cred);
     if(rc != GNUTLS_E_SUCCESS) {
@@ -700,32 +698,22 @@ gtls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
   if(result)
     return result;
 
-  if(cf->conn->bits.tls_enable_alpn) {
-    int cur = 0;
-    gnutls_datum_t protocols[2];
+  if(connssl->alpn) {
+    struct alpn_proto_buf proto;
+    gnutls_datum_t alpn[ALPN_ENTRIES_MAX];
+    size_t i;
 
-#ifdef USE_HTTP2
-    if(data->state.httpwant >= CURL_HTTP_VERSION_2
-#ifndef CURL_DISABLE_PROXY
-       && (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
-#endif
-       ) {
-      protocols[cur].data = (unsigned char *)ALPN_H2;
-      protocols[cur].size = ALPN_H2_LENGTH;
-      cur++;
-      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
+    for(i = 0; i < connssl->alpn->count; ++i) {
+      alpn[i].data = (unsigned char *)connssl->alpn->entries[i];
+      alpn[i].size = (unsigned)strlen(connssl->alpn->entries[i]);
     }
-#endif
-
-    protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1;
-    protocols[cur].size = ALPN_HTTP_1_1_LENGTH;
-    cur++;
-    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
-
-    if(gnutls_alpn_set_protocols(backend->gtls.session, protocols, cur, 0)) {
+    if(gnutls_alpn_set_protocols(backend->gtls.session, alpn,
+                                 (unsigned)connssl->alpn->count, 0)) {
       failf(data, "failed setting ALPN");
       return CURLE_SSL_CONNECT_ERROR;
     }
+    Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
   }
 
   /* This might be a reconnect, so we check for a session ID in the cache
@@ -860,10 +848,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
        config->verifyhost ||
        config->issuercert) {
 #ifdef USE_GNUTLS_SRP
-      if(ssl_config->primary.authtype == CURL_TLSAUTH_SRP
-         && ssl_config->primary.username
-         && !config->verifypeer
-         && gnutls_cipher_get(session)) {
+      if(ssl_config->primary.username && !config->verifypeer &&
+         gnutls_cipher_get(session)) {
         /* no peer cert, but auth is ok if we have SRP user and cipher and no
            peer verify */
       }
@@ -1271,28 +1257,10 @@ static CURLcode gtls_verifyserver(struct Curl_cfilter *cf,
     int rc;
 
     rc = gnutls_alpn_get_selected_protocol(session, &proto);
-    if(rc == 0) {
-      infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, proto.size,
-            proto.data);
-
-#ifdef USE_HTTP2
-      if(proto.size == ALPN_H2_LENGTH &&
-         !memcmp(ALPN_H2, proto.data,
-                 ALPN_H2_LENGTH)) {
-        cf->conn->alpn = CURL_HTTP_VERSION_2;
-      }
-      else
-#endif
-      if(proto.size == ALPN_HTTP_1_1_LENGTH &&
-         !memcmp(ALPN_HTTP_1_1, proto.data, ALPN_HTTP_1_1_LENGTH)) {
-        cf->conn->alpn = CURL_HTTP_VERSION_1_1;
-      }
-    }
+    if(rc == 0)
+      Curl_alpn_set_negotiated(cf, data, proto.data, proto.size);
     else
-      infof(data, VTLS_INFOF_NO_ALPN);
-
-    Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                        BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+      Curl_alpn_set_negotiated(cf, data, NULL, 0);
   }
 
   if(ssl_config->primary.sessionid) {
@@ -1516,7 +1484,7 @@ static int gtls_shutdown(struct Curl_cfilter *cf,
     char buf[120];
 
     while(!done) {
-      int what = SOCKET_READABLE(cf->conn->sock[cf->sockindex],
+      int what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data),
                                  SSL_SHUTDOWN_TIMEOUT);
       if(what > 0) {
         /* Something to read, let's do it and hope that it is the close
@@ -1556,8 +1524,7 @@ static int gtls_shutdown(struct Curl_cfilter *cf,
   gnutls_certificate_free_credentials(backend->gtls.cred);
 
 #ifdef USE_GNUTLS_SRP
-  if(ssl_config->primary.authtype == CURL_TLSAUTH_SRP
-     && ssl_config->primary.username != NULL)
+  if(ssl_config->primary.username)
     gnutls_srp_free_client_credentials(backend->gtls.srp_client_cred);
 #endif
 
diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
index 49c1c4763..ac141e1c6 100644
--- a/lib/vtls/gtls.h
+++ b/lib/vtls/gtls.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/hostcheck.c b/lib/vtls/hostcheck.c
index 2a648f20a..e827dc58f 100644
--- a/lib/vtls/hostcheck.c
+++ b/lib/vtls/hostcheck.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/hostcheck.h b/lib/vtls/hostcheck.h
index d3c4eab56..22a1ac2e5 100644
--- a/lib/vtls/hostcheck.h
+++ b/lib/vtls/hostcheck.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/keylog.c b/lib/vtls/keylog.c
index 1952a690c..d37bb183e 100644
--- a/lib/vtls/keylog.c
+++ b/lib/vtls/keylog.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/keylog.h b/lib/vtls/keylog.h
index 5d3c675b3..eff5bf38f 100644
--- a/lib/vtls/keylog.h
+++ b/lib/vtls/keylog.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 0b81662b9..7f0f4e366 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Hoi-Ho Chan, <hoiho.chan@gmail.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -159,15 +159,14 @@ static void mbed_debug(void *context, int level, const char *f_name,
 static int bio_cf_write(void *bio, const unsigned char *buf, size_t blen)
 {
   struct Curl_cfilter *cf = bio;
-  struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nwritten;
   CURLcode result;
 
   DEBUGASSERT(data);
   nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, &result);
-  /* DEBUGF(infof(data, CFMSG(cf, "bio_cf_out_write(len=%d) -> %d, err=%d"),
-         blen, (int)nwritten, result)); */
+  DEBUGF(LOG_CF(data, cf, "bio_cf_out_write(len=%zu) -> %zd, err=%d",
+                blen, nwritten, result));
   if(nwritten < 0 && CURLE_AGAIN == result) {
     nwritten = MBEDTLS_ERR_SSL_WANT_WRITE;
   }
@@ -177,8 +176,7 @@ static int bio_cf_write(void *bio, const unsigned char *buf, size_t blen)
 static int bio_cf_read(void *bio, unsigned char *buf, size_t blen)
 {
   struct Curl_cfilter *cf = bio;
-  struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nread;
   CURLcode result;
 
@@ -188,8 +186,8 @@ static int bio_cf_read(void *bio, unsigned char *buf, size_t blen)
     return 0;
 
   nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, blen, &result);
-  /* DEBUGF(infof(data, CFMSG(cf, "bio_cf_in_read(len=%d) -> %d, err=%d"),
-         blen, (int)nread, result)); */
+  DEBUGF(LOG_CF(data, cf, "bio_cf_in_read(len=%zu) -> %zd, err=%d",
+                blen, nread, result));
   if(nread < 0 && CURLE_AGAIN == result) {
     nread = MBEDTLS_ERR_SSL_WANT_READ;
   }
@@ -648,14 +646,13 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
   }
 
 #ifdef HAS_ALPN
-  if(cf->conn->bits.tls_enable_alpn) {
-    const char **p = &backend->protocols[0];
-#ifdef USE_HTTP2
-    if(data->state.httpwant >= CURL_HTTP_VERSION_2)
-      *p++ = ALPN_H2;
-#endif
-    *p++ = ALPN_HTTP_1_1;
-    *p = NULL;
+  if(connssl->alpn) {
+    struct alpn_proto_buf proto;
+    size_t i;
+
+    for(i = 0; i < connssl->alpn->count; ++i) {
+      backend->protocols[i] = connssl->alpn->entries[i];
+    }
     /* this function doesn't clone the protocols array, which is why we need
        to keep it around */
     if(mbedtls_ssl_conf_alpn_protocols(&backend->config,
@@ -663,8 +660,8 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
       failf(data, "Failed setting ALPN protocols");
       return CURLE_SSL_CONNECT_ERROR;
     }
-    for(p = &backend->protocols[0]; *p; ++p)
-      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, *p);
+    Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
   }
 #endif
 
@@ -844,28 +841,11 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
   }
 
 #ifdef HAS_ALPN
-  if(cf->conn->bits.tls_enable_alpn) {
-    const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&backend->ssl);
+  if(connssl->alpn) {
+    const char *proto = mbedtls_ssl_get_alpn_protocol(&backend->ssl);
 
-    if(next_protocol) {
-      infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol);
-#ifdef USE_HTTP2
-      if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) &&
-         !next_protocol[ALPN_H2_LENGTH]) {
-        cf->conn->alpn = CURL_HTTP_VERSION_2;
-      }
-      else
-#endif
-        if(!strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH) &&
-           !next_protocol[ALPN_HTTP_1_1_LENGTH]) {
-          cf->conn->alpn = CURL_HTTP_VERSION_1_1;
-        }
-    }
-    else {
-      infof(data, VTLS_INFOF_NO_ALPN);
-    }
-    Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                        BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+    Curl_alpn_set_negotiated(cf, data, (const unsigned char *)proto,
+                             proto? strlen(proto) : 0);
   }
 #endif
 
@@ -1081,7 +1061,7 @@ mbed_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data,
 {
   CURLcode retcode;
   struct ssl_connect_data *connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   timediff_t timeout_ms;
   int what;
 
diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h
index ec3b43bf9..d8a0a06eb 100644
--- a/lib/vtls/mbedtls.h
+++ b/lib/vtls/mbedtls.h
@@ -7,8 +7,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Hoi-Ho Chan, <hoiho.chan@gmail.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/mbedtls_threadlock.c b/lib/vtls/mbedtls_threadlock.c
index 7d019ede5..bcb7106a6 100644
--- a/lib/vtls/mbedtls_threadlock.c
+++ b/lib/vtls/mbedtls_threadlock.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Hoi-Ho Chan, <hoiho.chan@gmail.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/mbedtls_threadlock.h b/lib/vtls/mbedtls_threadlock.h
index 22e8725ab..2b0bd41c8 100644
--- a/lib/vtls/mbedtls_threadlock.h
+++ b/lib/vtls/mbedtls_threadlock.h
@@ -7,8 +7,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Hoi-Ho Chan, <hoiho.chan@gmail.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 03694d22b..12c03900d 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -873,11 +873,11 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
 #endif
     case SSL_NEXT_PROTO_NO_SUPPORT:
     case SSL_NEXT_PROTO_NO_OVERLAP:
-      infof(data, VTLS_INFOF_NO_ALPN);
+      Curl_alpn_set_negotiated(cf, data, NULL, 0);
       return;
 #ifdef SSL_ENABLE_ALPN
     case SSL_NEXT_PROTO_SELECTED:
-      infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, buflen, buf);
+      Curl_alpn_set_negotiated(cf, data, buf, buflen);
       break;
 #endif
     default:
@@ -885,25 +885,6 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
       break;
     }
 
-#ifdef USE_HTTP2
-    if(buflen == ALPN_H2_LENGTH &&
-       !memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) {
-      cf->conn->alpn = CURL_HTTP_VERSION_2;
-    }
-    else
-#endif
-    if(buflen == ALPN_HTTP_1_1_LENGTH &&
-       !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
-      cf->conn->alpn = CURL_HTTP_VERSION_1_1;
-    }
-
-    /* This callback might get called when PR_Recv() is used within
-     * close_one() during a connection shutdown. At that point there might not
-     * be any "bundle" associated with the connection anymore.
-     */
-    if(conn->bundle)
-      Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                          BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
   }
 }
 
@@ -1555,36 +1536,6 @@ static void nss_cleanup(void)
   initialized = 0;
 }
 
-/*
- * This function uses SSL_peek to determine connection status.
- *
- * Return codes:
- *     1 means the connection is still in place
- *     0 means the connection has been closed
- *    -1 means the connection status is unknown
- */
-static int nss_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data)
-{
-  struct ssl_connect_data *connssl = cf->ctx;
-  struct ssl_backend_data *backend = connssl->backend;
-  int rc;
-  char buf;
-
-  (void)data;
-  DEBUGASSERT(backend);
-
-  rc =
-    PR_Recv(backend->handle, (void *)&buf, 1, PR_MSG_PEEK,
-            PR_SecondsToInterval(1));
-  if(rc > 0)
-    return 1; /* connection still in place */
-
-  if(rc == 0)
-    return 0; /* connection has been closed */
-
-  return -1;  /* connection status unknown */
-}
-
 static void close_one(struct ssl_connect_data *connssl)
 {
   /* before the cleanup, check whether we are using a client certificate */
@@ -1897,7 +1848,7 @@ static CURLcode nss_setup_connect(struct Curl_cfilter *cf,
   PRFileDesc *nspr_io_stub = NULL;
   PRBool ssl_no_cache;
   PRBool ssl_cbc_random_iv;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   struct ssl_connect_data *connssl = cf->ctx;
   struct ssl_backend_data *backend = connssl->backend;
   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
@@ -2163,27 +2114,17 @@ static CURLcode nss_setup_connect(struct Curl_cfilter *cf,
 #endif
 
 #if defined(SSL_ENABLE_ALPN)
-  if(cf->conn->bits.tls_enable_alpn) {
-    int cur = 0;
-    unsigned char protocols[128];
-
-#ifdef USE_HTTP2
-    if(data->state.httpwant >= CURL_HTTP_VERSION_2
-#ifndef CURL_DISABLE_PROXY
-       && (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
-#endif
-      ) {
-      protocols[cur++] = ALPN_H2_LENGTH;
-      memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
-      cur += ALPN_H2_LENGTH;
-    }
-#endif
-    protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
-    memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
-    cur += ALPN_HTTP_1_1_LENGTH;
+  if(connssl->alpn) {
+    struct alpn_proto_buf proto;
 
-    if(SSL_SetNextProtoNego(backend->handle, protocols, cur) != SECSuccess)
+    result = Curl_alpn_to_proto_buf(&proto, connssl->alpn);
+    if(result || SSL_SetNextProtoNego(backend->handle, proto.data, proto.len)
+                   != SECSuccess) {
+      failf(data, "Error setting ALPN");
       goto error;
+    }
+    Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
   }
 #endif
 
@@ -2393,6 +2334,19 @@ static ssize_t nss_send(struct Curl_cfilter *cf,
   return rc; /* number of bytes */
 }
 
+static bool
+nss_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data)
+{
+  struct ssl_connect_data *connssl = cf->ctx;
+  PRFileDesc *fd = connssl->backend->handle->lower;
+  char buf;
+
+  (void) data;
+
+  /* Returns true in case of error to force reading. */
+  return PR_Recv(fd, (void *) &buf, 1, PR_MSG_PEEK, PR_INTERVAL_NO_WAIT) != 0;
+}
+
 static ssize_t nss_recv(struct Curl_cfilter *cf,
                         struct Curl_easy *data,    /* transfer */
                         char *buf,             /* store read data here */
@@ -2540,10 +2494,10 @@ const struct Curl_ssl Curl_ssl_nss = {
   nss_init,                     /* init */
   nss_cleanup,                  /* cleanup */
   nss_version,                  /* version */
-  nss_check_cxn,                /* check_cxn */
+  Curl_none_check_cxn,          /* check_cxn */
   /* NSS has no shutdown function provided and thus always fail */
   Curl_none_shutdown,           /* shutdown */
-  Curl_none_data_pending,       /* data_pending */
+  nss_data_pending,             /* data_pending */
   nss_random,                   /* random */
   nss_cert_status_request,      /* cert_status_request */
   nss_connect,                  /* connect */
diff --git a/lib/vtls/nssg.h b/lib/vtls/nssg.h
index 454a38f1f..ad7eef580 100644
--- a/lib/vtls/nssg.h
+++ b/lib/vtls/nssg.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index e7a1caabf..46e3d51ed 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -96,6 +96,7 @@
 #include "curl_memory.h"
 #include "memdebug.h"
 
+
 /* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS
    renegotiations when built with BoringSSL. Renegotiating is non-compliant
    with HTTP/2 and "an extremely dangerous protocol feature". Beware.
@@ -260,6 +261,12 @@
 #define HAVE_OPENSSL_VERSION
 #endif
 
+#ifdef OPENSSL_IS_BORINGSSL
+typedef uint32_t sslerr_t;
+#else
+typedef unsigned long sslerr_t;
+#endif
+
 /*
  * Whether the OpenSSL version has the API needed to support sharing an
  * X509_STORE between connections. The API is:
@@ -277,17 +284,17 @@
 #endif /* !LIBRESSL_VERSION_NUMBER */
 
 struct ssl_backend_data {
-  struct Curl_easy *logger; /* transfer handle to pass trace logs to, only
-                               using sockindex 0 */
   /* these ones requires specific SSL-types */
   SSL_CTX* ctx;
   SSL*     handle;
   X509*    server_cert;
+  BIO_METHOD *bio_method;
   CURLcode io_result;       /* result of last BIO cfilter operation */
 #ifndef HAVE_KEYLOG_CALLBACK
   /* Set to true once a valid keylog entry has been created to avoid dupes. */
   bool     keylog_done;
 #endif
+  bool x509_store_setup;            /* x509 store has been set up */
 };
 
 #if defined(HAVE_SSL_X509_STORE_SHARE)
@@ -702,14 +709,14 @@ static int bio_cf_out_write(BIO *bio, const char *buf, int blen)
 {
   struct Curl_cfilter *cf = BIO_get_data(bio);
   struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nwritten;
   CURLcode result = CURLE_SEND_ERROR;
 
   DEBUGASSERT(data);
   nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result);
-  /* DEBUGF(infof(data, CFMSG(cf, "bio_cf_out_write(len=%d) -> %d, err=%d"),
-         blen, (int)nwritten, result)); */
+  DEBUGF(LOG_CF(data, cf, "bio_cf_out_write(len=%d) -> %d, err=%d",
+                blen, (int)nwritten, result));
   BIO_clear_retry_flags(bio);
   connssl->backend->io_result = result;
   if(nwritten < 0) {
@@ -723,7 +730,7 @@ static int bio_cf_in_read(BIO *bio, char *buf, int blen)
 {
   struct Curl_cfilter *cf = BIO_get_data(bio);
   struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nread;
   CURLcode result = CURLE_RECV_ERROR;
 
@@ -733,64 +740,75 @@ static int bio_cf_in_read(BIO *bio, char *buf, int blen)
     return 0;
 
   nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result);
-  /* DEBUGF(infof(data, CFMSG(cf, "bio_cf_in_read(len=%d) -> %d, err=%d"),
-         blen, (int)nread, result)); */
+  DEBUGF(LOG_CF(data, cf, "bio_cf_in_read(len=%d) -> %d, err=%d",
+                blen, (int)nread, result));
   BIO_clear_retry_flags(bio);
   connssl->backend->io_result = result;
   if(nread < 0) {
     if(CURLE_AGAIN == result)
       BIO_set_retry_read(bio);
   }
+
+  /* Before returning server replies to the SSL instance, we need
+   * to have setup the x509 store or verification will fail. */
+  if(!connssl->backend->x509_store_setup) {
+    result = Curl_ssl_setup_x509_store(cf, data, connssl->backend->ctx);
+    if(result) {
+      connssl->backend->io_result = result;
+      return -1;
+    }
+    connssl->backend->x509_store_setup = TRUE;
+  }
+
   return (int)nread;
 }
 
-static BIO_METHOD *bio_cf_method = NULL;
-
 #if USE_PRE_1_1_API
 
 static BIO_METHOD bio_cf_meth_1_0 = {
-    BIO_TYPE_MEM,
-    "OpenSSL CF BIO",
-    bio_cf_out_write,
-    bio_cf_in_read,
-    NULL,                    /* puts is never called */
-    NULL,                    /* gets is never called */
-    bio_cf_ctrl,
-    bio_cf_create,
-    bio_cf_destroy,
-    NULL
+  BIO_TYPE_MEM,
+  "OpenSSL CF BIO",
+  bio_cf_out_write,
+  bio_cf_in_read,
+  NULL,                    /* puts is never called */
+  NULL,                    /* gets is never called */
+  bio_cf_ctrl,
+  bio_cf_create,
+  bio_cf_destroy,
+  NULL
 };
 
-static void bio_cf_init_methods(void)
+static BIO_METHOD *bio_cf_method_create(void)
 {
-  bio_cf_method = &bio_cf_meth_1_0;
+  return &bio_cf_meth_1_0;
 }
 
-#define bio_cf_free_methods() Curl_nop_stmt
+#define bio_cf_method_free(m) Curl_nop_stmt
 
 #else
 
-static void bio_cf_init_methods(void)
+static BIO_METHOD *bio_cf_method_create(void)
 {
-    bio_cf_method = BIO_meth_new(BIO_TYPE_MEM, "OpenSSL CF BIO");
-    BIO_meth_set_write(bio_cf_method, &bio_cf_out_write);
-    BIO_meth_set_read(bio_cf_method, &bio_cf_in_read);
-    BIO_meth_set_ctrl(bio_cf_method, &bio_cf_ctrl);
-    BIO_meth_set_create(bio_cf_method, &bio_cf_create);
-    BIO_meth_set_destroy(bio_cf_method, &bio_cf_destroy);
+  BIO_METHOD *m = BIO_meth_new(BIO_TYPE_MEM, "OpenSSL CF BIO");
+  if(m) {
+    BIO_meth_set_write(m, &bio_cf_out_write);
+    BIO_meth_set_read(m, &bio_cf_in_read);
+    BIO_meth_set_ctrl(m, &bio_cf_ctrl);
+    BIO_meth_set_create(m, &bio_cf_create);
+    BIO_meth_set_destroy(m, &bio_cf_destroy);
+  }
+  return m;
 }
 
-static void bio_cf_free_methods(void)
+static void bio_cf_method_free(BIO_METHOD *m)
 {
-    BIO_meth_free(bio_cf_method);
+  if(m)
+    BIO_meth_free(m);
 }
 
 #endif
 
 
-static bool ossl_attach_data(struct Curl_cfilter *cf,
-                             struct Curl_easy *data);
-
 /*
  * Number of bytes to read from the random number seed file. This must be
  * a finite value (because some entropy "files" like /dev/urandom have
@@ -922,54 +940,6 @@ static char *ossl_strerror(unsigned long error, char *buf, size_t size)
   return buf;
 }
 
-/* Return an extra data index for the transfer data.
- * This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
- */
-static int ossl_get_ssl_data_index(void)
-{
-  static int ssl_ex_data_data_index = -1;
-  if(ssl_ex_data_data_index < 0) {
-    ssl_ex_data_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
-  }
-  return ssl_ex_data_data_index;
-}
-
-/* Return an extra data index for the associated Curl_cfilter instance.
- * This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
- */
-static int ossl_get_ssl_cf_index(void)
-{
-  static int ssl_ex_data_cf_index = -1;
-  if(ssl_ex_data_cf_index < 0) {
-    ssl_ex_data_cf_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
-  }
-  return ssl_ex_data_cf_index;
-}
-
-/* Return an extra data index for the sockindex.
- * This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
- */
-static int ossl_get_ssl_sockindex_index(void)
-{
-  static int sockindex_index = -1;
-  if(sockindex_index < 0) {
-    sockindex_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
-  }
-  return sockindex_index;
-}
-
-/* Return an extra data index for proxy boolean.
- * This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
- */
-static int ossl_get_proxy_index(void)
-{
-  static int proxy_index = -1;
-  if(proxy_index < 0) {
-    proxy_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
-  }
-  return proxy_index;
-}
-
 static int passwd_callback(char *buf, int num, int encrypting,
                            void *global_passwd)
 {
@@ -1246,7 +1216,7 @@ SSL_CTX_use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
 
   if(ret) {
     X509 *ca;
-    unsigned long err;
+    sslerr_t err;
 
     if(!SSL_CTX_clear_chain_certs(ctx)) {
       ret = 0;
@@ -1768,14 +1738,8 @@ static int ossl_init(void)
   OpenSSL_add_all_algorithms();
 #endif
 
-  bio_cf_init_methods();
   Curl_tls_keylog_open();
 
-  /* Initialize the extra data indexes */
-  if(ossl_get_ssl_data_index() < 0 || ossl_get_ssl_cf_index() < 0 ||
-     ossl_get_ssl_sockindex_index() < 0 || ossl_get_proxy_index() < 0)
-    return 0;
-
   return 1;
 }
 
@@ -1814,61 +1778,6 @@ static void ossl_cleanup(void)
 #endif
 
   Curl_tls_keylog_close();
-  bio_cf_free_methods();
-}
-
-/*
- * This function is used to determine connection status.
- *
- * Return codes:
- *     1 means the connection is still in place
- *     0 means the connection has been closed
- *    -1 means the connection status is unknown
- */
-static int ossl_check_cxn(struct Curl_cfilter *cf, struct Curl_easy *data)
-{
-  /* SSL_peek takes data out of the raw recv buffer without peeking so we use
-     recv MSG_PEEK instead. Bug #795 */
-#ifdef MSG_PEEK
-  char buf;
-  ssize_t nread;
-  nread = recv((RECV_TYPE_ARG1)cf->conn->sock[cf->sockindex],
-               (RECV_TYPE_ARG2)&buf, (RECV_TYPE_ARG3)1,
-               (RECV_TYPE_ARG4)MSG_PEEK);
-  if(nread == 0)
-    return 0; /* connection has been closed */
-  if(nread == 1)
-    return 1; /* connection still in place */
-  else if(nread == -1) {
-      int err = SOCKERRNO;
-      if(err == EINPROGRESS ||
-#if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
-         err == EAGAIN ||
-#endif
-         err == EWOULDBLOCK)
-        return 1; /* connection still in place */
-      if(err == ECONNRESET ||
-#ifdef ECONNABORTED
-         err == ECONNABORTED ||
-#endif
-#ifdef ENETDOWN
-         err == ENETDOWN ||
-#endif
-#ifdef ENETRESET
-         err == ENETRESET ||
-#endif
-#ifdef ESHUTDOWN
-         err == ESHUTDOWN ||
-#endif
-#ifdef ETIMEDOUT
-         err == ETIMEDOUT ||
-#endif
-         err == ENOTCONN)
-        return 0; /* connection has been closed */
-  }
-#endif
-  (void)data;
-  return -1; /* connection status unknown */
 }
 
 /* Selects an OpenSSL crypto engine
@@ -1960,19 +1869,15 @@ static struct curl_slist *ossl_engines_list(struct Curl_easy *data)
   return list;
 }
 
-#define set_logger(connssl, data)                  \
-  connssl->backend->logger = data
-
 static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
   struct ssl_connect_data *connssl = cf->ctx;
   struct ssl_backend_data *backend = connssl->backend;
 
+  (void)data;
   DEBUGASSERT(backend);
 
   if(backend->handle) {
-    set_logger(connssl, data);
-
     if(cf->next && cf->next->connected) {
       char buf[32];
       /* Maybe the server has already sent a close notify alert.
@@ -1989,6 +1894,11 @@ static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
   if(backend->ctx) {
     SSL_CTX_free(backend->ctx);
     backend->ctx = NULL;
+    backend->x509_store_setup = FALSE;
+  }
+  if(backend->bio_method) {
+    bio_cf_method_free(backend->bio_method);
+    backend->bio_method = NULL;
   }
 }
 
@@ -2026,7 +1936,7 @@ static int ossl_shutdown(struct Curl_cfilter *cf,
   if(backend->handle) {
     buffsize = (int)sizeof(buf);
     while(!done && loop--) {
-      int what = SOCKET_READABLE(cf->conn->sock[cf->sockindex],
+      int what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data),
                                  SSL_SHUTDOWN_TIMEOUT);
       if(what > 0) {
         ERR_clear_error();
@@ -2155,6 +2065,22 @@ static bool subj_alt_hostcheck(struct Curl_easy *data,
   return FALSE;
 }
 
+static CURLcode
+ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
+                X509 *server_cert, const char *hostname,
+                const char *dispname);
+
+CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
+                              X509 *server_cert)
+{
+  const char *hostname, *dispname;
+  int port;
+
+  (void)conn;
+  Curl_conn_get_host(data, FIRSTSOCKET, &hostname, &dispname, &port);
+  return ossl_verifyhost(data, conn, server_cert, hostname, dispname);
+}
+
 /* Quote from RFC2818 section 3.1 "Server Identity"
 
    If a subjectAltName extension of type dNSName is present, that MUST
@@ -2177,8 +2103,10 @@ static bool subj_alt_hostcheck(struct Curl_easy *data,
 
    This function is now used from ngtcp2 (QUIC) as well.
 */
-CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
-                              X509 *server_cert)
+static CURLcode
+ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
+                X509 *server_cert, const char *hostname,
+                const char *dispname)
 {
   bool matched = FALSE;
   int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
@@ -2192,12 +2120,9 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
   CURLcode result = CURLE_OK;
   bool dNSName = FALSE; /* if a dNSName field exists in the cert */
   bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
-  const char *hostname, *dispname;
-  int port;
   size_t hostlen;
 
   (void)conn;
-  Curl_conn_get_host(data, FIRSTSOCKET, &hostname, &dispname, &port);
   hostlen = strlen(hostname);
 
 #ifndef ENABLE_IPV6
@@ -2660,24 +2585,15 @@ static void ossl_trace(int direction, int ssl_ver, int content_type,
                        const void *buf, size_t len, SSL *ssl,
                        void *userp)
 {
-  char unknown[32];
-  const char *verstr = NULL;
-  struct connectdata *conn = userp;
-  int cf_idx = ossl_get_ssl_cf_index();
-  struct ssl_connect_data *connssl;
+  const char *verstr = "???";
+  struct Curl_cfilter *cf = userp;
   struct Curl_easy *data = NULL;
-  struct Curl_cfilter *cf;
-
-  DEBUGASSERT(cf_idx >= 0);
-  cf = (struct Curl_cfilter*) SSL_get_ex_data(ssl, cf_idx);
-  DEBUGASSERT(cf);
-  connssl = cf->ctx;
-  DEBUGASSERT(connssl);
-  DEBUGASSERT(connssl->backend);
-  data = connssl->backend->logger;
+  char unknown[32];
 
-  if(!conn || !data || !data->set.fdebug ||
-     (direction != 0 && direction != 1))
+  if(!cf)
+    return;
+  data = CF_DATA_CURRENT(cf);
+  if(!data || !data->set.fdebug || (direction && direction != 1))
     return;
 
  switch(ssl_ver) {
@@ -2722,6 +2638,9 @@ static void ossl_trace(int direction, int ssl_ver, int content_type,
    * For TLS 1.3, skip notification of the decrypted inner Content-Type.
    */
   if(ssl_ver
+#ifdef SSL3_RT_HEADER
+     && content_type != SSL3_RT_HEADER
+#endif
 #ifdef SSL3_RT_INNER_CONTENT_TYPE
      && content_type != SSL3_RT_INNER_CONTENT_TYPE
 #endif
@@ -2757,7 +2676,7 @@ static void ossl_trace(int direction, int ssl_ver, int content_type,
     }
 
     txt_len = msnprintf(ssl_buf, sizeof(ssl_buf),
-                        CFMSG(cf, "%s (%s), %s, %s (%d):\n"),
+                        "%s (%s), %s, %s (%d):\n",
                         verstr, direction?"OUT":"IN",
                         tls_rt_name, msg_name, msg_type);
     if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) {
@@ -2967,21 +2886,14 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
   struct Curl_easy *data;
   struct Curl_cfilter *cf;
   const struct ssl_config_data *config;
-  curl_socket_t *sockindex_ptr;
-  int data_idx = ossl_get_ssl_data_index();
-  int cf_idx = ossl_get_ssl_cf_index();
-  int sockindex_idx = ossl_get_ssl_sockindex_index();
-  int proxy_idx = ossl_get_proxy_index();
+  struct ssl_connect_data *connssl;
   bool isproxy;
 
-  if(data_idx < 0 || cf_idx < 0 || sockindex_idx < 0 || proxy_idx < 0)
-    return 0;
-
-  cf = (struct Curl_cfilter*) SSL_get_ex_data(ssl, cf_idx);
-  data = (struct Curl_easy *) SSL_get_ex_data(ssl, data_idx);
+  cf = (struct Curl_cfilter*) SSL_get_app_data(ssl);
+  connssl = cf? cf->ctx : NULL;
+  data = connssl? CF_DATA_CURRENT(cf) : NULL;
   /* The sockindex has been stored as a pointer to an array element */
-  sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx);
-  if(!cf || !data || !sockindex_ptr)
+  if(!cf || !data)
     return 0;
 
   isproxy = Curl_ssl_cf_is_proxy(cf);
@@ -3075,7 +2987,7 @@ static CURLcode load_cacert_from_memory(X509_STORE *store,
   BIO_free(cbio);
 
   /* if we didn't end up importing anything, treat that as an error */
-  return (count > 0 ? CURLE_OK : CURLE_SSL_CACERT_BADFILE);
+  return (count > 0) ? CURLE_OK : CURLE_SSL_CACERT_BADFILE;
 }
 
 static CURLcode populate_x509_store(struct Curl_cfilter *cf,
@@ -3094,206 +3006,219 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf,
   const char * const ssl_crlfile = ssl_config->primary.CRLfile;
   const bool verifypeer = conn_config->verifypeer;
   bool imported_native_ca = false;
+  bool imported_ca_info_blob = false;
 
   if(!store)
     return CURLE_OUT_OF_MEMORY;
 
+  if(verifypeer) {
 #if defined(USE_WIN32_CRYPTO)
-  /* Import certificates from the Windows root certificate store if requested.
-     https://stackoverflow.com/questions/9507184/
-     https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037
-     https://datatracker.ietf.org/doc/html/rfc5280 */
-  if((conn_config->verifypeer || conn_config->verifyhost) &&
-     (ssl_config->native_ca_store)) {
-    HCERTSTORE hStore = CertOpenSystemStore(0, TEXT("ROOT"));
-
-    if(hStore) {
-      PCCERT_CONTEXT pContext = NULL;
-      /* The array of enhanced key usage OIDs will vary per certificate and is
-         declared outside of the loop so that rather than malloc/free each
-         iteration we can grow it with realloc, when necessary. */
-      CERT_ENHKEY_USAGE *enhkey_usage = NULL;
-      DWORD enhkey_usage_size = 0;
-
-      /* This loop makes a best effort to import all valid certificates from
-         the MS root store. If a certificate cannot be imported it is skipped.
-         'result' is used to store only hard-fail conditions (such as out of
-         memory) that cause an early break. */
-      result = CURLE_OK;
-      for(;;) {
-        X509 *x509;
-        FILETIME now;
-        BYTE key_usage[2];
-        DWORD req_size;
-        const unsigned char *encoded_cert;
+    /* Import certificates from the Windows root certificate store if
+       requested.
+       https://stackoverflow.com/questions/9507184/
+       https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037
+       https://datatracker.ietf.org/doc/html/rfc5280 */
+    if(ssl_config->native_ca_store) {
+      HCERTSTORE hStore = CertOpenSystemStore(0, TEXT("ROOT"));
+
+      if(hStore) {
+        PCCERT_CONTEXT pContext = NULL;
+        /* The array of enhanced key usage OIDs will vary per certificate and
+           is declared outside of the loop so that rather than malloc/free each
+           iteration we can grow it with realloc, when necessary. */
+        CERT_ENHKEY_USAGE *enhkey_usage = NULL;
+        DWORD enhkey_usage_size = 0;
+
+        /* This loop makes a best effort to import all valid certificates from
+           the MS root store. If a certificate cannot be imported it is
+           skipped. 'result' is used to store only hard-fail conditions (such
+           as out of memory) that cause an early break. */
+        result = CURLE_OK;
+        for(;;) {
+          X509 *x509;
+          FILETIME now;
+          BYTE key_usage[2];
+          DWORD req_size;
+          const unsigned char *encoded_cert;
 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
-        char cert_name[256];
+          char cert_name[256];
 #endif
 
-        pContext = CertEnumCertificatesInStore(hStore, pContext);
-        if(!pContext)
-          break;
+          pContext = CertEnumCertificatesInStore(hStore, pContext);
+          if(!pContext)
+            break;
 
 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
-        if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
-                               NULL, cert_name, sizeof(cert_name))) {
-          strcpy(cert_name, "Unknown");
-        }
-        infof(data, "SSL: Checking cert \"%s\"", cert_name);
+          if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
+                                 NULL, cert_name, sizeof(cert_name))) {
+            strcpy(cert_name, "Unknown");
+          }
+          infof(data, "SSL: Checking cert \"%s\"", cert_name);
 #endif
+          encoded_cert = (const unsigned char *)pContext->pbCertEncoded;
+          if(!encoded_cert)
+            continue;
 
-        encoded_cert = (const unsigned char *)pContext->pbCertEncoded;
-        if(!encoded_cert)
-          continue;
-
-        GetSystemTimeAsFileTime(&now);
-        if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 ||
-           CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0)
-          continue;
-
-        /* If key usage exists check for signing attribute */
-        if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType,
-                                   pContext->pCertInfo,
-                                   key_usage, sizeof(key_usage))) {
-          if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE))
+          GetSystemTimeAsFileTime(&now);
+          if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 ||
+             CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0)
             continue;
-        }
-        else if(GetLastError())
-          continue;
-
-        /* If enhanced key usage exists check for server auth attribute.
-         *
-         * Note "In a Microsoft environment, a certificate might also have EKU
-         * extended properties that specify valid uses for the certificate."
-         * The call below checks both, and behavior varies depending on what is
-         * found. For more details see CertGetEnhancedKeyUsage doc.
-         */
-        if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) {
-          if(req_size && req_size > enhkey_usage_size) {
-            void *tmp = realloc(enhkey_usage, req_size);
-
-            if(!tmp) {
-              failf(data, "SSL: Out of memory allocating for OID list");
-              result = CURLE_OUT_OF_MEMORY;
-              break;
-            }
 
-            enhkey_usage = (CERT_ENHKEY_USAGE *)tmp;
-            enhkey_usage_size = req_size;
+          /* If key usage exists check for signing attribute */
+          if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType,
+                                     pContext->pCertInfo,
+                                     key_usage, sizeof(key_usage))) {
+            if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE))
+              continue;
           }
+          else if(GetLastError())
+            continue;
 
-          if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) {
-            if(!enhkey_usage->cUsageIdentifier) {
-              /* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate is
-                 good for all uses. If it returns zero, the certificate has no
-                 valid uses." */
-              if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND)
-                continue;
+          /* If enhanced key usage exists check for server auth attribute.
+           *
+           * Note "In a Microsoft environment, a certificate might also have
+           * EKU extended properties that specify valid uses for the
+           * certificate."  The call below checks both, and behavior varies
+           * depending on what is found. For more details see
+           * CertGetEnhancedKeyUsage doc.
+           */
+          if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) {
+            if(req_size && req_size > enhkey_usage_size) {
+              void *tmp = realloc(enhkey_usage, req_size);
+
+              if(!tmp) {
+                failf(data, "SSL: Out of memory allocating for OID list");
+                result = CURLE_OUT_OF_MEMORY;
+                break;
+              }
+
+              enhkey_usage = (CERT_ENHKEY_USAGE *)tmp;
+              enhkey_usage_size = req_size;
             }
-            else {
-              DWORD i;
-              bool found = false;
-
-              for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) {
-                if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */,
-                           enhkey_usage->rgpszUsageIdentifier[i])) {
-                  found = true;
-                  break;
-                }
+
+            if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) {
+              if(!enhkey_usage->cUsageIdentifier) {
+                /* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate
+                   is good for all uses. If it returns zero, the certificate
+                   has no valid uses." */
+                if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND)
+                  continue;
               }
+              else {
+                DWORD i;
+                bool found = false;
+
+                for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) {
+                  if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */,
+                             enhkey_usage->rgpszUsageIdentifier[i])) {
+                    found = true;
+                    break;
+                  }
+                }
 
-              if(!found)
-                continue;
+                if(!found)
+                  continue;
+              }
             }
+            else
+              continue;
           }
           else
             continue;
-        }
-        else
-          continue;
 
-        x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
-        if(!x509)
-          continue;
+          x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
+          if(!x509)
+            continue;
 
-        /* Try to import the certificate. This may fail for legitimate reasons
-           such as duplicate certificate, which is allowed by MS but not
-           OpenSSL. */
-        if(X509_STORE_add_cert(store, x509) == 1) {
+          /* Try to import the certificate. This may fail for legitimate
+             reasons such as duplicate certificate, which is allowed by MS but
+             not OpenSSL. */
+          if(X509_STORE_add_cert(store, x509) == 1) {
 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
-          infof(data, "SSL: Imported cert \"%s\"", cert_name);
+            infof(data, "SSL: Imported cert \"%s\"", cert_name);
 #endif
-          imported_native_ca = true;
+            imported_native_ca = true;
+          }
+          X509_free(x509);
         }
-        X509_free(x509);
-      }
 
-      free(enhkey_usage);
-      CertFreeCertificateContext(pContext);
-      CertCloseStore(hStore, 0);
+        free(enhkey_usage);
+        CertFreeCertificateContext(pContext);
+        CertCloseStore(hStore, 0);
 
-      if(result)
-        return result;
+        if(result)
+          return result;
+      }
+      if(imported_native_ca)
+        infof(data, "successfully imported Windows CA store");
+      else
+        infof(data, "error importing Windows CA store, continuing anyway");
     }
-    if(imported_native_ca)
-      infof(data, "successfully imported Windows CA store");
-    else
-      infof(data, "error importing Windows CA store, continuing anyway");
-  }
 #endif
-
-  if(ca_info_blob) {
-    result = load_cacert_from_memory(store, ca_info_blob);
-    if(result) {
-      if(result == CURLE_OUT_OF_MEMORY ||
-         (verifypeer && !imported_native_ca)) {
+    if(ca_info_blob) {
+      result = load_cacert_from_memory(store, ca_info_blob);
+      if(result) {
         failf(data, "error importing CA certificate blob");
         return result;
       }
-      /* Only warn if no certificate verification is required. */
-      infof(data, "error importing CA certificate blob, continuing anyway");
+      else {
+        imported_ca_info_blob = true;
+        infof(data, "successfully imported CA certificate blob");
+      }
     }
-  }
 
-  if(verifypeer && !imported_native_ca && (ssl_cafile || ssl_capath)) {
+    if(ssl_cafile || ssl_capath) {
 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-  /* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */
-    if(ssl_cafile &&
-       !X509_STORE_load_file(store, ssl_cafile)) {
-      /* Fail if we insist on successfully verifying the server. */
-      failf(data, "error setting certificate file: %s", ssl_cafile);
-      return CURLE_SSL_CACERT_BADFILE;
-    }
-    if(ssl_capath &&
-       !X509_STORE_load_path(store, ssl_capath)) {
-      /* Fail if we insist on successfully verifying the server. */
-      failf(data, "error setting certificate path: %s", ssl_capath);
-      return CURLE_SSL_CACERT_BADFILE;
-    }
+      /* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */
+      if(ssl_cafile && !X509_STORE_load_file(store, ssl_cafile)) {
+        if(!imported_native_ca && !imported_ca_info_blob) {
+          /* Fail if we insist on successfully verifying the server. */
+          failf(data, "error setting certificate file: %s", ssl_cafile);
+          return CURLE_SSL_CACERT_BADFILE;
+        }
+        else
+          infof(data, "error setting certificate file, continuing anyway");
+      }
+      if(ssl_capath && !X509_STORE_load_path(store, ssl_capath)) {
+        if(!imported_native_ca && !imported_ca_info_blob) {
+          /* Fail if we insist on successfully verifying the server. */
+          failf(data, "error setting certificate path: %s", ssl_capath);
+          return CURLE_SSL_CACERT_BADFILE;
+        }
+        else
+          infof(data, "error setting certificate path, continuing anyway");
+      }
 #else
-    /* tell OpenSSL where to find CA certificates that are used to verify the
-       server's certificate. */
-    if(!X509_STORE_load_locations(store, ssl_cafile, ssl_capath)) {
-      /* Fail if we insist on successfully verifying the server. */
-      failf(data, "error setting certificate verify locations:"
-            "  CAfile: %s CApath: %s",
-            ssl_cafile ? ssl_cafile : "none",
-            ssl_capath ? ssl_capath : "none");
-      return CURLE_SSL_CACERT_BADFILE;
-    }
+      /* tell OpenSSL where to find CA certificates that are used to verify the
+         server's certificate. */
+      if(!X509_STORE_load_locations(store, ssl_cafile, ssl_capath)) {
+        if(!imported_native_ca && !imported_ca_info_blob) {
+          /* Fail if we insist on successfully verifying the server. */
+          failf(data, "error setting certificate verify locations:"
+                "  CAfile: %s CApath: %s",
+                ssl_cafile ? ssl_cafile : "none",
+                ssl_capath ? ssl_capath : "none");
+          return CURLE_SSL_CACERT_BADFILE;
+        }
+        else {
+          infof(data, "error setting certificate verify locations,"
+                " continuing anyway");
+        }
+      }
 #endif
-    infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
-    infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
-  }
+      infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
+      infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
+    }
 
 #ifdef CURL_CA_FALLBACK
-  if(verifypeer &&
-     !ca_info_blob && !ssl_cafile && !ssl_capath && !imported_native_ca) {
-    /* verifying the peer without any CA certificates won't
-       work so use openssl's built-in default as fallback */
-    X509_STORE_set_default_paths(store);
-  }
+    if(!ssl_cafile && !ssl_capath &&
+       !imported_native_ca && !imported_ca_info_blob) {
+      /* verifying the peer without any CA certificates won't
+         work so use openssl's built-in default as fallback */
+      X509_STORE_set_default_paths(store);
+    }
 #endif
+  }
 
   if(ssl_crlfile) {
     /* tell OpenSSL where to find CRL file that is used to check certificate
@@ -3424,9 +3349,9 @@ static void set_cached_x509_store(struct Curl_cfilter *cf,
   }
 }
 
-static CURLcode set_up_x509_store(struct Curl_cfilter *cf,
-                                  struct Curl_easy *data,
-                                  struct ssl_backend_data *backend)
+CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+                                   SSL_CTX *ssl_ctx)
 {
   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
   struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
@@ -3446,10 +3371,10 @@ static CURLcode set_up_x509_store(struct Curl_cfilter *cf,
 
   cached_store = get_cached_x509_store(cf, data);
   if(cached_store && cache_criteria_met && X509_STORE_up_ref(cached_store)) {
-    SSL_CTX_set_cert_store(backend->ctx, cached_store);
+    SSL_CTX_set_cert_store(ssl_ctx, cached_store);
   }
   else {
-    X509_STORE *store = SSL_CTX_get_cert_store(backend->ctx);
+    X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
 
     result = populate_x509_store(cf, data, store);
     if(result == CURLE_OK && cache_criteria_met) {
@@ -3460,11 +3385,11 @@ static CURLcode set_up_x509_store(struct Curl_cfilter *cf,
   return result;
 }
 #else /* HAVE_SSL_X509_STORE_SHARE */
-static CURLcode set_up_x509_store(struct Curl_cfilter *cf,
-                                  struct Curl_easy *data,
-                                  struct ssl_backend_data *backend)
+CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+                                   SSL_CTX *ssl_ctx)
 {
-  X509_STORE *store = SSL_CTX_get_cert_store(backend->ctx);
+  X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
 
   return populate_x509_store(cf, data, store);
 }
@@ -3494,9 +3419,6 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
 #endif
 #endif
   const long int ssl_version = conn_config->version;
-#ifdef USE_OPENSSL_SRP
-  const enum CURL_TLSAUTH ssl_authtype = ssl_config->primary.authtype;
-#endif
   char * const ssl_cert = ssl_config->primary.clientcert;
   const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob;
   const char * const ssl_cert_type = ssl_config->cert_type;
@@ -3564,8 +3486,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
   if(data->set.fdebug && data->set.verbose) {
     /* the SSL trace callback is only used for verbose logging */
     SSL_CTX_set_msg_callback(backend->ctx, ossl_trace);
-    SSL_CTX_set_msg_callback_arg(backend->ctx, cf->conn);
-    set_logger(connssl, data);
+    SSL_CTX_set_msg_callback_arg(backend->ctx, cf);
   }
 #endif
 
@@ -3661,36 +3582,17 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
   SSL_CTX_set_options(backend->ctx, ctx_options);
 
 #ifdef HAS_ALPN
-  if(cf->conn->bits.tls_enable_alpn) {
-    int cur = 0;
-    unsigned char protocols[128];
+  if(connssl->alpn) {
+    struct alpn_proto_buf proto;
 
-#ifdef USE_HTTP2
-    if(data->state.httpwant >= CURL_HTTP_VERSION_2
-#ifndef CURL_DISABLE_PROXY
-       && (!Curl_ssl_cf_is_proxy(cf) || !cf->conn->bits.tunnel_proxy)
-#endif
-      ) {
-      protocols[cur++] = ALPN_H2_LENGTH;
-
-      memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
-      cur += ALPN_H2_LENGTH;
-      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
-    }
-#endif
-
-    protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
-    memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
-    cur += ALPN_HTTP_1_1_LENGTH;
-    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
-
-    /* expects length prefixed preference ordered list of protocols in wire
-     * format
-     */
-    if(SSL_CTX_set_alpn_protos(backend->ctx, protocols, cur)) {
+    result = Curl_alpn_to_proto_buf(&proto, connssl->alpn);
+    if(result ||
+       SSL_CTX_set_alpn_protos(backend->ctx, proto.data, proto.len)) {
       failf(data, "Error setting ALPN");
       return CURLE_SSL_CONNECT_ERROR;
     }
+    Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
   }
 #endif
 
@@ -3748,8 +3650,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
 #endif
 
 #ifdef USE_OPENSSL_SRP
-  if((ssl_authtype == CURL_TLSAUTH_SRP) &&
-     Curl_auth_allowed_to_host(data)) {
+  if(ssl_config->primary.username && Curl_auth_allowed_to_host(data)) {
     char * const ssl_username = ssl_config->primary.username;
     char * const ssl_password = ssl_config->primary.password;
     infof(data, "Using TLS-SRP username: %s", ssl_username);
@@ -3773,10 +3674,6 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
   }
 #endif
 
-  result = set_up_x509_store(cf, data, backend);
-  if(result)
-    return result;
-
   /* OpenSSL always tries to verify the peer, this only says whether it should
    * fail to connect if the verification fails, or if it should continue
    * anyway. In the latter case the result of the verification is checked with
@@ -3820,6 +3717,8 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
     return CURLE_OUT_OF_MEMORY;
   }
 
+  SSL_set_app_data(backend->handle, cf);
+
 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
     !defined(OPENSSL_NO_OCSP)
   if(conn_config->verifystatus)
@@ -3847,13 +3746,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
   }
 #endif
 
-  if(!ossl_attach_data(cf, data)) {
-    /* Maybe the internal errors of SSL_get_ex_new_index or SSL_set_ex_data */
-    failf(data, "SSL: ossl_attach_data failed: %s",
-          ossl_strerror(ERR_get_error(), error_buffer,
-                        sizeof(error_buffer)));
-    return CURLE_SSL_CONNECT_ERROR;
-  }
+  SSL_set_app_data(backend->handle, cf);
 
   if(ssl_config->primary.sessionid) {
     Curl_ssl_sessionid_lock(data);
@@ -3872,13 +3765,26 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
     Curl_ssl_sessionid_unlock(data);
   }
 
-  bio = BIO_new(bio_cf_method);
+  backend->bio_method = bio_cf_method_create();
+  if(!backend->bio_method)
+    return CURLE_OUT_OF_MEMORY;
+  bio = BIO_new(backend->bio_method);
   if(!bio)
     return CURLE_OUT_OF_MEMORY;
 
   BIO_set_data(bio, cf);
+#ifdef HAVE_SSL_SET0_WBIO
+  /* with OpenSSL v1.1.1 we get an alternative to SSL_set_bio() that works
+   * without backward compat quirks. Every call takes one reference, so we
+   * up it and pass. SSL* then owns it and will free.
+   * We check on the function in configure, since libressl and friends
+   * each have their own versions to add support for this. */
+  BIO_up_ref(bio);
+  SSL_set0_rbio(backend->handle, bio);
+  SSL_set0_wbio(backend->handle, bio);
+#else
   SSL_set_bio(backend->handle, bio, bio);
-
+#endif
   connssl->connecting_state = ssl_connect_2;
 
   return CURLE_OK;
@@ -3899,6 +3805,16 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
   ERR_clear_error();
 
   err = SSL_connect(backend->handle);
+
+  if(!backend->x509_store_setup) {
+    /* After having send off the ClientHello, we prepare the x509
+     * store to verify the coming certificate from the server */
+    CURLcode result = Curl_ssl_setup_x509_store(cf, data, backend->ctx);
+    if(result)
+      return result;
+    backend->x509_store_setup = TRUE;
+  }
+
 #ifndef HAVE_KEYLOG_CALLBACK
   if(Curl_tls_keylog_enabled()) {
     /* If key logging is enabled, wait for the handshake to complete and then
@@ -3933,7 +3849,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
     }
     else {
       /* untreated error */
-      unsigned long errdetail;
+      sslerr_t errdetail;
       char error_buffer[256]="";
       CURLcode result;
       long lerr;
@@ -4027,26 +3943,8 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
       const unsigned char *neg_protocol;
       unsigned int len;
       SSL_get0_alpn_selected(backend->handle, &neg_protocol, &len);
-      if(len) {
-        infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, len, neg_protocol);
 
-#ifdef USE_HTTP2
-        if(len == ALPN_H2_LENGTH &&
-           !memcmp(ALPN_H2, neg_protocol, len)) {
-          cf->conn->alpn = CURL_HTTP_VERSION_2;
-        }
-        else
-#endif
-        if(len == ALPN_HTTP_1_1_LENGTH &&
-           !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
-          cf->conn->alpn = CURL_HTTP_VERSION_1_1;
-        }
-      }
-      else
-        infof(data, VTLS_INFOF_NO_ALPN);
-
-      Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                          BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+      return Curl_alpn_set_negotiated(cf, data, neg_protocol, len);
     }
 #endif
 
@@ -4189,7 +4087,8 @@ static CURLcode servercert(struct Curl_cfilter *cf,
   BIO_free(mem);
 
   if(conn_config->verifyhost) {
-    result = Curl_ossl_verifyhost(data, conn, backend->server_cert);
+    result = ossl_verifyhost(data, conn, backend->server_cert,
+                             connssl->hostname, connssl->dispname);
     if(result) {
       X509_free(backend->server_cert);
       backend->server_cert = NULL;
@@ -4363,7 +4262,7 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf,
 {
   CURLcode result = CURLE_OK;
   struct ssl_connect_data *connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   int what;
 
   /* check if the connection has already been established */
@@ -4402,8 +4301,9 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf,
     }
 
     /* if ssl is expecting something, check if it's available. */
-    if(connssl->connecting_state == ssl_connect_2_reading ||
-       connssl->connecting_state == ssl_connect_2_writing) {
+    if(!nonblocking &&
+       (connssl->connecting_state == ssl_connect_2_reading ||
+        connssl->connecting_state == ssl_connect_2_writing)) {
 
       curl_socket_t writefd = ssl_connect_2_writing ==
         connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
@@ -4411,7 +4311,7 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf,
         connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
 
       what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
-                               nonblocking?0:timeout_ms);
+                               timeout_ms);
       if(what < 0) {
         /* fatal error */
         failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
@@ -4419,11 +4319,6 @@ static CURLcode ossl_connect_common(struct Curl_cfilter *cf,
         goto out;
       }
       if(0 == what) {
-        if(nonblocking) {
-          *done = FALSE;
-          result = CURLE_OK;
-          goto out;
-        }
         /* timeout */
         failf(data, "SSL connection timeout");
         result = CURLE_OPERATION_TIMEDOUT;
@@ -4511,7 +4406,7 @@ static ssize_t ossl_send(struct Curl_cfilter *cf,
      'size_t' */
   int err;
   char error_buffer[256];
-  unsigned long sslerror;
+  sslerr_t sslerror;
   int memlen;
   int rc;
   struct ssl_connect_data *connssl = cf->ctx;
@@ -4523,7 +4418,6 @@ static ssize_t ossl_send(struct Curl_cfilter *cf,
   ERR_clear_error();
 
   memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
-  set_logger(connssl, data);
   rc = SSL_write(backend->handle, mem, memlen);
 
   if(rc <= 0) {
@@ -4620,7 +4514,6 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf,
   ERR_clear_error();
 
   buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
-  set_logger(connssl, data);
   nread = (ssize_t)SSL_read(backend->handle, buf, buffsize);
 
   if(nread <= 0) {
@@ -4838,89 +4731,6 @@ static void *ossl_get_internals(struct ssl_connect_data *connssl,
          (void *)backend->ctx : (void *)backend->handle;
 }
 
-static bool ossl_attach_data(struct Curl_cfilter *cf,
-                             struct Curl_easy *data)
-{
-  struct ssl_connect_data *connssl = cf->ctx;
-  struct ssl_backend_data *backend = connssl->backend;
-  const struct ssl_config_data *config;
-
-  DEBUGASSERT(backend);
-
-  /* If we don't have SSL context, do nothing. */
-  if(!backend->handle)
-    return FALSE;
-
-  config = Curl_ssl_cf_get_config(cf, data);
-  if(config->primary.sessionid) {
-    int data_idx = ossl_get_ssl_data_index();
-    int cf_idx = ossl_get_ssl_cf_index();
-    int sockindex_idx = ossl_get_ssl_sockindex_index();
-    int proxy_idx = ossl_get_proxy_index();
-
-    if(data_idx >= 0 && cf_idx >= 0 && sockindex_idx >= 0 &&
-       proxy_idx >= 0) {
-      int data_status, cf_status, sockindex_status, proxy_status;
-
-      /* Store the data needed for the "new session" callback.
-       * The sockindex is stored as a pointer to an array element. */
-      data_status = SSL_set_ex_data(backend->handle, data_idx, data);
-      cf_status = SSL_set_ex_data(backend->handle, cf_idx, cf);
-      sockindex_status = SSL_set_ex_data(backend->handle, sockindex_idx,
-                                         cf->conn->sock + cf->sockindex);
-#ifndef CURL_DISABLE_PROXY
-      proxy_status = SSL_set_ex_data(backend->handle, proxy_idx,
-                                     Curl_ssl_cf_is_proxy(cf)?
-                                       (void *) 1 : NULL);
-#else
-      proxy_status = SSL_set_ex_data(backend->handle, proxy_idx, NULL);
-#endif
-      if(data_status && cf_status && sockindex_status && proxy_status)
-        return TRUE;
-    }
-    return FALSE;
-  }
-  return TRUE;
-}
-
-/*
- * Starting with TLS 1.3, the ossl_new_session_cb callback gets called after
- * the handshake. If the transfer that sets up the callback gets killed before
- * this callback arrives, we must make sure to properly clear the data to
- * avoid UAF problems. A future optimization could be to instead store another
- * transfer that might still be using the same connection.
- */
-
-static void ossl_detach_data(struct Curl_cfilter *cf,
-                             struct Curl_easy *data)
-{
-  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
-  struct ssl_connect_data *connssl = cf->ctx;
-  struct ssl_backend_data *backend = connssl->backend;
-  DEBUGASSERT(backend);
-
-  /* If we don't have SSL context, do nothing. */
-  if(!backend->handle)
-    return;
-
-  if(ssl_config->primary.sessionid) {
-    int data_idx = ossl_get_ssl_data_index();
-    int cf_idx = ossl_get_ssl_cf_index();
-    int sockindex_idx = ossl_get_ssl_sockindex_index();
-    int proxy_idx = ossl_get_proxy_index();
-
-    if(data_idx >= 0 && cf_idx >= 0 && sockindex_idx >= 0 &&
-       proxy_idx >= 0) {
-      /* Disable references to data in "new session" callback to avoid
-       * accessing a stale pointer. */
-      SSL_set_ex_data(backend->handle, data_idx, NULL);
-      SSL_set_ex_data(backend->handle, cf_idx, NULL);
-      SSL_set_ex_data(backend->handle, sockindex_idx, NULL);
-      SSL_set_ex_data(backend->handle, proxy_idx, NULL);
-    }
-  }
-}
-
 static void ossl_free_multi_ssl_backend_data(
   struct multi_ssl_backend_data *mbackend)
 {
@@ -4953,7 +4763,7 @@ const struct Curl_ssl Curl_ssl_openssl = {
   ossl_init,                /* init */
   ossl_cleanup,             /* cleanup */
   ossl_version,             /* version */
-  ossl_check_cxn,           /* check_cxn */
+  Curl_none_check_cxn,      /* check_cxn */
   ossl_shutdown,            /* shutdown */
   ossl_data_pending,        /* data_pending */
   ossl_random,              /* random */
@@ -4974,8 +4784,8 @@ const struct Curl_ssl Curl_ssl_openssl = {
 #else
   NULL,                     /* sha256sum */
 #endif
-  ossl_attach_data,         /* use of data in this connection */
-  ossl_detach_data,         /* remote of data from this connection */
+  NULL,                     /* use of data in this connection */
+  NULL,                     /* remote of data from this connection */
   ossl_free_multi_ssl_backend_data, /* free_multi_ssl_backend_data */
   ossl_recv,                /* recv decrypted data */
   ossl_send,                /* send data to encrypt */
diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h
index 9df4ecddb..950faab88 100644
--- a/lib/vtls/openssl.h
+++ b/lib/vtls/openssl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -56,5 +56,14 @@ CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data,
 
 CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl);
 
+/**
+ * Setup the OpenSSL X509_STORE in `ssl_ctx` for the cfilter `cf` and
+ * easy handle `data`. Will allow reuse of a shared cache if suitable
+ * and configured.
+ */
+CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
+                                   struct Curl_easy *data,
+                                   SSL_CTX *ssl_ctx);
+
 #endif /* USE_OPENSSL */
 #endif /* HEADER_CURL_SSLUSE_H */
diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 27f4ec8d8..003533dbb 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Jacob Hoffman-Andrews,
+ * Copyright (C) Jacob Hoffman-Andrews,
  * <github@hoffman-andrews.com>
  *
  * This software is licensed as described in the file COPYING, which
@@ -150,6 +150,7 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
   size_t plain_bytes_copied = 0;
   rustls_result rresult = 0;
   char errorbuf[255];
+  size_t errorlen;
   rustls_io_result io_error;
 
   DEBUGASSERT(backend);
@@ -161,7 +162,7 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
   io_error = rustls_connection_read_tls(rconn, read_cb, &io_ctx,
                                         &tls_bytes_read);
   if(io_error == EAGAIN || io_error == EWOULDBLOCK) {
-    infof(data, CFMSG(cf, "cr_recv: EAGAIN or EWOULDBLOCK"));
+    DEBUGF(LOG_CF(data, cf, "cr_recv: EAGAIN or EWOULDBLOCK"));
   }
   else if(io_error) {
     char buffer[STRERROR_LEN];
@@ -171,12 +172,13 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
     return -1;
   }
 
-  infof(data, CFMSG(cf, "cr_recv: read %ld TLS bytes"), tls_bytes_read);
+  DEBUGF(LOG_CF(data, cf, "cr_recv: read %ld TLS bytes", tls_bytes_read));
 
   rresult = rustls_connection_process_new_packets(rconn);
   if(rresult != RUSTLS_RESULT_OK) {
-    rustls_error(rresult, errorbuf, sizeof(errorbuf), &n);
-    failf(data, "%.*s", n, errorbuf);
+    rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen);
+    failf(data, "rustls_connection_process_new_packets: %.*s",
+      errorlen, errorbuf);
     *err = map_error(rresult);
     return -1;
   }
@@ -189,14 +191,21 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
       plainlen - plain_bytes_copied,
       &n);
     if(rresult == RUSTLS_RESULT_PLAINTEXT_EMPTY) {
-      infof(data, CFMSG(cf, "cr_recv: got PLAINTEXT_EMPTY. "
-            "will try again later."));
+      DEBUGF(LOG_CF(data, cf, "cr_recv: got PLAINTEXT_EMPTY. "
+                    "will try again later."));
       backend->data_pending = FALSE;
       break;
     }
+    else if(rresult == RUSTLS_RESULT_UNEXPECTED_EOF) {
+      failf(data, "rustls: peer closed TCP connection "
+        "without first closing TLS connection");
+      *err = CURLE_READ_ERROR;
+      return -1;
+    }
     else if(rresult != RUSTLS_RESULT_OK) {
       /* n always equals 0 in this case, don't need to check it */
-      failf(data, "error in rustls_connection_read: %d", rresult);
+      rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen);
+      failf(data, "rustls_connection_read: %.*s", errorlen, errorbuf);
       *err = CURLE_READ_ERROR;
       return -1;
     }
@@ -207,7 +216,7 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
       break;
     }
     else {
-      infof(data, CFMSG(cf, "cr_recv: got %ld plain bytes"), n);
+      DEBUGF(LOG_CF(data, cf, "cr_recv: got %ld plain bytes", n));
       plain_bytes_copied += n;
     }
   }
@@ -254,22 +263,25 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data,
   size_t tlswritten_total = 0;
   rustls_result rresult;
   rustls_io_result io_error;
+  char errorbuf[256];
+  size_t errorlen;
 
   DEBUGASSERT(backend);
   rconn = backend->conn;
 
-  infof(data, CFMSG(cf, "cr_send: %ld plain bytes"), plainlen);
+  DEBUGF(LOG_CF(data, cf, "cr_send: %ld plain bytes", plainlen));
 
   if(plainlen > 0) {
     rresult = rustls_connection_write(rconn, plainbuf, plainlen,
                                       &plainwritten);
     if(rresult != RUSTLS_RESULT_OK) {
-      failf(data, "error in rustls_connection_write");
+      rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen);
+      failf(data, "rustls_connection_write: %.*s", errorlen, errorbuf);
       *err = CURLE_WRITE_ERROR;
       return -1;
     }
     else if(plainwritten == 0) {
-      failf(data, "EOF in rustls_connection_write");
+      failf(data, "rustls_connection_write: EOF");
       *err = CURLE_WRITE_ERROR;
       return -1;
     }
@@ -282,8 +294,8 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data,
     io_error = rustls_connection_write_tls(rconn, write_cb, &io_ctx,
                                            &tlswritten);
     if(io_error == EAGAIN || io_error == EWOULDBLOCK) {
-      infof(data, CFMSG(cf, "cr_send: EAGAIN after %ld bytes"),
-            tlswritten_total);
+      DEBUGF(LOG_CF(data, cf, "cr_send: EAGAIN after %zu bytes",
+                    tlswritten_total));
       *err = CURLE_AGAIN;
       return -1;
     }
@@ -299,7 +311,7 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data,
       *err = CURLE_WRITE_ERROR;
       return -1;
     }
-    infof(data, CFMSG(cf, "cr_send: wrote %ld TLS bytes"), tlswritten);
+    DEBUGF(LOG_CF(data, cf, "cr_send: wrote %zu TLS bytes", tlswritten));
     tlswritten_total += tlswritten;
   }
 
@@ -349,22 +361,25 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
   char errorbuf[256];
   size_t errorlen;
   int result;
-  rustls_slice_bytes alpn[2] = {
-    { (const uint8_t *)ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH },
-    { (const uint8_t *)ALPN_H2, ALPN_H2_LENGTH },
-  };
 
   DEBUGASSERT(backend);
   rconn = backend->conn;
 
   config_builder = rustls_client_config_builder_new();
-#ifdef USE_HTTP2
-  infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
-  rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 2);
-#else
-  rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 1);
-#endif
-  infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
+  if(connssl->alpn) {
+    struct alpn_proto_buf proto;
+    rustls_slice_bytes alpn[ALPN_ENTRIES_MAX];
+    size_t i;
+
+    for(i = 0; i < connssl->alpn->count; ++i) {
+      alpn[i].data = (const uint8_t *)connssl->alpn->entries[i];
+      alpn[i].len = strlen(connssl->alpn->entries[i]);
+    }
+    rustls_client_config_builder_set_alpn_protocols(config_builder, alpn,
+                                                    connssl->alpn->count);
+    Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
+  }
   if(!verifypeer) {
     rustls_client_config_builder_dangerous_set_certificate_verifier(
       config_builder, cr_verify_none);
@@ -384,7 +399,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
     result = rustls_root_cert_store_add_pem(roots, ca_info_blob->data,
                                             ca_info_blob->len, verifypeer);
     if(result != RUSTLS_RESULT_OK) {
-      failf(data, "failed to parse trusted certificates from blob");
+      failf(data, "rustls: failed to parse trusted certificates from blob");
       rustls_root_cert_store_free(roots);
       rustls_client_config_free(
         rustls_client_config_builder_build(config_builder));
@@ -394,7 +409,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
     result = rustls_client_config_builder_use_roots(config_builder, roots);
     rustls_root_cert_store_free(roots);
     if(result != RUSTLS_RESULT_OK) {
-      failf(data, "failed to load trusted certificates");
+      failf(data, "rustls: failed to load trusted certificates");
       rustls_client_config_free(
         rustls_client_config_builder_build(config_builder));
       return CURLE_SSL_CACERT_BADFILE;
@@ -404,7 +419,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
     result = rustls_client_config_builder_load_roots_from_file(
       config_builder, ssl_cafile);
     if(result != RUSTLS_RESULT_OK) {
-      failf(data, "failed to load trusted certificates");
+      failf(data, "rustls: failed to load trusted certificates");
       rustls_client_config_free(
         rustls_client_config_builder_build(config_builder));
       return CURLE_SSL_CACERT_BADFILE;
@@ -416,7 +431,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
   {
     char *snihost = Curl_ssl_snihost(data, hostname, NULL);
     if(!snihost) {
-      failf(data, "Failed to set SNI");
+      failf(data, "rustls: failed to get SNI");
       return CURLE_SSL_CONNECT_ERROR;
     }
     result = rustls_client_connection_new(backend->config, snihost, &rconn);
@@ -439,29 +454,7 @@ cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data,
   size_t len = 0;
 
   rustls_connection_get_alpn_protocol(rconn, &protocol, &len);
-  if(!protocol) {
-    infof(data, VTLS_INFOF_NO_ALPN);
-    return;
-  }
-
-#ifdef USE_HTTP2
-  if(len == ALPN_H2_LENGTH && 0 == memcmp(ALPN_H2, protocol, len)) {
-    infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_H2);
-    cf->conn->alpn = CURL_HTTP_VERSION_2;
-  }
-  else
-#endif
-  if(len == ALPN_HTTP_1_1_LENGTH &&
-      0 == memcmp(ALPN_HTTP_1_1, protocol, len)) {
-    infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_HTTP_1_1);
-    cf->conn->alpn = CURL_HTTP_VERSION_1_1;
-  }
-  else {
-    infof(data, "ALPN, negotiated an unrecognized protocol");
-  }
-
-  Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                      BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+  Curl_alpn_set_negotiated(cf, data, protocol, len);
 }
 
 static CURLcode
@@ -469,7 +462,7 @@ cr_connect_nonblocking(struct Curl_cfilter *cf,
                        struct Curl_easy *data, bool *done)
 {
   struct ssl_connect_data *const connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   struct ssl_backend_data *const backend = connssl->backend;
   struct rustls_connection *rconn = NULL;
   CURLcode tmperr = CURLE_OK;
@@ -573,7 +566,7 @@ cr_get_select_socks(struct Curl_cfilter *cf, struct Curl_easy *data,
                     curl_socket_t *socks)
 {
   struct ssl_connect_data *const connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   struct ssl_backend_data *const backend = connssl->backend;
   struct rustls_connection *rconn = NULL;
 
@@ -616,7 +609,7 @@ cr_close(struct Curl_cfilter *cf, struct Curl_easy *data)
     rustls_connection_send_close_notify(backend->conn);
     n = cr_send(cf, data, NULL, 0, &tmperr);
     if(n < 0) {
-      failf(data, "error sending close notify: %d", tmperr);
+      failf(data, "rustls: error sending close_notify: %d", tmperr);
     }
 
     rustls_connection_free(backend->conn);
diff --git a/lib/vtls/rustls.h b/lib/vtls/rustls.h
index 6b393dd63..bfbe23de3 100644
--- a/lib/vtls/rustls.h
+++ b/lib/vtls/rustls.h
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Jacob Hoffman-Andrews,
+ * Copyright (C) Jacob Hoffman-Andrews,
  * <github@hoffman-andrews.com>
  *
  * This software is licensed as described in the file COPYING, which
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 7eab9542a..6f94c7e34 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -5,9 +5,9 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de>
- * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Marc Hoersken, <info@marc-hoersken.de>
+ * Copyright (C) Mark Salisbury, <mark.salisbury@hp.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -264,128 +264,133 @@ set_ssl_version_min_max(DWORD *enabled_protocols,
 
 /* longest is 26, buffer is slightly bigger */
 #define LONGEST_ALG_ID 32
-#define CIPHEROPTION(X)                         \
-  if(strcmp(#X, tmp) == 0)                      \
-    return X
+#define CIPHEROPTION(x) {#x, x}
 
-static int
-get_alg_id_by_name(char *name)
-{
-  char tmp[LONGEST_ALG_ID] = { 0 };
-  char *nameEnd = strchr(name, ':');
-  size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name);
+struct algo {
+  const char *name;
+  int id;
+};
 
-  /* reject too-long alg names */
-  if(n > (LONGEST_ALG_ID - 1))
-    return 0;
-
-  strncpy(tmp, name, n);
-  tmp[n] = 0;
-  CIPHEROPTION(CALG_MD2);
-  CIPHEROPTION(CALG_MD4);
-  CIPHEROPTION(CALG_MD5);
-  CIPHEROPTION(CALG_SHA);
-  CIPHEROPTION(CALG_SHA1);
-  CIPHEROPTION(CALG_MAC);
-  CIPHEROPTION(CALG_RSA_SIGN);
-  CIPHEROPTION(CALG_DSS_SIGN);
+static const struct algo algs[]= {
+  CIPHEROPTION(CALG_MD2),
+  CIPHEROPTION(CALG_MD4),
+  CIPHEROPTION(CALG_MD5),
+  CIPHEROPTION(CALG_SHA),
+  CIPHEROPTION(CALG_SHA1),
+  CIPHEROPTION(CALG_MAC),
+  CIPHEROPTION(CALG_RSA_SIGN),
+  CIPHEROPTION(CALG_DSS_SIGN),
 /* ifdefs for the options that are defined conditionally in wincrypt.h */
 #ifdef CALG_NO_SIGN
-  CIPHEROPTION(CALG_NO_SIGN);
+  CIPHEROPTION(CALG_NO_SIGN),
 #endif
-  CIPHEROPTION(CALG_RSA_KEYX);
-  CIPHEROPTION(CALG_DES);
+  CIPHEROPTION(CALG_RSA_KEYX),
+  CIPHEROPTION(CALG_DES),
 #ifdef CALG_3DES_112
-  CIPHEROPTION(CALG_3DES_112);
+  CIPHEROPTION(CALG_3DES_112),
 #endif
-  CIPHEROPTION(CALG_3DES);
-  CIPHEROPTION(CALG_DESX);
-  CIPHEROPTION(CALG_RC2);
-  CIPHEROPTION(CALG_RC4);
-  CIPHEROPTION(CALG_SEAL);
+  CIPHEROPTION(CALG_3DES),
+  CIPHEROPTION(CALG_DESX),
+  CIPHEROPTION(CALG_RC2),
+  CIPHEROPTION(CALG_RC4),
+  CIPHEROPTION(CALG_SEAL),
 #ifdef CALG_DH_SF
-  CIPHEROPTION(CALG_DH_SF);
+  CIPHEROPTION(CALG_DH_SF),
 #endif
-  CIPHEROPTION(CALG_DH_EPHEM);
+  CIPHEROPTION(CALG_DH_EPHEM),
 #ifdef CALG_AGREEDKEY_ANY
-  CIPHEROPTION(CALG_AGREEDKEY_ANY);
+  CIPHEROPTION(CALG_AGREEDKEY_ANY),
 #endif
 #ifdef CALG_HUGHES_MD5
-  CIPHEROPTION(CALG_HUGHES_MD5);
+  CIPHEROPTION(CALG_HUGHES_MD5),
 #endif
-  CIPHEROPTION(CALG_SKIPJACK);
+  CIPHEROPTION(CALG_SKIPJACK),
 #ifdef CALG_TEK
-  CIPHEROPTION(CALG_TEK);
+  CIPHEROPTION(CALG_TEK),
 #endif
-  CIPHEROPTION(CALG_CYLINK_MEK);
-  CIPHEROPTION(CALG_SSL3_SHAMD5);
+  CIPHEROPTION(CALG_CYLINK_MEK),
+  CIPHEROPTION(CALG_SSL3_SHAMD5),
 #ifdef CALG_SSL3_MASTER
-  CIPHEROPTION(CALG_SSL3_MASTER);
+  CIPHEROPTION(CALG_SSL3_MASTER),
 #endif
 #ifdef CALG_SCHANNEL_MASTER_HASH
-  CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH);
+  CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH),
 #endif
 #ifdef CALG_SCHANNEL_MAC_KEY
-  CIPHEROPTION(CALG_SCHANNEL_MAC_KEY);
+  CIPHEROPTION(CALG_SCHANNEL_MAC_KEY),
 #endif
 #ifdef CALG_SCHANNEL_ENC_KEY
-  CIPHEROPTION(CALG_SCHANNEL_ENC_KEY);
+  CIPHEROPTION(CALG_SCHANNEL_ENC_KEY),
 #endif
 #ifdef CALG_PCT1_MASTER
-  CIPHEROPTION(CALG_PCT1_MASTER);
+  CIPHEROPTION(CALG_PCT1_MASTER),
 #endif
 #ifdef CALG_SSL2_MASTER
-  CIPHEROPTION(CALG_SSL2_MASTER);
+  CIPHEROPTION(CALG_SSL2_MASTER),
 #endif
 #ifdef CALG_TLS1_MASTER
-  CIPHEROPTION(CALG_TLS1_MASTER);
+  CIPHEROPTION(CALG_TLS1_MASTER),
 #endif
 #ifdef CALG_RC5
-  CIPHEROPTION(CALG_RC5);
+  CIPHEROPTION(CALG_RC5),
 #endif
 #ifdef CALG_HMAC
-  CIPHEROPTION(CALG_HMAC);
+  CIPHEROPTION(CALG_HMAC),
 #endif
 #ifdef CALG_TLS1PRF
-  CIPHEROPTION(CALG_TLS1PRF);
+  CIPHEROPTION(CALG_TLS1PRF),
 #endif
 #ifdef CALG_HASH_REPLACE_OWF
-  CIPHEROPTION(CALG_HASH_REPLACE_OWF);
+  CIPHEROPTION(CALG_HASH_REPLACE_OWF),
 #endif
 #ifdef CALG_AES_128
-  CIPHEROPTION(CALG_AES_128);
+  CIPHEROPTION(CALG_AES_128),
 #endif
 #ifdef CALG_AES_192
-  CIPHEROPTION(CALG_AES_192);
+  CIPHEROPTION(CALG_AES_192),
 #endif
 #ifdef CALG_AES_256
-  CIPHEROPTION(CALG_AES_256);
+  CIPHEROPTION(CALG_AES_256),
 #endif
 #ifdef CALG_AES
-  CIPHEROPTION(CALG_AES);
+  CIPHEROPTION(CALG_AES),
 #endif
 #ifdef CALG_SHA_256
-  CIPHEROPTION(CALG_SHA_256);
+  CIPHEROPTION(CALG_SHA_256),
 #endif
 #ifdef CALG_SHA_384
-  CIPHEROPTION(CALG_SHA_384);
+  CIPHEROPTION(CALG_SHA_384),
 #endif
 #ifdef CALG_SHA_512
-  CIPHEROPTION(CALG_SHA_512);
+  CIPHEROPTION(CALG_SHA_512),
 #endif
 #ifdef CALG_ECDH
-  CIPHEROPTION(CALG_ECDH);
+  CIPHEROPTION(CALG_ECDH),
 #endif
 #ifdef CALG_ECMQV
-  CIPHEROPTION(CALG_ECMQV);
+  CIPHEROPTION(CALG_ECMQV),
 #endif
 #ifdef CALG_ECDSA
-  CIPHEROPTION(CALG_ECDSA);
+  CIPHEROPTION(CALG_ECDSA),
 #endif
 #ifdef CALG_ECDH_EPHEM
-  CIPHEROPTION(CALG_ECDH_EPHEM);
+  CIPHEROPTION(CALG_ECDH_EPHEM),
 #endif
-  return 0;
+  {NULL, 0},
+};
+
+static int
+get_alg_id_by_name(char *name)
+{
+  char *nameEnd = strchr(name, ':');
+  size_t n = nameEnd ? (size_t)(nameEnd - name) : strlen(name);
+  int i;
+
+  for(i = 0; algs[i].name; i++) {
+    if((n == strlen(algs[i].name) && !strncmp(algs[i].name, name, n)))
+      return algs[i].id;
+  }
+  return 0; /* not found */
 }
 
 #define NUM_CIPHERS 47 /* There are 47 options listed above */
@@ -1105,7 +1110,7 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
 #ifdef HAS_ALPN
   /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above.
      Also it doesn't seem to be supported for Wine, see curl bug #983. */
-  backend->use_alpn = cf->conn->bits.tls_enable_alpn &&
+  backend->use_alpn = connssl->alpn &&
     !GetProcAddress(GetModuleHandle(TEXT("ntdll")),
                     "wine_get_version") &&
     curlx_verify_windows_version(6, 3, 0, PLATFORM_WINNT,
@@ -1196,44 +1201,44 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
     int list_start_index = 0;
     unsigned int *extension_len = NULL;
     unsigned short* list_len = NULL;
+    struct alpn_proto_buf proto;
 
     /* The first four bytes will be an unsigned int indicating number
        of bytes of data in the rest of the buffer. */
     extension_len = (unsigned int *)(void *)(&alpn_buffer[cur]);
-    cur += sizeof(unsigned int);
+    cur += (int)sizeof(unsigned int);
 
     /* The next four bytes are an indicator that this buffer will contain
        ALPN data, as opposed to NPN, for example. */
     *(unsigned int *)(void *)&alpn_buffer[cur] =
       SecApplicationProtocolNegotiationExt_ALPN;
-    cur += sizeof(unsigned int);
+    cur += (int)sizeof(unsigned int);
 
     /* The next two bytes will be an unsigned short indicating the number
        of bytes used to list the preferred protocols. */
     list_len = (unsigned short*)(void *)(&alpn_buffer[cur]);
-    cur += sizeof(unsigned short);
+    cur += (int)sizeof(unsigned short);
 
     list_start_index = cur;
 
-#ifdef USE_HTTP2
-    if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
-      alpn_buffer[cur++] = ALPN_H2_LENGTH;
-      memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH);
-      cur += ALPN_H2_LENGTH;
-      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
+    result = Curl_alpn_to_proto_buf(&proto, connssl->alpn);
+    if(result) {
+      failf(data, "Error setting ALPN");
+      return CURLE_SSL_CONNECT_ERROR;
     }
-#endif
-
-    alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH;
-    memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
-    cur += ALPN_HTTP_1_1_LENGTH;
-    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
+    memcpy(&alpn_buffer[cur], proto.data, proto.len);
+    cur += proto.len;
 
     *list_len = curlx_uitous(cur - list_start_index);
-    *extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short);
+    *extension_len = *list_len +
+      (unsigned short)sizeof(unsigned int) +
+      (unsigned short)sizeof(unsigned short);
 
     InitSecBuffer(&inbuf, SECBUFFER_APPLICATION_PROTOCOLS, alpn_buffer, cur);
     InitSecBufferDesc(&inbuf_desc, &inbuf, 1);
+
+    Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
   }
   else {
     InitSecBuffer(&inbuf, SECBUFFER_EMPTY, NULL, 0);
@@ -1727,40 +1732,23 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data)
 
     if(alpn_result.ProtoNegoStatus ==
        SecApplicationProtocolNegotiationStatus_Success) {
-      unsigned char alpn = 0;
-
-      infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR,
-            alpn_result.ProtocolIdSize, alpn_result.ProtocolId);
+      unsigned char prev_alpn = cf->conn->alpn;
 
-#ifdef USE_HTTP2
-      if(alpn_result.ProtocolIdSize == ALPN_H2_LENGTH &&
-         !memcmp(ALPN_H2, alpn_result.ProtocolId, ALPN_H2_LENGTH)) {
-        alpn = CURL_HTTP_VERSION_2;
-      }
-      else
-#endif
-        if(alpn_result.ProtocolIdSize == ALPN_HTTP_1_1_LENGTH &&
-           !memcmp(ALPN_HTTP_1_1, alpn_result.ProtocolId,
-                   ALPN_HTTP_1_1_LENGTH)) {
-          alpn = CURL_HTTP_VERSION_1_1;
-        }
+      Curl_alpn_set_negotiated(cf, data, alpn_result.ProtocolId,
+                               alpn_result.ProtocolIdSize);
       if(backend->recv_renegotiating) {
-        if(alpn != cf->conn->alpn) {
+        if(prev_alpn != cf->conn->alpn &&
+           prev_alpn != CURL_HTTP_VERSION_NONE) {
+          /* Renegotiation selected a different protocol now, we cannot
+           * deal with this */
           failf(data, "schannel: server selected an ALPN protocol too late");
           return CURLE_SSL_CONNECT_ERROR;
         }
       }
-      else
-        cf->conn->alpn = alpn;
     }
     else {
       if(!backend->recv_renegotiating)
-        infof(data, VTLS_INFOF_NO_ALPN);
-    }
-
-    if(!backend->recv_renegotiating) {
-      Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                          BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+        Curl_alpn_set_negotiated(cf, data, NULL, 0);
     }
   }
 #endif
@@ -1841,7 +1829,7 @@ schannel_connect_common(struct Curl_cfilter *cf,
 {
   CURLcode result;
   struct ssl_connect_data *connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   timediff_t timeout_ms;
   int what;
 
@@ -2056,7 +2044,7 @@ schannel_send(struct Curl_cfilter *cf, struct Curl_easy *data,
       }
       else if(!timeout_ms)
         timeout_ms = TIMEDIFF_T_MAX;
-      what = SOCKET_WRITABLE(cf->conn->sock[cf->sockindex], timeout_ms);
+      what = SOCKET_WRITABLE(Curl_conn_cf_get_socket(cf, data), timeout_ms);
       if(what < 0) {
         /* fatal error */
         failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
index 6d4235a96..7fae39fa0 100644
--- a/lib/vtls/schannel.h
+++ b/lib/vtls/schannel.h
@@ -7,8 +7,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Marc Hoersken, <info@marc-hoersken.de>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -179,8 +179,8 @@ struct ssl_backend_data {
   size_t encdata_offset, decdata_offset;
   unsigned char *encdata_buffer, *decdata_buffer;
   /* encdata_is_incomplete: if encdata contains only a partial record that
-     can't be decrypted without another Curl_read_plain (that is, status is
-     SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes
+     can't be decrypted without another recv() (that is, status is
+     SEC_E_INCOMPLETE_MESSAGE) then set this true. after an recv() adds
      more bytes into encdata then set this back to false. */
   bool encdata_is_incomplete;
   unsigned long req_flags, ret_flags;
diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index e4992162e..d75ee8dfe 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -5,9 +5,9 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de>
- * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Marc Hoersken, <info@marc-hoersken.de>
+ * Copyright (C) Mark Salisbury, <mark.salisbury@hp.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index ab7965465..7f55fb5be 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Nick Zitzmann, <nickzman@gmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -136,6 +136,7 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
+
 /* From MacTypes.h (which we can't include because it isn't present in iOS: */
 #define ioErr -36
 #define paramErr -50
@@ -831,13 +832,15 @@ static OSStatus bio_cf_in_read(SSLConnectionRef connection,
   struct Curl_cfilter *cf = (struct Curl_cfilter *)connection;
   struct ssl_connect_data *connssl = cf->ctx;
   struct ssl_backend_data *backend = connssl->backend;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nread;
   CURLcode result;
   OSStatus rtn = noErr;
 
   DEBUGASSERT(data);
   nread = Curl_conn_cf_recv(cf->next, data, buf, *dataLength, &result);
+  DEBUGF(LOG_CF(data, cf, "bio_read(len=%zu) -> %zd, result=%d",
+                *dataLength, nread, result));
   if(nread < 0) {
     switch(result) {
       case CURLE_OK:
@@ -851,6 +854,9 @@ static OSStatus bio_cf_in_read(SSLConnectionRef connection,
     }
     nread = 0;
   }
+  else if((size_t)nread < *dataLength) {
+    rtn = errSSLWouldBlock;
+  }
   *dataLength = nread;
   return rtn;
 }
@@ -862,25 +868,30 @@ static OSStatus bio_cf_out_write(SSLConnectionRef connection,
   struct Curl_cfilter *cf = (struct Curl_cfilter *)connection;
   struct ssl_connect_data *connssl = cf->ctx;
   struct ssl_backend_data *backend = connssl->backend;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nwritten;
   CURLcode result;
-  OSStatus ortn = noErr;
+  OSStatus rtn = noErr;
 
   DEBUGASSERT(data);
   nwritten = Curl_conn_cf_send(cf->next, data, buf, *dataLength, &result);
+  DEBUGF(LOG_CF(data, cf, "bio_send(len=%zu) -> %zd, result=%d",
+                *dataLength, nwritten, result));
   if(nwritten <= 0) {
     if(result == CURLE_AGAIN) {
-      ortn = errSSLWouldBlock;
+      rtn = errSSLWouldBlock;
       backend->ssl_direction = true;
     }
     else {
-      ortn = ioErr;
+      rtn = ioErr;
     }
     nwritten = 0;
   }
+  else if((size_t)nwritten < *dataLength) {
+    rtn = errSSLWouldBlock;
+  }
   *dataLength = nwritten;
-  return ortn;
+  return rtn;
 }
 
 #ifndef CURL_DISABLE_VERBOSE_STRINGS
@@ -1625,7 +1636,6 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
   const bool verifypeer = conn_config->verifypeer;
   char * const ssl_cert = ssl_config->primary.clientcert;
   const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob;
-  bool isproxy = Curl_ssl_cf_is_proxy(cf);
 #ifdef ENABLE_IPV6
   struct in6_addr addr;
 #else
@@ -1638,6 +1648,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
 
   DEBUGASSERT(backend);
 
+  DEBUGF(LOG_CF(data, cf, "connect_step1"));
   GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
 #endif /* CURL_BUILD_MAC */
 
@@ -1785,33 +1796,28 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
 
 #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
-  if(cf->conn->bits.tls_enable_alpn) {
+  if(connssl->alpn) {
     if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) {
+      struct alpn_proto_buf proto;
+      size_t i;
+      CFStringRef cstr;
       CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
                                                        &kCFTypeArrayCallBacks);
-
-#ifdef USE_HTTP2
-      if(data->state.httpwant >= CURL_HTTP_VERSION_2
-#ifndef CURL_DISABLE_PROXY
-         && (!isproxy || !cf->conn->bits.tunnel_proxy)
-#endif
-        ) {
-        CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2));
-        infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
+      for(i = 0; i < connssl->alpn->count; ++i) {
+        cstr = CFStringCreateWithCString(NULL, connssl->alpn->entries[i],
+                                         kCFStringEncodingUTF8);
+        if(!cstr)
+          return CURLE_OUT_OF_MEMORY;
+        CFArrayAppendValue(alpnArr, cstr);
+        CFRelease(cstr);
       }
-#endif
-
-      CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1));
-      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
-
-      /* expects length prefixed preference ordered list of protocols in wire
-       * format
-       */
       err = SSLSetALPNProtocols(backend->ssl_ctx, alpnArr);
       if(err != noErr)
         infof(data, "WARNING: failed to set ALPN protocols; OSStatus %d",
               err);
       CFRelease(alpnArr);
+      Curl_alpn_to_proto_str(&proto, connssl->alpn);
+      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
     }
   }
 #endif
@@ -2144,50 +2150,39 @@ static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
   return sep_end - in;
 }
 
+#define MAX_CERTS_SIZE (50*1024*1024) /* arbitrary - to catch mistakes */
+
 static int read_cert(const char *file, unsigned char **out, size_t *outlen)
 {
   int fd;
-  ssize_t n, len = 0, cap = 512;
-  unsigned char buf[512], *data;
+  ssize_t n;
+  unsigned char buf[512];
+  struct dynbuf certs;
+
+  Curl_dyn_init(&certs, MAX_CERTS_SIZE);
 
   fd = open(file, 0);
   if(fd < 0)
     return -1;
 
-  data = malloc(cap);
-  if(!data) {
-    close(fd);
-    return -1;
-  }
-
   for(;;) {
     n = read(fd, buf, sizeof(buf));
+    if(!n)
+      break;
     if(n < 0) {
       close(fd);
-      free(data);
+      Curl_dyn_free(&certs);
       return -1;
     }
-    else if(n == 0) {
+    if(Curl_dyn_addn(&certs, buf, n)) {
       close(fd);
-      break;
-    }
-
-    if(len + n >= cap) {
-      cap *= 2;
-      data = Curl_saferealloc(data, cap);
-      if(!data) {
-        close(fd);
-        return -1;
-      }
+      return -1;
     }
-
-    memcpy(data + len, buf, n);
-    len += n;
   }
-  data[len] = '\0';
+  close(fd);
 
-  *out = data;
-  *outlen = len;
+  *out = Curl_dyn_uptr(&certs);
+  *outlen = Curl_dyn_len(&certs);
 
   return 0;
 }
@@ -2196,16 +2191,18 @@ static int append_cert_to_array(struct Curl_easy *data,
                                 const unsigned char *buf, size_t buflen,
                                 CFMutableArrayRef array)
 {
-    CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
     char *certp;
     CURLcode result;
+    SecCertificateRef cacert;
+    CFDataRef certdata;
+
+    certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
     if(!certdata) {
       failf(data, "SSL: failed to allocate array for CA certificate");
       return CURLE_OUT_OF_MEMORY;
     }
 
-    SecCertificateRef cacert =
-      SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
+    cacert = SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
     CFRelease(certdata);
     if(!cacert) {
       failf(data, "SSL: failed to create SecCertificate from CA certificate");
@@ -2231,7 +2228,8 @@ static int append_cert_to_array(struct Curl_easy *data,
     return CURLE_OK;
 }
 
-static CURLcode verify_cert_buf(struct Curl_easy *data,
+static CURLcode verify_cert_buf(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
                                 const unsigned char *certbuf, size_t buflen,
                                 SSLContextRef ctx)
 {
@@ -2239,7 +2237,12 @@ static CURLcode verify_cert_buf(struct Curl_easy *data,
   long res;
   unsigned char *der;
   size_t derlen, offset = 0;
-
+  OSStatus ret;
+  SecTrustResultType trust_eval;
+  CFMutableArrayRef array = NULL;
+  SecTrustRef trust = NULL;
+  CURLcode result = CURLE_PEER_FAILED_VERIFICATION;
+  (void)cf;
   /*
    * Certbuf now contains the contents of the certificate file, which can be
    * - a single DER certificate,
@@ -2249,11 +2252,11 @@ static CURLcode verify_cert_buf(struct Curl_easy *data,
    * Go through certbuf, and convert any PEM certificate in it into DER
    * format.
    */
-  CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
-                                                 &kCFTypeArrayCallBacks);
+  array = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
   if(!array) {
     failf(data, "SSL: out of memory creating CA certificate array");
-    return CURLE_OUT_OF_MEMORY;
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
   }
 
   while(offset < buflen) {
@@ -2265,10 +2268,10 @@ static CURLcode verify_cert_buf(struct Curl_easy *data,
      */
     res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
     if(res < 0) {
-      CFRelease(array);
       failf(data, "SSL: invalid CA certificate #%d (offset %zu) in bundle",
             n, offset);
-      return CURLE_SSL_CACERT_BADFILE;
+      result = CURLE_SSL_CACERT_BADFILE;
+      goto out;
     }
     offset += res;
 
@@ -2276,8 +2279,9 @@ static CURLcode verify_cert_buf(struct Curl_easy *data,
       /* This is not a PEM file, probably a certificate in DER format. */
       rc = append_cert_to_array(data, certbuf, buflen, array);
       if(rc != CURLE_OK) {
-        CFRelease(array);
-        return rc;
+        DEBUGF(LOG_CF(data, cf, "append_cert for CA failed"));
+        result = rc;
+        goto out;
       }
       break;
     }
@@ -2289,63 +2293,73 @@ static CURLcode verify_cert_buf(struct Curl_easy *data,
     rc = append_cert_to_array(data, der, derlen, array);
     free(der);
     if(rc != CURLE_OK) {
-      CFRelease(array);
-      return rc;
+      DEBUGF(LOG_CF(data, cf, "append_cert for CA failed"));
+      result = rc;
+      goto out;
     }
   }
 
-  SecTrustRef trust;
-  OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
+  ret = SSLCopyPeerTrust(ctx, &trust);
   if(!trust) {
     failf(data, "SSL: error getting certificate chain");
-    CFRelease(array);
-    return CURLE_PEER_FAILED_VERIFICATION;
+    goto out;
   }
   else if(ret != noErr) {
-    CFRelease(array);
     failf(data, "SSLCopyPeerTrust() returned error %d", ret);
-    return CURLE_PEER_FAILED_VERIFICATION;
+    goto out;
   }
 
+  DEBUGF(LOG_CF(data, cf, "setting %d trust anchors", n));
   ret = SecTrustSetAnchorCertificates(trust, array);
   if(ret != noErr) {
-    CFRelease(array);
-    CFRelease(trust);
     failf(data, "SecTrustSetAnchorCertificates() returned error %d", ret);
-    return CURLE_PEER_FAILED_VERIFICATION;
+    goto out;
   }
   ret = SecTrustSetAnchorCertificatesOnly(trust, true);
   if(ret != noErr) {
-    CFRelease(array);
-    CFRelease(trust);
     failf(data, "SecTrustSetAnchorCertificatesOnly() returned error %d", ret);
-    return CURLE_PEER_FAILED_VERIFICATION;
+    goto out;
   }
 
-  SecTrustResultType trust_eval = 0;
+  trust_eval = 0;
   ret = SecTrustEvaluate(trust, &trust_eval);
-  CFRelease(array);
-  CFRelease(trust);
   if(ret != noErr) {
     failf(data, "SecTrustEvaluate() returned error %d", ret);
-    return CURLE_PEER_FAILED_VERIFICATION;
+    goto out;
   }
 
   switch(trust_eval) {
     case kSecTrustResultUnspecified:
+      /* what does this really mean? */
+      DEBUGF(LOG_CF(data, cf, "trust result: Unspecified"));
+      result = CURLE_OK;
+      goto out;
     case kSecTrustResultProceed:
-      return CURLE_OK;
+      DEBUGF(LOG_CF(data, cf, "trust result: Proceed"));
+      result = CURLE_OK;
+      goto out;
 
     case kSecTrustResultRecoverableTrustFailure:
+      failf(data, "SSL: peer not verified:  RecoverableTrustFailure");
+      goto out;
     case kSecTrustResultDeny:
+      failf(data, "SSL: peer not verified:  Deny");
+      goto out;
     default:
-      failf(data, "SSL: certificate verification failed (result: %d)",
-            trust_eval);
-      return CURLE_PEER_FAILED_VERIFICATION;
+      failf(data, "SSL: perr not verified: result=%d", trust_eval);
+      goto out;
   }
+
+out:
+  if(trust)
+    CFRelease(trust);
+  if(array)
+    CFRelease(array);
+  return result;
 }
 
-static CURLcode verify_cert(struct Curl_easy *data, const char *cafile,
+static CURLcode verify_cert(struct Curl_cfilter *cf,
+                            struct Curl_easy *data, const char *cafile,
                             const struct curl_blob *ca_info_blob,
                             SSLContextRef ctx)
 {
@@ -2354,6 +2368,7 @@ static CURLcode verify_cert(struct Curl_easy *data, const char *cafile,
   size_t buflen;
 
   if(ca_info_blob) {
+    DEBUGF(LOG_CF(data, cf, "verify_peer, CA from config blob"));
     certbuf = (unsigned char *)malloc(ca_info_blob->len + 1);
     if(!certbuf) {
       return CURLE_OUT_OF_MEMORY;
@@ -2363,6 +2378,7 @@ static CURLcode verify_cert(struct Curl_easy *data, const char *cafile,
     certbuf[ca_info_blob->len]='\0';
   }
   else if(cafile) {
+    DEBUGF(LOG_CF(data, cf, "verify_peer, CA from file '%s'", cafile));
     if(read_cert(cafile, &certbuf, &buflen) < 0) {
       failf(data, "SSL: failed to read or invalid CA certificate");
       return CURLE_SSL_CACERT_BADFILE;
@@ -2371,7 +2387,7 @@ static CURLcode verify_cert(struct Curl_easy *data, const char *cafile,
   else
     return CURLE_SSL_CACERT_BADFILE;
 
-  result = verify_cert_buf(data, certbuf, buflen, ctx);
+  result = verify_cert_buf(cf, data, certbuf, buflen, ctx);
   free(certbuf);
   return result;
 }
@@ -2400,11 +2416,15 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
 
   do {
     SecTrustRef trust;
-    OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
+    OSStatus ret;
+    SecKeyRef keyRef;
+    OSStatus success;
+
+    ret = SSLCopyPeerTrust(ctx, &trust);
     if(ret != noErr || !trust)
       break;
 
-    SecKeyRef keyRef = SecTrustCopyPublicKey(trust);
+    keyRef = SecTrustCopyPublicKey(trust);
     CFRelease(trust);
     if(!keyRef)
       break;
@@ -2418,8 +2438,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
 
 #elif SECTRANSP_PINNEDPUBKEY_V2
 
-    OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
-                                     &publicKeyBits);
+    success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
+                            &publicKeyBits);
     CFRelease(keyRef);
     if(success != errSecSuccess || !publicKeyBits)
       break;
@@ -2498,8 +2518,10 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf,
               || ssl_connect_2_reading == connssl->connecting_state
               || ssl_connect_2_writing == connssl->connecting_state);
   DEBUGASSERT(backend);
+  DEBUGF(LOG_CF(data, cf, "connect_step2"));
 
   /* Here goes nothing: */
+check_handshake:
   err = SSLHandshake(backend->ssl_ctx);
 
   if(err != noErr) {
@@ -2514,14 +2536,14 @@ static CURLcode sectransp_connect_step2(struct Curl_cfilter *cf,
       case -9841:
         if((conn_config->CAfile || conn_config->ca_info_blob) &&
            conn_config->verifypeer) {
-          CURLcode result = verify_cert(data, conn_config->CAfile,
+          CURLcode result = verify_cert(cf, data, conn_config->CAfile,
                                         conn_config->ca_info_blob,
                                         backend->ssl_ctx);
           if(result)
             return result;
         }
         /* the documentation says we need to call SSLHandshake() again */
-        return sectransp_connect_step2(cf, data);
+        goto check_handshake;
 
       /* Problem with encrypt / decrypt */
       case errSSLPeerDecodeError:
@@ -2960,11 +2982,13 @@ static CURLcode sectransp_connect_step3(struct Curl_cfilter *cf,
                                         struct Curl_easy *data)
 {
   struct ssl_connect_data *connssl = cf->ctx;
+  CURLcode result;
 
+  DEBUGF(LOG_CF(data, cf, "connect_step3"));
   /* There is no step 3!
    * Well, okay, let's collect server certificates, and if verbose mode is on,
    * let's print the details of the server certificates. */
-  const CURLcode result = collect_server_cert(cf, data);
+  result = collect_server_cert(cf, data);
   if(result)
     return result;
 
@@ -2979,7 +3003,7 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data,
 {
   CURLcode result;
   struct ssl_connect_data *connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   int what;
 
   /* check if the connection has already been established */
@@ -3069,6 +3093,7 @@ sectransp_connect_common(struct Curl_cfilter *cf, struct Curl_easy *data,
   }
 
   if(ssl_connect_done == connssl->connecting_state) {
+    DEBUGF(LOG_CF(data, cf, "connected"));
     connssl->state = ssl_connection_complete;
     *done = TRUE;
   }
@@ -3114,6 +3139,7 @@ static void sectransp_close(struct Curl_cfilter *cf, struct Curl_easy *data)
   DEBUGASSERT(backend);
 
   if(backend->ssl_ctx) {
+    DEBUGF(LOG_CF(data, cf, "close"));
     (void)SSLClose(backend->ssl_ctx);
 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
     if(SSLCreateContext)
@@ -3155,8 +3181,10 @@ static int sectransp_shutdown(struct Curl_cfilter *cf,
 
   rc = 0;
 
-  what = SOCKET_READABLE(cf->conn->sock[cf->sockindex], SSL_SHUTDOWN_TIMEOUT);
+  what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data),
+                         SSL_SHUTDOWN_TIMEOUT);
 
+  DEBUGF(LOG_CF(data, cf, "shutdown"));
   while(loop--) {
     if(what < 0) {
       /* anything that gets here is fatally bad */
@@ -3183,7 +3211,7 @@ static int sectransp_shutdown(struct Curl_cfilter *cf,
     if(nread <= 0)
       break;
 
-    what = SOCKET_READABLE(cf->conn->sock[cf->sockindex], 0);
+    what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data), 0);
   }
 
   return rc;
@@ -3205,34 +3233,6 @@ static size_t sectransp_version(char *buffer, size_t size)
   return msnprintf(buffer, size, "SecureTransport");
 }
 
-/*
- * This function uses SSLGetSessionState to determine connection status.
- *
- * Return codes:
- *     1 means the connection is still in place
- *     0 means the connection has been closed
- *    -1 means the connection status is unknown
- */
-static int sectransp_check_cxn(struct Curl_cfilter *cf,
-                               struct Curl_easy *data)
-{
-  struct ssl_connect_data *connssl = cf->ctx;
-  struct ssl_backend_data *backend = connssl->backend;
-  OSStatus err;
-  SSLSessionState state;
-
-  (void)data;
-  DEBUGASSERT(backend);
-
-  if(backend->ssl_ctx) {
-    err = SSLGetSessionState(backend->ssl_ctx, &state);
-    if(err == noErr)
-      return state == kSSLConnected || state == kSSLHandshake;
-    return -1;
-  }
-  return 0;
-}
-
 static bool sectransp_data_pending(struct Curl_cfilter *cf,
                                    const struct Curl_easy *data)
 {
@@ -3245,6 +3245,7 @@ static bool sectransp_data_pending(struct Curl_cfilter *cf,
   DEBUGASSERT(backend);
 
   if(backend->ssl_ctx) {  /* SSL is in use */
+    DEBUGF(LOG_CF((struct Curl_easy *)data, cf, "data_pending"));
     err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer);
     if(err == noErr)
       return buffer > 0UL;
@@ -3376,13 +3377,15 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf,
   DEBUGASSERT(backend);
 
   again:
+  *curlcode = CURLE_OK;
   err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed);
 
   if(err != noErr) {
     switch(err) {
       case errSSLWouldBlock:  /* return how much we read (if anything) */
-        if(processed)
+        if(processed) {
           return (ssize_t)processed;
+        }
         *curlcode = CURLE_AGAIN;
         return -1L;
         break;
@@ -3394,7 +3397,7 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf,
       case errSSLClosedGraceful:
       case errSSLClosedNoNotify:
         *curlcode = CURLE_OK;
-        return -1L;
+        return 0;
         break;
 
         /* The below is errSSLPeerAuthCompleted; it's not defined in
@@ -3402,11 +3405,13 @@ static ssize_t sectransp_recv(struct Curl_cfilter *cf,
       case -9841:
         if((conn_config->CAfile || conn_config->ca_info_blob) &&
            conn_config->verifypeer) {
-          CURLcode result = verify_cert(data, conn_config->CAfile,
+          CURLcode result = verify_cert(cf, data, conn_config->CAfile,
                                         conn_config->ca_info_blob,
                                         backend->ssl_ctx);
-          if(result)
-            return result;
+          if(result) {
+            *curlcode = result;
+            return -1;
+          }
         }
         goto again;
       default:
@@ -3443,7 +3448,7 @@ const struct Curl_ssl Curl_ssl_sectransp = {
   Curl_none_init,                     /* init */
   Curl_none_cleanup,                  /* cleanup */
   sectransp_version,                  /* version */
-  sectransp_check_cxn,                /* check_cxn */
+  Curl_none_check_cxn,                /* check_cxn */
   sectransp_shutdown,                 /* shutdown */
   sectransp_data_pending,             /* data_pending */
   sectransp_random,                   /* random */
diff --git a/lib/vtls/sectransp.h b/lib/vtls/sectransp.h
index 2d53b7c48..0f1085ad9 100644
--- a/lib/vtls/sectransp.h
+++ b/lib/vtls/sectransp.h
@@ -7,8 +7,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 873ee6bac..144e6ee5b 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -73,6 +73,7 @@
 #include "curl_memory.h"
 #include "memdebug.h"
 
+
 /* convenience macro to check if this handle is using a shared SSL session */
 #define SSLSESSION_SHARED(data) (data->share &&                        \
                                  (data->share->specifier &             \
@@ -150,7 +151,6 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
 #ifdef USE_TLS_SRP
      !Curl_timestrcmp(data->username, needle->username) &&
      !Curl_timestrcmp(data->password, needle->password) &&
-     (data->authtype == needle->authtype) &&
 #endif
      strcasecompare(data->cipher_list, needle->cipher_list) &&
      strcasecompare(data->cipher_list13, needle->cipher_list13) &&
@@ -173,9 +173,6 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
   dest->verifystatus = source->verifystatus;
   dest->sessionid = source->sessionid;
   dest->ssl_options = source->ssl_options;
-#ifdef USE_TLS_SRP
-  dest->authtype = source->authtype;
-#endif
 
   CLONE_BLOB(cert_blob);
   CLONE_BLOB(ca_info_blob);
@@ -272,8 +269,8 @@ void Curl_ssl_cleanup(void)
 static bool ssl_prefs_check(struct Curl_easy *data)
 {
   /* check for CURLOPT_SSLVERSION invalid parameter value */
-  const long sslver = data->set.ssl.primary.version;
-  if((sslver < 0) || (sslver >= CURL_SSLVERSION_LAST)) {
+  const unsigned char sslver = data->set.ssl.primary.version;
+  if(sslver >= CURL_SSLVERSION_LAST) {
     failf(data, "Unrecognized parameter value passed via CURLOPT_SSLVERSION");
     return FALSE;
   }
@@ -293,7 +290,8 @@ static bool ssl_prefs_check(struct Curl_easy *data)
   return TRUE;
 }
 
-static struct ssl_connect_data *cf_ctx_new(struct Curl_easy *data)
+static struct ssl_connect_data *cf_ctx_new(struct Curl_easy *data,
+                                           const struct alpn_spec *alpn)
 {
   struct ssl_connect_data *ctx;
 
@@ -302,6 +300,7 @@ static struct ssl_connect_data *cf_ctx_new(struct Curl_easy *data)
   if(!ctx)
     return NULL;
 
+  ctx->alpn = alpn;
   ctx->backend = calloc(1, Curl_ssl->sizeof_ssl_backend_data);
   if(!ctx->backend) {
     free(ctx);
@@ -318,13 +317,6 @@ static void cf_ctx_free(struct ssl_connect_data *ctx)
   }
 }
 
-static void cf_ctx_set_data(struct Curl_cfilter *cf,
-                            struct Curl_easy *data)
-{
-  if(cf->ctx)
-    ((struct ssl_connect_data *)cf->ctx)->call_data = data;
-}
-
 static CURLcode ssl_connect(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
   struct ssl_connect_data *connssl = cf->ctx;
@@ -339,7 +331,6 @@ static CURLcode ssl_connect(struct Curl_cfilter *cf, struct Curl_easy *data)
   result = Curl_ssl->connect_blocking(cf, data);
 
   if(!result) {
-    Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */
     DEBUGASSERT(connssl->state == ssl_connection_complete);
   }
 
@@ -615,19 +606,20 @@ int Curl_ssl_get_select_socks(struct Curl_cfilter *cf, struct Curl_easy *data,
                               curl_socket_t *socks)
 {
   struct ssl_connect_data *connssl = cf->ctx;
+  curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data);
 
-  (void)data;
-  if(connssl->connecting_state == ssl_connect_2_writing) {
-    /* write mode */
-    socks[0] = cf->conn->sock[FIRSTSOCKET];
-    return GETSOCK_WRITESOCK(0);
-  }
-  if(connssl->connecting_state == ssl_connect_2_reading) {
-    /* read mode */
-    socks[0] = cf->conn->sock[FIRSTSOCKET];
-    return GETSOCK_READSOCK(0);
+  if(sock != CURL_SOCKET_BAD) {
+    if(connssl->connecting_state == ssl_connect_2_writing) {
+      /* write mode */
+      socks[0] = sock;
+      return GETSOCK_WRITESOCK(0);
+    }
+    if(connssl->connecting_state == ssl_connect_2_reading) {
+      /* read mode */
+      socks[0] = sock;
+      return GETSOCK_READSOCK(0);
+    }
   }
-
   return GETSOCK_BLANK;
 }
 
@@ -685,20 +677,6 @@ void Curl_ssl_version(char *buffer, size_t size)
 #endif
 }
 
-/*
- * This function tries to determine connection status.
- *
- * Return codes:
- *     1 means the connection is still in place
- *     0 means the connection has been closed
- *    -1 means the connection status is unknown
- */
-int Curl_ssl_check_cxn(struct Curl_easy *data, struct connectdata *conn)
-{
-  struct Curl_cfilter *cf = Curl_ssl_cf_get_ssl(conn->cfilter[FIRSTSOCKET]);
-  return cf? Curl_ssl->check_cxn(cf, data) : -1;
-}
-
 void Curl_ssl_free_certinfo(struct Curl_easy *data)
 {
   struct curl_certinfo *ci = &data->info.certs;
@@ -1430,53 +1408,80 @@ CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name,
 
 #ifdef USE_SSL
 
+static void free_hostname(struct ssl_connect_data *connssl)
+{
+  if(connssl->dispname != connssl->hostname)
+    free(connssl->dispname);
+  free(connssl->hostname);
+  connssl->hostname = connssl->dispname = NULL;
+}
+
 static void cf_close(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
   struct ssl_connect_data *connssl = cf->ctx;
-  /* TODO: close_one closes BOTH conn->ssl AND conn->proxy_ssl for this
-   * sockindex (if in use). Gladly, it is safe to call more than once. */
   if(connssl) {
     Curl_ssl->close(cf, data);
     connssl->state = ssl_connection_none;
+    free_hostname(connssl);
   }
   cf->connected = FALSE;
 }
 
-static void reinit_hostname(struct Curl_cfilter *cf)
+static CURLcode reinit_hostname(struct Curl_cfilter *cf)
 {
   struct ssl_connect_data *connssl = cf->ctx;
+  const char *ehostname, *edispname;
+  int eport;
 
+  /* We need the hostname for SNI negotiation. Once handshaked, this
+   * remains the SNI hostname for the TLS connection. But when the
+   * connection is reused, the settings in cf->conn might change.
+   * So we keep a copy of the hostname we use for SNI.
+   */
 #ifndef CURL_DISABLE_PROXY
   if(Curl_ssl_cf_is_proxy(cf)) {
-    /* TODO: there is not definition for a proxy setup on a secondary conn */
-    connssl->hostname = cf->conn->http_proxy.host.name;
-    connssl->dispname = cf->conn->http_proxy.host.dispname;
-    connssl->port = cf->conn->http_proxy.port;
+    ehostname = cf->conn->http_proxy.host.name;
+    edispname = cf->conn->http_proxy.host.dispname;
+    eport = cf->conn->http_proxy.port;
   }
   else
 #endif
   {
-    /* TODO: secondaryhostname is set to the IP address we connect to
-     * in the FTP handler, it is assumed that host verification uses the
-     * hostname from FIRSTSOCKET */
-    if(cf->sockindex == SECONDARYSOCKET && 0) {
-      connssl->hostname = cf->conn->secondaryhostname;
-      connssl->dispname = connssl->hostname;
-      connssl->port = cf->conn->secondary_port;
+    ehostname = cf->conn->host.name;
+    edispname = cf->conn->host.dispname;
+    eport = cf->conn->remote_port;
+  }
+
+  /* change if ehostname changed */
+  if(ehostname && (!connssl->hostname
+                   || strcmp(ehostname, connssl->hostname))) {
+    free_hostname(connssl);
+    connssl->hostname = strdup(ehostname);
+    if(!connssl->hostname) {
+      free_hostname(connssl);
+      return CURLE_OUT_OF_MEMORY;
     }
+    if(!edispname || !strcmp(ehostname, edispname))
+      connssl->dispname = connssl->hostname;
     else {
-      connssl->hostname = cf->conn->host.name;
-      connssl->dispname = cf->conn->host.dispname;
-      connssl->port = cf->conn->remote_port;
+      connssl->dispname = strdup(edispname);
+      if(!connssl->dispname) {
+        free_hostname(connssl);
+        return CURLE_OUT_OF_MEMORY;
+      }
     }
   }
-  DEBUGASSERT(connssl->hostname);
+  connssl->port = eport;
+  return CURLE_OK;
 }
 
 static void ssl_cf_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
 {
-  cf_ctx_set_data(cf, data);
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
   cf_close(cf, data);
+  CF_DATA_RESTORE(cf, save);
   cf_ctx_free(cf->ctx);
   cf->ctx = NULL;
 }
@@ -1484,10 +1489,12 @@ static void ssl_cf_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
 static void ssl_cf_close(struct Curl_cfilter *cf,
                          struct Curl_easy *data)
 {
-  cf_ctx_set_data(cf, data);
+  struct cf_call_data save;
+
+  CF_DATA_SAVE(save, cf, data);
   cf_close(cf, data);
   cf->next->cft->close(cf->next, data);
-  cf_ctx_set_data(cf, NULL);
+  CF_DATA_RESTORE(cf, save);
 }
 
 static CURLcode ssl_cf_connect(struct Curl_cfilter *cf,
@@ -1495,6 +1502,7 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf,
                                bool blocking, bool *done)
 {
   struct ssl_connect_data *connssl = cf->ctx;
+  struct cf_call_data save;
   CURLcode result;
 
   if(cf->connected) {
@@ -1502,7 +1510,7 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf,
     return CURLE_OK;
   }
 
-  cf_ctx_set_data(cf, data);
+  CF_DATA_SAVE(save, cf, data);
   (void)connssl;
   DEBUGASSERT(data->conn);
   DEBUGASSERT(data->conn == cf->conn);
@@ -1513,10 +1521,10 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf,
   if(result || !*done)
     goto out;
 
-  /* TODO: right now we do not fully control when hostname is set,
-   * assign it on each connect call. */
-  reinit_hostname(cf);
   *done = FALSE;
+  result = reinit_hostname(cf);
+  if(result)
+    goto out;
 
   if(blocking) {
     result = ssl_connect(cf, data);
@@ -1528,26 +1536,26 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf,
 
   if(!result && *done) {
     cf->connected = TRUE;
-    if(cf->sockindex == FIRSTSOCKET && !Curl_ssl_cf_is_proxy(cf))
-      Curl_pgrsTime(data, TIMER_APPCONNECT); /* SSL is connected */
+    connssl->handshake_done = Curl_now();
     DEBUGASSERT(connssl->state == ssl_connection_complete);
   }
 out:
-  cf_ctx_set_data(cf, NULL);
+  CF_DATA_RESTORE(cf, save);
   return result;
 }
 
 static bool ssl_cf_data_pending(struct Curl_cfilter *cf,
                                 const struct Curl_easy *data)
 {
+  struct cf_call_data save;
   bool result;
 
-  cf_ctx_set_data(cf, (struct Curl_easy *)data);
-  if(cf->ctx && Curl_ssl->data_pending(cf, data))
+  CF_DATA_SAVE(save, cf, data);
+  if(Curl_ssl->data_pending(cf, data))
     result = TRUE;
   else
     result = cf->next->cft->has_data_pending(cf->next, data);
-  cf_ctx_set_data(cf, NULL);
+  CF_DATA_RESTORE(cf, save);
   return result;
 }
 
@@ -1555,12 +1563,13 @@ static ssize_t ssl_cf_send(struct Curl_cfilter *cf,
                            struct Curl_easy *data, const void *buf, size_t len,
                            CURLcode *err)
 {
+  struct cf_call_data save;
   ssize_t nwritten;
 
+  CF_DATA_SAVE(save, cf, data);
   *err = CURLE_OK;
-  cf_ctx_set_data(cf, data);
   nwritten = Curl_ssl->send_plain(cf, data, buf, len, err);
-  cf_ctx_set_data(cf, NULL);
+  CF_DATA_RESTORE(cf, save);
   return nwritten;
 }
 
@@ -1568,12 +1577,13 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf,
                            struct Curl_easy *data, char *buf, size_t len,
                            CURLcode *err)
 {
+  struct cf_call_data save;
   ssize_t nread;
 
+  CF_DATA_SAVE(save, cf, data);
   *err = CURLE_OK;
-  cf_ctx_set_data(cf, data);
   nread = Curl_ssl->recv_plain(cf, data, buf, len, err);
-  cf_ctx_set_data(cf, NULL);
+  CF_DATA_RESTORE(cf, save);
   return nread;
 }
 
@@ -1581,39 +1591,100 @@ static int ssl_cf_get_select_socks(struct Curl_cfilter *cf,
                                    struct Curl_easy *data,
                                    curl_socket_t *socks)
 {
+  struct cf_call_data save;
   int result;
 
-  cf_ctx_set_data(cf, data);
+  CF_DATA_SAVE(save, cf, data);
   result = Curl_ssl->get_select_socks(cf, data, socks);
-  cf_ctx_set_data(cf, NULL);
+  CF_DATA_RESTORE(cf, save);
   return result;
 }
 
-static void ssl_cf_attach_data(struct Curl_cfilter *cf,
-                               struct Curl_easy *data)
+static CURLcode ssl_cf_cntrl(struct Curl_cfilter *cf,
+                             struct Curl_easy *data,
+                             int event, int arg1, void *arg2)
 {
-  if(Curl_ssl->attach_data) {
-    cf_ctx_set_data(cf, data);
-    Curl_ssl->attach_data(cf, data);
-    cf_ctx_set_data(cf, NULL);
+  struct cf_call_data save;
+
+  (void)arg1;
+  (void)arg2;
+  switch(event) {
+  case CF_CTRL_DATA_ATTACH:
+    if(Curl_ssl->attach_data) {
+      CF_DATA_SAVE(save, cf, data);
+      Curl_ssl->attach_data(cf, data);
+      CF_DATA_RESTORE(cf, save);
+    }
+    break;
+  case CF_CTRL_DATA_DETACH:
+    if(Curl_ssl->detach_data) {
+      CF_DATA_SAVE(save, cf, data);
+      Curl_ssl->detach_data(cf, data);
+      CF_DATA_RESTORE(cf, save);
+    }
+    break;
+  default:
+    break;
+  }
+  return CURLE_OK;
+}
+
+static CURLcode ssl_cf_query(struct Curl_cfilter *cf,
+                             struct Curl_easy *data,
+                             int query, int *pres1, void *pres2)
+{
+  struct ssl_connect_data *connssl = cf->ctx;
+
+  switch(query) {
+  case CF_QUERY_TIMER_APPCONNECT: {
+    struct curltime *when = pres2;
+    if(cf->connected && !Curl_ssl_cf_is_proxy(cf))
+      *when = connssl->handshake_done;
+    return CURLE_OK;
   }
+  default:
+    break;
+  }
+  return cf->next?
+    cf->next->cft->query(cf->next, data, query, pres1, pres2) :
+    CURLE_UNKNOWN_OPTION;
 }
 
-static void ssl_cf_detach_data(struct Curl_cfilter *cf,
-                               struct Curl_easy *data)
+static bool cf_ssl_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data,
+                            bool *input_pending)
 {
-  if(Curl_ssl->detach_data) {
-    cf_ctx_set_data(cf, data);
-    Curl_ssl->detach_data(cf, data);
-    cf_ctx_set_data(cf, NULL);
+  struct cf_call_data save;
+  int result;
+  /*
+   * This function tries to determine connection status.
+   *
+   * Return codes:
+   *     1 means the connection is still in place
+   *     0 means the connection has been closed
+   *    -1 means the connection status is unknown
+   */
+  CF_DATA_SAVE(save, cf, data);
+  result = Curl_ssl->check_cxn(cf, data);
+  CF_DATA_RESTORE(cf, save);
+  if(result > 0) {
+    *input_pending = TRUE;
+    return TRUE;
+  }
+  if(result == 0) {
+    *input_pending = FALSE;
+    return FALSE;
   }
+  /* ssl backend does not know */
+  return cf->next?
+    cf->next->cft->is_alive(cf->next, data, input_pending) :
+    FALSE; /* pessimistic in absence of data */
 }
 
-static const struct Curl_cftype cft_ssl = {
+struct Curl_cftype Curl_cft_ssl = {
   "SSL",
   CF_TYPE_SSL,
+  CURL_LOG_DEFAULT,
   ssl_cf_destroy,
-  Curl_cf_def_setup,
   ssl_cf_connect,
   ssl_cf_close,
   Curl_cf_def_get_host,
@@ -1621,15 +1692,17 @@ static const struct Curl_cftype cft_ssl = {
   ssl_cf_data_pending,
   ssl_cf_send,
   ssl_cf_recv,
-  ssl_cf_attach_data,
-  ssl_cf_detach_data,
+  ssl_cf_cntrl,
+  cf_ssl_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  ssl_cf_query,
 };
 
-static const struct Curl_cftype cft_ssl_proxy = {
+struct Curl_cftype Curl_cft_ssl_proxy = {
   "SSL-PROXY",
   CF_TYPE_SSL,
+  CURL_LOG_DEFAULT,
   ssl_cf_destroy,
-  Curl_cf_def_setup,
   ssl_cf_connect,
   ssl_cf_close,
   Curl_cf_def_get_host,
@@ -1637,65 +1710,107 @@ static const struct Curl_cftype cft_ssl_proxy = {
   ssl_cf_data_pending,
   ssl_cf_send,
   ssl_cf_recv,
-  ssl_cf_attach_data,
-  ssl_cf_detach_data,
+  ssl_cf_cntrl,
+  cf_ssl_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  Curl_cf_def_query,
 };
 
-CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data,
-                              struct connectdata *conn,
-                              int sockindex)
+static CURLcode cf_ssl_create(struct Curl_cfilter **pcf,
+                              struct Curl_easy *data,
+                              struct connectdata *conn)
 {
-  struct Curl_cfilter *cf;
+  struct Curl_cfilter *cf = NULL;
   struct ssl_connect_data *ctx;
   CURLcode result;
 
   DEBUGASSERT(data->conn);
-  ctx = cf_ctx_new(data);
+
+  ctx = cf_ctx_new(data, Curl_alpn_get_spec(data, conn));
   if(!ctx) {
     result = CURLE_OUT_OF_MEMORY;
     goto out;
   }
 
-  result = Curl_cf_create(&cf, &cft_ssl, ctx);
-  if(result)
-    goto out;
-
-  Curl_conn_cf_add(data, conn, sockindex, cf);
-
-  result = CURLE_OK;
+  result = Curl_cf_create(&cf, &Curl_cft_ssl, ctx);
 
 out:
   if(result)
     cf_ctx_free(ctx);
+  *pcf = result? NULL : cf;
   return result;
 }
 
-#ifndef CURL_DISABLE_PROXY
-CURLcode Curl_ssl_cfilter_proxy_add(struct Curl_easy *data,
-                                    struct connectdata *conn,
-                                    int sockindex)
+CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data,
+                              struct connectdata *conn,
+                              int sockindex)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  result = cf_ssl_create(&cf, data, conn);
+  if(!result)
+    Curl_conn_cf_add(data, conn, sockindex, cf);
+  return result;
+}
+
+CURLcode Curl_cf_ssl_insert_after(struct Curl_cfilter *cf_at,
+                                  struct Curl_easy *data)
 {
   struct Curl_cfilter *cf;
+  CURLcode result;
+
+  result = cf_ssl_create(&cf, data, cf_at->conn);
+  if(!result)
+    Curl_conn_cf_insert_after(cf_at, cf);
+  return result;
+}
+
+#ifndef CURL_DISABLE_PROXY
+static CURLcode cf_ssl_proxy_create(struct Curl_cfilter **pcf,
+                                    struct Curl_easy *data,
+                                    struct connectdata *conn)
+{
+  struct Curl_cfilter *cf = NULL;
   struct ssl_connect_data *ctx;
   CURLcode result;
 
-  ctx = cf_ctx_new(data);
+  ctx = cf_ctx_new(data, Curl_alpn_get_proxy_spec(data, conn));
   if(!ctx) {
     result = CURLE_OUT_OF_MEMORY;
     goto out;
   }
+  result = Curl_cf_create(&cf, &Curl_cft_ssl_proxy, ctx);
 
-  result = Curl_cf_create(&cf, &cft_ssl_proxy, ctx);
+out:
   if(result)
-    goto out;
+    cf_ctx_free(ctx);
+  *pcf = result? NULL : cf;
+  return result;
+}
 
-  Curl_conn_cf_add(data, conn, sockindex, cf);
+CURLcode Curl_ssl_cfilter_proxy_add(struct Curl_easy *data,
+                                    struct connectdata *conn,
+                                    int sockindex)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
 
-  result = CURLE_OK;
+  result = cf_ssl_proxy_create(&cf, data, conn);
+  if(!result)
+    Curl_conn_cf_add(data, conn, sockindex, cf);
+  return result;
+}
 
-out:
-  if(result)
-    cf_ctx_free(ctx);
+CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at,
+                                        struct Curl_easy *data)
+{
+  struct Curl_cfilter *cf;
+  CURLcode result;
+
+  result = cf_ssl_proxy_create(&cf, data, cf_at->conn);
+  if(!result)
+    Curl_conn_cf_insert_after(cf_at, cf);
   return result;
 }
 
@@ -1717,9 +1832,10 @@ void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex,
     /* get first filter in chain, if any is present */
     cf = Curl_ssl_cf_get_ssl(data->conn->cfilter[sockindex]);
     if(cf) {
-      cf_ctx_set_data(cf, data);
+      struct cf_call_data save;
+      CF_DATA_SAVE(save, cf, data);
       result = Curl_ssl->get_internals(cf->ctx, info);
-      cf_ctx_set_data(cf, NULL);
+      CF_DATA_RESTORE(cf, save);
     }
   }
   return result;
@@ -1733,7 +1849,7 @@ CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data,
 
   (void)data;
   for(; cf; cf = cf->next) {
-    if(cf->cft == &cft_ssl) {
+    if(cf->cft == &Curl_cft_ssl) {
       if(Curl_ssl->shut_down(cf, data))
         result = CURLE_SSL_SHUTDOWN_FAILED;
       Curl_conn_cf_discard(cf, data);
@@ -1749,7 +1865,7 @@ static struct Curl_cfilter *get_ssl_cf_engaged(struct connectdata *conn,
   struct Curl_cfilter *cf, *lowest_ssl_cf = NULL;
 
   for(cf = conn->cfilter[sockindex]; cf; cf = cf->next) {
-    if(cf->cft == &cft_ssl || cf->cft == &cft_ssl_proxy) {
+    if(cf->cft == &Curl_cft_ssl || cf->cft == &Curl_cft_ssl_proxy) {
       lowest_ssl_cf = cf;
       if(cf->connected || (cf->next && cf->next->connected)) {
         /* connected or about to start */
@@ -1762,7 +1878,7 @@ static struct Curl_cfilter *get_ssl_cf_engaged(struct connectdata *conn,
 
 bool Curl_ssl_cf_is_proxy(struct Curl_cfilter *cf)
 {
-  return (cf->cft == &cft_ssl_proxy);
+  return (cf->cft == &Curl_cft_ssl_proxy);
 }
 
 struct ssl_config_data *
@@ -1814,10 +1930,142 @@ Curl_ssl_get_primary_config(struct Curl_easy *data,
 struct Curl_cfilter *Curl_ssl_cf_get_ssl(struct Curl_cfilter *cf)
 {
   for(; cf; cf = cf->next) {
-    if(cf->cft == &cft_ssl || cf->cft == &cft_ssl_proxy)
+    if(cf->cft == &Curl_cft_ssl || cf->cft == &Curl_cft_ssl_proxy)
       return cf;
   }
   return NULL;
 }
 
+static const struct alpn_spec ALPN_SPEC_H10 = {
+  { ALPN_HTTP_1_0 }, 1
+};
+static const struct alpn_spec ALPN_SPEC_H11 = {
+  { ALPN_HTTP_1_1 }, 1
+};
+#ifdef USE_HTTP2
+static const struct alpn_spec ALPN_SPEC_H2_H11 = {
+  { ALPN_H2, ALPN_HTTP_1_1 }, 2
+};
+#endif
+
+const struct alpn_spec *
+Curl_alpn_get_spec(struct Curl_easy *data, struct connectdata *conn)
+{
+  if(!conn->bits.tls_enable_alpn)
+    return NULL;
+  if(data->state.httpwant == CURL_HTTP_VERSION_1_0)
+    return &ALPN_SPEC_H10;
+#ifdef USE_HTTP2
+  if(data->state.httpwant >= CURL_HTTP_VERSION_2)
+    return &ALPN_SPEC_H2_H11;
+#endif
+  return &ALPN_SPEC_H11;
+}
+
+const struct alpn_spec *
+Curl_alpn_get_proxy_spec(struct Curl_easy *data, struct connectdata *conn)
+{
+  if(!conn->bits.tls_enable_alpn)
+    return NULL;
+  if(data->state.httpwant == CURL_HTTP_VERSION_1_0)
+    return &ALPN_SPEC_H10;
+  return &ALPN_SPEC_H11;
+}
+
+CURLcode Curl_alpn_to_proto_buf(struct alpn_proto_buf *buf,
+                                const struct alpn_spec *spec)
+{
+  size_t i, len;
+  int off = 0;
+  unsigned char blen;
+
+  memset(buf, 0, sizeof(*buf));
+  for(i = 0; spec && i < spec->count; ++i) {
+    len = strlen(spec->entries[i]);
+    if(len >= ALPN_NAME_MAX)
+      return CURLE_FAILED_INIT;
+    blen = (unsigned  char)len;
+    if(off + blen + 1 >= (int)sizeof(buf->data))
+      return CURLE_FAILED_INIT;
+    buf->data[off++] = blen;
+    memcpy(buf->data + off, spec->entries[i], blen);
+    off += blen;
+  }
+  buf->len = off;
+  return CURLE_OK;
+}
+
+CURLcode Curl_alpn_to_proto_str(struct alpn_proto_buf *buf,
+                                const struct alpn_spec *spec)
+{
+  size_t i, len;
+  size_t off = 0;
+
+  memset(buf, 0, sizeof(*buf));
+  for(i = 0; spec && i < spec->count; ++i) {
+    len = strlen(spec->entries[i]);
+    if(len >= ALPN_NAME_MAX)
+      return CURLE_FAILED_INIT;
+    if(off + len + 2 >= (int)sizeof(buf->data))
+      return CURLE_FAILED_INIT;
+    if(off)
+      buf->data[off++] = ',';
+    memcpy(buf->data + off, spec->entries[i], len);
+    off += len;
+  }
+  buf->data[off] = '\0';
+  buf->len = (int)off;
+  return CURLE_OK;
+}
+
+CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  const unsigned char *proto,
+                                  size_t proto_len)
+{
+  int can_multi = 0;
+
+  if(proto && proto_len) {
+    if(proto_len == ALPN_HTTP_1_1_LENGTH &&
+            !memcmp(ALPN_HTTP_1_1, proto, ALPN_HTTP_1_1_LENGTH)) {
+      cf->conn->alpn = CURL_HTTP_VERSION_1_1;
+    }
+    else if(proto_len == ALPN_HTTP_1_0_LENGTH &&
+            !memcmp(ALPN_HTTP_1_0, proto, ALPN_HTTP_1_0_LENGTH)) {
+      cf->conn->alpn = CURL_HTTP_VERSION_1_0;
+    }
+#ifdef USE_HTTP2
+    else if(proto_len == ALPN_H2_LENGTH &&
+            !memcmp(ALPN_H2, proto, ALPN_H2_LENGTH)) {
+      cf->conn->alpn = CURL_HTTP_VERSION_2;
+      can_multi = 1;
+    }
+#endif
+#ifdef USE_HTTP3
+    else if(proto_len == ALPN_H3_LENGTH &&
+       !memcmp(ALPN_H3, proto, ALPN_H3_LENGTH)) {
+      cf->conn->alpn = CURL_HTTP_VERSION_3;
+      can_multi = 1;
+    }
+#endif
+    else {
+      cf->conn->alpn = CURL_HTTP_VERSION_NONE;
+      failf(data, "unsupported ALPN protocol: '%.*s'", (int)proto_len, proto);
+      /* TODO: do we want to fail this? Previous code just ignored it and
+       * some vtls backends even ignore the return code of this function. */
+      /* return CURLE_NOT_BUILT_IN; */
+      goto out;
+    }
+    infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, (int)proto_len, proto);
+  }
+  else {
+    cf->conn->alpn = CURL_HTTP_VERSION_NONE;
+    infof(data, VTLS_INFOF_NO_ALPN);
+  }
+
+out:
+  Curl_multiuse_state(data, can_multi? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+  return CURLE_OK;
+}
+
 #endif /* USE_SSL */
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index 5ad64fcf6..0d9e74a69 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -27,7 +27,6 @@
 
 struct connectdata;
 struct ssl_config_data;
-struct ssl_connect_data;
 struct ssl_primary_config;
 struct Curl_ssl_session;
 
@@ -53,6 +52,7 @@ struct Curl_ssl_session;
 /* Curl_multi SSL backend-specific data; declared differently by each SSL
    backend */
 struct multi_ssl_backend_data;
+struct Curl_cfilter;
 
 CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name,
                                    const curl_ssl_backend ***avail);
@@ -68,8 +68,53 @@ CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name,
 /* see https://www.iana.org/assignments/tls-extensiontype-values/ */
 #define ALPN_HTTP_1_1_LENGTH 8
 #define ALPN_HTTP_1_1 "http/1.1"
+#define ALPN_HTTP_1_0_LENGTH 8
+#define ALPN_HTTP_1_0 "http/1.0"
 #define ALPN_H2_LENGTH 2
 #define ALPN_H2 "h2"
+#define ALPN_H3_LENGTH 2
+#define ALPN_H3 "h3"
+
+/* conservative sizes on the ALPN entries and count we are handling,
+ * we can increase these if we ever feel the need or have to accommodate
+ * ALPN strings from the "outside". */
+#define ALPN_NAME_MAX     10
+#define ALPN_ENTRIES_MAX  3
+#define ALPN_PROTO_BUF_MAX   (ALPN_ENTRIES_MAX * (ALPN_NAME_MAX + 1))
+
+struct alpn_spec {
+  const char entries[ALPN_ENTRIES_MAX][ALPN_NAME_MAX];
+  size_t count; /* number of entries */
+};
+
+struct alpn_proto_buf {
+  unsigned char data[ALPN_PROTO_BUF_MAX];
+  int len;
+};
+
+CURLcode Curl_alpn_to_proto_buf(struct alpn_proto_buf *buf,
+                                const struct alpn_spec *spec);
+CURLcode Curl_alpn_to_proto_str(struct alpn_proto_buf *buf,
+                                const struct alpn_spec *spec);
+
+CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf,
+                                  struct Curl_easy *data,
+                                  const unsigned char *proto,
+                                  size_t proto_len);
+
+/**
+ * Get the ALPN specification to use for talking to remote host.
+ * May return NULL if ALPN is disabled on the connection.
+ */
+const struct alpn_spec *
+Curl_alpn_get_spec(struct Curl_easy *data, struct connectdata *conn);
+
+/**
+ * Get the ALPN specification to use for talking to the proxy.
+ * May return NULL if ALPN is disabled on the connection.
+ */
+const struct alpn_spec *
+Curl_alpn_get_proxy_spec(struct Curl_easy *data, struct connectdata *conn);
 
 
 char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen);
@@ -95,7 +140,6 @@ struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data);
 /* init the SSL session ID cache */
 CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t);
 void Curl_ssl_version(char *buffer, size_t size);
-int Curl_ssl_check_cxn(struct Curl_easy *data, struct connectdata *conn);
 
 /* Certificate information list handling. */
 
@@ -156,6 +200,9 @@ CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data,
                               struct connectdata *conn,
                               int sockindex);
 
+CURLcode Curl_cf_ssl_insert_after(struct Curl_cfilter *cf_at,
+                                  struct Curl_easy *data);
+
 CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data,
                                  int sockindex);
 
@@ -163,6 +210,8 @@ CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data,
 CURLcode Curl_ssl_cfilter_proxy_add(struct Curl_easy *data,
                                     struct connectdata *conn,
                                     int sockindex);
+CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at,
+                                        struct Curl_easy *data);
 #endif /* !CURL_DISABLE_PROXY */
 
 /**
@@ -208,6 +257,9 @@ bool Curl_ssl_supports(struct Curl_easy *data, int ssl_option);
 void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex,
                              CURLINFO info, int n);
 
+extern struct Curl_cftype Curl_cft_ssl;
+extern struct Curl_cftype Curl_cft_ssl_proxy;
+
 #else /* if not USE_SSL */
 
 /* When SSL support is not present, just define away these function calls */
@@ -218,7 +270,6 @@ void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex,
 #define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
 #define Curl_ssl_engines_list(x) NULL
 #define Curl_ssl_initsessions(x,y) CURLE_OK
-#define Curl_ssl_check_cxn(d,x) 0
 #define Curl_ssl_free_certinfo(x) Curl_nop_stmt
 #define Curl_ssl_kill_session(x) Curl_nop_stmt
 #define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
diff --git a/lib/vtls/vtls_int.h b/lib/vtls/vtls_int.h
index 6710a2b55..a20ca7db7 100644
--- a/lib/vtls/vtls_int.h
+++ b/lib/vtls/vtls_int.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -33,18 +33,20 @@
 struct ssl_connect_data {
   ssl_connection_state state;
   ssl_connect_state connecting_state;
-  const char *hostname;             /* hostnaem for verification */
-  const char *dispname;             /* display version of hostname */
+  char *hostname;                   /* hostname for verification */
+  char *dispname;                   /* display version of hostname */
   int port;                         /* remote port at origin */
+  const struct alpn_spec *alpn;     /* ALPN to use or NULL for none */
   struct ssl_backend_data *backend; /* vtls backend specific props */
-  struct Curl_easy *call_data;      /* data handle used in current call,
-                                     * same as parameter passed, but available
-                                     * here for backend internal callbacks
-                                     * that need it. NULLed after at the
-                                     * end of each vtls filter invcocation. */
+  struct cf_call_data call_data;    /* data handle used in current call */
+  struct curltime handshake_done;   /* time when handshake finished */
 };
 
 
+#define CF_CTX_CALL_DATA(cf)  \
+  ((struct ssl_connect_data *)(cf)->ctx)->call_data
+
+
 /* Definitions for SSL Implementations */
 
 struct Curl_ssl {
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 7cc4774e8..ac68eabab 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -94,6 +94,7 @@
 struct ssl_backend_data {
   SSL_CTX* ctx;
   SSL*     handle;
+  CURLcode io_result;       /* result of last BIO cfilter operation */
 };
 
 #ifdef OPENSSL_EXTRA
@@ -218,29 +219,9 @@ static const struct group_name_map gnm[] = {
   { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
   { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
   { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
-  { WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" },
-  { WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" },
-  { WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" },
-  { WOLFSSL_NTRU_HRSS_LEVEL3, "NTRU_HRSS_LEVEL3" },
-  { WOLFSSL_SABER_LEVEL1, "SABER_LEVEL1" },
-  { WOLFSSL_SABER_LEVEL3, "SABER_LEVEL3" },
-  { WOLFSSL_SABER_LEVEL5, "SABER_LEVEL5" },
-  { WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
-  { WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
-  { WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
-  { WOLFSSL_P256_NTRU_HPS_LEVEL1, "P256_NTRU_HPS_LEVEL1" },
-  { WOLFSSL_P384_NTRU_HPS_LEVEL3, "P384_NTRU_HPS_LEVEL3" },
-  { WOLFSSL_P521_NTRU_HPS_LEVEL5, "P521_NTRU_HPS_LEVEL5" },
-  { WOLFSSL_P384_NTRU_HRSS_LEVEL3, "P384_NTRU_HRSS_LEVEL3" },
-  { WOLFSSL_P256_SABER_LEVEL1, "P256_SABER_LEVEL1" },
-  { WOLFSSL_P384_SABER_LEVEL3, "P384_SABER_LEVEL3" },
-  { WOLFSSL_P521_SABER_LEVEL5, "P521_SABER_LEVEL5" },
   { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
   { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
   { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
-  { WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" },
-  { WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" },
-  { WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" },
   { 0, NULL }
 };
 #endif
@@ -300,12 +281,15 @@ static int bio_cf_out_write(WOLFSSL_BIO *bio, const char *buf, int blen)
 {
   struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
   struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nwritten;
   CURLcode result = CURLE_OK;
 
   DEBUGASSERT(data);
   nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result);
+  connssl->backend->io_result = result;
+  DEBUGF(LOG_CF(data, cf, "bio_write(len=%d) -> %zd, %d",
+                blen, nwritten, result));
   wolfSSL_BIO_clear_retry_flags(bio);
   if(nwritten < 0 && CURLE_AGAIN == result)
     BIO_set_retry_read(bio);
@@ -316,7 +300,7 @@ static int bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
 {
   struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
   struct ssl_connect_data *connssl = cf->ctx;
-  struct Curl_easy *data = connssl->call_data;
+  struct Curl_easy *data = CF_DATA_CURRENT(cf);
   ssize_t nread;
   CURLcode result = CURLE_OK;
 
@@ -326,6 +310,9 @@ static int bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
     return 0;
 
   nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result);
+  connssl->backend->io_result = result;
+  DEBUGF(LOG_CF(data, cf, "bio_read(len=%d) -> %zd, %d",
+                blen, nread, result));
   wolfSSL_BIO_clear_retry_flags(bio);
   if(nread < 0 && CURLE_AGAIN == result)
     BIO_set_retry_read(bio);
@@ -633,29 +620,18 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
 #endif
 
 #ifdef HAVE_ALPN
-  if(cf->conn->bits.tls_enable_alpn) {
-    char protocols[128];
-    *protocols = '\0';
-
-    /* wolfSSL's ALPN protocol name list format is a comma separated string of
-       protocols in descending order of preference, eg: "h2,http/1.1" */
-
-#ifdef USE_HTTP2
-    if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
-      strcpy(protocols + strlen(protocols), ALPN_H2 ",");
-      infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
-    }
-#endif
-
-    strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
-    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
+  if(connssl->alpn) {
+    struct alpn_proto_buf proto;
+    CURLcode result;
 
-    if(wolfSSL_UseALPN(backend->handle, protocols,
-                       (unsigned)strlen(protocols),
+    result = Curl_alpn_to_proto_str(&proto, connssl->alpn);
+    if(result ||
+       wolfSSL_UseALPN(backend->handle, (char *)proto.data, proto.len,
                        WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) {
       failf(data, "SSL: failed setting ALPN protocols");
       return CURLE_SSL_CONNECT_ERROR;
     }
+    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
   }
 #endif /* HAVE_ALPN */
 
@@ -707,7 +683,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
   }
 #else /* USE_BIO_CHAIN */
   /* pass the raw socket into the SSL layer */
-  if(!SSL_set_fd(backend->handle, (int)cf->conn->sock[cf->sockindex])) {
+  if(!SSL_set_fd(backend->handle, (int)Curl_conn_cf_get_socket(cf, data))) {
     failf(data, "SSL: SSL_set_fd failed");
     return CURLE_SSL_CONNECT_ERROR;
   }
@@ -822,6 +798,9 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
       }
     }
 #endif
+    else if(backend->io_result == CURLE_AGAIN) {
+      return CURLE_OK;
+    }
     else {
       failf(data, "SSL_connect failed with error %d: %s", detail,
           ERR_error_string(detail, error_buffer));
@@ -883,25 +862,11 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
     rc = wolfSSL_ALPN_GetProtocol(backend->handle, &protocol, &protocol_len);
 
     if(rc == SSL_SUCCESS) {
-      infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, protocol_len, protocol);
-
-      if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
-         !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
-        cf->conn->alpn = CURL_HTTP_VERSION_1_1;
-#ifdef USE_HTTP2
-      else if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
-              protocol_len == ALPN_H2_LENGTH &&
-              !memcmp(protocol, ALPN_H2, ALPN_H2_LENGTH))
-        cf->conn->alpn = CURL_HTTP_VERSION_2;
-#endif
-      else
-        infof(data, "ALPN, unrecognized protocol %.*s", protocol_len,
-              protocol);
-      Curl_multiuse_state(data, cf->conn->alpn == CURL_HTTP_VERSION_2 ?
-                          BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+      Curl_alpn_set_negotiated(cf, data, (const unsigned char *)protocol,
+                               protocol_len);
     }
     else if(rc == SSL_ALPN_NOT_FOUND)
-      infof(data, VTLS_INFOF_NO_ALPN);
+      Curl_alpn_set_negotiated(cf, data, NULL, 0);
     else {
       failf(data, "ALPN, failure getting protocol, error %d", rc);
       return CURLE_SSL_CONNECT_ERROR;
@@ -995,7 +960,6 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
   ERR_clear_error();
 
   rc = SSL_write(backend->handle, mem, memlen);
-
   if(rc <= 0) {
     int err = SSL_get_error(backend->handle, rc);
 
@@ -1003,9 +967,17 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
     case SSL_ERROR_WANT_READ:
     case SSL_ERROR_WANT_WRITE:
       /* there's data pending, re-invoke SSL_write() */
+      DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> AGAIN", len));
       *curlcode = CURLE_AGAIN;
       return -1;
     default:
+      if(backend->io_result == CURLE_AGAIN) {
+        DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> AGAIN", len));
+        *curlcode = CURLE_AGAIN;
+        return -1;
+      }
+      DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> %d, %d",
+                    len, rc, err));
       failf(data, "SSL write: %s, errno %d",
             ERR_error_string(err, error_buffer),
             SOCKERRNO);
@@ -1013,6 +985,7 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
       return -1;
     }
   }
+  DEBUGF(LOG_CF(data, cf, "wolfssl_send(len=%zu) -> %d", len, rc));
   return rc;
 }
 
@@ -1042,19 +1015,19 @@ static void wolfssl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
 
 static ssize_t wolfssl_recv(struct Curl_cfilter *cf,
                             struct Curl_easy *data,
-                            char *buf,
-                            size_t buffersize,
+                            char *buf, size_t blen,
                             CURLcode *curlcode)
 {
   struct ssl_connect_data *connssl = cf->ctx;
   struct ssl_backend_data *backend = connssl->backend;
   char error_buffer[WOLFSSL_MAX_ERROR_SZ];
-  int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+  int buffsize = (blen > (size_t)INT_MAX) ? INT_MAX : (int)blen;
   int nread;
 
   DEBUGASSERT(backend);
 
   ERR_clear_error();
+  *curlcode = CURLE_OK;
 
   nread = SSL_read(backend->handle, buf, buffsize);
 
@@ -1063,22 +1036,31 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf,
 
     switch(err) {
     case SSL_ERROR_ZERO_RETURN: /* no more data */
-      break;
+      DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> CLOSED", blen));
+      *curlcode = CURLE_OK;
+      return 0;
     case SSL_ERROR_NONE:
       /* FALLTHROUGH */
     case SSL_ERROR_WANT_READ:
       /* FALLTHROUGH */
     case SSL_ERROR_WANT_WRITE:
       /* there's data pending, re-invoke SSL_read() */
+      DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> AGAIN", blen));
       *curlcode = CURLE_AGAIN;
       return -1;
     default:
+      if(backend->io_result == CURLE_AGAIN) {
+        DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> AGAIN", blen));
+        *curlcode = CURLE_AGAIN;
+        return -1;
+      }
       failf(data, "SSL read: %s, errno %d",
             ERR_error_string(err, error_buffer), SOCKERRNO);
       *curlcode = CURLE_RECV_ERROR;
       return -1;
     }
   }
+  DEBUGF(LOG_CF(data, cf, "wolfssl_recv(len=%zu) -> %d", blen, nread));
   return nread;
 }
 
@@ -1166,7 +1148,7 @@ wolfssl_connect_common(struct Curl_cfilter *cf,
 {
   CURLcode result;
   struct ssl_connect_data *connssl = cf->ctx;
-  curl_socket_t sockfd = cf->conn->sock[cf->sockindex];
+  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
   int what;
 
   /* check if the connection has already been established */
diff --git a/lib/vtls/wolfssl.h b/lib/vtls/wolfssl.h
index b2e7c3fde..a5ed84809 100644
--- a/lib/vtls/wolfssl.h
+++ b/lib/vtls/wolfssl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index 4c1c9a8b7..c29820045 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -48,6 +48,7 @@
 #include "curl_ctype.h"
 #include "hostcheck.h"
 #include "vtls/vtls.h"
+#include "vtls/vtls_int.h"
 #include "sendf.h"
 #include "inet_pton.h"
 #include "curl_base64.h"
@@ -1117,7 +1118,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
   for(ccp = cert.version.beg; ccp < cert.version.end; ccp++)
     version = (version << 8) | *(const unsigned char *) ccp;
   if(data->set.ssl.certinfo) {
-    ccp = curl_maprintf("%lx", version);
+    ccp = curl_maprintf("%x", version);
     if(!ccp)
       return CURLE_OUT_OF_MEMORY;
     result = Curl_ssl_push_certinfo(data, certnum, "Version", ccp);
@@ -1126,7 +1127,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
       return result;
   }
   if(!certnum)
-    infof(data, "   Version: %lu (0x%lx)", version + 1, version);
+    infof(data, "   Version: %u (0x%x)", version + 1, version);
 
   /* Serial number. */
   ccp = ASN1tostr(&cert.serialNumber, 0);
@@ -1313,7 +1314,8 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf,
 
   /* Get the server IP address. */
 #ifdef ENABLE_IPV6
-  if(conn->bits.ipv6_ip && Curl_inet_pton(AF_INET6, connssl->hostname, &addr))
+  if(cf->conn->bits.ipv6_ip &&
+     Curl_inet_pton(AF_INET6, connssl->hostname, &addr))
     addrlen = sizeof(struct in6_addr);
   else
 #endif
@@ -1348,19 +1350,18 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf,
           break;
         switch(name.tag) {
         case 2: /* DNS name. */
-          matched = 0;
           len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING,
                             name.beg, name.end);
-          if(len > 0) {
-            if(size_t)len == strlen(dnsname)
-              matched = Curl_cert_hostcheck(dnsname, (size_t)len,
-                                            connssl->hostname, hostlen);
-            free(dnsname);
-          }
+          if(len > 0 && (size_t)len == strlen(dnsname))
+            matched = Curl_cert_hostcheck(dnsname, (size_t)len,
+                                          connssl->hostname, hostlen);
+          else
+            matched = 0;
+          free(dnsname);
           break;
 
         case 7: /* IP address. */
-          matched = (name.end - name.beg) == addrlen &&
+          matched = (size_t)(name.end - name.beg) == addrlen &&
             !memcmp(&addr, name.beg, addrlen);
           break;
         }
@@ -1406,8 +1407,10 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf,
     failf(data, "SSL: unable to obtain common name from peer certificate");
   else {
     len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end);
-    if(len < 0)
+    if(len < 0) {
+      free(dnsname);
       return CURLE_OUT_OF_MEMORY;
+    }
     if(strlen(dnsname) != (size_t) len)         /* Nul byte in string ? */
       failf(data, "SSL: illegal cert name field");
     else if(Curl_cert_hostcheck((const char *) dnsname,
diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h
index eb8e9597c..5496de40e 100644
--- a/lib/vtls/x509asn1.h
+++ b/lib/vtls/x509asn1.h
@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/warnless.c b/lib/warnless.c
index b00d7a5a2..10c91fb28 100644
--- a/lib/warnless.c
+++ b/lib/warnless.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/warnless.h b/lib/warnless.h
index 4367099d9..99b243379 100644
--- a/lib/warnless.h
+++ b/lib/warnless.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/lib/wildcard.h b/lib/wildcard.h
deleted file mode 100644
index 21e933b9a..000000000
--- a/lib/wildcard.h
+++ /dev/null
@@ -1,70 +0,0 @@
-#ifndef HEADER_CURL_WILDCARD_H
-#define HEADER_CURL_WILDCARD_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifndef CURL_DISABLE_FTP
-#include <curl/curl.h>
-#include "llist.h"
-
-/* list of wildcard process states */
-typedef enum {
-  CURLWC_CLEAR = 0,
-  CURLWC_INIT = 1,
-  CURLWC_MATCHING, /* library is trying to get list of addresses for
-                      downloading */
-  CURLWC_DOWNLOADING,
-  CURLWC_CLEAN, /* deallocate resources and reset settings */
-  CURLWC_SKIP,  /* skip over concrete file */
-  CURLWC_ERROR, /* error cases */
-  CURLWC_DONE   /* if is wildcard->state == CURLWC_DONE wildcard loop
-                   will end */
-} wildcard_states;
-
-typedef void (*wildcard_dtor)(void *ptr);
-
-/* struct keeping information about wildcard download process */
-struct WildcardData {
-  wildcard_states state;
-  char *path; /* path to the directory, where we trying wildcard-match */
-  char *pattern; /* wildcard pattern */
-  struct Curl_llist filelist; /* llist with struct Curl_fileinfo */
-  void *protdata; /* pointer to protocol specific temporary data */
-  wildcard_dtor dtor;
-  void *customptr;  /* for CURLOPT_CHUNK_DATA pointer */
-};
-
-CURLcode Curl_wildcard_init(struct WildcardData *wc);
-void Curl_wildcard_dtor(struct WildcardData *wc);
-
-struct Curl_easy;
-
-#else
-/* FTP is disabled */
-#define Curl_wildcard_dtor(x)
-#endif
-
-#endif /* HEADER_CURL_WILDCARD_H */
diff --git a/lib/ws.c b/lib/ws.c
index c1b2622a7..e8495dcfc 100644
--- a/lib/ws.c
+++ b/lib/ws.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -115,12 +115,18 @@ CURLcode Curl_ws_request(struct Curl_easy *data, REQTYPE *req)
   return result;
 }
 
-CURLcode Curl_ws_accept(struct Curl_easy *data)
+/*
+ * 'nread' is number of bytes of websocket data already in the buffer at
+ * 'mem'.
+ */
+CURLcode Curl_ws_accept(struct Curl_easy *data,
+                        const char *mem, size_t nread)
 {
   struct SingleRequest *k = &data->req;
   struct HTTP *ws = data->req.p.http;
   struct connectdata *conn = data->conn;
   struct websocket *wsp = &data->req.p.http->ws;
+  struct ws_conn *wsc = &conn->proto.ws;
   CURLcode result;
 
   /* Verify the Sec-WebSocket-Accept response.
@@ -149,13 +155,17 @@ CURLcode Curl_ws_accept(struct Curl_easy *data)
 
   infof(data, "Received 101, switch to WebSocket; mask %02x%02x%02x%02x",
         ws->ws.mask[0], ws->ws.mask[1], ws->ws.mask[2], ws->ws.mask[3]);
+  Curl_dyn_init(&wsc->early, data->set.buffer_size);
+  if(nread) {
+    result = Curl_dyn_addn(&wsc->early, mem, nread);
+    if(result)
+      return result;
+    infof(data, "%zu bytes websocket payload", nread);
+    wsp->stillb = Curl_dyn_ptr(&wsc->early);
+    wsp->stillblen = Curl_dyn_len(&wsc->early);
+  }
   k->upgr101 = UPGR101_RECEIVED;
 
-  if(data->set.connect_only)
-    /* switch off non-blocking sockets */
-    (void)curlx_nonblock(conn->sock[FIRSTSOCKET], FALSE);
-
-  wsp->oleft = 0;
   return result;
 }
 
@@ -183,12 +193,12 @@ static void ws_decode_shift(struct Curl_easy *data, size_t spent)
 
 /* ws_decode() decodes a binary frame into structured WebSocket data,
 
-   wpkt - the incoming raw data. If NULL, work on the already buffered data.
-   ilen - the size of the provided data, perhaps too little, perhaps too much
-   out - stored pointed to extracted data
+   data - the transfer
+   inbuf - incoming raw data. If NULL, work on the already buffered data.
+   inlen - size of the provided data, perhaps too little, perhaps too much
+   headlen - stored length of the frame header
    olen - stored length of the extracted data
    oleft - number of unread bytes pending to that belongs to this frame
-   more - if there is more data in there
    flags - stored bitmask about the frame
 
    Returns CURLE_AGAIN if there is only a partial frame in the buffer. Then it
@@ -246,6 +256,9 @@ static CURLcode ws_decode(struct Curl_easy *data,
     infof(data, "WS: received OPCODE PONG");
     *flags |= CURLWS_PONG;
     break;
+  default:
+    failf(data, "WS: unknown opcode: %x", opcode);
+    return CURLE_RECV_ERROR;
   }
 
   if(inbuf[1] & WSBIT_MASK) {
@@ -296,7 +309,7 @@ static CURLcode ws_decode(struct Curl_easy *data,
     *oleft = 0;             /* bytes yet to come (for this frame) */
   }
 
-  infof(data, "WS: received %zu bytes payload (%zu left, buflen was %zu)",
+  infof(data, "WS: received %Ou bytes payload (%Ou left, buflen was %zu)",
         payloadsize, *oleft, inlen);
   return CURLE_OK;
 }
@@ -339,9 +352,6 @@ size_t Curl_ws_writecb(char *buffer, size_t size /* 1 */,
 
         result = ws_decode(data, wsbuf, buflen,
                            &headlen, &write_len, &fb_left, &recvflags);
-        consumed += headlen;
-        wsbuf += headlen;
-        buflen -= headlen;
         if(result == CURLE_AGAIN)
           /* insufficient amount of data, keep it for later.
            * we pretend to have written all since we have a copy */
@@ -350,6 +360,10 @@ size_t Curl_ws_writecb(char *buffer, size_t size /* 1 */,
           infof(data, "WS: decode error %d", (int)result);
           return nitems - 1;
         }
+        consumed += headlen;
+        wsbuf += headlen;
+        buflen -= headlen;
+
         /* New frame. store details about the frame to be reachable with
            curl_ws_meta() from within the write callback */
         ws->ws.frame.age = 0;
@@ -392,7 +406,6 @@ size_t Curl_ws_writecb(char *buffer, size_t size /* 1 */,
   return nitems;
 }
 
-
 CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer,
                                   size_t buflen, size_t *nread,
                                   struct curl_ws_frame **metap)
@@ -409,7 +422,7 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer,
     return result;
 
   while(!done) {
-    size_t write_len;
+    size_t datalen;
     unsigned int recvflags;
 
     if(!wsp->stillblen) {
@@ -419,26 +432,32 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer,
                               data->set.buffer_size, &n);
       if(result)
         return result;
-      if(!n)
+      if(!n) {
         /* connection closed */
+        infof(data, "connection expectedly closed?");
         return CURLE_GOT_NOTHING;
+      }
       wsp->stillb = data->state.buffer;
       wsp->stillblen = n;
     }
 
-    infof(data, "WS: got %u websocket bytes to decode",
-          (int)wsp->stillblen);
+    infof(data, "WS: %u bytes left to decode", (int)wsp->stillblen);
     if(!wsp->frame.bytesleft) {
       size_t headlen;
       curl_off_t oleft;
       /* detect new frame */
       result = ws_decode(data, (unsigned char *)wsp->stillb, wsp->stillblen,
-                         &headlen, &write_len, &oleft, &recvflags);
+                         &headlen, &datalen, &oleft, &recvflags);
       if(result == CURLE_AGAIN)
         /* a packet fragment only */
         break;
       else if(result)
         return result;
+      if(datalen > buflen) {
+        size_t diff = datalen - buflen;
+        datalen = buflen;
+        oleft += diff;
+      }
       wsp->stillb += headlen;
       wsp->stillblen -= headlen;
       wsp->frame.offset = 0;
@@ -447,40 +466,45 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer,
     }
     else {
       /* existing frame, remaining payload handling */
-      write_len = wsp->frame.bytesleft;
-      if(write_len > wsp->stillblen)
-        write_len = wsp->stillblen;
+      datalen = wsp->frame.bytesleft;
+      if(datalen > wsp->stillblen)
+        datalen = wsp->stillblen;
+      if(datalen > buflen)
+        datalen = buflen;
+
+      wsp->frame.offset += wsp->frame.len;
+      wsp->frame.bytesleft -= datalen;
     }
+    wsp->frame.len = datalen;
 
     /* auto-respond to PINGs */
     if((wsp->frame.flags & CURLWS_PING) && !wsp->frame.bytesleft) {
-      infof(data, "WS: auto-respond to PING with a PONG");
+      size_t nsent = 0;
+      infof(data, "WS: auto-respond to PING with a PONG, %zu bytes payload",
+            datalen);
       /* send back the exact same content as a PONG */
-      result = curl_ws_send(data, wsp->stillb, write_len,
-                            &write_len, 0, CURLWS_PONG);
+      result = curl_ws_send(data, wsp->stillb, datalen, &nsent, 0,
+                            CURLWS_PONG);
       if(result)
         return result;
+      infof(data, "WS: bytesleft %zu datalen %zu",
+            wsp->frame.bytesleft, datalen);
+      /* we handled the data part of the PING, advance over that */
+      wsp->stillb += nsent;
+      wsp->stillblen -= nsent;
     }
-    else if(write_len || !wsp->frame.bytesleft) {
-      if(write_len > buflen)
-        write_len = buflen;
+    else if(datalen) {
       /* copy the payload to the user buffer */
-      memcpy(buffer, wsp->stillb, write_len);
-      *nread = write_len;
+      memcpy(buffer, wsp->stillb, datalen);
+      *nread = datalen;
       done = TRUE;
-    }
-    if(write_len) {
-      /* update buffer and frame info */
-      wsp->frame.offset += write_len;
-      DEBUGASSERT(wsp->frame.bytesleft >= (curl_off_t)write_len);
-      if(wsp->frame.bytesleft)
-        wsp->frame.bytesleft -= write_len;
-      DEBUGASSERT(write_len <= wsp->stillblen);
-      wsp->stillblen -= write_len;
+
+      wsp->stillblen -= datalen;
       if(wsp->stillblen)
-        wsp->stillb += write_len;
-      else
+        wsp->stillb += datalen;
+      else {
         wsp->stillb = NULL;
+      }
     }
   }
   *metap = &wsp->frame;
@@ -555,17 +579,27 @@ static size_t ws_packethead(struct Curl_easy *data,
   }
 
   if(!(flags & CURLWS_CONT)) {
-    /* if not marked as continuing, assume this is the final fragment */
-    firstbyte |= WSBIT_FIN | opcode;
+    if(!ws->ws.contfragment)
+      /* not marked as continuing, this is the final fragment */
+      firstbyte |= WSBIT_FIN | opcode;
+    else
+      /* marked as continuing, this is the final fragment; set CONT
+         opcode and FIN bit */
+      firstbyte |= WSBIT_FIN | WSBIT_OPCODE_CONT;
+
     ws->ws.contfragment = FALSE;
+    infof(data, "WS: set FIN");
   }
   else if(ws->ws.contfragment) {
     /* the previous fragment was not a final one and this isn't either, keep a
        CONT opcode and no FIN bit */
     firstbyte |= WSBIT_OPCODE_CONT;
+    infof(data, "WS: keep CONT, no FIN");
   }
   else {
+    firstbyte = opcode;
     ws->ws.contfragment = TRUE;
+    infof(data, "WS: set CONT, no FIN");
   }
   out[0] = firstbyte;
   if(len > 65535) {
@@ -686,8 +720,14 @@ CURL_EXTERN CURLcode curl_ws_send(struct Curl_easy *data, const void *buffer,
 
   infof(data, "WS: wanted to send %zu bytes, sent %zu bytes",
         headlen + buflen, written);
-  *sent = written;
 
+  if(!result) {
+    /* the *sent number only counts "payload", excluding the header */
+    if((size_t)written > headlen)
+      *sent = written - headlen;
+    else
+      *sent = 0;
+  }
   return result;
 }
 
@@ -698,6 +738,17 @@ void Curl_ws_done(struct Curl_easy *data)
   Curl_dyn_free(&wsp->buf);
 }
 
+CURLcode Curl_ws_disconnect(struct Curl_easy *data,
+                            struct connectdata *conn,
+                            bool dead_connection)
+{
+  struct ws_conn *wsc = &conn->proto.ws;
+  (void)data;
+  (void)dead_connection;
+  Curl_dyn_free(&wsc->early);
+  return CURLE_OK;
+}
+
 CURL_EXTERN struct curl_ws_frame *curl_ws_meta(struct Curl_easy *data)
 {
   /* we only return something for websocket, called from within the callback
diff --git a/lib/ws.h b/lib/ws.h
index 2f3ed2d1e..176dda470 100644
--- a/lib/ws.h
+++ b/lib/ws.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -46,24 +46,28 @@ struct websocket {
   size_t usedbuf; /* number of leading bytes in 'buf' the most recent complete
                      websocket frame uses */
   struct curl_ws_frame frame; /* the struct used for frame state */
-  curl_off_t oleft; /* outstanding number of payload bytes left from the
-                       server */
   size_t stillblen; /* number of bytes left in the buffer to deliver in
                          the next curl_ws_recv() call */
-  char *stillb; /* the stillblen pending bytes are here */
+  const char *stillb; /* the stillblen pending bytes are here */
   curl_off_t sleft; /* outstanding number of payload bytes left to send */
   unsigned int xori; /* xor index */
 };
 
-CURLcode Curl_ws_request(struct Curl_easy *data, REQTYPE *req);
-CURLcode Curl_ws_accept(struct Curl_easy *data);
+struct ws_conn {
+  struct dynbuf early; /* data already read when switching to ws */
+};
 
+CURLcode Curl_ws_request(struct Curl_easy *data, REQTYPE *req);
+CURLcode Curl_ws_accept(struct Curl_easy *data, const char *mem, size_t len);
 size_t Curl_ws_writecb(char *buffer, size_t size, size_t nitems, void *userp);
 void Curl_ws_done(struct Curl_easy *data);
-
+CURLcode Curl_ws_disconnect(struct Curl_easy *data,
+                            struct connectdata *conn,
+                            bool dead_connection);
 #else
 #define Curl_ws_request(x,y) CURLE_OK
 #define Curl_ws_done(x) Curl_nop_stmt
+#define Curl_ws_free(x) Curl_nop_stmt
 #endif
 
 #endif /* HEADER_CURL_WS_H */
diff --git a/libcurl.pc.in b/libcurl.pc.in
index 49485f192..9db6b0f89 100644
--- a/libcurl.pc.in
+++ b/libcurl.pc.in
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/ltmain.sh b/ltmain.sh
index 21e5e0784..9b12fbb7f 100755
--- a/ltmain.sh
+++ b/ltmain.sh
@@ -1,12 +1,12 @@
-#! /bin/sh
+#! /usr/bin/env sh
 ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
-##               by inline-source v2014-01-03.01
+##               by inline-source v2019-02-19.15
 
-# libtool (GNU libtool) 2.4.6
+# libtool (GNU libtool) 2.4.7
 # Provide generalized library-building support services.
 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
 
-# Copyright (C) 1996-2015 Free Software Foundation, Inc.
+# Copyright (C) 1996-2019, 2021-2022 Free Software Foundation, Inc.
 # This is free software; see the source for copying conditions.  There is NO
 # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
@@ -31,8 +31,8 @@
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION="2.4.6 Debian-2.4.6-15"
-package_revision=2.4.6
+VERSION="2.4.7 Debian-2.4.7-5"
+package_revision=2.4.7
 
 
 ## ------ ##
@@ -64,34 +64,25 @@ package_revision=2.4.6
 # libraries, which are installed to $pkgauxdir.
 
 # Set a version string for this script.
-scriptversion=2015-01-20.17; # UTC
+scriptversion=2019-02-19.15; # UTC
 
 # General shell script boiler plate, and helper functions.
 # Written by Gary V. Vaughan, 2004
 
-# Copyright (C) 2004-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-
-# As a special exception to the GNU General Public License, if you distribute
-# this file as part of a program or library that is built using GNU Libtool,
-# you may include this file under the same distribution terms that you use
-# for the rest of that program.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# This is free software.  There is NO warranty; not even for
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Copyright (C) 2004-2019, 2021 Bootstrap Authors
+#
+# This file is dual licensed under the terms of the MIT license
+# <https://opensource.org/license/MIT>, and GPL version 2 or later
+# <http://www.gnu.org/licenses/gpl-2.0.html>.  You must apply one of
+# these licenses when using or redistributing this software or any of
+# the files within it.  See the URLs above, or the file `LICENSE`
+# included in the Bootstrap distribution for the full license texts.
 
-# Please report bugs or propose patches to gary@gnu.org.
+# Please report bugs or propose patches to:
+# <https://github.com/gnulib-modules/bootstrap/issues>
 
 
 ## ------ ##
@@ -139,9 +130,12 @@ do
 	  _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
 	fi"
 done
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# These NLS vars are set unconditionally (bootstrap issue #24).  Unset those
+# in case the environment reset is needed later and the $save_* variant is not
+# defined (see the code above).
+LC_ALL=C
+LANGUAGE=C
+export LANGUAGE LC_ALL
 
 # Make sure IFS has a sensible default
 sp=' '
@@ -159,6 +153,26 @@ if test "${PATH_SEPARATOR+set}" != set; then
 fi
 
 
+# func_unset VAR
+# --------------
+# Portably unset VAR.
+# In some shells, an 'unset VAR' statement leaves a non-zero return
+# status if VAR is already unset, which might be problematic if the
+# statement is used at the end of a function (thus poisoning its return
+# value) or when 'set -e' is active (causing even a spurious abort of
+# the script in this case).
+func_unset ()
+{
+    { eval $1=; (eval unset $1) >/dev/null 2>&1 && eval unset $1 || : ; }
+}
+
+
+# Make sure CDPATH doesn't cause `cd` commands to output the target dir.
+func_unset CDPATH
+
+# Make sure ${,E,F}GREP behave sanely.
+func_unset GREP_OPTIONS
+
 
 ## ------------------------- ##
 ## Locate command utilities. ##
@@ -259,7 +273,7 @@ test -z "$SED" && {
     rm -f conftest.in conftest.tmp conftest.nl conftest.out
   }
 
-  func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
+  func_path_progs "sed gsed" func_check_prog_sed "$PATH:/usr/xpg4/bin"
   rm -f conftest.sed
   SED=$func_path_progs_result
 }
@@ -295,7 +309,7 @@ test -z "$GREP" && {
     rm -f conftest.in conftest.tmp conftest.nl conftest.out
   }
 
-  func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
+  func_path_progs "grep ggrep" func_check_prog_grep "$PATH:/usr/xpg4/bin"
   GREP=$func_path_progs_result
 }
 
@@ -360,6 +374,35 @@ sed_double_backslash="\
   s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
   s/\n//g"
 
+# require_check_ifs_backslash
+# ---------------------------
+# Check if we can use backslash as IFS='\' separator, and set
+# $check_ifs_backshlash_broken to ':' or 'false'.
+require_check_ifs_backslash=func_require_check_ifs_backslash
+func_require_check_ifs_backslash ()
+{
+  _G_save_IFS=$IFS
+  IFS='\'
+  _G_check_ifs_backshlash='a\\b'
+  for _G_i in $_G_check_ifs_backshlash
+  do
+  case $_G_i in
+  a)
+    check_ifs_backshlash_broken=false
+    ;;
+  '')
+    break
+    ;;
+  *)
+    check_ifs_backshlash_broken=:
+    break
+    ;;
+  esac
+  done
+  IFS=$_G_save_IFS
+  require_check_ifs_backslash=:
+}
+
 
 ## ----------------- ##
 ## Global variables. ##
@@ -580,16 +623,16 @@ if test yes = "$_G_HAVE_PLUSEQ_OP"; then
   {
     $debug_cmd
 
-    func_quote_for_eval "$2"
-    eval "$1+=\\ \$func_quote_for_eval_result"
+    func_quote_arg pretty "$2"
+    eval "$1+=\\ \$func_quote_arg_result"
   }'
 else
   func_append_quoted ()
   {
     $debug_cmd
 
-    func_quote_for_eval "$2"
-    eval "$1=\$$1\\ \$func_quote_for_eval_result"
+    func_quote_arg pretty "$2"
+    eval "$1=\$$1\\ \$func_quote_arg_result"
   }
 fi
 
@@ -1091,85 +1134,203 @@ func_relative_path ()
 }
 
 
-# func_quote_for_eval ARG...
-# --------------------------
-# Aesthetically quote ARGs to be evaled later.
-# This function returns two values:
-#   i) func_quote_for_eval_result
-#      double-quoted, suitable for a subsequent eval
-#  ii) func_quote_for_eval_unquoted_result
-#      has all characters that are still active within double
-#      quotes backslashified.
-func_quote_for_eval ()
+# func_quote_portable EVAL ARG
+# ----------------------------
+# Internal function to portably implement func_quote_arg.  Note that we still
+# keep attention to performance here so we as much as possible try to avoid
+# calling sed binary (so far O(N) complexity as long as func_append is O(1)).
+func_quote_portable ()
 {
     $debug_cmd
 
-    func_quote_for_eval_unquoted_result=
-    func_quote_for_eval_result=
-    while test 0 -lt $#; do
-      case $1 in
-        *[\\\`\"\$]*)
-	  _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
-        *)
-          _G_unquoted_arg=$1 ;;
-      esac
-      if test -n "$func_quote_for_eval_unquoted_result"; then
-	func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
-      else
-        func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
+    $require_check_ifs_backslash
+
+    func_quote_portable_result=$2
+
+    # one-time-loop (easy break)
+    while true
+    do
+      if $1; then
+        func_quote_portable_result=`$ECHO "$2" | $SED \
+          -e "$sed_double_quote_subst" -e "$sed_double_backslash"`
+        break
       fi
 
-      case $_G_unquoted_arg in
-        # Double-quote args containing shell metacharacters to delay
-        # word splitting, command substitution and variable expansion
-        # for a subsequent eval.
-        # Many Bourne shells cannot handle close brackets correctly
-        # in scan sets, so we specify it separately.
-        *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-          _G_quoted_arg=\"$_G_unquoted_arg\"
+      # Quote for eval.
+      case $func_quote_portable_result in
+        *[\\\`\"\$]*)
+          # Fallback to sed for $func_check_bs_ifs_broken=:, or when the string
+          # contains the shell wildcard characters.
+          case $check_ifs_backshlash_broken$func_quote_portable_result in
+            :*|*[\[\*\?]*)
+              func_quote_portable_result=`$ECHO "$func_quote_portable_result" \
+                  | $SED "$sed_quote_subst"`
+              break
+              ;;
+          esac
+
+          func_quote_portable_old_IFS=$IFS
+          for _G_char in '\' '`' '"' '$'
+          do
+            # STATE($1) PREV($2) SEPARATOR($3)
+            set start "" ""
+            func_quote_portable_result=dummy"$_G_char$func_quote_portable_result$_G_char"dummy
+            IFS=$_G_char
+            for _G_part in $func_quote_portable_result
+            do
+              case $1 in
+              quote)
+                func_append func_quote_portable_result "$3$2"
+                set quote "$_G_part" "\\$_G_char"
+                ;;
+              start)
+                set first "" ""
+                func_quote_portable_result=
+                ;;
+              first)
+                set quote "$_G_part" ""
+                ;;
+              esac
+            done
+          done
+          IFS=$func_quote_portable_old_IFS
           ;;
-        *)
-          _G_quoted_arg=$_G_unquoted_arg
-	  ;;
+        *) ;;
       esac
-
-      if test -n "$func_quote_for_eval_result"; then
-	func_append func_quote_for_eval_result " $_G_quoted_arg"
-      else
-        func_append func_quote_for_eval_result "$_G_quoted_arg"
-      fi
-      shift
+      break
     done
+
+    func_quote_portable_unquoted_result=$func_quote_portable_result
+    case $func_quote_portable_result in
+      # double-quote args containing shell metacharacters to delay
+      # word splitting, command substitution and variable expansion
+      # for a subsequent eval.
+      # many bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        func_quote_portable_result=\"$func_quote_portable_result\"
+        ;;
+    esac
 }
 
 
-# func_quote_for_expand ARG
-# -------------------------
-# Aesthetically quote ARG to be evaled later; same as above,
-# but do not quote variable references.
-func_quote_for_expand ()
-{
-    $debug_cmd
+# func_quotefast_eval ARG
+# -----------------------
+# Quote one ARG (internal).  This is equivalent to 'func_quote_arg eval ARG',
+# but optimized for speed.  Result is stored in $func_quotefast_eval.
+if test xyes = `(x=; printf -v x %q yes; echo x"$x") 2>/dev/null`; then
+  printf -v _GL_test_printf_tilde %q '~'
+  if test '\~' = "$_GL_test_printf_tilde"; then
+    func_quotefast_eval ()
+    {
+      printf -v func_quotefast_eval_result %q "$1"
+    }
+  else
+    # Broken older Bash implementations.  Make those faster too if possible.
+    func_quotefast_eval ()
+    {
+      case $1 in
+        '~'*)
+          func_quote_portable false "$1"
+          func_quotefast_eval_result=$func_quote_portable_result
+          ;;
+        *)
+          printf -v func_quotefast_eval_result %q "$1"
+          ;;
+      esac
+    }
+  fi
+else
+  func_quotefast_eval ()
+  {
+    func_quote_portable false "$1"
+    func_quotefast_eval_result=$func_quote_portable_result
+  }
+fi
 
-    case $1 in
-      *[\\\`\"]*)
-	_G_arg=`$ECHO "$1" | $SED \
-	    -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
-      *)
-        _G_arg=$1 ;;
+
+# func_quote_arg MODEs ARG
+# ------------------------
+# Quote one ARG to be evaled later.  MODEs argument may contain zero or more
+# specifiers listed below separated by ',' character.  This function returns two
+# values:
+#   i) func_quote_arg_result
+#      double-quoted (when needed), suitable for a subsequent eval
+#  ii) func_quote_arg_unquoted_result
+#      has all characters that are still active within double
+#      quotes backslashified.  Available only if 'unquoted' is specified.
+#
+# Available modes:
+# ----------------
+# 'eval' (default)
+#       - escape shell special characters
+# 'expand'
+#       - the same as 'eval';  but do not quote variable references
+# 'pretty'
+#       - request aesthetic output, i.e. '"a b"' instead of 'a\ b'.  This might
+#         be used later in func_quote to get output like: 'echo "a b"' instead
+#         of 'echo a\ b'.  This is slower than default on some shells.
+# 'unquoted'
+#       - produce also $func_quote_arg_unquoted_result which does not contain
+#         wrapping double-quotes.
+#
+# Examples for 'func_quote_arg pretty,unquoted string':
+#
+#   string      | *_result              | *_unquoted_result
+#   ------------+-----------------------+-------------------
+#   "           | \"                    | \"
+#   a b         | "a b"                 | a b
+#   "a b"       | "\"a b\""             | \"a b\"
+#   *           | "*"                   | *
+#   z="${x-$y}" | "z=\"\${x-\$y}\""     | z=\"\${x-\$y}\"
+#
+# Examples for 'func_quote_arg pretty,unquoted,expand string':
+#
+#   string        |   *_result          |  *_unquoted_result
+#   --------------+---------------------+--------------------
+#   z="${x-$y}"   | "z=\"${x-$y}\""     | z=\"${x-$y}\"
+func_quote_arg ()
+{
+    _G_quote_expand=false
+    case ,$1, in
+      *,expand,*)
+        _G_quote_expand=:
+        ;;
     esac
 
-    case $_G_arg in
-      # Double-quote args containing shell metacharacters to delay
-      # word splitting and command substitution for a subsequent eval.
-      # Many Bourne shells cannot handle close brackets correctly
-      # in scan sets, so we specify it separately.
-      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
-        _G_arg=\"$_G_arg\"
+    case ,$1, in
+      *,pretty,*|*,expand,*|*,unquoted,*)
+        func_quote_portable $_G_quote_expand "$2"
+        func_quote_arg_result=$func_quote_portable_result
+        func_quote_arg_unquoted_result=$func_quote_portable_unquoted_result
+        ;;
+      *)
+        # Faster quote-for-eval for some shells.
+        func_quotefast_eval "$2"
+        func_quote_arg_result=$func_quotefast_eval_result
         ;;
     esac
+}
+
 
-    func_quote_for_expand_result=$_G_arg
+# func_quote MODEs ARGs...
+# ------------------------
+# Quote all ARGs to be evaled later and join them into single command.  See
+# func_quote_arg's description for more info.
+func_quote ()
+{
+    $debug_cmd
+    _G_func_quote_mode=$1 ; shift
+    func_quote_result=
+    while test 0 -lt $#; do
+      func_quote_arg "$_G_func_quote_mode" "$1"
+      if test -n "$func_quote_result"; then
+        func_append func_quote_result " $func_quote_arg_result"
+      else
+        func_append func_quote_result "$func_quote_arg_result"
+      fi
+      shift
+    done
 }
 
 
@@ -1215,8 +1376,8 @@ func_show_eval ()
     _G_cmd=$1
     _G_fail_exp=${2-':'}
 
-    func_quote_for_expand "$_G_cmd"
-    eval "func_notquiet $func_quote_for_expand_result"
+    func_quote_arg pretty,expand "$_G_cmd"
+    eval "func_notquiet $func_quote_arg_result"
 
     $opt_dry_run || {
       eval "$_G_cmd"
@@ -1241,8 +1402,8 @@ func_show_eval_locale ()
     _G_fail_exp=${2-':'}
 
     $opt_quiet || {
-      func_quote_for_expand "$_G_cmd"
-      eval "func_echo $func_quote_for_expand_result"
+      func_quote_arg expand,pretty "$_G_cmd"
+      eval "func_echo $func_quote_arg_result"
     }
 
     $opt_dry_run || {
@@ -1369,30 +1530,26 @@ func_lt_ver ()
 # End:
 #! /bin/sh
 
-# Set a version string for this script.
-scriptversion=2015-10-07.11; # UTC
-
 # A portable, pluggable option parser for Bourne shell.
 # Written by Gary V. Vaughan, 2010
 
-# Copyright (C) 2010-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# This is free software.  There is NO warranty; not even for
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Copyright (C) 2010-2019, 2021 Bootstrap Authors
+#
+# This file is dual licensed under the terms of the MIT license
+# <https://opensource.org/license/MIT>, and GPL version 2 or later
+# <http://www.gnu.org/licenses/gpl-2.0.html>.  You must apply one of
+# these licenses when using or redistributing this software or any of
+# the files within it.  See the URLs above, or the file `LICENSE`
+# included in the Bootstrap distribution for the full license texts.
 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
+# Please report bugs or propose patches to:
+# <https://github.com/gnulib-modules/bootstrap/issues>
 
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# Please report bugs or propose patches to gary@gnu.org.
+# Set a version string for this script.
+scriptversion=2019-02-19.15; # UTC
 
 
 ## ------ ##
@@ -1415,7 +1572,7 @@ scriptversion=2015-10-07.11; # UTC
 #
 # In order for the '--version' option to work, you will need to have a
 # suitably formatted comment like the one at the top of this file
-# starting with '# Written by ' and ending with '# warranty; '.
+# starting with '# Written by ' and ending with '# Copyright'.
 #
 # For '-h' and '--help' to work, you will also need a one line
 # description of your script's purpose in a comment directly above the
@@ -1427,7 +1584,7 @@ scriptversion=2015-10-07.11; # UTC
 # to display verbose messages only when your user has specified
 # '--verbose'.
 #
-# After sourcing this file, you can plug processing for additional
+# After sourcing this file, you can plug in processing for additional
 # options by amending the variables from the 'Configuration' section
 # below, and following the instructions in the 'Option parsing'
 # section further down.
@@ -1476,8 +1633,8 @@ fatal_help="Try '\$progname --help' for more information."
 ## ------------------------- ##
 
 # This section contains functions for adding, removing, and running hooks
-# to the main code.  A hook is just a named list of of function, that can
-# be run in order later on.
+# in the main code.  A hook is just a list of function names that can be
+# run in order later on.
 
 # func_hookable FUNC_NAME
 # -----------------------
@@ -1510,7 +1667,8 @@ func_add_hook ()
 
 # func_remove_hook FUNC_NAME HOOK_FUNC
 # ------------------------------------
-# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
+# Remove HOOK_FUNC from the list of hook functions to be called by
+# FUNC_NAME.
 func_remove_hook ()
 {
     $debug_cmd
@@ -1519,10 +1677,28 @@ func_remove_hook ()
 }
 
 
+# func_propagate_result FUNC_NAME_A FUNC_NAME_B
+# ---------------------------------------------
+# If the *_result variable of FUNC_NAME_A _is set_, assign its value to
+# *_result variable of FUNC_NAME_B.
+func_propagate_result ()
+{
+    $debug_cmd
+
+    func_propagate_result_result=:
+    if eval "test \"\${${1}_result+set}\" = set"
+    then
+      eval "${2}_result=\$${1}_result"
+    else
+      func_propagate_result_result=false
+    fi
+}
+
+
 # func_run_hooks FUNC_NAME [ARG]...
 # ---------------------------------
 # Run all hook functions registered to FUNC_NAME.
-# It is assumed that the list of hook functions contains nothing more
+# It's assumed that the list of hook functions contains nothing more
 # than a whitespace-delimited list of legal shell function names, and
 # no effort is wasted trying to catch shell meta-characters or preserve
 # whitespace.
@@ -1534,22 +1710,19 @@ func_run_hooks ()
 
     case " $hookable_fns " in
       *" $1 "*) ;;
-      *) func_fatal_error "'$1' does not support hook funcions.n" ;;
+      *) func_fatal_error "'$1' does not support hook functions." ;;
     esac
 
     eval _G_hook_fns=\$$1_hooks; shift
 
     for _G_hook in $_G_hook_fns; do
-      if eval $_G_hook '"$@"'; then
-        # store returned options list back into positional
-        # parameters for next 'cmd' execution.
-        eval _G_hook_result=\$${_G_hook}_result
-        eval set dummy "$_G_hook_result"; shift
-        _G_rc_run_hooks=:
+      func_unset "${_G_hook}_result"
+      eval $_G_hook '${1+"$@"}'
+      func_propagate_result $_G_hook func_run_hooks
+      if $func_propagate_result_result; then
+        eval set dummy "$func_run_hooks_result"; shift
       fi
     done
-
-    $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result
 }
 
 
@@ -1559,14 +1732,16 @@ func_run_hooks ()
 ## --------------- ##
 
 # In order to add your own option parsing hooks, you must accept the
-# full positional parameter list in your hook function, you may remove/edit
-# any options that you action, and then pass back the remaining unprocessed
-# options in '<hooked_function_name>_result', escaped suitably for
-# 'eval'.  In this case you also must return $EXIT_SUCCESS to let the
-# hook's caller know that it should pay attention to
-# '<hooked_function_name>_result'.  Returning $EXIT_FAILURE signalizes that
-# arguments are left untouched by the hook and therefore caller will ignore the
-# result variable.
+# full positional parameter list from your hook function.  You may remove
+# or edit any options that you action, and then pass back the remaining
+# unprocessed options in '<hooked_function_name>_result', escaped
+# suitably for 'eval'.
+#
+# The '<hooked_function_name>_result' variable is automatically unset
+# before your hook gets called; for best performance, only set the
+# *_result variable when necessary (i.e. don't call the 'func_quote'
+# function unnecessarily because it can be an expensive operation on some
+# machines).
 #
 # Like this:
 #
@@ -1578,11 +1753,8 @@ func_run_hooks ()
 #        usage_message=$usage_message'
 #      -s, --silent       don'\''t print informational messages
 #    '
-#        # No change in '$@' (ignored completely by this hook).  There is
-#        # no need to do the equivalent (but slower) action:
-#        # func_quote_for_eval ${1+"$@"}
-#        # my_options_prep_result=$func_quote_for_eval_result
-#        false
+#        # No change in '$@' (ignored completely by this hook).  Leave
+#        # my_options_prep_result variable intact.
 #    }
 #    func_add_hook func_options_prep my_options_prep
 #
@@ -1593,7 +1765,7 @@ func_run_hooks ()
 #
 #        args_changed=false
 #
-#        # Note that for efficiency, we parse as many options as we can
+#        # Note that, for efficiency, we parse as many options as we can
 #        # recognise in a loop before passing the remainder back to the
 #        # caller on the first unrecognised argument we encounter.
 #        while test $# -gt 0; do
@@ -1610,18 +1782,17 @@ func_run_hooks ()
 #                         args_changed=:
 #                         ;;
 #            *)           # Make sure the first unrecognised option "$_G_opt"
-#                         # is added back to "$@", we could need that later
-#                         # if $args_changed is true.
+#                         # is added back to "$@" in case we need it later,
+#                         # if $args_changed was set to 'true'.
 #                         set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
 #          esac
 #        done
 #
+#        # Only call 'func_quote' here if we processed at least one argument.
 #        if $args_changed; then
-#          func_quote_for_eval ${1+"$@"}
-#          my_silent_option_result=$func_quote_for_eval_result
+#          func_quote eval ${1+"$@"}
+#          my_silent_option_result=$func_quote_result
 #        fi
-#
-#        $args_changed
 #    }
 #    func_add_hook func_parse_options my_silent_option
 #
@@ -1632,8 +1803,6 @@ func_run_hooks ()
 #
 #        $opt_silent && $opt_verbose && func_fatal_help "\
 #    '--silent' and '--verbose' options are mutually exclusive."
-#
-#        false
 #    }
 #    func_add_hook func_validate_options my_option_validation
 #
@@ -1649,13 +1818,8 @@ func_options_finish ()
 {
     $debug_cmd
 
-    _G_func_options_finish_exit=false
-    if func_run_hooks func_options ${1+"$@"}; then
-      func_options_finish_result=$func_run_hooks_result
-      _G_func_options_finish_exit=:
-    fi
-
-    $_G_func_options_finish_exit
+    func_run_hooks func_options ${1+"$@"}
+    func_propagate_result func_run_hooks func_options_finish
 }
 
 
@@ -1668,28 +1832,27 @@ func_options ()
 {
     $debug_cmd
 
-    _G_rc_options=false
+    _G_options_quoted=false
 
     for my_func in options_prep parse_options validate_options options_finish
     do
-      if eval func_$my_func '${1+"$@"}'; then
-        eval _G_res_var='$'"func_${my_func}_result"
-        eval set dummy "$_G_res_var" ; shift
-        _G_rc_options=:
+      func_unset func_${my_func}_result
+      func_unset func_run_hooks_result
+      eval func_$my_func '${1+"$@"}'
+      func_propagate_result func_$my_func func_options
+      if $func_propagate_result_result; then
+        eval set dummy "$func_options_result"; shift
+        _G_options_quoted=:
       fi
     done
 
-    # Save modified positional parameters for caller.  As a top-level
-    # options-parser function we always need to set the 'func_options_result'
-    # variable (regardless the $_G_rc_options value).
-    if $_G_rc_options; then
-      func_options_result=$_G_res_var
-    else
-      func_quote_for_eval ${1+"$@"}
-      func_options_result=$func_quote_for_eval_result
-    fi
-
-    $_G_rc_options
+    $_G_options_quoted || {
+      # As we (func_options) are top-level options-parser function and
+      # nobody quoted "$@" for us yet, we need to do it explicitly for
+      # caller.
+      func_quote eval ${1+"$@"}
+      func_options_result=$func_quote_result
+    }
 }
 
 
@@ -1699,8 +1862,7 @@ func_options ()
 # Note that when calling hook functions, we pass through the list of
 # positional parameters.  If a hook function modifies that list, and
 # needs to propagate that back to rest of this script, then the complete
-# modified list must be put in 'func_run_hooks_result' before
-# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned).
+# modified list must be put in 'func_run_hooks_result' before returning.
 func_hookable func_options_prep
 func_options_prep ()
 {
@@ -1710,14 +1872,8 @@ func_options_prep ()
     opt_verbose=false
     opt_warning_types=
 
-    _G_rc_options_prep=false
-    if func_run_hooks func_options_prep ${1+"$@"}; then
-      _G_rc_options_prep=:
-      # save modified positional parameters for caller
-      func_options_prep_result=$func_run_hooks_result
-    fi
-
-    $_G_rc_options_prep
+    func_run_hooks func_options_prep ${1+"$@"}
+    func_propagate_result func_run_hooks func_options_prep
 }
 
 
@@ -1729,27 +1885,32 @@ func_parse_options ()
 {
     $debug_cmd
 
-    func_parse_options_result=
-
-    _G_rc_parse_options=false
+    _G_parse_options_requote=false
     # this just eases exit handling
     while test $# -gt 0; do
       # Defer to hook functions for initial option parsing, so they
       # get priority in the event of reusing an option name.
-      if func_run_hooks func_parse_options ${1+"$@"}; then
-        eval set dummy "$func_run_hooks_result"; shift
-        _G_rc_parse_options=:
+      func_run_hooks func_parse_options ${1+"$@"}
+      func_propagate_result func_run_hooks func_parse_options
+      if $func_propagate_result_result; then
+        eval set dummy "$func_parse_options_result"; shift
+        # Even though we may have changed "$@", we passed the "$@" array
+        # down into the hook and it quoted it for us (because we are in
+        # this if-branch).  No need to quote it again.
+        _G_parse_options_requote=false
       fi
 
       # Break out of the loop if we already parsed every option.
       test $# -gt 0 || break
 
+      # We expect that one of the options parsed in this function matches
+      # and thus we remove _G_opt from "$@" and need to re-quote.
       _G_match_parse_options=:
       _G_opt=$1
       shift
       case $_G_opt in
         --debug|-x)   debug_cmd='set -x'
-                      func_echo "enabling shell trace mode"
+                      func_echo "enabling shell trace mode" >&2
                       $debug_cmd
                       ;;
 
@@ -1760,7 +1921,7 @@ func_parse_options ()
 
         --warnings|--warning|-W)
                       if test $# = 0 && func_missing_arg $_G_opt; then
-                        _G_rc_parse_options=:
+                        _G_parse_options_requote=:
                         break
                       fi
                       case " $warning_categories $1" in
@@ -1815,7 +1976,7 @@ func_parse_options ()
                       shift
                       ;;
 
-        --)           _G_rc_parse_options=: ; break ;;
+        --)           _G_parse_options_requote=: ; break ;;
         -*)           func_fatal_help "unrecognised option: '$_G_opt'" ;;
         *)            set dummy "$_G_opt" ${1+"$@"}; shift
                       _G_match_parse_options=false
@@ -1823,17 +1984,16 @@ func_parse_options ()
                       ;;
       esac
 
-      $_G_match_parse_options && _G_rc_parse_options=:
+      if $_G_match_parse_options; then
+        _G_parse_options_requote=:
+      fi
     done
 
-
-    if $_G_rc_parse_options; then
+    if $_G_parse_options_requote; then
       # save modified positional parameters for caller
-      func_quote_for_eval ${1+"$@"}
-      func_parse_options_result=$func_quote_for_eval_result
+      func_quote eval ${1+"$@"}
+      func_parse_options_result=$func_quote_result
     fi
-
-    $_G_rc_parse_options
 }
 
 
@@ -1846,21 +2006,14 @@ func_validate_options ()
 {
     $debug_cmd
 
-    _G_rc_validate_options=false
-
     # Display all warnings if -W was not given.
     test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
 
-    if func_run_hooks func_validate_options ${1+"$@"}; then
-      # save modified positional parameters for caller
-      func_validate_options_result=$func_run_hooks_result
-      _G_rc_validate_options=:
-    fi
+    func_run_hooks func_validate_options ${1+"$@"}
+    func_propagate_result func_run_hooks func_validate_options
 
     # Bail if the options were screwed!
     $exit_cmd $EXIT_FAILURE
-
-    $_G_rc_validate_options
 }
 
 
@@ -1916,8 +2069,8 @@ func_missing_arg ()
 
 # func_split_equals STRING
 # ------------------------
-# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
-# splitting STRING at the '=' sign.
+# Set func_split_equals_lhs and func_split_equals_rhs shell variables
+# after splitting STRING at the '=' sign.
 test -z "$_G_HAVE_XSI_OPS" \
     && (eval 'x=a/b/c;
       test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
@@ -1932,8 +2085,9 @@ then
 
       func_split_equals_lhs=${1%%=*}
       func_split_equals_rhs=${1#*=}
-      test "x$func_split_equals_lhs" = "x$1" \
-        && func_split_equals_rhs=
+      if test "x$func_split_equals_lhs" = "x$1"; then
+        func_split_equals_rhs=
+      fi
   }'
 else
   # ...otherwise fall back to using expr, which is often a shell builtin.
@@ -1943,7 +2097,7 @@ else
 
       func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
       func_split_equals_rhs=
-      test "x$func_split_equals_lhs" = "x$1" \
+      test "x$func_split_equals_lhs=" = "x$1" \
         || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
   }
 fi #func_split_equals
@@ -1969,7 +2123,7 @@ else
   {
       $debug_cmd
 
-      func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
+      func_split_short_opt_name=`expr "x$1" : 'x\(-.\)'`
       func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
   }
 fi #func_split_short_opt
@@ -2011,31 +2165,44 @@ func_usage_message ()
 # func_version
 # ------------
 # Echo version message to standard output and exit.
+# The version message is extracted from the calling file's header
+# comments, with leading '# ' stripped:
+#   1. First display the progname and version
+#   2. Followed by the header comment line matching  /^# Written by /
+#   3. Then a blank line followed by the first following line matching
+#      /^# Copyright /
+#   4. Immediately followed by any lines between the previous matches,
+#      except lines preceding the intervening completely blank line.
+# For example, see the header comments of this file.
 func_version ()
 {
     $debug_cmd
 
     printf '%s\n' "$progname $scriptversion"
     $SED -n '
-        /(C)/!b go
-        :more
-        /\./!{
-          N
-          s|\n# | |
-          b more
-        }
-        :go
-        /^# Written by /,/# warranty; / {
-          s|^# ||
-          s|^# *$||
-          s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
-          p
+        /^# Written by /!b
+        s|^# ||; p; n
+
+        :fwd2blnk
+        /./ {
+          n
+          b fwd2blnk
         }
-        /^# Written by / {
-          s|^# ||
-          p
+        p; n
+
+        :holdwrnt
+        s|^# ||
+        s|^# *$||
+        /^Copyright /!{
+          /./H
+          n
+          b holdwrnt
         }
-        /^warranty; /q' < "$progpath"
+
+        s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
+        G
+        s|\(\n\)\n*|\1|g
+        p; q' < "$progpath"
 
     exit $?
 }
@@ -2045,12 +2212,12 @@ func_version ()
 # mode: shell-script
 # sh-indentation: 2
 # eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
+# time-stamp-pattern: "30/scriptversion=%:y-%02m-%02d.%02H; # UTC"
 # time-stamp-time-zone: "UTC"
 # End:
 
 # Set a version string.
-scriptversion='(GNU libtool) 2.4.6'
+scriptversion='(GNU libtool) 2.4.7'
 
 
 # func_echo ARG...
@@ -2141,7 +2308,7 @@ include the following information:
        compiler:       $LTCC
        compiler flags: $LTCFLAGS
        linker:         $LD (gnu? $with_gnu_ld)
-       version:        $progname $scriptversion Debian-2.4.6-15
+       version:        $progname $scriptversion Debian-2.4.7-5
        automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
        autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
 
@@ -2197,7 +2364,7 @@ fi
 # a configuration failure hint, and exit.
 func_fatal_configuration ()
 {
-    func__fatal_error ${1+"$@"} \
+    func_fatal_error ${1+"$@"} \
       "See the $PACKAGE documentation for more information." \
       "Fatal configuration error."
 }
@@ -2345,6 +2512,8 @@ libtool_options_prep ()
 
     _G_rc_lt_options_prep=:
 
+    _G_rc_lt_options_prep=:
+
     # Shorthand for --mode=foo, only valid as the first argument
     case $1 in
     clean|clea|cle|cl)
@@ -2375,11 +2544,9 @@ libtool_options_prep ()
 
     if $_G_rc_lt_options_prep; then
       # Pass back the list of options.
-      func_quote_for_eval ${1+"$@"}
-      libtool_options_prep_result=$func_quote_for_eval_result
+      func_quote eval ${1+"$@"}
+      libtool_options_prep_result=$func_quote_result
     fi
-
-    $_G_rc_lt_options_prep
 }
 func_add_hook func_options_prep libtool_options_prep
 
@@ -2482,11 +2649,9 @@ libtool_parse_options ()
 
     if $_G_rc_lt_parse_options; then
       # save modified positional parameters for caller
-      func_quote_for_eval ${1+"$@"}
-      libtool_parse_options_result=$func_quote_for_eval_result
+      func_quote eval ${1+"$@"}
+      libtool_parse_options_result=$func_quote_result
     fi
-
-    $_G_rc_lt_parse_options
 }
 func_add_hook func_parse_options libtool_parse_options
 
@@ -2543,8 +2708,8 @@ libtool_validate_options ()
     }
 
     # Pass back the unparsed argument list
-    func_quote_for_eval ${1+"$@"}
-    libtool_validate_options_result=$func_quote_for_eval_result
+    func_quote eval ${1+"$@"}
+    libtool_validate_options_result=$func_quote_result
 }
 func_add_hook func_validate_options libtool_validate_options
 
@@ -3510,8 +3675,8 @@ func_mode_compile ()
       esac
     done
 
-    func_quote_for_eval "$libobj"
-    test "X$libobj" != "X$func_quote_for_eval_result" \
+    func_quote_arg pretty "$libobj"
+    test "X$libobj" != "X$func_quote_arg_result" \
       && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"'	 &()|`$[]' \
       && func_warning "libobj name '$libobj' may not contain shell special characters."
     func_dirname_and_basename "$obj" "/" ""
@@ -3584,8 +3749,8 @@ compiler."
 
     func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
     srcfile=$func_to_tool_file_result
-    func_quote_for_eval "$srcfile"
-    qsrcfile=$func_quote_for_eval_result
+    func_quote_arg pretty "$srcfile"
+    qsrcfile=$func_quote_arg_result
 
     # Only build a PIC object if we are building libtool libraries.
     if test yes = "$build_libtool_libs"; then
@@ -3740,7 +3905,8 @@ This mode accepts the following additional options:
   -prefer-non-pic   try to build non-PIC objects only
   -shared           do not build a '.o' file suitable for static linking
   -static           only build a '.o' file suitable for static linking
-  -Wc,FLAG          pass FLAG directly to the compiler
+  -Wc,FLAG
+  -Xcompiler FLAG   pass FLAG directly to the compiler
 
 COMPILE-COMMAND is a command to be used in creating a 'standard' object file
 from the given SOURCEFILE.
@@ -3846,6 +4012,8 @@ The following components of LINK-COMMAND are treated specially:
   -weak LIBNAME     declare that the target provides the LIBNAME interface
   -Wc,FLAG
   -Xcompiler FLAG   pass linker-specific FLAG directly to the compiler
+  -Wa,FLAG
+  -Xassembler FLAG  pass linker-specific FLAG directly to the assembler
   -Wl,FLAG
   -Xlinker FLAG     pass linker-specific FLAG directly to the linker
   -XCClinker FLAG   pass link-specific FLAG to the compiler driver (CC)
@@ -4188,8 +4356,8 @@ func_mode_install ()
        case $nonopt in *shtool*) :;; *) false;; esac
     then
       # Aesthetically quote it.
-      func_quote_for_eval "$nonopt"
-      install_prog="$func_quote_for_eval_result "
+      func_quote_arg pretty "$nonopt"
+      install_prog="$func_quote_arg_result "
       arg=$1
       shift
     else
@@ -4199,8 +4367,8 @@ func_mode_install ()
 
     # The real first argument should be the name of the installation program.
     # Aesthetically quote it.
-    func_quote_for_eval "$arg"
-    func_append install_prog "$func_quote_for_eval_result"
+    func_quote_arg pretty "$arg"
+    func_append install_prog "$func_quote_arg_result"
     install_shared_prog=$install_prog
     case " $install_prog " in
       *[\\\ /]cp\ *) install_cp=: ;;
@@ -4257,12 +4425,12 @@ func_mode_install ()
       esac
 
       # Aesthetically quote the argument.
-      func_quote_for_eval "$arg"
-      func_append install_prog " $func_quote_for_eval_result"
+      func_quote_arg pretty "$arg"
+      func_append install_prog " $func_quote_arg_result"
       if test -n "$arg2"; then
-	func_quote_for_eval "$arg2"
+	func_quote_arg pretty "$arg2"
       fi
-      func_append install_shared_prog " $func_quote_for_eval_result"
+      func_append install_shared_prog " $func_quote_arg_result"
     done
 
     test -z "$install_prog" && \
@@ -4273,8 +4441,8 @@ func_mode_install ()
 
     if test -n "$install_override_mode" && $no_mode; then
       if $install_cp; then :; else
-	func_quote_for_eval "$install_override_mode"
-	func_append install_shared_prog " -m $func_quote_for_eval_result"
+	func_quote_arg pretty "$install_override_mode"
+	func_append install_shared_prog " -m $func_quote_arg_result"
       fi
     fi
 
@@ -4570,8 +4738,8 @@ func_mode_install ()
 	        relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
 
 	        $opt_quiet || {
-	          func_quote_for_expand "$relink_command"
-		  eval "func_echo $func_quote_for_expand_result"
+	          func_quote_arg expand,pretty "$relink_command"
+		  eval "func_echo $func_quote_arg_result"
 	        }
 	        if eval "$relink_command"; then :
 	          else
@@ -5350,7 +5518,8 @@ else
   if test \"\$libtool_execute_magic\" != \"$magic\"; then
     file=\"\$0\""
 
-    qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
+    func_quote_arg pretty "$ECHO"
+    qECHO=$func_quote_arg_result
     $ECHO "\
 
 # A function that is used when there is no print builtin or printf.
@@ -5360,7 +5529,7 @@ func_fallback_echo ()
 \$1
 _LTECHO_EOF'
 }
-    ECHO=\"$qECHO\"
+    ECHO=$qECHO
   fi
 
 # Very basic option parsing. These options are (a) specific to
@@ -6703,9 +6872,9 @@ func_mode_link ()
     while test "$#" -gt 0; do
       arg=$1
       shift
-      func_quote_for_eval "$arg"
-      qarg=$func_quote_for_eval_unquoted_result
-      func_append libtool_args " $func_quote_for_eval_result"
+      func_quote_arg pretty,unquoted "$arg"
+      qarg=$func_quote_arg_unquoted_result
+      func_append libtool_args " $func_quote_arg_result"
 
       # If the previous option needs an argument, assign it.
       if test -n "$prev"; then
@@ -6941,6 +7110,13 @@ func_mode_link ()
 	  prev=
 	  continue
 	  ;;
+	xassembler)
+	  func_append compiler_flags " -Xassembler $qarg"
+	  prev=
+	  func_append compile_command " -Xassembler $qarg"
+	  func_append finalize_command " -Xassembler $qarg"
+	  continue
+	  ;;
 	xcclinker)
 	  func_append linker_flags " $qarg"
 	  func_append compiler_flags " $qarg"
@@ -7111,7 +7287,7 @@ func_mode_link ()
 	    # These systems don't actually have a C library (as such)
 	    test X-lc = "X$arg" && continue
 	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*)
 	    # Do not include libc due to us having libc/libc_r.
 	    test X-lc = "X$arg" && continue
 	    ;;
@@ -7131,7 +7307,7 @@ func_mode_link ()
 	  esac
 	elif test X-lc_r = "X$arg"; then
 	 case $host in
-	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig* | *-*-midnightbsd*)
 	   # Do not include libc_r directly, use -pthread flag.
 	   continue
 	   ;;
@@ -7161,8 +7337,20 @@ func_mode_link ()
 	prev=xcompiler
 	continue
 	;;
-
-      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+     # Solaris ld rejects as of 11.4. Refer to Oracle bug 22985199.
+     -pthread)
+	case $host in
+	  *solaris2*) ;;
+	  *)
+	    case "$new_inherited_linker_flags " in
+	        *" $arg "*) ;;
+	        * ) func_append new_inherited_linker_flags " $arg" ;;
+	    esac
+	  ;;
+	esac
+	continue
+	;;
+      -mt|-mthreads|-kthread|-Kthread|-pthreads|--thread-safe \
       |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
 	func_append compiler_flags " $arg"
 	func_append compile_command " $arg"
@@ -7303,9 +7491,9 @@ func_mode_link ()
 	save_ifs=$IFS; IFS=,
 	for flag in $args; do
 	  IFS=$save_ifs
-          func_quote_for_eval "$flag"
-	  func_append arg " $func_quote_for_eval_result"
-	  func_append compiler_flags " $func_quote_for_eval_result"
+          func_quote_arg pretty "$flag"
+	  func_append arg " $func_quote_arg_result"
+	  func_append compiler_flags " $func_quote_arg_result"
 	done
 	IFS=$save_ifs
 	func_stripname ' ' '' "$arg"
@@ -7319,16 +7507,21 @@ func_mode_link ()
 	save_ifs=$IFS; IFS=,
 	for flag in $args; do
 	  IFS=$save_ifs
-          func_quote_for_eval "$flag"
-	  func_append arg " $wl$func_quote_for_eval_result"
-	  func_append compiler_flags " $wl$func_quote_for_eval_result"
-	  func_append linker_flags " $func_quote_for_eval_result"
+          func_quote_arg pretty "$flag"
+	  func_append arg " $wl$func_quote_arg_result"
+	  func_append compiler_flags " $wl$func_quote_arg_result"
+	  func_append linker_flags " $func_quote_arg_result"
 	done
 	IFS=$save_ifs
 	func_stripname ' ' '' "$arg"
 	arg=$func_stripname_result
 	;;
 
+      -Xassembler)
+        prev=xassembler
+        continue
+        ;;
+
       -Xcompiler)
 	prev=xcompiler
 	continue
@@ -7346,8 +7539,8 @@ func_mode_link ()
 
       # -msg_* for osf cc
       -msg_*)
-	func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+	func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
 
       # Flags to be passed through unchanged, with rationale:
@@ -7370,12 +7563,13 @@ func_mode_link ()
       # -fuse-ld=*           Linker select flags for GCC
       # -static-*            direct GCC to link specific libraries statically
       # -fcilkplus           Cilk Plus language extension features for C/C++
+      # -Wa,*                Pass flags directly to the assembler
       -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
       -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
       -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
-      -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus)
-        func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+      -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus|-Wa,*)
+        func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
         func_append compile_command " $arg"
         func_append finalize_command " $arg"
         func_append compiler_flags " $arg"
@@ -7396,15 +7590,15 @@ func_mode_link ()
 	  continue
         else
 	  # Otherwise treat like 'Some other compiler flag' below
-	  func_quote_for_eval "$arg"
-	  arg=$func_quote_for_eval_result
+	  func_quote_arg pretty "$arg"
+	  arg=$func_quote_arg_result
         fi
 	;;
 
       # Some other compiler flag.
       -* | +*)
-        func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+        func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
 
       *.$objext)
@@ -7524,8 +7718,8 @@ func_mode_link ()
       *)
 	# Unknown arguments in both finalize_command and compile_command need
 	# to be aesthetically quoted because they are evaled later.
-	func_quote_for_eval "$arg"
-	arg=$func_quote_for_eval_result
+	func_quote_arg pretty "$arg"
+	arg=$func_quote_arg_result
 	;;
       esac # arg
 
@@ -8733,7 +8927,7 @@ func_mode_link ()
       test CXX = "$tagname" && {
         case $host_os in
         linux*)
-          case `$CC -V 2>&1 | sed 5q` in
+          case `$CC -V 2>&1 | $SED 5q` in
           *Sun\ C*) # Sun C++ 5.9
             func_suncc_cstd_abi
 
@@ -8906,7 +9100,7 @@ func_mode_link ()
 	  #
 	  case $version_type in
 	  # correct linux to gnu/linux during the next big refactor
-	  darwin|freebsd-elf|linux|osf|windows|none)
+	  darwin|freebsd-elf|linux|midnightbsd-elf|osf|windows|none)
 	    func_arith $number_major + $number_minor
 	    current=$func_arith_result
 	    age=$number_minor
@@ -9000,7 +9194,7 @@ func_mode_link ()
 	  versuffix=.$current.$revision
 	  ;;
 
-	freebsd-elf)
+	freebsd-elf | midnightbsd-elf)
 	  func_arith $current - $age
 	  major=.$func_arith_result
 	  versuffix=$major.$age.$revision
@@ -9226,7 +9420,7 @@ func_mode_link ()
 	  *-*-netbsd*)
 	    # Don't link with libc until the a.out ld.so is fixed.
 	    ;;
-	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-midnightbsd*)
 	    # Do not include libc due to us having libc/libc_r.
 	    ;;
 	  *-*-sco3.2v5* | *-*-sco5v6*)
@@ -10037,8 +10231,8 @@ EOF
 	    for cmd in $concat_cmds; do
 	      IFS=$save_ifs
 	      $opt_quiet || {
-		  func_quote_for_expand "$cmd"
-		  eval "func_echo $func_quote_for_expand_result"
+		  func_quote_arg expand,pretty "$cmd"
+		  eval "func_echo $func_quote_arg_result"
 	      }
 	      $opt_dry_run || eval "$cmd" || {
 		lt_exit=$?
@@ -10131,8 +10325,8 @@ EOF
 	  eval cmd=\"$cmd\"
 	  IFS=$save_ifs
 	  $opt_quiet || {
-	    func_quote_for_expand "$cmd"
-	    eval "func_echo $func_quote_for_expand_result"
+	    func_quote_arg expand,pretty "$cmd"
+	    eval "func_echo $func_quote_arg_result"
 	  }
 	  $opt_dry_run || eval "$cmd" || {
 	    lt_exit=$?
@@ -10606,12 +10800,13 @@ EOF
 	  elif eval var_value=\$$var; test -z "$var_value"; then
 	    relink_command="$var=; export $var; $relink_command"
 	  else
-	    func_quote_for_eval "$var_value"
-	    relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	    func_quote_arg pretty "$var_value"
+	    relink_command="$var=$func_quote_arg_result; export $var; $relink_command"
 	  fi
 	done
-	relink_command="(cd `pwd`; $relink_command)"
-	relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+	func_quote eval cd "`pwd`"
+	func_quote_arg pretty,unquoted "($func_quote_result; $relink_command)"
+	relink_command=$func_quote_arg_unquoted_result
       fi
 
       # Only actually do things if not in dry run mode.
@@ -10851,13 +11046,15 @@ EOF
 	elif eval var_value=\$$var; test -z "$var_value"; then
 	  relink_command="$var=; export $var; $relink_command"
 	else
-	  func_quote_for_eval "$var_value"
-	  relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	  func_quote_arg pretty,unquoted "$var_value"
+	  relink_command="$var=$func_quote_arg_unquoted_result; export $var; $relink_command"
 	fi
       done
       # Quote the link command for shipping.
-      relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
-      relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+      func_quote eval cd "`pwd`"
+      relink_command="($func_quote_result; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      func_quote_arg pretty,unquoted "$relink_command"
+      relink_command=$func_quote_arg_unquoted_result
       if test yes = "$hardcode_automatic"; then
 	relink_command=
       fi
diff --git a/m4/.gitignore b/m4/.gitignore
index 35001aea5..59602da5a 100644
--- a/m4/.gitignore
+++ b/m4/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/m4/curl-amissl.m4 b/m4/curl-amissl.m4
index dfa626da9..4b80842b9 100644
--- a/m4/curl-amissl.m4
+++ b/m4/curl-amissl.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -55,11 +55,6 @@ if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then
       AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1, [Define to 1 if using OpenSSL 3 or later.])
       AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
                        openssl/pem.h openssl/ssl.h openssl/err.h)
-      dnl OpenSSLv3 marks the DES functions deprecated but we have no
-      dnl replacements (yet) so tell the compiler to not warn for them
-      dnl
-      dnl Ask OpenSSL to suppress the warnings.
-      CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED"
     ],[
       AC_MSG_RESULT([no])
     ])
diff --git a/m4/curl-bearssl.m4 b/m4/curl-bearssl.m4
index 317a9e955..b8c975008 100644
--- a/m4/curl-bearssl.m4
+++ b/m4/curl-bearssl.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
index e39d97801..94089e88f 100644
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-confopts.m4 b/m4/curl-confopts.m4
index f5d2d2cce..1e2632d06 100644
--- a/m4/curl-confopts.m4
+++ b/m4/curl-confopts.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-functions.m4 b/m4/curl-functions.m4
index 49ab0b03f..4d4d13a40 100644
--- a/m4/curl-functions.m4
+++ b/m4/curl-functions.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-gnutls.m4 b/m4/curl-gnutls.m4
index d6f4a9708..48813dfad 100644
--- a/m4/curl-gnutls.m4
+++ b/m4/curl-gnutls.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-mbedtls.m4 b/m4/curl-mbedtls.m4
index 022d14ea2..78ed629af 100644
--- a/m4/curl-mbedtls.m4
+++ b/m4/curl-mbedtls.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-nss.m4 b/m4/curl-nss.m4
index cb162755d..2916c3613 100644
--- a/m4/curl-nss.m4
+++ b/m4/curl-nss.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4
index f2dcacbba..e41569f37 100644
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -310,11 +310,6 @@ if test "x$OPT_OPENSSL" != xno; then
       AC_MSG_RESULT([yes])
       AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1,
         [Define to 1 if using OpenSSL 3 or later.])
-      dnl OpenSSLv3 marks the DES functions deprecated but we have no
-      dnl replacements (yet) so tell the compiler to not warn for them
-      dnl
-      dnl Ask OpenSSL to suppress the warnings.
-      CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED"
       ssl_msg="OpenSSL v3+"
     ],[
       AC_MSG_RESULT([no])
diff --git a/m4/curl-override.m4 b/m4/curl-override.m4
index fb84f67cc..b4a8df9bb 100644
--- a/m4/curl-override.m4
+++ b/m4/curl-override.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-reentrant.m4 b/m4/curl-reentrant.m4
index 1992c5ecd..c1f333982 100644
--- a/m4/curl-reentrant.m4
+++ b/m4/curl-reentrant.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-rustls.m4 b/m4/curl-rustls.m4
index 32fba041e..98283bf6c 100644
--- a/m4/curl-rustls.m4
+++ b/m4/curl-rustls.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-schannel.m4 b/m4/curl-schannel.m4
index 49c387791..016bfd4ed 100644
--- a/m4/curl-schannel.m4
+++ b/m4/curl-schannel.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-sectransp.m4 b/m4/curl-sectransp.m4
index 0c43b13a2..fc0ad9eb0 100644
--- a/m4/curl-sectransp.m4
+++ b/m4/curl-sectransp.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-sysconfig.m4 b/m4/curl-sysconfig.m4
index c6cd2f88e..cd1e01978 100644
--- a/m4/curl-sysconfig.m4
+++ b/m4/curl-sysconfig.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/curl-wolfssl.m4 b/m4/curl-wolfssl.m4
index 0872bcb78..f4aea3fe7 100644
--- a/m4/curl-wolfssl.m4
+++ b/m4/curl-wolfssl.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/m4/libtool.m4 b/m4/libtool.m4
index c4c02946d..e7b683345 100644
--- a/m4/libtool.m4
+++ b/m4/libtool.m4
@@ -1,6 +1,7 @@
 # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
 #
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
+#   Copyright (C) 1996-2001, 2003-2019, 2021-2022 Free Software
+#   Foundation, Inc.
 #   Written by Gordon Matzigkeit, 1996
 #
 # This file is free software; the Free Software Foundation gives
@@ -31,7 +32,7 @@ m4_define([_LT_COPYING], [dnl
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ])
 
-# serial 58 LT_INIT
+# serial 59 LT_INIT
 
 
 # LT_PREREQ(VERSION)
@@ -181,6 +182,7 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl
 m4_require([_LT_CHECK_SHELL_FEATURES])dnl
 m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
 m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_DECL_FILECMD])dnl
 m4_require([_LT_CHECK_MAGIC_METHOD])dnl
 m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
 m4_require([_LT_CMD_OLD_ARCHIVE])dnl
@@ -219,8 +221,8 @@ esac
 ofile=libtool
 can_build_shared=yes
 
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
+# All known linkers require a '.a' archive for static linking (except MSVC and
+# ICC, which need '.lib').
 libext=a
 
 with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -777,7 +779,7 @@ _LT_EOF
   # if finds mixed CR/LF and LF-only lines.  Since sed operates in
   # text mode, it properly converts lines to CR/LF.  This bash problem
   # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
+  $SED '$q' "$ltmain" >> "$cfgfile" \
      || (rm -f "$cfgfile"; exit 1)
 
    mv -f "$cfgfile" "$ofile" ||
@@ -1041,8 +1043,8 @@ int forced_loaded() { return 2;}
 _LT_EOF
       echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
       $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+      echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+      $AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
       echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
       $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
       cat > conftest.c << _LT_EOF
@@ -1066,17 +1068,12 @@ _LT_EOF
       _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
     darwin1.*)
       _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[912]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*|11.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+    darwin*)
+      case $MACOSX_DEPLOYMENT_TARGET,$host in
+        10.[[012]],*|,*powerpc*-darwin[[5-8]]*)
+          _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+        *)
+          _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
       esac
     ;;
   esac
@@ -1125,12 +1122,12 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
     output_verbose_link_cmd=func_echo_all
     _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
     _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+    _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    _LT_TAGVAR(module_expsym_cmds, $1)="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
     m4_if([$1], [CXX],
 [   if test yes != "$lt_cv_apple_cc_single_mod"; then
       _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
+      _LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
     fi
 ],[])
   else
@@ -1244,7 +1241,8 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
 # _LT_WITH_SYSROOT
 # ----------------
 AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
+[m4_require([_LT_DECL_SED])dnl
+AC_MSG_CHECKING([for sysroot])
 AC_ARG_WITH([sysroot],
 [AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
   [Search for dependent libraries within DIR (or the compiler's sysroot
@@ -1261,7 +1259,7 @@ case $with_sysroot in #(
    fi
    ;; #(
  /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
    ;; #(
  no|'')
    ;; #(
@@ -1291,7 +1289,7 @@ ia64-*-hpux*)
   # options accordingly.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *ELF-32*)
 	HPUX_IA64_MODE=32
 	;;
@@ -1308,7 +1306,7 @@ ia64-*-hpux*)
   echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
     if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -melf32bsmip"
 	  ;;
@@ -1320,7 +1318,7 @@ ia64-*-hpux*)
 	;;
       esac
     else
-      case `/usr/bin/file conftest.$ac_objext` in
+      case `$FILECMD conftest.$ac_objext` in
 	*32-bit*)
 	  LD="${LD-ld} -32"
 	  ;;
@@ -1342,7 +1340,7 @@ mips64*-*linux*)
   echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
     emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *32-bit*)
 	emul="${emul}32"
 	;;
@@ -1350,7 +1348,7 @@ mips64*-*linux*)
 	emul="${emul}64"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *MSB*)
 	emul="${emul}btsmip"
 	;;
@@ -1358,7 +1356,7 @@ mips64*-*linux*)
 	emul="${emul}ltsmip"
 	;;
     esac
-    case `/usr/bin/file conftest.$ac_objext` in
+    case `$FILECMD conftest.$ac_objext` in
       *N32*)
 	emul="${emul}n32"
 	;;
@@ -1378,14 +1376,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   # not appear in the list.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
       *32-bit*)
 	case $host in
 	  x86_64-*kfreebsd*-gnu)
 	    LD="${LD-ld} -m elf_i386_fbsd"
 	    ;;
 	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
+	    case `$FILECMD conftest.o` in
 	      *x86-64*)
 		LD="${LD-ld} -m elf32_x86_64"
 		;;
@@ -1453,7 +1451,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
   # options accordingly.
   echo 'int i;' > conftest.$ac_ext
   if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
+    case `$FILECMD conftest.o` in
     *64-bit*)
       case $lt_cv_prog_gnu_ld in
       yes*)
@@ -1492,9 +1490,22 @@ need_locks=$enable_libtool_lock
 m4_defun([_LT_PROG_AR],
 [AC_CHECK_TOOLS(AR, [ar], false)
 : ${AR=ar}
-: ${AR_FLAGS=cr}
 _LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
+
+# Use ARFLAGS variable as AR's operation code to sync the variable naming with
+# Automake.  If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
+# higher priority because thats what people were doing historically (setting
+# ARFLAGS for automake and AR_FLAGS for libtool).  FIXME: Make the AR_FLAGS
+# variable obsoleted/removed.
+
+test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
+lt_ar_flags=$AR_FLAGS
+_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
+
+# Make AR_FLAGS overridable by 'make ARFLAGS='.  Don't try to run-time override
+# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
+_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
+         [Flags to create an archive])
 
 AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
   [lt_cv_ar_at_file=no
@@ -1713,7 +1724,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
     lt_cv_sys_max_cmd_len=8192;
     ;;
 
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+  bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
     # This has been around since 386BSD, at least.  Likely further.
     if test -x /sbin/sysctl; then
       lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
@@ -1756,7 +1767,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
   sysv5* | sco5v6* | sysv4.2uw2*)
     kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
     if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
+      lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[[	 ]]//'`
     else
       lt_cv_sys_max_cmd_len=32768
     fi
@@ -2206,26 +2217,35 @@ m4_defun([_LT_CMD_STRIPLIB],
 striplib=
 old_striplib=
 AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
+if test -z "$STRIP"; then
+  AC_MSG_RESULT([no])
 else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
+  if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+    old_striplib="$STRIP --strip-debug"
+    striplib="$STRIP --strip-unneeded"
+    AC_MSG_RESULT([yes])
+  else
+    case $host_os in
+    darwin*)
+      # FIXME - insert some real tests, host_os isn't really good enough
       striplib="$STRIP -x"
       old_striplib="$STRIP -S"
       AC_MSG_RESULT([yes])
-    else
+      ;;
+    freebsd*)
+      if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
+        old_striplib="$STRIP --strip-debug"
+        striplib="$STRIP --strip-unneeded"
+        AC_MSG_RESULT([yes])
+      else
+        AC_MSG_RESULT([no])
+      fi
+      ;;
+    *)
       AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
+      ;;
+    esac
+  fi
 fi
 _LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
 _LT_DECL([], [striplib], [1])
@@ -2548,7 +2568,7 @@ cygwin* | mingw* | pw32* | cegcc*)
     case $host_os in
     cygwin*)
       # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
 m4_if([$1], [],[
       sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
       ;;
@@ -2558,14 +2578,14 @@ m4_if([$1], [],[
       ;;
     pw32*)
       # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
       ;;
     esac
     dynamic_linker='Win32 ld.exe'
     ;;
 
-  *,cl*)
-    # Native MSVC
+  *,cl* | *,icl*)
+    # Native MSVC or ICC
     libname_spec='$name'
     soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
     library_names_spec='$libname.dll.lib'
@@ -2584,7 +2604,7 @@ m4_if([$1], [],[
       done
       IFS=$lt_save_ifs
       # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
       ;;
     cygwin*)
       # Convert to unix form, then to dos form, then back to unix form
@@ -2621,7 +2641,7 @@ m4_if([$1], [],[
     ;;
 
   *)
-    # Assume MSVC wrapper
+    # Assume MSVC and ICC wrapper
     library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
     dynamic_linker='Win32 ld.exe'
     ;;
@@ -2654,7 +2674,7 @@ dgux*)
   shlibpath_var=LD_LIBRARY_PATH
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   # DragonFly does not have aout.  When/if they implement a new
   # versioning mechanism, adjust this.
   if test -x /usr/bin/objformat; then
@@ -3465,7 +3485,7 @@ beos*)
 
 bsdi[[45]]*)
   lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_cmd='$FILECMD -L'
   lt_cv_file_magic_test_file=/shlib/libc.so
   ;;
 
@@ -3499,14 +3519,14 @@ darwin* | rhapsody*)
   lt_cv_deplibs_check_method=pass_all
   ;;
 
-freebsd* | dragonfly*)
+freebsd* | dragonfly* | midnightbsd*)
   if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
     case $host_cpu in
     i*86 )
       # Not sure whether the presence of OpenBSD here was a mistake.
       # Let's accept both of them until this is cleared up.
       lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_cmd=$FILECMD
       lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
       ;;
     esac
@@ -3520,7 +3540,7 @@ haiku*)
   ;;
 
 hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   case $host_cpu in
   ia64*)
     lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
@@ -3567,7 +3587,7 @@ netbsd* | netbsdelf*-gnu)
 
 newos6*)
   lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_cmd=$FILECMD
   lt_cv_file_magic_test_file=/usr/lib/libnls.so
   ;;
 
@@ -3694,13 +3714,13 @@ else
 	mingw*) lt_bad_file=conftest.nm/nofile ;;
 	*) lt_bad_file=/dev/null ;;
 	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
 	*$lt_bad_file* | *'Invalid file or object type'*)
 	  lt_cv_path_NM="$tmp_nm -B"
 	  break 2
 	  ;;
 	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
 	  */dev/null*)
 	    lt_cv_path_NM="$tmp_nm -p"
 	    break 2
@@ -3726,7 +3746,7 @@ else
     # Let the user override the test.
   else
     AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
     *COFF*)
       DUMPBIN="$DUMPBIN -symbols -headers"
       ;;
@@ -3966,7 +3986,7 @@ esac
 
 if test "$lt_cv_nm_interface" = "MS dumpbin"; then
   # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
   # Adjust the below global symbol transforms to fixup imported variables.
   lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
   lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
@@ -3984,20 +4004,20 @@ fi
 # Transform an extracted symbol line into a proper C declaration.
 # Some systems (esp. on ia64) link data and code symbols differently,
 # so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
 $lt_cdecl_hook\
 " -e 's/^T .* \(.*\)$/extern int \1();/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
 
 # Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
 $lt_c_name_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
 
 # Transform an extracted symbol line into symbol name with lib prefix and
 # symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
 $lt_c_name_lib_hook\
 " -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
 " -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
@@ -4021,7 +4041,7 @@ for ac_symprfx in "" "_"; do
   if test "$lt_cv_nm_interface" = "MS dumpbin"; then
     # Fake it for dumpbin and say T for any non-static function,
     # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
+    # Also find C++ and __fastcall symbols from MSVC++ or ICC,
     # which start with @ or ?.
     lt_cv_sys_global_symbol_pipe="$AWK ['"\
 "     {last_section=section; section=\$ 3};"\
@@ -4039,9 +4059,9 @@ for ac_symprfx in "" "_"; do
 "     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
 "     ' prfx=^$ac_symprfx]"
   else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+    lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
   fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
 
   # Check to see that the pipe works correctly.
   pipe_works=no
@@ -4329,7 +4349,7 @@ m4_if([$1], [CXX], [
 	    ;;
 	esac
 	;;
-      freebsd* | dragonfly*)
+      freebsd* | dragonfly* | midnightbsd*)
 	# FreeBSD uses GNU C++
 	;;
       hpux9* | hpux10* | hpux11*)
@@ -4412,7 +4432,7 @@ m4_if([$1], [CXX], [
 	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
 	    ;;
 	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
+	    case `$CC -V 2>&1 | $SED 5q` in
 	    *Sun\ C*)
 	      # Sun C++ 5.9
 	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
@@ -4754,7 +4774,7 @@ m4_if([$1], [CXX], [
 	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
 	;;
       *)
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
 	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
 	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
@@ -4937,7 +4957,7 @@ m4_if([$1], [CXX], [
     if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
       _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
     else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
     fi
     ;;
   pw32*)
@@ -4945,7 +4965,7 @@ m4_if([$1], [CXX], [
     ;;
   cygwin* | mingw* | cegcc*)
     case $cc_basename in
-    cl*)
+    cl* | icl*)
       _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
       ;;
     *)
@@ -5005,15 +5025,15 @@ dnl Note also adjust exclude_expsyms for C++ above.
 
   case $host_os in
   cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
     # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
+    # Microsoft Visual C++ or Intel C++ Compiler.
     if test yes != "$GCC"; then
       with_gnu_ld=no
     fi
     ;;
   interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    # we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
     with_gnu_ld=yes
     ;;
   openbsd* | bitrig*)
@@ -5068,7 +5088,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
       _LT_TAGVAR(whole_archive_flag_spec, $1)=
     fi
     supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
+    case `$LD -v | $SED -e 's/([[^)]]\+)\s\+//' 2>&1` in
       *GNU\ gold*) supports_anon_versioning=yes ;;
       *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
       *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
@@ -5180,6 +5200,7 @@ _LT_EOF
 	emximp -o $lib $output_objdir/$libname.def'
       _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='@'
       ;;
 
     interix[[3-9]]*)
@@ -5194,7 +5215,7 @@ _LT_EOF
       # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
       # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
       _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      _LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
       ;;
 
     gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
@@ -5237,7 +5258,7 @@ _LT_EOF
 	  _LT_TAGVAR(compiler_needs_object, $1)=yes
 	  ;;
 	esac
-	case `$CC -V 2>&1 | sed 5q` in
+	case `$CC -V 2>&1 | $SED 5q` in
 	*Sun\ C*)			# Sun C 5.9
 	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
 	  _LT_TAGVAR(compiler_needs_object, $1)=yes
@@ -5249,13 +5270,14 @@ _LT_EOF
 
         if test yes = "$supports_anon_versioning"; then
           _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
             echo "local: *; };" >> $output_objdir/$libname.ver~
             $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
         fi
 
 	case $cc_basename in
 	tcc*)
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
 	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
 	  ;;
 	xlf* | bgf* | bgxlf* | mpixlf*)
@@ -5265,7 +5287,7 @@ _LT_EOF
 	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
 	  if test yes = "$supports_anon_versioning"; then
 	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
               echo "local: *; };" >> $output_objdir/$libname.ver~
               $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
 	  fi
@@ -5397,7 +5419,7 @@ _LT_EOF
 	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
 	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
 	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
 	fi
 	aix_use_runtimelinking=no
 
@@ -5580,12 +5602,12 @@ _LT_EOF
 
     cygwin* | mingw* | pw32* | cegcc*)
       # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
+      # Microsoft Visual C++ or Intel C++ Compiler.
       # hardcode_libdir_flag_spec is actually meaningless, as there is
       # no search path for DLLs.
       case $cc_basename in
-      cl*)
-	# Native MSVC
+      cl* | icl*)
+	# Native MSVC or ICC
 	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
 	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
 	_LT_TAGVAR(always_export_symbols, $1)=yes
@@ -5626,7 +5648,7 @@ _LT_EOF
           fi'
 	;;
       *)
-	# Assume MSVC wrapper
+	# Assume MSVC and ICC wrapper
 	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
 	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
 	# Tell ltmain to make .lib files, not .a files.
@@ -5674,7 +5696,7 @@ _LT_EOF
       ;;
 
     # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
+    freebsd* | dragonfly* | midnightbsd*)
       _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
       _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
       _LT_TAGVAR(hardcode_direct, $1)=yes
@@ -5815,6 +5837,7 @@ _LT_EOF
 	# Fabrice Bellard et al's Tiny C Compiler
 	_LT_TAGVAR(ld_shlibs, $1)=yes
 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
 	;;
       esac
       ;;
@@ -5886,6 +5909,7 @@ _LT_EOF
 	emximp -o $lib $output_objdir/$libname.def'
       _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
       _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='@'
       ;;
 
     osf3*)
@@ -6656,8 +6680,8 @@ if test yes != "$_lt_caught_CXX_error"; then
 
       cygwin* | mingw* | pw32* | cegcc*)
 	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
+	,cl* | no,cl* | ,icl* | no,icl*)
+	  # Native MSVC or ICC
 	  # hardcode_libdir_flag_spec is actually meaningless, as there is
 	  # no search path for DLLs.
 	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
@@ -6755,6 +6779,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	  emximp -o $lib $output_objdir/$libname.def'
 	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
 	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	_LT_TAGVAR(file_list_spec, $1)='@'
 	;;
 
       dgux*)
@@ -6785,7 +6810,7 @@ if test yes != "$_lt_caught_CXX_error"; then
         _LT_TAGVAR(archive_cmds_need_lc, $1)=no
         ;;
 
-      freebsd* | dragonfly*)
+      freebsd* | dragonfly* | midnightbsd*)
         # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
         # conventions
         _LT_TAGVAR(ld_shlibs, $1)=yes
@@ -6922,7 +6947,7 @@ if test yes != "$_lt_caught_CXX_error"; then
 	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
 	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
 	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
 	;;
       irix5* | irix6*)
         case $cc_basename in
@@ -7062,13 +7087,13 @@ if test yes != "$_lt_caught_CXX_error"; then
 	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
 	    if test yes = "$supports_anon_versioning"; then
 	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+                cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
                 echo "local: *; };" >> $output_objdir/$libname.ver~
                 $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
 	    fi
 	    ;;
 	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
+	    case `$CC -V 2>&1 | $SED 5q` in
 	    *Sun\ C*)
 	      # Sun C++ 5.9
 	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
@@ -8214,6 +8239,14 @@ _LT_DECL([], [DLLTOOL], [1], [DLL creation program])
 AC_SUBST([DLLTOOL])
 ])
 
+# _LT_DECL_FILECMD
+# ----------------
+# Check for a file(cmd) program that can be used to detect file type and magic
+m4_defun([_LT_DECL_FILECMD],
+[AC_CHECK_TOOL([FILECMD], [file], [:])
+_LT_DECL([], [FILECMD], [1], [A file(cmd) program that detects file types])
+])# _LD_DECL_FILECMD
+
 # _LT_DECL_SED
 # ------------
 # Check for a fully-functional sed program, that truncates
diff --git a/m4/ltoptions.m4 b/m4/ltoptions.m4
index 94b082976..b0b5e9c21 100644
--- a/m4/ltoptions.m4
+++ b/m4/ltoptions.m4
@@ -1,7 +1,7 @@
 # Helper functions for option handling.                    -*- Autoconf -*-
 #
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
+#   Copyright (C) 2004-2005, 2007-2009, 2011-2019, 2021-2022 Free
+#   Software Foundation, Inc.
 #   Written by Gary V. Vaughan, 2004
 #
 # This file is free software; the Free Software Foundation gives
diff --git a/m4/ltsugar.m4 b/m4/ltsugar.m4
index 48bc9344a..902508bd9 100644
--- a/m4/ltsugar.m4
+++ b/m4/ltsugar.m4
@@ -1,6 +1,6 @@
 # ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
 #
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
+# Copyright (C) 2004-2005, 2007-2008, 2011-2019, 2021-2022 Free Software
 # Foundation, Inc.
 # Written by Gary V. Vaughan, 2004
 #
diff --git a/m4/ltversion.m4 b/m4/ltversion.m4
index fa04b52a3..b155d0ace 100644
--- a/m4/ltversion.m4
+++ b/m4/ltversion.m4
@@ -1,6 +1,7 @@
 # ltversion.m4 -- version numbers			-*- Autoconf -*-
 #
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
+#   Copyright (C) 2004, 2011-2019, 2021-2022 Free Software Foundation,
+#   Inc.
 #   Written by Scott James Remnant, 2004
 #
 # This file is free software; the Free Software Foundation gives
@@ -9,15 +10,15 @@
 
 # @configure_input@
 
-# serial 4179 ltversion.m4
+# serial 4245 ltversion.m4
 # This file is part of GNU Libtool
 
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
+m4_define([LT_PACKAGE_VERSION], [2.4.7])
+m4_define([LT_PACKAGE_REVISION], [2.4.7])
 
 AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
+[macro_version='2.4.7'
+macro_revision='2.4.7'
 _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
 _LT_DECL(, macro_revision, 0)
 ])
diff --git a/m4/lt~obsolete.m4 b/m4/lt~obsolete.m4
index c6b26f88f..0f7a8759d 100644
--- a/m4/lt~obsolete.m4
+++ b/m4/lt~obsolete.m4
@@ -1,7 +1,7 @@
 # lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
 #
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
+#   Copyright (C) 2004-2005, 2007, 2009, 2011-2019, 2021-2022 Free
+#   Software Foundation, Inc.
 #   Written by Scott James Remnant, 2004.
 #
 # This file is free software; the Free Software Foundation gives
diff --git a/m4/xc-am-iface.m4 b/m4/xc-am-iface.m4
index 621453d4e..c035f58c5 100644
--- a/m4/xc-am-iface.m4
+++ b/m4/xc-am-iface.m4
@@ -2,7 +2,7 @@
 #
 # xc-am-iface.m4
 #
-# Copyright (c) 2013 - 2022 Daniel Stenberg <daniel@haxx.se>
+# Copyright (C) Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -83,172 +83,3 @@ m4_ifdef([AM_INIT_AUTOMAKE],
 dnl
 m4_define([$0], [])[]dnl
 ])
-
-
-dnl _XC_AMEND_DISTCLEAN_BODY ([LIST-OF-SUBDIRS])
-dnl -------------------------------------------------
-dnl Private macro.
-dnl
-dnl This macro performs shell code embedding into
-dnl configure script in order to modify distclean
-dnl and maintainer-clean targets of makefiles which
-dnl are located in given list of subdirs.
-dnl
-dnl See XC_AMEND_DISTCLEAN comments for details.
-
-m4_define([_XC_AMEND_DISTCLEAN_BODY],
-[dnl
-## ---------------------------------- ##
-##  Start of distclean amending code  ##
-## ---------------------------------- ##
-
-for xc_subdir in [$1]
-do
-
-if test ! -f "$xc_subdir/Makefile"; then
-  echo "$xc_msg_err $xc_subdir/Makefile file not found. $xc_msg_abrt" >&2
-  exit 1
-fi
-
-# Fetch dependency tracking file list from Makefile include lines.
-
-xc_inc_lines=`grep '^include .*(DEPDIR)' "$xc_subdir/Makefile" 2>/dev/null`
-xc_cnt_words=`echo "$xc_inc_lines" | wc -w | tr -d "$xc_space$xc_tab"`
-
-# --disable-dependency-tracking might have been used, consequently
-# there is nothing to amend without a dependency tracking file list.
-
-if test $xc_cnt_words -gt 0; then
-
-AC_MSG_NOTICE([amending $xc_subdir/Makefile])
-
-# Build Makefile specific patch hunk.
-
-xc_p="$xc_subdir/xc_patch.tmp"
-
-xc_rm_depfiles=`echo "$xc_inc_lines" \
-  | $SED 's%include%	-rm -f%' 2>/dev/null`
-
-xc_dep_subdirs=`echo "$xc_inc_lines" \
-  | $SED 's%include[[ ]][[ ]]*%%' 2>/dev/null \
-  | $SED 's%(DEPDIR)/.*%(DEPDIR)%' 2>/dev/null \
-  | sort | uniq`
-
-echo "$xc_rm_depfiles" >$xc_p
-
-for xc_dep_dir in $xc_dep_subdirs; do
-  echo "${xc_tab}@xm_dep_cnt=\`ls $xc_dep_dir | wc -l 2>/dev/null\`; \\"            >>$xc_p
-  echo "${xc_tab}if test \$\$xm_dep_cnt -eq 0 && test -d $xc_dep_dir; then \\"      >>$xc_p
-  echo "${xc_tab}  rm -rf $xc_dep_dir; \\"                                          >>$xc_p
-  echo "${xc_tab}fi"                                                                >>$xc_p
-done
-
-# Build Makefile patching sed scripts.
-
-xc_s1="$xc_subdir/xc_script_1.tmp"
-xc_s2="$xc_subdir/xc_script_2.tmp"
-xc_s3="$xc_subdir/xc_script_3.tmp"
-
-cat >$xc_s1 <<\_EOT
-/^distclean[[ ]]*:/,/^[[^	]][[^	]]*:/{
-  s/^.*(DEPDIR)/___xc_depdir_line___/
-}
-/^maintainer-clean[[ ]]*:/,/^[[^	]][[^	]]*:/{
-  s/^.*(DEPDIR)/___xc_depdir_line___/
-}
-_EOT
-
-cat >$xc_s2 <<\_EOT
-/___xc_depdir_line___$/{
-  N
-  /___xc_depdir_line___$/D
-}
-_EOT
-
-cat >$xc_s3 <<_EOT
-/^___xc_depdir_line___/{
-  r $xc_p
-  d
-}
-_EOT
-
-# Apply patch to Makefile and cleanup.
-
-$SED -f "$xc_s1" "$xc_subdir/Makefile"      >"$xc_subdir/Makefile.tmp1"
-$SED -f "$xc_s2" "$xc_subdir/Makefile.tmp1" >"$xc_subdir/Makefile.tmp2"
-$SED -f "$xc_s3" "$xc_subdir/Makefile.tmp2" >"$xc_subdir/Makefile.tmp3"
-
-if test -f "$xc_subdir/Makefile.tmp3"; then
-  mv -f "$xc_subdir/Makefile.tmp3" "$xc_subdir/Makefile"
-fi
-
-test -f "$xc_subdir/Makefile.tmp1" && rm -f "$xc_subdir/Makefile.tmp1"
-test -f "$xc_subdir/Makefile.tmp2" && rm -f "$xc_subdir/Makefile.tmp2"
-test -f "$xc_subdir/Makefile.tmp3" && rm -f "$xc_subdir/Makefile.tmp3"
-
-test -f "$xc_p"  && rm -f "$xc_p"
-test -f "$xc_s1" && rm -f "$xc_s1"
-test -f "$xc_s2" && rm -f "$xc_s2"
-test -f "$xc_s3" && rm -f "$xc_s3"
-
-fi
-
-done
-
-## -------------------------------- ##
-##  End of distclean amending code  ##
-## -------------------------------- ##
-dnl
-m4_define([$0], [])[]dnl
-])
-
-
-dnl XC_AMEND_DISTCLEAN ([LIST-OF-SUBDIRS])
-dnl -------------------------------------------------
-dnl Public macro.
-dnl
-dnl This macro embeds shell code into configure script
-dnl that amends, at configure runtime, the distclean
-dnl and maintainer-clean targets of Makefiles located
-dnl in all subdirs given in the mandatory white-space
-dnl separated list argument.
-dnl
-dnl Embedding only takes place when using automake 1.14
-dnl or newer, otherwise amending code is not included
-dnl in generated configure script.
-dnl
-dnl distclean and maintainer-clean targets are modified
-dnl to avoid unconditional removal of dependency subdirs
-dnl which triggers distclean and maintainer-clean errors
-dnl when using automake 'subdir-objects' option along
-dnl with per-target objects and source files existing in
-dnl multiple subdirs used for different build targets.
-dnl
-dnl New behavior first removes each dependency tracking
-dnl file independently, and only removes each dependency
-dnl subdir when it finds out that it no longer holds any
-dnl dependency tracking file.
-dnl
-dnl When configure option --disable-dependency-tracking
-dnl is used no amending takes place given that there are
-dnl no dependency tracking files.
-
-AC_DEFUN([XC_AMEND_DISTCLEAN],
-[dnl
-AC_PREREQ([2.50])dnl
-dnl
-m4_ifdef([_AC_OUTPUT_MAIN_LOOP],
-  [m4_provide_if([_AC_OUTPUT_MAIN_LOOP], [],
-    [m4_fatal([call to AC_OUTPUT needed before $0])])])dnl
-dnl
-m4_if([$#], [1], [], [m4_fatal([$0: wrong number of arguments])])dnl
-m4_if([$1], [], [m4_fatal([$0: missing argument])])dnl
-dnl
-AC_REQUIRE([XC_CONFIGURE_PREAMBLE])dnl
-dnl
-m4_ifdef([_AM_PROG_CC_C_O],
-[
-_XC_AMEND_DISTCLEAN_BODY([$1])
-])dnl
-m4_define([$0], [])[]dnl
-])
diff --git a/m4/xc-cc-check.m4 b/m4/xc-cc-check.m4
index 9eae8a647..a6cfb07eb 100644
--- a/m4/xc-cc-check.m4
+++ b/m4/xc-cc-check.m4
@@ -2,7 +2,7 @@
 #
 # xc-cc-check.m4
 #
-# Copyright (c) 2013 - 2022, Daniel Stenberg <daniel@haxx.se>
+# Copyright (C), Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
diff --git a/m4/xc-lt-iface.m4 b/m4/xc-lt-iface.m4
index 337c9f9cd..d5e437ffd 100644
--- a/m4/xc-lt-iface.m4
+++ b/m4/xc-lt-iface.m4
@@ -2,7 +2,7 @@
 #
 # xc-lt-iface.m4
 #
-# Copyright (c) 2013 - 2022, Daniel Stenberg <daniel@haxx.se>
+# Copyright (C), Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
diff --git a/m4/xc-translit.m4 b/m4/xc-translit.m4
index 6fc837e63..6d6677197 100644
--- a/m4/xc-translit.m4
+++ b/m4/xc-translit.m4
@@ -2,7 +2,7 @@
 #
 # xc-translit.m4
 #
-# Copyright (c) 2011 - 2022, Daniel Stenberg <daniel@haxx.se>
+# Copyright (C), Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
diff --git a/m4/xc-val-flgs.m4 b/m4/xc-val-flgs.m4
index b721c3155..c8f779651 100644
--- a/m4/xc-val-flgs.m4
+++ b/m4/xc-val-flgs.m4
@@ -2,7 +2,7 @@
 #
 # xc-val-flgs.m4
 #
-# Copyright (c) 2013 - 2022, Daniel Stenberg <daniel@haxx.se>
+# Copyright (C), Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
diff --git a/m4/zz40-xc-ovr.m4 b/m4/zz40-xc-ovr.m4
index 3b96e5f01..fa457876f 100644
--- a/m4/zz40-xc-ovr.m4
+++ b/m4/zz40-xc-ovr.m4
@@ -2,7 +2,7 @@
 #
 # zz40-xc-ovr.m4
 #
-# Copyright (c) 2013 - 2022 Daniel Stenberg <daniel@haxx.se>
+# Copyright (C) Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
diff --git a/m4/zz50-xc-ovr.m4 b/m4/zz50-xc-ovr.m4
index ea68e5b48..18c1f0aba 100644
--- a/m4/zz50-xc-ovr.m4
+++ b/m4/zz50-xc-ovr.m4
@@ -2,7 +2,7 @@
 #
 # zz50-xc-ovr.m4
 #
-# Copyright (c) 2011 - 2022, Daniel Stenberg <daniel@haxx.se>
+# Copyright (C), Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
diff --git a/m4/zz60-xc-ovr.m4 b/m4/zz60-xc-ovr.m4
index e3e29bfc4..531668672 100644
--- a/m4/zz60-xc-ovr.m4
+++ b/m4/zz60-xc-ovr.m4
@@ -2,7 +2,7 @@
 #
 # zz60-xc-ovr.m4
 #
-# Copyright (c) 2013 - 2022, Daniel Stenberg <daniel@haxx.se>
+# Copyright (C), Daniel Stenberg <daniel@haxx.se>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
diff --git a/maketgz b/maketgz
index 533a94888..a0fcd878f 100755
--- a/maketgz
+++ b/maketgz
@@ -9,7 +9,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/packages/Android/Android.mk b/packages/Android/Android.mk
deleted file mode 100644
index c9342d7b4..000000000
--- a/packages/Android/Android.mk
+++ /dev/null
@@ -1,139 +0,0 @@
-#***************************************************************************
-#                                  _   _ ____  _
-#  Project                     ___| | | |  _ \| |
-#                             / __| | | | |_) | |
-#                            | (__| |_| |  _ <| |___
-#                             \___|\___/|_| \_\_____|
-#
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-#
-# This software is licensed as described in the file COPYING, which
-# you should have received as part of this distribution. The terms
-# are also available at https://curl.se/docs/copyright.html.
-#
-# You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# copies of the Software, and permit persons to whom the Software is
-# furnished to do so, under the terms of the COPYING file.
-#
-# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# KIND, either express or implied.
-#
-# SPDX-License-Identifier: curl
-#
-###########################################################################
-# Google Android makefile for curl and libcurl
-#
-# This file can be used when building curl using the full Android source
-# release or the NDK. Most users do not want or need to do this; please
-# instead read the Android section in docs/INSTALL for alternate
-# methods.
-#
-# Place the curl source (including this makefile) into external/curl/ in the
-# Android source tree.  Then build them with 'make curl' or just 'make libcurl'
-# from the Android root. Tested with Android versions 1.5, 2.1-2.3
-#
-# Note: you must first create a curl_config.h file by running configure in the
-# Android environment. The only way I've found to do this is tricky. Perform a
-# normal Android build with libcurl in the source tree, providing the target
-# "showcommands" to make. The build will eventually fail (because curl_config.h
-# doesn't exist yet), but the compiler commands used to build curl will be
-# shown. Now, from the external/curl/ directory, run curl's normal configure
-# command with flags that match what Android itself uses. This will mean
-# putting the compiler directory into the PATH, putting the -I, -isystem and
-# -D options into CPPFLAGS, putting the -W, -m, -f, -O and -nostdlib options
-# into CFLAGS, and putting the -Wl, -L and -l options into LIBS, along with the
-# path to the files libgcc.a, crtbegin_dynamic.o, and ccrtend_android.o.
-# Remember that the paths must be absolute since you will not be running
-# configure from the same directory as the Android make.  The normal
-# cross-compiler options must also be set. Note that the -c, -o, -MD and
-# similar flags must not be set.
-#
-# To see all the LIBS options, you'll need to do the "showcommands" trick on an
-# executable that's already buildable and watch what flags Android uses to link
-# it (dhcpcd is a good choice to watch). You'll also want to add -L options to
-# LIBS that point to the out/.../obj/lib/ and out/.../obj/system/lib/
-# directories so that additional libraries can be found and used by curl.
-#
-# The end result will be a configure command that looks something like this
-# (the environment variable A is set to the Android root path which makes the
-# command shorter):
-#
-#  A=`realpath ../..` && \
-#  PATH="$A/prebuilt/linux-x86/toolchain/arm-eabi-X/bin:$PATH" \
-#  ./configure --host=arm-linux CC=arm-eabi-gcc \
-#  CPPFLAGS="-I $A/system/core/include ..." \
-#  CFLAGS="-nostdlib -fno-exceptions -Wno-multichar ..." \
-#  LIBS="$A/prebuilt/linux-x86/toolchain/arm-eabi-X/lib/gcc/arm-eabi/X\
-#  /interwork/libgcc.a ..."
-#
-# Finally, copy the file COPYING to NOTICE so that the curl license gets put
-# into the right place (but see the note about this below).
-#
-# Dan Fandrich
-# November 2011
-
-LOCAL_PATH:= $(call my-dir)/../..
-
-common_CFLAGS := -Wpointer-arith -Wwrite-strings -Wunused -Winline -Wnested-externs -Wmissing-declarations -Wmissing-prototypes -Wno-long-long -Wfloat-equal -Wno-multichar -Wsign-compare -Wno-format-nonliteral -Wendif-labels -Wstrict-prototypes -Wdeclaration-after-statement -Wno-system-headers -DHAVE_CONFIG_H
-
-#########################
-# Build the libcurl library
-
-include $(CLEAR_VARS)
-include $(LOCAL_PATH)/lib/Makefile.inc
-CURL_HEADERS := \
-  curl.h \
-  system.h \
-  curlver.h \
-  easy.h \
-  mprintf.h \
-  multi.h \
-  stdcheaders.h \
-  typecheck-gcc.h
-
-LOCAL_SRC_FILES := $(addprefix lib/,$(CSOURCES))
-LOCAL_C_INCLUDES += $(LOCAL_PATH)/include/
-LOCAL_CFLAGS += $(common_CFLAGS)
-
-LOCAL_COPY_HEADERS_TO := libcurl/curl
-LOCAL_COPY_HEADERS := $(addprefix include/curl/,$(CURL_HEADERS))
-
-LOCAL_MODULE:= libcurl
-LOCAL_MODULE_TAGS := optional
-
-# Copy the licence to a place where Android will find it.
-# Actually, this doesn't quite work because the build system searches
-# for NOTICE files before it gets to this point, so it will only be seen
-# on subsequent builds.
-ALL_PREBUILT += $(LOCAL_PATH)/NOTICE
-$(LOCAL_PATH)/NOTICE: $(LOCAL_PATH)/COPYING | $(ACP)
-	$(copy-file-to-target)
-
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-MIT
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../COPYING
-include $(BUILD_STATIC_LIBRARY)
-
-
-#########################
-# Build the curl binary
-
-include $(CLEAR_VARS)
-include $(LOCAL_PATH)/src/Makefile.inc
-LOCAL_SRC_FILES := $(addprefix src/,$(CURL_CFILES))
-
-LOCAL_MODULE := curl
-LOCAL_MODULE_TAGS := optional
-LOCAL_STATIC_LIBRARIES := libcurl
-LOCAL_SYSTEM_SHARED_LIBRARIES := libc
-
-LOCAL_C_INCLUDES += $(LOCAL_PATH)/include $(LOCAL_PATH)/lib
-
-# This may also need to include $(CURLX_CFILES) in order to correctly link
-# if libcurl is changed to be built as a dynamic library
-LOCAL_CFLAGS += $(common_CFLAGS)
-
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-MIT
-LOCAL_LICENSE_CONDITIONS := notice
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/../../COPYING
-include $(BUILD_EXECUTABLE)
diff --git a/packages/Makefile.am b/packages/Makefile.am
index f8c2449b2..4347f51da 100644
--- a/packages/Makefile.am
+++ b/packages/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -23,7 +23,7 @@
 ###########################################################################
 SUBDIRS = vms
 
-EXTRA_DIST = README \
+EXTRA_DIST = README.md \
   OS400/README.OS400 \
   OS400/ccsidcurl.c \
   OS400/ccsidcurl.h \
@@ -36,8 +36,7 @@ EXTRA_DIST = README \
   OS400/make-tests.sh \
   OS400/makefile.sh \
   OS400/os400sys.c \
-  OS400/os400sys.h \
-  Android/Android.mk
+  OS400/os400sys.h
 
 CHECKSRC = $(CS_$(V))
 CS_0 = @echo "  RUN     " $@;
diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c
index b7ef28cae..86b6760c4 100644
--- a/packages/OS400/ccsidcurl.c
+++ b/packages/OS400/ccsidcurl.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/packages/OS400/ccsidcurl.h b/packages/OS400/ccsidcurl.h
index 9bd2ae7dd..a6d597b55 100644
--- a/packages/OS400/ccsidcurl.h
+++ b/packages/OS400/ccsidcurl.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/packages/OS400/chkstrings.c b/packages/OS400/chkstrings.c
index 6f8d38b77..74f27876c 100644
--- a/packages/OS400/chkstrings.c
+++ b/packages/OS400/chkstrings.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in
index 6508b964d..7eac3fd27 100644
--- a/packages/OS400/curl.inc.in
+++ b/packages/OS400/curl.inc.in
@@ -5,7 +5,7 @@
       *                            | (__| |_| |  _ <| |___
       *                             \___|\___/|_| \_\_____|
       *
-      * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+      * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
       *
       * This software is licensed as described in the file COPYING, which
       * you should have received as part of this distribution. The terms
diff --git a/packages/OS400/initscript.sh b/packages/OS400/initscript.sh
index 4facf17ed..2a9eb419c 100644..100755
--- a/packages/OS400/initscript.sh
+++ b/packages/OS400/initscript.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -234,7 +234,7 @@ make_module()
         CMD="${CMD} OPTIMIZE(${OPTIMIZE})"
         CMD="${CMD} DBGVIEW(${DEBUG})"
 
-        DEFINES="${3} BUILDING_LIBCURL"
+        DEFINES="${3} BUILDING_LIBCURL 'qadrt_use_inline'"
 
         if [ "${WITH_ZLIB}" != "0" ]
         then    DEFINES="${DEFINES} HAVE_LIBZ"
diff --git a/packages/OS400/make-include.sh b/packages/OS400/make-include.sh
index daf32627c..aec410e03 100644..100755
--- a/packages/OS400/make-include.sh
+++ b/packages/OS400/make-include.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/packages/OS400/make-lib.sh b/packages/OS400/make-lib.sh
index 7bbd9fa2a..d6be13a3f 100644..100755
--- a/packages/OS400/make-lib.sh
+++ b/packages/OS400/make-lib.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -43,7 +43,7 @@ fi
 echo '#pragma comment(user, "libcurl version '"${LIBCURL_VERSION}"'")' > os400.c
 echo '#pragma comment(user, __DATE__)' >> os400.c
 echo '#pragma comment(user, __TIME__)' >> os400.c
-echo '#pragma comment(copyright, "Copyright (C) 1998-2016 Daniel Stenberg et al. OS/400 version by P. Monnerat")' >> os400.c
+echo '#pragma comment(copyright, "Copyright (C) Daniel Stenberg et al. OS/400 version by P. Monnerat")' >> os400.c
 make_module     OS400           os400.c
 LINK=                           # No need to rebuild service program yet.
 MODULES=
@@ -129,15 +129,26 @@ fi
 
 
 #       Gather the list of symbols to export.
+#       First use awk to pull all CURL_EXTERN function prototypes from
+#       the header files, pass through to sed to strip CURL_DEPRECATED(..)
+#       then back to awk to pull the string immediately to the left of a
+#       bracket stripping any spaces or *'s.
 
-EXPORTS=`grep '^CURL_EXTERN[[:space:]]'                                 \
+EXPORTS=`awk '/^CURL_EXTERN/,/;/'                                       \
               "${TOPDIR}"/include/curl/*.h                              \
               "${SCRIPTDIR}/ccsidcurl.h"                                |
-         sed -e 's/^.*CURL_EXTERN[[:space:]]\(.*\)(.*$/\1/'             \
-             -e 's/[[:space:]]*$//'                                     \
-             -e 's/^.*[[:space:]][[:space:]]*//'                        \
-             -e 's/^\*//'                                               \
-             -e 's/(\(.*\))/\1/'`
+         sed 's| CURL_DEPRECATED(.*)||g'                                |
+         awk '{br=index($0,"(");                                        \
+              if (br) {                                                 \
+                for(c=br-1; ;c--) {                                     \
+                  if (c==1) {                                           \
+                    print substr($0,c,br-1); break                      \
+                  } else if (match(substr($0, c, br-c), "[ *]") != 0) { \
+                    print substr($0, c+1, br-c-1); break                \
+                  }                                                     \
+                }                                                       \
+              }                                                         \
+        }'`
 
 #       Create the service program exportation file in DB2 member if needed.
 
diff --git a/packages/OS400/make-src.sh b/packages/OS400/make-src.sh
index 327857d16..62654c36a 100644..100755
--- a/packages/OS400/make-src.sh
+++ b/packages/OS400/make-src.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/packages/OS400/make-tests.sh b/packages/OS400/make-tests.sh
index 9ac9d46d2..03e875d3a 100644..100755
--- a/packages/OS400/make-tests.sh
+++ b/packages/OS400/make-tests.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/packages/OS400/makefile.sh b/packages/OS400/makefile.sh
index b2c1b5918..4d1d98eff 100644..100755
--- a/packages/OS400/makefile.sh
+++ b/packages/OS400/makefile.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/packages/OS400/os400sys.c b/packages/OS400/os400sys.c
index 2cedc4fd7..c37cdb4e2 100644
--- a/packages/OS400/os400sys.c
+++ b/packages/OS400/os400sys.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1265,7 +1265,7 @@ Curl_os400_bind(int sd, struct sockaddr *localaddr, int addrlen)
 
 int
 Curl_os400_sendto(int sd, char *buffer, int buflen, int flags,
-                  struct sockaddr *dstaddr, int addrlen)
+                  const struct sockaddr *dstaddr, int addrlen)
 {
   int i;
   struct sockaddr_storage laddr;
diff --git a/packages/OS400/os400sys.h b/packages/OS400/os400sys.h
index f10723848..f3f461899 100644
--- a/packages/OS400/os400sys.h
+++ b/packages/OS400/os400sys.h
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/packages/README b/packages/README
deleted file mode 100644
index 2487d95d0..000000000
--- a/packages/README
+++ /dev/null
@@ -1,27 +0,0 @@
-                                  _   _ ____  _
-                              ___| | | |  _ \| |
-                             / __| | | | |_) | |
-                            | (__| |_| |  _ <| |___
-                             \___|\___/|_| \_\_____|
-
-PACKAGES
-
- This directory and all its subdirectories are for special package
-information, template, scripts and docs. The files herein should be of use for
-those of you who want to package curl in a binary or source format using one
-of those custom formats.
-
- The hierarchy for these directories is something like this:
-
-   packages/[OS]/[FORMAT]/
-
- Currently, we have Win32 and Linux for [OS]. There might be different formats
-for the same OS so for Linux we have RPM as format.
-
- We might need to add some differentiation for CPU as well, as there is
-Linux-RPMs for several CPUs. However, it might not be necessary since the
-packaging should be pretty much the same no matter what CPU that is used.
-
- For each unique OS-FORMAT pair, there's a directory to "fill"! I'd like to
-see a single README with as much details as possible, and then I'd like some
-template files for the package process.
diff --git a/packages/README.md b/packages/README.md
new file mode 100644
index 000000000..f52f8e477
--- /dev/null
+++ b/packages/README.md
@@ -0,0 +1,12 @@
+<!--
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+
+SPDX-License-Identifier: curl
+-->
+
+# Packages
+
+ This directory and all its subdirectories are for special package
+information, templates, scripts and docs. The files herein should be of use
+for those of you who want to package curl in a binary or source format for
+these platforms.
diff --git a/packages/vms/Makefile.am b/packages/vms/Makefile.am
index f4b2d68be..e869a8978 100644
--- a/packages/vms/Makefile.am
+++ b/packages/vms/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/packages/vms/backup_gnv_curl_src.com b/packages/vms/backup_gnv_curl_src.com
index 900a62b84..298f11f80 100644
--- a/packages/vms/backup_gnv_curl_src.com
+++ b/packages/vms/backup_gnv_curl_src.com
@@ -1,7 +1,5 @@
 $! File: Backup_gnv_curl_src.com
 $!
-$! $Id$
-$!
 $! Procedure to create backup save sets for installing in a PCSI kit.
 $!
 $! To comply with most Open Source licenses, the source used for building
@@ -17,7 +15,7 @@ $! This file is created from a template file for the purpose of making it
 $! easier to port Unix code, particularly open source code to VMS.
 $! Therefore permission is freely granted for any use.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -33,8 +31,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 13-Jun-2009 J. Malmberg
-$!
 $!===========================================================================
 $!
 $! Save default
diff --git a/packages/vms/build_curl-config_script.com b/packages/vms/build_curl-config_script.com
index b6a6575ec..1667d0745 100644
--- a/packages/vms/build_curl-config_script.com
+++ b/packages/vms/build_curl-config_script.com
@@ -2,7 +2,7 @@ $! build_curl-config_script.com
 $!
 $! This generates the curl-config. script from the curl-config.in file.
 $!
-$! Copyright 2014 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -18,8 +18,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 16-Dec-2014	J. Malmberg
-$!
 $!===========================================================================
 $!
 $! Skip this if the curl-config. already exists.
diff --git a/packages/vms/build_gnv_curl.com b/packages/vms/build_gnv_curl.com
index 15931fb86..36e728113 100644
--- a/packages/vms/build_gnv_curl.com
+++ b/packages/vms/build_gnv_curl.com
@@ -1,10 +1,8 @@
 $! File: build_gnv_curl.com
 $!
-$! $Id$
-$!
 $! All in one build procedure
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -20,7 +18,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 11-Jun-2009	J. Malmberg
 $!-----------------------------------------------------------------------
 $!
 $ @setup_gnv_curl_build.com
diff --git a/packages/vms/build_gnv_curl_pcsi_desc.com b/packages/vms/build_gnv_curl_pcsi_desc.com
index 589de2c72..85674261c 100644
--- a/packages/vms/build_gnv_curl_pcsi_desc.com
+++ b/packages/vms/build_gnv_curl_pcsi_desc.com
@@ -1,7 +1,5 @@
 $! File: Build_GNV_CURL_PCSI_DESC.COM
 $!
-$! $Id$
-$!
 $! Build the *.pcsi$text file in the following sections:
 $!   Required software dependencies.
 $!   install/upgrade/postinstall steps.
@@ -31,7 +29,7 @@ $! A rename action section is needed to make sure that the files are
 $! created in the GNV$GNU: in the correct case, and to create the alias
 $! link [usr.bin]curl. for [usr.bin]curl.exe.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -47,8 +45,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 15-Jun-2009  J. Malmberg
-$!
 $!===========================================================================
 $!
 $ kit_name = f$trnlnm("GNV_PCSI_KITNAME")
diff --git a/packages/vms/build_gnv_curl_pcsi_text.com b/packages/vms/build_gnv_curl_pcsi_text.com
index 9295ffb9d..8f109c1e7 100644
--- a/packages/vms/build_gnv_curl_pcsi_text.com
+++ b/packages/vms/build_gnv_curl_pcsi_text.com
@@ -1,7 +1,5 @@
 $! File: Build_GNV_curl_pcsi_text.com
 $!
-$! $Id$
-$!
 $! Build the *.pcsi$text file from the four components:
 $!    1. Generated =product header section
 $!    2. [--]readme. file from the Curl distribution, modified to fit
@@ -12,7 +10,7 @@ $!    4. Generated Producer section.
 $!
 $! Set the name of the release notes from the GNV_PCSI_FILENAME_BASE
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -28,8 +26,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 15-Jun-2009  J. Malmberg
-$!
 $!===========================================================================
 $!
 $ kit_name = f$trnlnm("GNV_PCSI_KITNAME")
diff --git a/packages/vms/build_gnv_curl_release_notes.com b/packages/vms/build_gnv_curl_release_notes.com
index 7673ab76e..0da94454d 100644
--- a/packages/vms/build_gnv_curl_release_notes.com
+++ b/packages/vms/build_gnv_curl_release_notes.com
@@ -1,7 +1,5 @@
 $! File: Build_GNV_curl_release_notes.com
 $!
-$! $Id$
-$!
 $! Build the release note file from the four components:
 $!    1. The curl_release_note_start.txt
 $!    2. The hp_ssl_release_info.txt
@@ -11,7 +9,7 @@ $!
 $! Set the name of the release notes from the GNV_PCSI_FILENAME_BASE
 $! logical name.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -27,8 +25,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 14-Jun-2009  J. Malmberg
-$!
 $!===========================================================================
 $!
 $ base_file = f$trnlnm("GNV_PCSI_FILENAME_BASE")
diff --git a/packages/vms/build_libcurl_pc.com b/packages/vms/build_libcurl_pc.com
index e5eef33bf..294ae084f 100644
--- a/packages/vms/build_libcurl_pc.com
+++ b/packages/vms/build_libcurl_pc.com
@@ -1,10 +1,8 @@
 $! File: build_libcurl_pc.com
 $!
-$! $Id:$
-$!
 $! Build the libcurl.pc file from the libcurl.pc.in file
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -20,8 +18,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 15-Jun-2013  J. Malmberg
-$!
 $!===========================================================================
 $!
 $! Skip this if the libcurl.pc already exists.
diff --git a/packages/vms/clean_gnv_curl.com b/packages/vms/clean_gnv_curl.com
index 0fe31177d..198c0debf 100644
--- a/packages/vms/clean_gnv_curl.com
+++ b/packages/vms/clean_gnv_curl.com
@@ -1,7 +1,5 @@
 $! File: clean_gnv_curl.COM
 $!
-$! $Id$
-$!
 $! The GNV environment leaves behind some during the configure and build
 $! procedure that need to be cleaned up.
 $!
@@ -15,7 +13,7 @@ $! Parameter P1: REALCLEAN
 $!   This removes all build products and brings the environment back to
 $!   the point where the gnv_curl_configure.sh procedure needs to be run again.
 $!
-$! Copyright 2009 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -31,7 +29,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 07-Jul-2009	J. Malmberg
 $!============================================================================
 $!
 $! Save this so we can get back.
diff --git a/packages/vms/compare_curl_source.com b/packages/vms/compare_curl_source.com
index 1801f72b5..3f7542de0 100644
--- a/packages/vms/compare_curl_source.com
+++ b/packages/vms/compare_curl_source.com
@@ -1,7 +1,5 @@
 $! Compare_curl_source.com
 $!
-$! $Id$
-$!
 $! This procedure compares the files in two directories and reports the
 $! differences.  It is customized for the vmsports repository layout.
 $!
@@ -69,7 +67,7 @@ $!
 $!   This is to make sure that the backup save set for the unmodified
 $!   source is up to date.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -85,7 +83,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 18-Aug-2011  J. Malmberg
 $!==========================================================================
 $!
 $! Update missing/changed files.
diff --git a/packages/vms/config_h.com b/packages/vms/config_h.com
index 936aa6847..6e4e03963 100644
--- a/packages/vms/config_h.com
+++ b/packages/vms/config_h.com
@@ -1,7 +1,5 @@
 $! File: config_h.com
 $!
-$! $Id: config_h.com,v 1.1.1.1 2012/12/02 19:25:21 wb8tyw Exp $
-$!
 $! This procedure attempts to figure out how to build a config.h file
 $! for the current project.
 $!
@@ -28,7 +26,7 @@ $!
 $! This procedure may not guess the options correctly for all architectures,
 $! and is a work in progress.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -44,15 +42,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 15-Jan-2001	J. Malmberg	Original
-$! 29-Apr-2001	J. Malmberg	Also look for config.*in* in a [.include]
-$!				subdirectory
-$! 30-Apr-2001	J. Malmberg	Update for SAMBA checks
-$! 09-Apr-2005	J. Malmberg	Update for RSYNC and large file.
-$! 29-Sep-2011	J. Malmberg	Update for Bash 4.2
-$! 01-Mar-2012	J. Malmberg	Warn about getcwd(0,0)
-$! 21-Dec-2012	J. Malmberg	Update for gawk
-$! 29-Dec-2012	J. Malmberg	Update for curl
 $!============================================================================
 $!
 $ss_normal = 1
diff --git a/packages/vms/curl_crtl_init.c b/packages/vms/curl_crtl_init.c
index eedfa22a6..6ae7e8c3a 100644
--- a/packages/vms/curl_crtl_init.c
+++ b/packages/vms/curl_crtl_init.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@
  * On VMS versions that are too old to use the feature setting API, this
  * module falls back to using logical names.
  *
- * Copyright 2013, John Malmberg
+ * Copyright (C) John Malmberg
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
diff --git a/packages/vms/curl_gnv_build_steps.txt b/packages/vms/curl_gnv_build_steps.txt
index b34730ca9..b7ea95219 100644
--- a/packages/vms/curl_gnv_build_steps.txt
+++ b/packages/vms/curl_gnv_build_steps.txt
@@ -1,6 +1,6 @@
 From File: curl_gnv_build_steps.txt
 
- Copyright 2013 - 2022, John Malmberg
+ Copyright (C) John Malmberg
 
  Permission to use, copy, modify, and/or distribute this software for any
  purpose with or without fee is hereby granted, provided that the above
diff --git a/packages/vms/curl_startup.com b/packages/vms/curl_startup.com
index 47849dc2b..e90bbecbb 100644
--- a/packages/vms/curl_startup.com
+++ b/packages/vms/curl_startup.com
@@ -1,11 +1,9 @@
 $! File: curl_Startup.com
 $!
-$! $Id$
-$!
 $! Procedure to setup the CURL libraries for use by programs from the
 $! VMS SYSTARTUP*.COM procedure.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -21,8 +19,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 15-Jun-2009 J. Malmberg
-$! 30-Jul-2013 J. Malmberg  Update for Curl 7.32
 $!========================================================================
 $!
 $!
diff --git a/packages/vms/curlmsg.h b/packages/vms/curlmsg.h
index 7f7378d05..9b5c4c76d 100644
--- a/packages/vms/curlmsg.h
+++ b/packages/vms/curlmsg.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/packages/vms/curlmsg.msg b/packages/vms/curlmsg.msg
index 212249550..ac2d508e3 100644
--- a/packages/vms/curlmsg.msg
+++ b/packages/vms/curlmsg.msg
@@ -5,7 +5,7 @@
 !                            | (__| |_| |  _ <| |___
 !                             \___|\___/|_| \_\_____|
 !
-! Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+! Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 !
 ! This software is licensed as described in the file COPYING, which
 ! you should have received as part of this distribution. The terms
diff --git a/packages/vms/curlmsg_vms.h b/packages/vms/curlmsg_vms.h
index f24a1991e..982d0c6a0 100644
--- a/packages/vms/curlmsg_vms.h
+++ b/packages/vms/curlmsg_vms.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/packages/vms/generate_config_vms_h_curl.com b/packages/vms/generate_config_vms_h_curl.com
index 2741b7b3c..904f1df11 100644
--- a/packages/vms/generate_config_vms_h_curl.com
+++ b/packages/vms/generate_config_vms_h_curl.com
@@ -1,7 +1,5 @@
 $! File: GENERATE_CONFIG_H_CURL.COM
 $!
-$! $Id$
-$!
 $! Curl like most open source products uses a variant of a config.h file.
 $! Depending on the curl version, this could be config.h or curl_config.h.
 $!
@@ -16,8 +14,7 @@ $! which is used to supplement that file.  Note that the config_vms.h file
 $! and the [.lib]config-vms.h file do two different tasks and that the
 $! filenames are slightly different.
 $!
-$!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -33,8 +30,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 06-Jan-2013	J. Malmberg
-$!
 $!=========================================================================
 $!
 $! Allow arguments to be grouped together with comma or separated by spaces
diff --git a/packages/vms/generate_vax_transfer.com b/packages/vms/generate_vax_transfer.com
index f9d978b10..3ed49cb24 100644
--- a/packages/vms/generate_vax_transfer.com
+++ b/packages/vms/generate_vax_transfer.com
@@ -1,7 +1,5 @@
 $! File: generate_vax_transfer.com
 $!
-$! $Id$
-$!
 $! File to generate and compile the VAX transfer vectors from reading in the
 $! Alpha/Itanium gnv_libcurl_symbols.opt file.
 $!
@@ -14,7 +12,7 @@ $!     gnv_libcurl_xfer.obj
 $!     gnv_libcurl_xfer.opt
 $!     macro32_exactcase.exe
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -30,7 +28,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 20-Jul-2013  J. Malmberg
 $!============================================================================
 $!
 $! Save this so we can get back.
diff --git a/packages/vms/gnv_conftest.c_first b/packages/vms/gnv_conftest.c_first
index 7f5952d4c..5b5660861 100644
--- a/packages/vms/gnv_conftest.c_first
+++ b/packages/vms/gnv_conftest.c_first
@@ -1,8 +1,6 @@
 /* File: GNV$CONFTEST.C_FIRST
  *
- * $Id$
- *
- * Copyright 2013 - 2022, John Malmberg
+ * Copyright (C) John Malmberg
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
diff --git a/packages/vms/gnv_curl_configure.sh b/packages/vms/gnv_curl_configure.sh
index 1cb0543cb..21558001e 100644..100755
--- a/packages/vms/gnv_curl_configure.sh
+++ b/packages/vms/gnv_curl_configure.sh
@@ -1,11 +1,9 @@
 # File: gnv_curl_configure.sh
 #
-# $Id$
-#
 # Set up and run the configure script for Curl so that it can find the
 # proper options for VMS.
 #
-# Copyright 2013 - 2022, John Malmberg
+# Copyright (C) John Malmberg
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -21,8 +19,6 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# 06-Jun-2009	J. Malmberg
-# 28-Dec-2012	J. Malmberg	Update for Bash 4.2.39
 #==========================================================================
 #
 # POSIX exit mode is needed for Unix shells.
diff --git a/packages/vms/gnv_libcurl_symbols.opt b/packages/vms/gnv_libcurl_symbols.opt
index eff1cbe97..5bc2a852b 100644
--- a/packages/vms/gnv_libcurl_symbols.opt
+++ b/packages/vms/gnv_libcurl_symbols.opt
@@ -1,7 +1,5 @@
 ! File GNV$LIBCURL_SYMBOLS.OPT
 !
-! $Id$
-!
 ! This file must be manually maintained to allow upward compatibility
 ! The SYMBOL_VECTORs are set up so that applications can be compiled
 ! with either case sensitive symbol names or the default of uppercase.
@@ -41,7 +39,7 @@
 ! maintaining multiple versions as long as the routine can be called with
 ! the old number of parameters.
 !
-! Copyright 2013 - 2022, John Malmberg
+! Copyright (C) John Malmberg
 !
 ! Permission to use, copy, modify, and/or distribute this software for any
 ! purpose with or without fee is hereby granted, provided that the above
diff --git a/packages/vms/gnv_link_curl.com b/packages/vms/gnv_link_curl.com
index 66cfcfd5e..4959f1bab 100644
--- a/packages/vms/gnv_link_curl.com
+++ b/packages/vms/gnv_link_curl.com
@@ -1,10 +1,8 @@
 $! File: gnv_link_curl.com
 $!
-$! $Id$
-$!
 $! File to build images using gnv$libcurl.exe
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -20,7 +18,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 10-Jun-2009  J. Malmberg
 $!============================================================================
 $!
 $! Save this so we can get back.
diff --git a/packages/vms/make_gnv_curl_install.sh b/packages/vms/make_gnv_curl_install.sh
index bdc6077e9..b85ef0ced 100644..100755
--- a/packages/vms/make_gnv_curl_install.sh
+++ b/packages/vms/make_gnv_curl_install.sh
@@ -1,13 +1,11 @@
 # File: make_gnv_curl_install.sh
 #
-# $Id$
-#
 # Set up and run the make script for Curl.
 #
 # This makes the library, the curl binary and attempts an install.
 # A search list should be set up for GNU (GNV$GNU).
 #
-# Copyright 2013 - 2022, John Malmberg
+# Copyright (C) John Malmberg
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -23,7 +21,6 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# 06-Jun-2009	J. Malmberg
 #==========================================================================
 #
 #
diff --git a/packages/vms/make_pcsi_curl_kit_name.com b/packages/vms/make_pcsi_curl_kit_name.com
index 08d347251..956f7c167 100644
--- a/packages/vms/make_pcsi_curl_kit_name.com
+++ b/packages/vms/make_pcsi_curl_kit_name.com
@@ -1,14 +1,12 @@
 $! File: MAKE_PCSI_CURL_KIT_NAME.COM
 $!
-$! $Id$
-$!
 $! Calculates the PCSI kit name for use in building an installation kit.
 $! PCSI is HP's PolyCenter Software Installation Utility.
 $!
 $! The results are stored in as logical names so that other procedures
 $! can use them.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -24,8 +22,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 11-Jun-2009 J. Malmberg
-$!
 $!========================================================================
 $!
 $! Save default
diff --git a/packages/vms/pcsi_gnv_curl_file_list.txt b/packages/vms/pcsi_gnv_curl_file_list.txt
index 7015a800e..586f7e767 100644
--- a/packages/vms/pcsi_gnv_curl_file_list.txt
+++ b/packages/vms/pcsi_gnv_curl_file_list.txt
@@ -1,7 +1,5 @@
 ! File: PCSI_GNV_CURL_FILE_LIST.TXT
 !
-! $Id$
-!
 ! File list for building a PCSI kit.
 ! Very simple format so that the parsing logic can be simple.
 ! links first, directory second, and files third.
@@ -15,7 +13,7 @@
 !
 ! [xxx.yyy]file.ext is a file for the rename and add phases.
 !
-! Copyright 2013 - 2022, John Malmberg
+! Copyright (C) John Malmberg
 !
 ! Permission to use, copy, modify, and/or distribute this software for any
 ! purpose with or without fee is hereby granted, provided that the above
@@ -31,7 +29,6 @@
 !
 ! SPDX-License-Identifier: ISC
 !
-! 15-Jun-2009  J. Malmberg
 !============================================================================
 [gnv.usr.bin]curl. -> [gnv.usr.bin]gnv$curl.exe
 [gnv.usr.bin]curl.exe -> [gnv.usr.bin]gnv$curl.exe
diff --git a/packages/vms/pcsi_product_gnv_curl.com b/packages/vms/pcsi_product_gnv_curl.com
index 688c9c014..83d8fa3b6 100644
--- a/packages/vms/pcsi_product_gnv_curl.com
+++ b/packages/vms/pcsi_product_gnv_curl.com
@@ -1,11 +1,9 @@
 $! File: PCSI_PRODUCT_GNV_CURL.COM
 $!
-$! $Id$
-$!
 $! This command file packages up the product CURL into a sequential
 $! format kit
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -21,8 +19,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 16-Jun-2009  J.Malmberg
-$!
 $!=========================================================================
 $!
 $! Save default
diff --git a/packages/vms/report_openssl_version.c b/packages/vms/report_openssl_version.c
index 2f5f52781..64e1ee052 100644
--- a/packages/vms/report_openssl_version.c
+++ b/packages/vms/report_openssl_version.c
@@ -1,7 +1,5 @@
 /* File: report_openssl_version.c
  *
- * $Id$
- *
  * This file dynamically loads the openssl shared image to report the
  * version string.
  *
@@ -9,7 +7,7 @@
  *
  * Usage:  report_openssl_version <shared_image> [<dcl_symbol>]
  *
- * Copyright 2013 - 2022, John Malmberg
+ * Copyright (C) John Malmberg
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
diff --git a/packages/vms/setup_gnv_curl_build.com b/packages/vms/setup_gnv_curl_build.com
index 69aecc68d..8404ec3c0 100644
--- a/packages/vms/setup_gnv_curl_build.com
+++ b/packages/vms/setup_gnv_curl_build.com
@@ -1,13 +1,11 @@
 $! File: setup_gnv_curl_build.com
 $!
-$! $Id$
-$!
 $! Set up build environment for building Curl under GNV on VMS.
 $!
 $! GNV needs some files moved into the other directories to help with
 $! the configure script and the build.
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -23,8 +21,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 30-May-2009  J. Malmberg
-$!
 $!=======================================================================
 $!
 $! Save this so we can get back.
diff --git a/packages/vms/stage_curl_install.com b/packages/vms/stage_curl_install.com
index 8c4cb05b5..10ae17adc 100644
--- a/packages/vms/stage_curl_install.com
+++ b/packages/vms/stage_curl_install.com
@@ -1,7 +1,5 @@
 $! File: stage_curl_install.com
 $!
-$! $Id$
-$!
 $! This updates or removes the GNV$CURL.EXE and related files for the
 $! new_gnu:[*...] directory tree for running the self tests.
 $!
@@ -24,7 +22,7 @@ $!     [usr.share.man.man3]curl*.3
 $!     [usr.share.man.man3]libcurl*.3
 $! Future: A symbolic link to the release notes?
 $!
-$! Copyright 2013 - 2022, John Malmberg
+$! Copyright (C) John Malmberg
 $!
 $! Permission to use, copy, modify, and/or distribute this software for any
 $! purpose with or without fee is hereby granted, provided that the above
@@ -40,8 +38,6 @@ $! OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 $!
 $! SPDX-License-Identifier: ISC
 $!
-$! 20-Aug-2012  J. Malmberg
-$!
 $!===========================================================================
 $!
 $ arch_type = f$getsyi("ARCH_NAME")
diff --git a/packages/vms/vms_eco_level.h b/packages/vms/vms_eco_level.h
index cf2db53a3..89f1dfd62 100644
--- a/packages/vms/vms_eco_level.h
+++ b/packages/vms/vms_eco_level.h
@@ -1,8 +1,6 @@
 /* File: vms_eco_level.h
  *
- * $Id$
- *
- * Copyright 2013 - 2022, John Malmberg
+ * Copyright (C) John Malmberg
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
diff --git a/plan9/include/mkfile b/plan9/include/mkfile
index d61682b75..a0970e932 100644
--- a/plan9/include/mkfile
+++ b/plan9/include/mkfile
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/plan9/lib/mkfile b/plan9/lib/mkfile
index 45189485b..04b54a837 100644
--- a/plan9/lib/mkfile
+++ b/plan9/lib/mkfile
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/plan9/lib/mkfile.inc b/plan9/lib/mkfile.inc
index bf677bd07..5c2cc128f 100755
--- a/plan9/lib/mkfile.inc
+++ b/plan9/lib/mkfile.inc
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/plan9/mkfile b/plan9/mkfile
index f48d41237..2133a4970 100644
--- a/plan9/mkfile
+++ b/plan9/mkfile
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/plan9/mkfile.proto b/plan9/mkfile.proto
index 2557de795..4ad41a1c7 100644
--- a/plan9/mkfile.proto
+++ b/plan9/mkfile.proto
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/plan9/src/mkfile b/plan9/src/mkfile
index 0ec185b53..beb98cbd6 100644
--- a/plan9/src/mkfile
+++ b/plan9/src/mkfile
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/plan9/src/mkfile.inc b/plan9/src/mkfile.inc
index bf677bd07..5c2cc128f 100755
--- a/plan9/src/mkfile.inc
+++ b/plan9/src/mkfile.inc
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/projects/README.md b/projects/README.md
index fca9cf43e..9b18ccd33 100644
--- a/projects/README.md
+++ b/projects/README.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/projects/Windows/.gitattributes b/projects/Windows/.gitattributes
index 8849a710b..e6cf93574 100644
--- a/projects/Windows/.gitattributes
+++ b/projects/Windows/.gitattributes
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/.gitignore b/projects/Windows/.gitignore
index e2f943e15..cab49e31d 100644
--- a/projects/Windows/.gitignore
+++ b/projects/Windows/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC10/.gitignore b/projects/Windows/VC10/.gitignore
index b3c0e9ed0..53e3845a5 100644
--- a/projects/Windows/VC10/.gitignore
+++ b/projects/Windows/VC10/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC10/lib/.gitignore b/projects/Windows/VC10/lib/.gitignore
index 5a33b009b..853b57dbc 100644
--- a/projects/Windows/VC10/lib/.gitignore
+++ b/projects/Windows/VC10/lib/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC10/src/.gitignore b/projects/Windows/VC10/src/.gitignore
index 5a33b009b..853b57dbc 100644
--- a/projects/Windows/VC10/src/.gitignore
+++ b/projects/Windows/VC10/src/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC11/.gitignore b/projects/Windows/VC11/.gitignore
index b3c0e9ed0..53e3845a5 100644
--- a/projects/Windows/VC11/.gitignore
+++ b/projects/Windows/VC11/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC11/lib/.gitignore b/projects/Windows/VC11/lib/.gitignore
index 5a33b009b..853b57dbc 100644
--- a/projects/Windows/VC11/lib/.gitignore
+++ b/projects/Windows/VC11/lib/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC11/src/.gitignore b/projects/Windows/VC11/src/.gitignore
index 5a33b009b..853b57dbc 100644
--- a/projects/Windows/VC11/src/.gitignore
+++ b/projects/Windows/VC11/src/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC12/.gitignore b/projects/Windows/VC12/.gitignore
index b3c0e9ed0..53e3845a5 100644
--- a/projects/Windows/VC12/.gitignore
+++ b/projects/Windows/VC12/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC12/lib/.gitignore b/projects/Windows/VC12/lib/.gitignore
index 5a33b009b..853b57dbc 100644
--- a/projects/Windows/VC12/lib/.gitignore
+++ b/projects/Windows/VC12/lib/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC12/src/.gitignore b/projects/Windows/VC12/src/.gitignore
index 5a33b009b..853b57dbc 100644
--- a/projects/Windows/VC12/src/.gitignore
+++ b/projects/Windows/VC12/src/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14.10/.gitignore b/projects/Windows/VC14.10/.gitignore
index f97107efa..11504d2c1 100644
--- a/projects/Windows/VC14.10/.gitignore
+++ b/projects/Windows/VC14.10/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14.10/lib/.gitignore b/projects/Windows/VC14.10/lib/.gitignore
index 37168c357..5baee8342 100644
--- a/projects/Windows/VC14.10/lib/.gitignore
+++ b/projects/Windows/VC14.10/lib/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14.10/src/.gitignore b/projects/Windows/VC14.10/src/.gitignore
index 37168c357..5baee8342 100644
--- a/projects/Windows/VC14.10/src/.gitignore
+++ b/projects/Windows/VC14.10/src/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14.30/.gitignore b/projects/Windows/VC14.30/.gitignore
index f97107efa..11504d2c1 100644
--- a/projects/Windows/VC14.30/.gitignore
+++ b/projects/Windows/VC14.30/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14.30/lib/.gitignore b/projects/Windows/VC14.30/lib/.gitignore
index 37168c357..5baee8342 100644
--- a/projects/Windows/VC14.30/lib/.gitignore
+++ b/projects/Windows/VC14.30/lib/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14.30/src/.gitignore b/projects/Windows/VC14.30/src/.gitignore
index 37168c357..5baee8342 100644
--- a/projects/Windows/VC14.30/src/.gitignore
+++ b/projects/Windows/VC14.30/src/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14/.gitignore b/projects/Windows/VC14/.gitignore
index f97107efa..11504d2c1 100644
--- a/projects/Windows/VC14/.gitignore
+++ b/projects/Windows/VC14/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14/lib/.gitignore b/projects/Windows/VC14/lib/.gitignore
index 37168c357..5baee8342 100644
--- a/projects/Windows/VC14/lib/.gitignore
+++ b/projects/Windows/VC14/lib/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/Windows/VC14/src/.gitignore b/projects/Windows/VC14/src/.gitignore
index 37168c357..5baee8342 100644
--- a/projects/Windows/VC14/src/.gitignore
+++ b/projects/Windows/VC14/src/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/projects/build-openssl.bat b/projects/build-openssl.bat
index 1d75444e3..b64538341 100644
--- a/projects/build-openssl.bat
+++ b/projects/build-openssl.bat
@@ -6,7 +6,7 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 2012 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+rem * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
@@ -18,7 +18,7 @@ rem * furnished to do so, under the terms of the COPYING file.
 rem *
 rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 rem * KIND, either express or implied.
-rem * 
+rem *
 rem * SPDX-License-Identifier: curl
 rem *
 rem ***************************************************************************
@@ -589,8 +589,13 @@ rem
         )
 
         move "%TMP_INSTALL_PATH%\lib\*.lib" "%OUTDIR%\DLL Debug" 1>nul
-        move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.dll" "%OUTDIR%\DLL Debug" 1>nul
-        move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.pdb" "%OUTDIR%\DLL Debug" 1>nul
+        if exist "%TMP_INSTALL_PATH%\lib\engines-3" (
+          move "%TMP_INSTALL_PATH%\lib\engines-3\*.dll" "%OUTDIR%\DLL Debug" 1>nul
+          move "%TMP_INSTALL_PATH%\lib\engines-3\*.pdb" "%OUTDIR%\DLL Debug" 1>nul
+        ) else if exist "%TMP_INSTALL_PATH%\lib\engines-1_1" (
+          move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.dll" "%OUTDIR%\DLL Debug" 1>nul
+          move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.pdb" "%OUTDIR%\DLL Debug" 1>nul
+        )
         move "%TMP_INSTALL_PATH%\bin\*.dll" "%OUTDIR%\DLL Debug" 1>nul
         move "%TMP_INSTALL_PATH%\bin\*.exe" "%OUTDIR%\DLL Debug" 1>nul
         move "%TMP_INSTALL_PATH%\bin\*.pdb" "%OUTDIR%\DLL Debug" 1>nul
@@ -615,8 +620,13 @@ rem
         )
 
         move "%TMP_INSTALL_PATH%\lib\*.lib" "%OUTDIR%\DLL Release" 1>nul
-        move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.dll" "%OUTDIR%\DLL Release" 1>nul
-        move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.pdb" "%OUTDIR%\DLL Release" 1>nul
+        if exist "%TMP_INSTALL_PATH%\lib\engines-3" (
+          move "%TMP_INSTALL_PATH%\lib\engines-3\*.dll" "%OUTDIR%\DLL Release" 1>nul
+          move "%TMP_INSTALL_PATH%\lib\engines-3\*.pdb" "%OUTDIR%\DLL Release" 1>nul
+        ) else if exist "%TMP_INSTALL_PATH%\lib\engines-1_1" (
+          move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.dll" "%OUTDIR%\DLL Release" 1>nul
+          move "%TMP_INSTALL_PATH%\lib\engines-1_1\*.pdb" "%OUTDIR%\DLL Release" 1>nul
+        )
         move "%TMP_INSTALL_PATH%\bin\*.dll" "%OUTDIR%\DLL Release" 1>nul
         move "%TMP_INSTALL_PATH%\bin\*.exe" "%OUTDIR%\DLL Release" 1>nul
         move "%TMP_INSTALL_PATH%\bin\*.pdb" "%OUTDIR%\DLL Release" 1>nul
diff --git a/projects/build-wolfssl.bat b/projects/build-wolfssl.bat
index 61f4a0309..6f9bad9d1 100644
--- a/projects/build-wolfssl.bat
+++ b/projects/build-wolfssl.bat
@@ -6,8 +6,8 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 2012 - 2020, Steve Holme, <steve_holme@hotmail.com>.
-rem * Copyright (C) 2015 - 2022, Jay Satiro, <raysatiro@yahoo.com>.
+rem * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
+rem * Copyright (C) Jay Satiro, <raysatiro@yahoo.com>.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
@@ -19,7 +19,7 @@ rem * furnished to do so, under the terms of the COPYING file.
 rem *
 rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 rem * KIND, either express or implied.
-rem * 
+rem *
 rem * SPDX-License-Identifier: curl
 rem *
 rem ***************************************************************************
diff --git a/projects/checksrc.bat b/projects/checksrc.bat
index 89577e3eb..018dc5960 100644
--- a/projects/checksrc.bat
+++ b/projects/checksrc.bat
@@ -6,7 +6,7 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+rem * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
@@ -18,7 +18,7 @@ rem * furnished to do so, under the terms of the COPYING file.
 rem *
 rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 rem * KIND, either express or implied.
-rem * 
+rem *
 rem * SPDX-License-Identifier: curl
 rem *
 rem ***************************************************************************
diff --git a/projects/generate.bat b/projects/generate.bat
index ef4db8c25..a9ee6d0f1 100644
--- a/projects/generate.bat
+++ b/projects/generate.bat
@@ -6,7 +6,7 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+rem * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
@@ -18,7 +18,7 @@ rem * furnished to do so, under the terms of the COPYING file.
 rem *
 rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 rem * KIND, either express or implied.
-rem * 
+rem *
 rem * SPDX-License-Identifier: curl
 rem *
 rem ***************************************************************************
diff --git a/projects/wolfssl_options.h b/projects/wolfssl_options.h
index b2154cea3..3ef23fbcd 100644
--- a/projects/wolfssl_options.h
+++ b/projects/wolfssl_options.h
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index ed9819b87..fcb78eabf 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/checksrc.pl b/scripts/checksrc.pl
index 26634774e..2aab0ad8f 100755
--- a/scripts/checksrc.pl
+++ b/scripts/checksrc.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -53,47 +53,47 @@ my %warnings_extended = (
     );
 
 my %warnings = (
-    'LONGLINE'         => "Line longer than $max_column",
-    'TABS'             => 'TAB characters not allowed',
-    'TRAILINGSPACE'    => 'Trailing whitespace on the line',
-    'CPPCOMMENTS'      => '// comment detected',
-    'SPACEBEFOREPAREN' => 'space before an open parenthesis',
-    'SPACEAFTERPAREN'  => 'space after open parenthesis',
-    'SPACEBEFORECLOSE' => 'space before a close parenthesis',
-    'SPACEBEFORECOMMA' => 'space before a comma',
-    'RETURNNOSPACE'    => 'return without space',
-    'COMMANOSPACE'     => 'comma without following space',
-    'BRACEELSE'        => '} else on the same line',
-    'PARENBRACE'       => '){ without sufficient space',
-    'SPACESEMICOLON'   => 'space before semicolon',
+    'ASSIGNWITHINCONDITION' => 'assignment within conditional expression',
+    'ASTERISKNOSPACE'  => 'pointer declared without space before asterisk',
+    'ASTERISKSPACE'    => 'pointer declared with space after asterisk',
+    'BADCOMMAND'       => 'bad !checksrc! instruction',
     'BANNEDFUNC'       => 'a banned function was used',
-    'FOPENMODE'        => 'fopen needs a macro for the mode string',
+    'BRACEELSE'        => '} else on the same line',
     'BRACEPOS'         => 'wrong position for an open brace',
-    'INDENTATION'      => 'wrong start column for code',
+    'BRACEWHILE'       => 'A single space between open brace and while',
+    'COMMANOSPACE'     => 'comma without following space',
+    'COMMENTNOSPACEEND' => 'no space before */',
+    'COMMENTNOSPACESTART' => 'no space following /*',
     'COPYRIGHT'        => 'file missing a copyright statement',
-    'BADCOMMAND'       => 'bad !checksrc! instruction',
-    'UNUSEDIGNORE'     => 'a warning ignore was not used',
-    'OPENCOMMENT'      => 'file ended with a /* comment still "open"',
-    'ASTERISKSPACE'    => 'pointer declared with space after asterisk',
-    'ASTERISKNOSPACE'  => 'pointer declared without space before asterisk',
-    'ASSIGNWITHINCONDITION' => 'assignment within conditional expression',
+    'CPPCOMMENTS'      => '// comment detected',
+    'DOBRACE'          => 'A single space between do and open brace',
+    'EMPTYLINEBRACE'   => 'Empty line before the open brace',
     'EQUALSNOSPACE'    => 'equals sign without following space',
+    'EQUALSNULL'       => 'if/while comparison with == NULL',
+    'EXCLAMATIONSPACE' => 'Whitespace after exclamation mark in expression',
+    'FOPENMODE'        => 'fopen needs a macro for the mode string',
+    'INCLUDEDUP',      => 'same file is included again',
+    'INDENTATION'      => 'wrong start column for code',
+    'LONGLINE'         => "Line longer than $max_column",
+    'MULTISPACE'       => 'multiple spaces used when not suitable',
     'NOSPACEEQUALS'    => 'equals sign without preceding space',
+    'NOTEQUALSZERO',   => 'if/while comparison with != 0',
+    'ONELINECONDITION' => 'conditional block on the same line as the if()',
+    'OPENCOMMENT'      => 'file ended with a /* comment still "open"',
+    'PARENBRACE'       => '){ without sufficient space',
+    'RETURNNOSPACE'    => 'return without space',
     'SEMINOSPACE'      => 'semicolon without following space',
-    'MULTISPACE'       => 'multiple spaces used when not suitable',
     'SIZEOFNOPAREN'    => 'use of sizeof without parentheses',
     'SNPRINTF'         => 'use of snprintf',
-    'ONELINECONDITION' => 'conditional block on the same line as the if()',
+    'SPACEAFTERPAREN'  => 'space after open parenthesis',
+    'SPACEBEFORECLOSE' => 'space before a close parenthesis',
+    'SPACEBEFORECOMMA' => 'space before a comma',
+    'SPACEBEFOREPAREN' => 'space before an open parenthesis',
+    'SPACESEMICOLON'   => 'space before semicolon',
+    'TABS'             => 'TAB characters not allowed',
+    'TRAILINGSPACE'    => 'Trailing whitespace on the line',
     'TYPEDEFSTRUCT'    => 'typedefed struct',
-    'DOBRACE'          => 'A single space between do and open brace',
-    'BRACEWHILE'       => 'A single space between open brace and while',
-    'EXCLAMATIONSPACE' => 'Whitespace after exclamation mark in expression',
-    'EMPTYLINEBRACE'   => 'Empty line before the open brace',
-    'EQUALSNULL'       => 'if/while comparison with == NULL',
-    'NOTEQUALSZERO',   => 'if/while comparison with != 0',
-    'INCLUDEDUP',      => 'same file is included again',
-    'COMMENTNOSPACESTART' => 'no space following /*',
-    'COMMENTNOSPACEEND' => 'no space before */',
+    'UNUSEDIGNORE'     => 'a warning ignore was not used',
     );
 
 sub readskiplist {
@@ -400,7 +400,8 @@ sub scanfile {
         }
 
         # check for a copyright statement and save the years
-        if($l =~ /\* +copyright .* \d\d\d\d/i) {
+        if($l =~ /\* +copyright .* (\d\d\d\d|)/i) {
+            my $count = 0;
             while($l =~ /([\d]{4})/g) {
                 push @copyright, {
                   year => $1,
@@ -408,6 +409,16 @@ sub scanfile {
                   col => index($l, $1),
                   code => $l
                 };
+                $count++;
+            }
+            if(!$count) {
+                # year-less
+                push @copyright, {
+                    year => -1,
+                    line => $line,
+                    col => index($l, $1),
+                    code => $l
+                };
             }
         }
 
diff --git a/scripts/ciconfig.pl b/scripts/ciconfig.pl
index 9d4d0bbe2..a3ac4f6c9 100755
--- a/scripts/ciconfig.pl
+++ b/scripts/ciconfig.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/cijobs.pl b/scripts/cijobs.pl
index 428267519..21c750d6d 100755
--- a/scripts/cijobs.pl
+++ b/scripts/cijobs.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -237,7 +237,7 @@ sub appveyor {
             }
         }
         $job{'line'} = $line;
-        if($_ =~ /^      - APPVEYOR_BUILD_WORKER_IMAGE: \"(.*)\"/) {
+        if($_ =~ /^        APPVEYOR_BUILD_WORKER_IMAGE: \"(.*)\"/) {
             $job{'image'}= $1;
         }
         elsif($_ =~ /^        BUILD_SYSTEM: (.*)/) {
diff --git a/scripts/completion.pl b/scripts/completion.pl
index c2eb774f7..00c736898 100755
--- a/scripts/completion.pl
+++ b/scripts/completion.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/contributors.sh b/scripts/contributors.sh
index bb0745709..7b1cda385 100755
--- a/scripts/contributors.sh
+++ b/scripts/contributors.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2013 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/contrithanks.sh b/scripts/contrithanks.sh
index 20b5cbf10..46853da9a 100755
--- a/scripts/contrithanks.sh
+++ b/scripts/contrithanks.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2013 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/copyright.pl b/scripts/copyright.pl
index c7e7f242e..c83b7ebbd 100755
--- a/scripts/copyright.pl
+++ b/scripts/copyright.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -43,11 +43,6 @@ my %skiplist = (
     "LICENSES/curl.txt" => "<built-in>",
     "COPYING" => "<built-in>",
 
-    # imported, leave be
-    'm4/ax_compile_check_sizeof.m4' => "<built-in>",
-
-    # an empty control file
-    "zuul.d/playbooks/.zuul.ignore" => "<built-in>",
     );
 
 sub scanfile {
@@ -59,7 +54,8 @@ sub scanfile {
         chomp;
         my $l = $_;
         # check for a copyright statement and save the years
-        if($l =~ /.* ?copyright .* *\d\d\d\d/i) {
+        if($l =~ /.* ?copyright .* (\d\d\d\d|)/i) {
+            my $count = 0;
             while($l =~ /([\d]{4})/g) {
                 push @copyright, {
                   year => $1,
@@ -67,8 +63,19 @@ sub scanfile {
                   col => index($l, $1),
                   code => $l
                 };
-                $found++;
+                $count++;
+            }
+            if(!$count) {
+                # year-less
+                push @copyright, {
+                    year => -1,
+                    line => $line,
+                    col => index($l, $1),
+                    code => $l
+                };
+                $count++;
             }
+            $found = $count;
         }
         if($l =~ /SPDX-License-Identifier:/) {
             $spdx = 1;
@@ -84,8 +91,6 @@ sub scanfile {
 
 sub checkfile {
     my ($file, $skipped, $pattern) = @_;
-    my $fine = 0;
-    @copyright=();
     $spdx = 0;
     my $found = scanfile($file);
 
@@ -113,38 +118,12 @@ sub checkfile {
         return 2;
     }
 
-    my $commityear = undef;
-    @copyright = sort {$$b{year} cmp $$a{year}} @copyright;
-
-    # if the file is modified, assume commit year this year
-    if(`git status -s -- $file` =~ /^ [MARCU]/) {
-        $commityear = (localtime(time))[5] + 1900;
-    }
-    else {
-        # min-parents=1 to ignore wrong initial commit in truncated repos
-        my $grl = `git rev-list --max-count=1 --min-parents=1 --timestamp HEAD -- $file`;
-        if($grl) {
-            chomp $grl;
-            $commityear = (localtime((split(/ /, $grl))[0]))[5] + 1900;
-        }
-    }
-
-    if(defined($commityear) && scalar(@copyright) &&
-       $copyright[0]{year} != $commityear) {
-        printf "$file:%d: copyright year out of date, should be $commityear, " .
-            "is $copyright[0]{year}\n",
-            $copyright[0]{line} if(!$skipped || $verbose);
-        $skips{$pattern}++ if($skipped);
-    }
-    else {
-        $fine = 1;
-    }
-    if($skipped && $fine) {
+    if($skipped) {
         print "$file:1: ignored superfluously by $pattern\n" if($verbose);
         $superf{$pattern}++;
     }
 
-    return $fine;
+    return 1;
 }
 
 sub dep5 {
@@ -183,6 +162,7 @@ sub dep5 {
 
 dep5(".reuse/dep5");
 
+my $checkall = 0;
 my @all;
 my $verbose;
 if($ARGV[0] eq "-v") {
@@ -194,6 +174,7 @@ if($ARGV[0]) {
 }
 else {
     @all = `git ls-files`;
+    $checkall = 1;
 }
 
 for my $f (@all) {
@@ -206,6 +187,7 @@ for my $f (@all) {
         $pattern = $skip;
         $skiplisted++;
         $skipped = 1;
+        $skip{$f}++;
     }
 
     my $r = checkfile($f, $skipped, $pattern);
@@ -234,4 +216,12 @@ if($verbose) {
     }
 }
 
+if($checkall) {
+    for(keys %skiplist) {
+        if(!$skip{$_}) {
+            printf STDERR "$_ is marked for SKIP but is missing!\n";
+        }
+    }
+}
+
 exit 1 if($missing || $wrong);
diff --git a/scripts/coverage.sh b/scripts/coverage.sh
index f3db9af17..0a7c7824a 100755
--- a/scripts/coverage.sh
+++ b/scripts/coverage.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/delta b/scripts/delta
index 858f16100..3920a79ae 100755
--- a/scripts/delta
+++ b/scripts/delta
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2018-2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -85,8 +85,8 @@ $branch=`git rev-parse --abbrev-ref HEAD 2>/dev/null`;
 chomp $branch;
 # Number of files in git
 $afiles=`git ls-files | wc -l`;
-$deletes=`git diff-tree --diff-filter=A -r --summary origin/$branch $start | wc -l`;
-$creates=`git diff-tree --diff-filter=D -r --summary origin/$branch $start | wc -l`;
+$deletes=`git diff-tree --diff-filter=A -r --summary origin/$branch $start 2>/dev/null | wc -l`;
+$creates=`git diff-tree --diff-filter=D -r --summary origin/$branch $start 2>/dev/null| wc -l`;
 
 # Time since that tag
 $tagged=`git for-each-ref --format="%(refname:short) | %(taggerdate:unix)" refs/tags/* | grep ^$start | cut "-d|" -f2`; # unix timestamp
@@ -162,7 +162,7 @@ printf "Added files:                    %d (total %d)\n",
 printf "Deleted files:                  %d (delta: %d)\n", $deletes,
     $creates - $deletes;
 print "Diffstat:$diffstat" if(!$fileschanged);
-printf "Files changed:                  %d\n", $fileschanged;
+printf "Files changed:                  %d (%.2f%%)\n", $fileschanged, $fileschanged*100/$afiles;
 printf "Lines inserted:                 %d\n", $insertions;
 printf "Lines deleted:                  %d (delta: %d)\n", $deletions,
     $insertions - $deletions;
diff --git a/scripts/firefox-db2pem.sh b/scripts/firefox-db2pem.sh
index 36c2de93c..f78f41523 100755
--- a/scripts/firefox-db2pem.sh
+++ b/scripts/firefox-db2pem.sh
@@ -6,7 +6,7 @@
 # *                            | (__| |_| |  _ <| |___
 # *                             \___|\___/|_| \_\_____|
 # *
-# * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 # *
 # * This software is licensed as described in the file COPYING, which
 # * you should have received as part of this distribution. The terms
diff --git a/scripts/installcheck.sh b/scripts/installcheck.sh
index f7df595f1..433420e03 100644..100755
--- a/scripts/installcheck.sh
+++ b/scripts/installcheck.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/log2changes.pl b/scripts/log2changes.pl
index ee8a753eb..355418368 100755
--- a/scripts/log2changes.pl
+++ b/scripts/log2changes.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/mk-ca-bundle.pl b/scripts/mk-ca-bundle.pl
index 926478f12..83027a489 100755
--- a/scripts/mk-ca-bundle.pl
+++ b/scripts/mk-ca-bundle.pl
@@ -6,7 +6,7 @@
 # *                            | (__| |_| |  _ <| |___
 # *                             \___|\___/|_| \_\_____|
 # *
-# * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 # *
 # * This software is licensed as described in the file COPYING, which
 # * you should have received as part of this distribution. The terms
diff --git a/scripts/release-notes.pl b/scripts/release-notes.pl
index 9e1c4a58c..136b48f0a 100755
--- a/scripts/release-notes.pl
+++ b/scripts/release-notes.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -88,6 +88,7 @@ sub getref {
 # 'num'
 # 'https://github.com/curl/curl/issues/6939'
 # 'https://github.com/curl/curl-www/issues/69'
+# 'https://elsewhere.example.com/discussion'
 
 sub extract {
     my ($ref)=@_;
@@ -99,10 +100,11 @@ sub extract {
         # return the plain number
         return $1;
     }
-    else {
-        # return the URL
+    elsif($ref =~ /:\/\//) {
+        # contains a '://', return the URL
         return $ref;
     }
+    # false alarm, not a valid line
 }
 
 my $short;
@@ -132,13 +134,16 @@ for my $l (@gitlog) {
         my $line = $1;
 
         if($line =~ /^Fixes(:|) *(.*)/i) {
-            push @fixes, extract($2);
+            my $ref = extract($2);
+            push @fixes, $ref if($ref);
         }
         elsif($line =~ /^Clo(s|)es(:|) *(.*)/i) {
-            push @closes, extract($3);
+            my $ref = extract($3);
+            push @closes, $ref if($ref);
         }
         elsif($line =~ /^Bug: (.*)/i) {
-            push @bug, extract($1);
+            my $ref = extract($1);
+            push @bug, $ref if($ref);
         }
     }
 }
diff --git a/scripts/singleuse.pl b/scripts/singleuse.pl
index 0b707f440..fdf485721 100755
--- a/scripts/singleuse.pl
+++ b/scripts/singleuse.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/updatemanpages.pl b/scripts/updatemanpages.pl
index fd461e4bd..58a8755e8 100755
--- a/scripts/updatemanpages.pl
+++ b/scripts/updatemanpages.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/scripts/zuul/before_script.sh b/scripts/zuul/before_script.sh
deleted file mode 100755
index f75846014..000000000
--- a/scripts/zuul/before_script.sh
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/bin/bash
-#***************************************************************************
-#                                  _   _ ____  _
-#  Project                     ___| | | |  _ \| |
-#                             / __| | | | |_) | |
-#                            | (__| |_| |  _ <| |___
-#                             \___|\___/|_| \_\_____|
-#
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-#
-# This software is licensed as described in the file COPYING, which
-# you should have received as part of this distribution. The terms
-# are also available at https://curl.se/docs/copyright.html.
-#
-# You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# copies of the Software, and permit persons to whom the Software is
-# furnished to do so, under the terms of the COPYING file.
-#
-# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# KIND, either express or implied.
-#
-# SPDX-License-Identifier: curl
-#
-###########################################################################
-set -eo pipefail
-
-autoreconf -fi
-
-if [ "$NGTCP2" = yes ]; then
-  if [ "$TRAVIS_OS_NAME" = linux -a "$GNUTLS" ]; then
-    cd $HOME
-    git clone --depth 1 https://gitlab.com/gnutls/nettle.git
-    cd nettle
-    ./.bootstrap
-    ./configure LDFLAGS="-Wl,-rpath,$HOME/ngbuild/lib" --disable-documentation --prefix=$HOME/ngbuild
-    make
-    make install
-
-    cd $HOME
-    git clone --depth 1 -b 3.7.4 https://gitlab.com/gnutls/gnutls.git pgtls
-    cd pgtls
-    ./bootstrap
-    ./configure PKG_CONFIG_PATH=$HOME/ngbuild/lib/pkgconfig LDFLAGS="-Wl,-rpath,$HOME/ngbuild/lib" --with-included-libtasn1 --with-included-unistring --disable-guile --disable-doc --disable-tools --without-zstd --disable-psk-authentication --prefix=$HOME/ngbuild
-    make
-    make install
-  else
-    cd $HOME
-    git clone --depth 1 -b OpenSSL_1_1_1j+quic https://github.com/quictls/openssl possl
-    cd possl
-    ./config enable-tls1_3 --prefix=$HOME/ngbuild
-    make
-    make install_sw
-  fi
-
-  cd $HOME
-  git clone --depth 1 https://github.com/ngtcp2/nghttp3
-  cd nghttp3
-  autoreconf -i
-  ./configure --prefix=$HOME/ngbuild --enable-lib-only
-  make
-  make install
-
-  cd $HOME
-  git clone --depth 1 https://github.com/ngtcp2/ngtcp2
-  cd ngtcp2
-  autoreconf -i
-  if test -n "$GNUTLS"; then
-      WITHGNUTLS="--with-gnutls"
-  fi
-  ./configure PKG_CONFIG_PATH=$HOME/ngbuild/lib/pkgconfig LDFLAGS="-Wl,-rpath,$HOME/ngbuild/lib" --prefix=$HOME/ngbuild --enable-lib-only $WITHGNUTLS
-  make
-  make install
-fi
-
-if [ "$TRAVIS_OS_NAME" = linux -a "$BORINGSSL" ]; then
-  cd $HOME
-  git clone --depth=1 https://boringssl.googlesource.com/boringssl
-  cd boringssl
-  mkdir -p build
-  cd ./build
-  CXX="g++" CC="gcc" cmake .. -GNinja -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1
-  cd ..
-  cmake --build build
-  mkdir lib
-  cp ./build/crypto/libcrypto.so ./lib/
-  cp ./build/ssl/libssl.so ./lib/
-  echo "BoringSSL lib dir: "`pwd`"/lib"
-  cmake --build build --target clean
-  rm -f build/CMakeCache.txt
-  cd ./build
-  CXX="g++" CC="gcc" cmake .. -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=on
-  cd ..
-  cmake --build build
-  export LIBS=-lpthread
-fi
-
-if [ "$TRAVIS_OS_NAME" = linux -a "$QUICHE" ]; then
-  cd $HOME
-  git clone --depth=1 --recursive https://github.com/cloudflare/quiche.git
-  curl https://sh.rustup.rs -sSf | sh -s -- -y
-  source $HOME/.cargo/env
-  cd $HOME/quiche
-
-  #### Work-around https://github.com/curl/curl/issues/7927 #######
-  #### See https://github.com/alexcrichton/cmake-rs/issues/131 ####
-  sed -i -e 's/cmake = "0.1"/cmake = "=0.1.45"/' quiche/Cargo.toml
-
-  cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog
-  mkdir -v quiche/deps/boringssl/src/lib
-  ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/
-fi
diff --git a/scripts/zuul/script.sh b/scripts/zuul/script.sh
deleted file mode 100755
index 38faf16d6..000000000
--- a/scripts/zuul/script.sh
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/bin/bash
-#***************************************************************************
-#                                  _   _ ____  _
-#  Project                     ___| | | |  _ \| |
-#                             / __| | | | |_) | |
-#                            | (__| |_| |  _ <| |___
-#                             \___|\___/|_| \_\_____|
-#
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-#
-# This software is licensed as described in the file COPYING, which
-# you should have received as part of this distribution. The terms
-# are also available at https://curl.se/docs/copyright.html.
-#
-# You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# copies of the Software, and permit persons to whom the Software is
-# furnished to do so, under the terms of the COPYING file.
-#
-# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# KIND, either express or implied.
-#
-# SPDX-License-Identifier: curl
-#
-###########################################################################
-set -eo pipefail
-
-autoreconf -fi
-
-if [ "$T" = "coverage" ]; then
-  ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-code-coverage --enable-werror --with-libssh2
-  make
-  make TFLAGS=-n test-nonflaky
-  make "TFLAGS=-n -e" test-nonflaky
-  tests="1 200 300 500 700 800 900 1000 1100 1200 1302 1400 1502 3000"
-  make "TFLAGS=-n -t $tests" test-nonflaky
-  coveralls --gcov /usr/bin/gcov-8 --gcov-options '\-lp' -i src -e lib -e tests -e docs -b $PWD/src
-  coveralls --gcov /usr/bin/gcov-8 --gcov-options '\-lp' -e src -i lib -e tests -e docs -b $PWD/lib
-fi
-
-if [ "$T" = "torture" ]; then
-  ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-code-coverage --enable-werror --with-libssh2 --with-openssl
-  make
-  tests="!TLS-SRP !FTP"
-  make "TFLAGS=-n --shallow=20 -t $tests" test-nonflaky
-fi
-
-if [ "$T" = "debug" ]; then
-  ./configure --enable-debug --enable-werror $C
-  make
-  make examples
-  if [ -z $NOTESTS ]; then
-    make test-nonflaky
-  fi
-fi
-
-if [ "$T" = "debug-bearssl" ]; then
-  ./configure --enable-debug --enable-werror $C
-  make
-  make "TFLAGS=-n !313" test-nonflaky
-fi
-
-if [ "$T" = "novalgrind" ]; then
-  ./configure --enable-werror $C
-  make
-  make examples
-  make TFLAGS=-n test-nonflaky
-fi
-
-if [ "$T" = "normal" ]; then
-  if [ $TRAVIS_OS_NAME = linux ]; then
-    # Remove system curl to make sure we don't rely on it.
-    # Only done on Linux since we're not permitted to on mac.
-    sudo rm -f /usr/bin/curl
-  fi
-  ./configure --enable-warnings --enable-werror $C
-  make
-  make examples
-  if [ -z $NOTESTS ]; then
-    make test-nonflaky
-  fi
-  if [ -n "$CHECKSRC" ]; then
-    make checksrc
-  fi
-fi
-
-if [ "$T" = "cmake" ]; then
-  mkdir -p build
-  cd ./build
-  cmake .. -DCURL_WERROR=ON $C
-  cd ..
-  cmake --build build
-  env TFLAGS="!1139 $TFLAGS" cmake --build build --target test-nonflaky
-fi
diff --git a/src/.gitignore b/src/.gitignore
index 566216261..124b47475 100644
--- a/src/.gitignore
+++ b/src/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index bf8ce7a1b..91825ec9a 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -80,8 +80,6 @@ endif()
 
 if(ENABLE_UNICODE AND MINGW)
   target_link_libraries(${EXE_NAME} -municode)
-  # GCC doesn't know about wmain
-  set_source_files_properties(tool_main.c PROPERTIES COMPILE_FLAGS "-Wno-missing-prototypes -Wno-missing-declarations")
 endif()
 
 source_group("curlX source files" FILES ${CURLX_CFILES})
diff --git a/src/Makefile.am b/src/Makefile.am
index 0db01575c..f24cb6924 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/src/Makefile.inc b/src/Makefile.inc
index cc5304bc9..ec822c896 100644
--- a/src/Makefile.inc
+++ b/src/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -82,6 +82,7 @@ CURL_CFILES = \
   tool_paramhlp.c \
   tool_parsecfg.c \
   tool_progress.c \
+  tool_stderr.c \
   tool_strdup.c \
   tool_setopt.c \
   tool_sleep.c \
@@ -126,6 +127,7 @@ CURL_HFILES = \
   tool_setopt.h \
   tool_setup.h \
   tool_sleep.h \
+  tool_stderr.h \
   tool_strdup.h \
   tool_urlglob.h \
   tool_util.h \
diff --git a/src/Makefile.mk b/src/Makefile.mk
index f34d97d16..66882b353 100644
--- a/src/Makefile.mk
+++ b/src/Makefile.mk
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/src/curl.rc b/src/curl.rc
index b0e328798..11d528429 100644
--- a/src/curl.rc
+++ b/src/curl.rc
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/mkhelp.pl b/src/mkhelp.pl
index bf146d7c9..ba2e7c1d4 100755
--- a/src/mkhelp.pl
+++ b/src/mkhelp.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/src/slist_wc.c b/src/slist_wc.c
index 68021e61e..7f1e8f19b 100644
--- a/src/slist_wc.c
+++ b/src/slist_wc.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/slist_wc.h b/src/slist_wc.h
index e309fd5a3..dd7b8c10a 100644
--- a/src/slist_wc.h
+++ b/src/slist_wc.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_binmode.c b/src/tool_binmode.c
index 68c6c3671..e27ce9663 100644
--- a/src/tool_binmode.c
+++ b/src/tool_binmode.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_binmode.h b/src/tool_binmode.h
index 0b3d24b38..bee837b00 100644
--- a/src/tool_binmode.h
+++ b/src/tool_binmode.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_bname.c b/src/tool_bname.c
index e70f7d76f..4ba1a3b8e 100644
--- a/src/tool_bname.c
+++ b/src/tool_bname.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_bname.h b/src/tool_bname.h
index 0efd7f19c..d091c2231 100644
--- a/src/tool_bname.h
+++ b/src/tool_bname.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_dbg.c b/src/tool_cb_dbg.c
index c1dba85ab..6a51ec8fc 100644
--- a/src/tool_cb_dbg.c
+++ b/src/tool_cb_dbg.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -48,7 +48,7 @@ int tool_debug_cb(CURL *handle, curl_infotype type,
 {
   struct OperationConfig *operation = userdata;
   struct GlobalConfig *config = operation->global;
-  FILE *output = config->errors;
+  FILE *output = stderr;
   const char *text;
   struct timeval tv;
   char timebuf[20];
@@ -80,7 +80,7 @@ int tool_debug_cb(CURL *handle, curl_infotype type,
       config->trace_stream = stdout;
     else if(!strcmp("%", config->trace_dump))
       /* Ok, this is somewhat hackish but we do it undocumented for now */
-      config->trace_stream = config->errors;  /* aka stderr */
+      config->trace_stream = stderr;
     else {
       config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT);
       config->trace_fopened = TRUE;
diff --git a/src/tool_cb_dbg.h b/src/tool_cb_dbg.h
index bc69e5660..d78afb36e 100644
--- a/src/tool_cb_dbg.h
+++ b/src/tool_cb_dbg.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c
index 08ee38c3b..04817af6c 100644
--- a/src/tool_cb_hdr.c
+++ b/src/tool_cb_hdr.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_hdr.h b/src/tool_cb_hdr.h
index 01175bb6a..a855052d0 100644
--- a/src/tool_cb_hdr.h
+++ b/src/tool_cb_hdr.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c
index 3532c31bc..9c8ffb2b5 100644
--- a/src/tool_cb_prg.c
+++ b/src/tool_cb_prg.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -116,8 +116,8 @@ static void fly(struct ProgressData *bar, bool moved)
 
 #define MAX_BARLENGTH 256
 
-#if (SIZEOF_CURL_OFF_T == 4)
-#  define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF)
+#if (SIZEOF_CURL_OFF_T < 8)
+#error "too small curl_off_t"
 #else
    /* assume SIZEOF_CURL_OFF_T == 8 */
 #  define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
@@ -274,7 +274,7 @@ void progressbarinit(struct ProgressData *bar,
   else if(bar->width > MAX_BARLENGTH)
     bar->width = MAX_BARLENGTH;
 
-  bar->out = config->global->errors;
+  bar->out = stderr;
   bar->tick = 150;
   bar->barmove = 1;
 }
diff --git a/src/tool_cb_prg.h b/src/tool_cb_prg.h
index 7d8fbae8f..565ad565a 100644
--- a/src/tool_cb_prg.h
+++ b/src/tool_cb_prg.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_rea.c b/src/tool_cb_rea.c
index 2f1e2f487..21e242309 100644
--- a/src/tool_cb_rea.c
+++ b/src/tool_cb_rea.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_rea.h b/src/tool_cb_rea.h
index 81b5f871a..06899d3ef 100644
--- a/src/tool_cb_rea.h
+++ b/src/tool_cb_rea.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_see.c b/src/tool_cb_see.c
index d24d52651..93a84e9e4 100644
--- a/src/tool_cb_see.c
+++ b/src/tool_cb_see.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_see.h b/src/tool_cb_see.h
index 4af0b0ab4..14bbc4264 100644
--- a/src/tool_cb_see.h
+++ b/src/tool_cb_see.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c
index fa8c80418..9f1bca852 100644
--- a/src/tool_cb_wrt.c
+++ b/src/tool_cb_wrt.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cb_wrt.h b/src/tool_cb_wrt.h
index 0cbbceefe..55502f440 100644
--- a/src/tool_cb_wrt.h
+++ b/src/tool_cb_wrt.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index 470204573..ec5698ba2 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 0ed81ed6e..9a15659bc 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -298,14 +298,10 @@ struct OperationConfig {
 };
 
 struct GlobalConfig {
-  int showerror;                  /* -1 == unset, default => show errors
-                                      0 => -s is used to NOT show errors
-                                      1 => -S has been used to show errors */
-  bool mute;                      /* don't show messages, --silent given */
-  bool noprogress;                /* don't show progress bar --silent given */
+  bool showerror;                 /* show errors when silent */
+  bool silent;                    /* don't show messages, --silent given */
+  bool noprogress;                /* don't show progress bar */
   bool isatty;                    /* Updated internally if output is a tty */
-  FILE *errors;                   /* Error stream, defaults to stderr */
-  bool errors_fopened;            /* Whether error stream isn't stderr */
   char *trace_dump;               /* file to dump the network trace to */
   FILE *trace_stream;
   bool trace_fopened;
diff --git a/src/tool_dirhie.c b/src/tool_dirhie.c
index d80623e25..fb1b74950 100644
--- a/src/tool_dirhie.c
+++ b/src/tool_dirhie.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_dirhie.h b/src/tool_dirhie.h
index 954f3e248..de8311a60 100644
--- a/src/tool_dirhie.h
+++ b/src/tool_dirhie.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_doswin.c b/src/tool_doswin.c
index 812dac616..e9347d298 100644
--- a/src/tool_doswin.c
+++ b/src/tool_doswin.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_doswin.h b/src/tool_doswin.h
index ff9bad97e..669fdb6ed 100644
--- a/src/tool_doswin.h
+++ b/src/tool_doswin.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_easysrc.c b/src/tool_easysrc.c
index e653b3117..0239e398c 100644
--- a/src/tool_easysrc.c
+++ b/src/tool_easysrc.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_easysrc.h b/src/tool_easysrc.h
index ec2fdd23f..6f41bc3e7 100644
--- a/src/tool_easysrc.h
+++ b/src/tool_easysrc.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_filetime.c b/src/tool_filetime.c
index c095a49ee..937775cb8 100644
--- a/src/tool_filetime.c
+++ b/src/tool_filetime.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@ curl_off_t getfiletime(const char *filename, struct GlobalConfig *global)
 /* Windows stat() may attempt to adjust the unix GMT file time by a daylight
    saving time offset and since it's GMT that is bad behavior. When we have
    access to a 64-bit type we can bypass stat and get the times directly. */
-#if defined(WIN32) && (SIZEOF_CURL_OFF_T >= 8)
+#if defined(WIN32)
   HANDLE hfile;
   TCHAR *tchar_filename = curlx_convert_UTF8_to_tchar((char *)filename);
 
@@ -85,8 +85,7 @@ curl_off_t getfiletime(const char *filename, struct GlobalConfig *global)
   return result;
 }
 
-#if defined(HAVE_UTIME) || defined(HAVE_UTIMES) ||      \
-  (defined(WIN32) && (SIZEOF_CURL_OFF_T >= 8))
+#if defined(HAVE_UTIME) || defined(HAVE_UTIMES) || defined(WIN32)
 void setfiletime(curl_off_t filetime, const char *filename,
                  struct GlobalConfig *global)
 {
@@ -94,7 +93,7 @@ void setfiletime(curl_off_t filetime, const char *filename,
 /* Windows utime() may attempt to adjust the unix GMT file time by a daylight
    saving time offset and since it's GMT that is bad behavior. When we have
    access to a 64-bit type we can bypass utime and set the times directly. */
-#if defined(WIN32) && (SIZEOF_CURL_OFF_T >= 8)
+#if defined(WIN32)
     HANDLE hfile;
     TCHAR *tchar_filename = curlx_convert_UTF8_to_tchar((char *)filename);
 
@@ -151,5 +150,5 @@ void setfiletime(curl_off_t filetime, const char *filename,
 #endif
   }
 }
-#endif /* defined(HAVE_UTIME) || defined(HAVE_UTIMES) || \
-          (defined(WIN32) && (SIZEOF_CURL_OFF_T >= 8)) */
+#endif /* defined(HAVE_UTIME) || defined(HAVE_UTIMES) ||        \
+          defined(WIN32) */
diff --git a/src/tool_filetime.h b/src/tool_filetime.h
index 3d88d8913..923ec0640 100644
--- a/src/tool_filetime.h
+++ b/src/tool_filetime.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_findfile.c b/src/tool_findfile.c
index 51a45ff3a..27d853a3f 100644
--- a/src/tool_findfile.c
+++ b/src/tool_findfile.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_findfile.h b/src/tool_findfile.h
index 5bae579e1..faafd71cb 100644
--- a/src/tool_findfile.h
+++ b/src/tool_findfile.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_formparse.c b/src/tool_formparse.c
index 5dc24fe7e..e75f5e659 100644
--- a/src/tool_formparse.c
+++ b/src/tool_formparse.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -417,8 +417,7 @@ static int read_field_headers(struct OperationConfig *config,
       if(hdrlen) {
         hdrbuf[hdrlen] = '\0';
         if(slist_append(pheaders, hdrbuf)) {
-          fprintf(config->global->errors,
-                  "Out of memory for field headers!\n");
+          fprintf(stderr, "Out of memory for field headers!\n");
           return -1;
         }
         hdrlen = 0;
@@ -428,8 +427,8 @@ static int read_field_headers(struct OperationConfig *config,
     switch(c) {
     case EOF:
       if(ferror(fp)) {
-        fprintf(config->global->errors,
-                "Header file %s read error: %s\n", filename, strerror(errno));
+        fprintf(stderr, "Header file %s read error: %s\n", filename,
+                strerror(errno));
         return -1;
       }
       return 0;    /* Done. */
@@ -585,7 +584,7 @@ static int get_param_part(struct OperationConfig *config, char endchar,
         sep = *p;
         *endpos = '\0';
         if(slist_append(&headers, hdr)) {
-          fprintf(config->global->errors, "Out of memory for field header!\n");
+          fprintf(stderr, "Out of memory for field header!\n");
           curl_slist_free_all(headers);
           return -1;
         }
diff --git a/src/tool_formparse.h b/src/tool_formparse.h
index 8c0461c69..35d5c952d 100644
--- a/src/tool_formparse.h
+++ b/src/tool_formparse.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 0beb94572..6d6cac3db 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -42,6 +42,7 @@
 #include "tool_parsecfg.h"
 #include "tool_main.h"
 #include "dynbuf.h"
+#include "tool_stderr.h"
 
 #include "memdebug.h" /* keep this as LAST include */
 
@@ -208,6 +209,7 @@ static const struct LongShort aliases[]= {
   {"02",  "http2",                   ARG_NONE},
   {"03",  "http2-prior-knowledge",   ARG_NONE},
   {"04",  "http3",                   ARG_NONE},
+  {"05",  "http3-only",              ARG_NONE},
   {"09",  "http0.9",                 ARG_BOOL},
   {"1",  "tlsv1",                    ARG_NONE},
   {"10",  "tlsv1.0",                 ARG_NONE},
@@ -293,7 +295,7 @@ static const struct LongShort aliases[]= {
   {"F",  "form",                     ARG_STRING},
   {"Fs", "form-string",              ARG_STRING},
   {"g",  "globoff",                  ARG_BOOL},
-  {"G",  "get",                      ARG_NONE},
+  {"G",  "get",                      ARG_BOOL},
   {"Ga", "request-target",           ARG_STRING},
   {"h",  "help",                     ARG_BOOL},
   {"H",  "header",                   ARG_STRING},
@@ -657,9 +659,20 @@ static ParameterError data_urlencode(struct GlobalConfig *global,
   return PARAM_OK;
 }
 
+static void sethttpver(struct GlobalConfig *global,
+                       struct OperationConfig *config,
+                       long httpversion)
+{
+  if(config->httpversion &&
+     (config->httpversion != httpversion))
+    warnf(global, "Overrides previous HTTP version option\n");
+
+  config->httpversion = httpversion;
+}
 
 ParameterError getparameter(const char *flag, /* f or -long-flag */
                             char *nextarg,    /* NULL if unset */
+                            argv_item_t cleararg,
                             bool *usedarg,    /* set to TRUE if the arg
                                                  has been used */
                             struct GlobalConfig *global,
@@ -677,10 +690,6 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
   ParameterError err;
   bool toggle = TRUE; /* how to switch boolean options, on or off. Controlled
                          by using --OPTION or --no-OPTION */
-#ifdef HAVE_WRITABLE_ARGV
-  argv_item_t clearthis = NULL;
-#endif
-
   static const char *redir_protos[] = {
     "http",
     "https",
@@ -688,6 +697,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
     "ftps",
     NULL
   };
+#ifdef HAVE_WRITABLE_ARGV
+  argv_item_t clearthis = NULL;
+#else
+  (void)cleararg;
+#endif
 
   *usedarg = FALSE; /* default is that we don't use the arg */
 
@@ -764,15 +778,16 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       /* this option requires an extra parameter */
       if(!longopt && parse[1]) {
         nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
-#ifdef HAVE_WRITABLE_ARGV
-        clearthis = nextarg;
-#endif
         singleopt = TRUE;   /* don't loop anymore after this */
       }
       else if(!nextarg)
         return PARAM_REQUIRES_PARAMETER;
-      else
+      else {
+#ifdef HAVE_WRITABLE_ARGV
+        clearthis = cleararg;
+#endif
         *usedarg = TRUE; /* mark it as used */
+      }
 
       if((aliases[hit].desc == ARG_FILENAME) &&
          (nextarg[0] == '-') && nextarg[1]) {
@@ -1022,19 +1037,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
         break;
 
       case 'v': /* --stderr */
-        if(strcmp(nextarg, "-")) {
-          FILE *newfile = fopen(nextarg, FOPEN_WRITETEXT);
-          if(!newfile)
-            warnf(global, "Failed to open %s!\n", nextarg);
-          else {
-            if(global->errors_fopened)
-              fclose(global->errors);
-            global->errors = newfile;
-            global->errors_fopened = TRUE;
-          }
-        }
-        else
-          global->errors = stdout;
+        tool_set_stderr_file(nextarg);
         break;
       case 'w': /* --interface */
         /* interface */
@@ -1416,25 +1419,31 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       switch(subletter) {
       case '\0':
         /* HTTP version 1.0 */
-        config->httpversion = CURL_HTTP_VERSION_1_0;
+        sethttpver(global, config, CURL_HTTP_VERSION_1_0);
         break;
       case '1':
         /* HTTP version 1.1 */
-        config->httpversion = CURL_HTTP_VERSION_1_1;
+        sethttpver(global, config, CURL_HTTP_VERSION_1_1);
         break;
       case '2':
         /* HTTP version 2.0 */
-        config->httpversion = CURL_HTTP_VERSION_2_0;
+        sethttpver(global, config, CURL_HTTP_VERSION_2_0);
         break;
       case '3': /* --http2-prior-knowledge */
         /* HTTP version 2.0 over clean TCP */
-        config->httpversion = CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE;
+        sethttpver(global, config, CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE);
         break;
       case '4': /* --http3 */
-        /* HTTP version 3 go over QUIC - at once */
+        /* Try HTTP/3, allow fallback */
+        if(!feature_http3)
+          return PARAM_LIBCURL_DOESNT_SUPPORT;
+        sethttpver(global, config, CURL_HTTP_VERSION_3);
+        break;
+      case '5': /* --http3-only */
+        /* Try HTTP/3 without fallback */
         if(!feature_http3)
           return PARAM_LIBCURL_DOESNT_SUPPORT;
-        config->httpversion = CURL_HTTP_VERSION_3;
+        sethttpver(global, config, CURL_HTTP_VERSION_3ONLY);
         break;
       case '9':
         /* Allow HTTP/0.9 responses! */
@@ -2145,9 +2154,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       if(config->url_out)
         /* existing node */
         url = config->url_out;
-      else
+      else {
+        if(!toggle && !config->default_node_flags)
+          break;
         /* there was no free node, create one! */
         config->url_out = url = new_getout(config);
+      }
 
       if(!url)
         return PARAM_NO_MEM;
@@ -2248,21 +2260,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       /* use remote file's time */
       config->remote_time = toggle;
       break;
-    case 's':
-      /* don't show progress meter, don't show errors : */
-      if(toggle)
-        global->mute = global->noprogress = TRUE;
-      else
-        global->mute = global->noprogress = FALSE;
-      if(global->showerror < 0)
-        /* if still on the default value, set showerror to the reverse of
-           toggle. This is to allow -S and -s to be used in an independent
-           order but still have the same effect. */
-        global->showerror = (!toggle)?TRUE:FALSE; /* toggle off */
+    case 's': /* --silent */
+      global->silent = toggle;
       break;
-    case 'S':
-      /* show errors */
-      global->showerror = toggle?1:0; /* toggle on if used with -s */
+    case 'S': /* --show-error */
+      global->showerror = toggle;
       break;
     case 't':
       /* Telnet options */
@@ -2494,7 +2496,7 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
           }
         }
 
-        result = getparameter(orig_opt, nextarg, &passarg,
+        result = getparameter(orig_opt, nextarg, argv[i + 1], &passarg,
                               global, config);
 
         curlx_unicodefree(nextarg);
@@ -2524,6 +2526,10 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
             else
               result = PARAM_NO_MEM;
           }
+          else {
+            errorf(global, "missing URL before --next\n");
+            result = PARAM_BAD_USE;
+          }
         }
         else if(!result && passarg)
           i++; /* we're supposed to skip this */
@@ -2533,7 +2539,7 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
       bool used;
 
       /* Just add the URL please */
-      result = getparameter("--url", orig_opt, &used, global, config);
+      result = getparameter("--url", orig_opt, argv[i], &used, global, config);
     }
 
     if(!result)
@@ -2554,9 +2560,9 @@ ParameterError parse_args(struct GlobalConfig *global, int argc,
     const char *reason = param2text(result);
 
     if(orig_opt && strcmp(":", orig_opt))
-      helpf(global->errors, "option %s: %s\n", orig_opt, reason);
+      helpf(stderr, "option %s: %s\n", orig_opt, reason);
     else
-      helpf(global->errors, "%s\n", reason);
+      helpf(stderr, "%s\n", reason);
   }
 
   curlx_unicodefree(orig_opt);
diff --git a/src/tool_getparam.h b/src/tool_getparam.h
index 3eb177391..827a04e81 100644
--- a/src/tool_getparam.h
+++ b/src/tool_getparam.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -55,6 +55,7 @@ struct GlobalConfig;
 struct OperationConfig;
 
 ParameterError getparameter(const char *flag, char *nextarg,
+                            argv_item_t cleararg,
                             bool *usedarg,
                             struct GlobalConfig *global,
                             struct OperationConfig *operation);
diff --git a/src/tool_getpass.c b/src/tool_getpass.c
index 3778e1f00..a4fb35108 100644
--- a/src/tool_getpass.c
+++ b/src/tool_getpass.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_getpass.h b/src/tool_getpass.h
index 01dc46401..b93585d94 100644
--- a/src/tool_getpass.h
+++ b/src/tool_getpass.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_help.c b/src/tool_help.c
index ae51f635e..729b78c36 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -151,10 +151,21 @@ void tool_help(char *category)
   free(category);
 }
 
+static bool is_debug(void)
+{
+  const char *const *builtin;
+  for(builtin = feature_names; *builtin; ++builtin)
+    if(curl_strequal("debug", *builtin))
+      return TRUE;
+  return FALSE;
+}
 
 void tool_version_info(void)
 {
   const char *const *builtin;
+  if(is_debug())
+    fprintf(stderr, "WARNING: this libcurl is Debug-enabled, "
+            "do not use in production\n\n");
 
   printf(CURL_ID "%s\n", curl_version());
 #ifdef CURL_PATCHSTAMP
diff --git a/src/tool_help.h b/src/tool_help.h
index 6fe244e2c..fe497ed34 100644
--- a/src/tool_help.h
+++ b/src/tool_help.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_helpers.c b/src/tool_helpers.c
index 3b2fe9d15..52d312d1a 100644
--- a/src/tool_helpers.c
+++ b/src/tool_helpers.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_helpers.h b/src/tool_helpers.h
index cdc84106c..2cfbad21a 100644
--- a/src/tool_helpers.h
+++ b/src/tool_helpers.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_hugehelp.c.cvs b/src/tool_hugehelp.c.cvs
index f9fabab0e..06b132fbc 100644
--- a/src/tool_hugehelp.c.cvs
+++ b/src/tool_hugehelp.c.cvs
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_hugehelp.h b/src/tool_hugehelp.h
index d5880ac25..ce9af0c54 100644
--- a/src/tool_hugehelp.h
+++ b/src/tool_hugehelp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_libinfo.c b/src/tool_libinfo.c
index ba6c5c530..fc23adc28 100644
--- a/src/tool_libinfo.c
+++ b/src/tool_libinfo.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_libinfo.h b/src/tool_libinfo.h
index 940ed71cb..f9c240707 100644
--- a/src/tool_libinfo.h
+++ b/src/tool_libinfo.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c
index a0100e8cf..7611cf6a0 100644
--- a/src/tool_listhelp.c
+++ b/src/tool_listhelp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -282,6 +282,9 @@ const struct helptxt helptext[] = {
   {"    --http3",
    "Use HTTP v3",
    CURLHELP_HTTP},
+  {"    --http3-only",
+   "Use HTTP v3 only",
+   CURLHELP_HTTP},
   {"    --ignore-content-length",
    "Ignore the size of the remote resource",
    CURLHELP_HTTP | CURLHELP_FTP},
diff --git a/src/tool_main.c b/src/tool_main.c
index 4183fd851..2b7743a7e 100644
--- a/src/tool_main.c
+++ b/src/tool_main.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -53,6 +53,7 @@
 #include "tool_vms.h"
 #include "tool_main.h"
 #include "tool_libinfo.h"
+#include "tool_stderr.h"
 
 /*
  * This is low-level hard-hacking memory leak tracking and similar. Using
@@ -155,8 +156,7 @@ static CURLcode main_init(struct GlobalConfig *config)
 #endif
 
   /* Initialise the global config */
-  config->showerror = -1;             /* Will show errors */
-  config->errors = stderr;            /* Default errors to stderr */
+  config->showerror = FALSE;          /* show errors when silent */
   config->styled_output = TRUE;       /* enable detection */
   config->parallel_max = PARALLEL_DEFAULT;
 
@@ -196,10 +196,6 @@ static void free_globalconfig(struct GlobalConfig *config)
 {
   Curl_safefree(config->trace_dump);
 
-  if(config->errors_fopened && config->errors)
-    fclose(config->errors);
-  config->errors = NULL;
-
   if(config->trace_fopened && config->trace_stream)
     fclose(config->trace_stream);
   config->trace_stream = NULL;
@@ -236,6 +232,11 @@ static void main_free(struct GlobalConfig *config)
 ** curl tool main function.
 */
 #ifdef _UNICODE
+#if defined(__GNUC__)
+/* GCC doesn't know about wmain() */
+#pragma GCC diagnostic ignored "-Wmissing-prototypes"
+#pragma GCC diagnostic ignored "-Wmissing-declarations"
+#endif
 int wmain(int argc, wchar_t *argv[])
 #else
 int main(int argc, char *argv[])
@@ -245,6 +246,8 @@ int main(int argc, char *argv[])
   struct GlobalConfig global;
   memset(&global, 0, sizeof(global));
 
+  tool_init_stderr();
+
 #ifdef WIN32
   /* Undocumented diagnostic option to list the full paths of all loaded
      modules. This is purposely pre-init. */
diff --git a/src/tool_main.h b/src/tool_main.h
index a1fd1070e..cae520efb 100644
--- a/src/tool_main.h
+++ b/src/tool_main.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_msgs.c b/src/tool_msgs.c
index a880a667e..4f082d5c1 100644
--- a/src/tool_msgs.c
+++ b/src/tool_msgs.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -42,7 +42,7 @@ static void voutf(struct GlobalConfig *config,
                   va_list ap)
 {
   size_t width = (79 - strlen(prefix));
-  if(!config->mute) {
+  if(!config->silent) {
     size_t len;
     char *ptr;
     char *print_buffer;
@@ -54,7 +54,7 @@ static void voutf(struct GlobalConfig *config,
 
     ptr = print_buffer;
     while(len > 0) {
-      fputs(prefix, config->errors);
+      fputs(prefix, stderr);
 
       if(len > width) {
         size_t cut = width-1;
@@ -67,13 +67,13 @@ static void voutf(struct GlobalConfig *config,
              max text width then! */
           cut = width-1;
 
-        (void)fwrite(ptr, cut + 1, 1, config->errors);
-        fputs("\n", config->errors);
+        (void)fwrite(ptr, cut + 1, 1, stderr);
+        fputs("\n", stderr);
         ptr += cut + 1; /* skip the space too */
         len -= cut + 1;
       }
       else {
-        fputs(ptr, config->errors);
+        fputs(ptr, stderr);
         len = 0;
       }
     }
@@ -132,7 +132,7 @@ void helpf(FILE *errors, const char *fmt, ...)
  */
 void errorf(struct GlobalConfig *config, const char *fmt, ...)
 {
-  if(!config->mute) {
+  if(!config->silent) {
     va_list ap;
     va_start(ap, fmt);
     voutf(config, ERROR_PREFIX, fmt, ap);
diff --git a/src/tool_msgs.h b/src/tool_msgs.h
index e35884e9d..19397f7f6 100644
--- a/src/tool_msgs.h
+++ b/src/tool_msgs.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 79db063a5..712d966db 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -306,7 +306,7 @@ static CURLcode pre_transfer(struct GlobalConfig *global,
     if((per->infd == -1) || fstat(per->infd, &fileinfo))
 #endif
     {
-      helpf(global->errors, "Can't open '%s'!\n", per->uploadfile);
+      helpf(stderr, "Can't open '%s'!\n", per->uploadfile);
       if(per->infd != -1) {
         close(per->infd);
         per->infd = STDIN_FILENO;
@@ -323,6 +323,7 @@ static CURLcode pre_transfer(struct GlobalConfig *global,
       struct OperationConfig *config = per->config; /* for the macro below */
 #ifdef CURL_DISABLE_LIBCURL_OPTION
       (void)config;
+      (void)global;
 #endif
       my_setopt(per->curl, CURLOPT_INFILESIZE_LARGE, uploadfilesize);
     }
@@ -396,25 +397,26 @@ static CURLcode post_per_transfer(struct GlobalConfig *global,
 #ifdef __VMS
   if(is_vms_shell()) {
     /* VMS DCL shell behavior */
-    if(!global->showerror)
+    if(global->silent && !global->showerror)
       vms_show = VMSSTS_HIDE;
   }
   else
 #endif
-    if(!config->synthetic_error && result && global->showerror) {
+    if(!config->synthetic_error && result &&
+       (!global->silent || global->showerror)) {
       const char *msg = per->errorbuffer;
-      fprintf(global->errors, "curl: (%d) %s\n", result,
+      fprintf(stderr, "curl: (%d) %s\n", result,
               (msg && msg[0]) ? msg : curl_easy_strerror(result));
       if(result == CURLE_PEER_FAILED_VERIFICATION)
-        fputs(CURL_CA_CERT_ERRORMSG, global->errors);
+        fputs(CURL_CA_CERT_ERRORMSG, stderr);
     }
     else if(config->failwithbody) {
       /* if HTTP response >= 400, return error */
       long code = 0;
       curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &code);
       if(code >= 400) {
-        if(global->showerror)
-          fprintf(global->errors,
+        if(!global->silent || global->showerror)
+          fprintf(stderr,
                   "curl: (%d) The requested URL returned error: %ld\n",
                   CURLE_HTTP_RETURNED_ERROR, code);
         result = CURLE_HTTP_RETURNED_ERROR;
@@ -446,8 +448,8 @@ static CURLcode post_per_transfer(struct GlobalConfig *global,
     if(!result && rc) {
       /* something went wrong in the writing process */
       result = CURLE_WRITE_ERROR;
-      if(global->showerror)
-        fprintf(global->errors, "curl: (%d) Failed writing body\n", result);
+      if(!global->silent || global->showerror)
+        fprintf(stderr, "curl: (%d) Failed writing body\n", result);
     }
   }
 
@@ -587,9 +589,8 @@ static CURLcode post_per_transfer(struct GlobalConfig *global,
         int rc;
         /* We have written data to an output file, we truncate file
          */
-        if(!global->mute)
-          fprintf(global->errors, "Throwing away %"
-                  CURL_FORMAT_CURL_OFF_T " bytes\n",
+        if(!global->silent)
+          fprintf(stderr, "Throwing away %"  CURL_FORMAT_CURL_OFF_T " bytes\n",
                   outs->bytes);
         fflush(outs->stream);
         /* truncate file at the position where we started appending */
@@ -597,9 +598,8 @@ static CURLcode post_per_transfer(struct GlobalConfig *global,
         if(ftruncate(fileno(outs->stream), outs->init)) {
           /* when truncate fails, we can't just append as then we'll
              create something strange, bail out */
-          if(global->showerror)
-            fprintf(global->errors,
-                    "curl: (23) Failed to truncate file\n");
+          if(!global->silent || global->showerror)
+            fprintf(stderr, "curl: (23) Failed to truncate file\n");
           return CURLE_WRITE_ERROR;
         }
         /* now seek to the end of the file, the position where we
@@ -613,9 +613,8 @@ static CURLcode post_per_transfer(struct GlobalConfig *global,
         rc = fseek(outs->stream, (long)outs->init, SEEK_SET);
 #endif
         if(rc) {
-          if(global->showerror)
-            fprintf(global->errors,
-                    "curl: (23) Failed seeking to end of file\n");
+          if(!global->silent || global->showerror)
+            fprintf(stderr, "curl: (23) Failed seeking to end of file\n");
           return CURLE_WRITE_ERROR;
         }
         outs->bytes = 0; /* clear for next round */
@@ -639,8 +638,8 @@ static CURLcode post_per_transfer(struct GlobalConfig *global,
     if(!result && rc) {
       /* something went wrong in the writing process */
       result = CURLE_WRITE_ERROR;
-      if(global->showerror)
-        fprintf(global->errors, "curl: (%d) Failed writing body\n", result);
+      if(!global->silent || global->showerror)
+        fprintf(stderr, "curl: (%d) Failed writing body\n", result);
     }
     if(result && config->rm_partial) {
       notef(global, "Removing output file: %s\n", outs->filename);
@@ -660,7 +659,7 @@ static CURLcode post_per_transfer(struct GlobalConfig *global,
 
   /* Write the --write-out data before cleanup but after result is final */
   if(config->writeout)
-    ourWriteOut(config->writeout, per, result);
+    ourWriteOut(config, per, result);
 
   /* Close function-local opened file descriptors */
   if(per->heads.fopened && per->heads.stream)
@@ -799,7 +798,8 @@ static CURLcode single_transfer(struct GlobalConfig *global,
     if(!config->globoff && infiles && !inglob) {
       /* Unless explicitly shut off */
       result = glob_url(&inglob, infiles, &state->infilenum,
-                        global->showerror?global->errors:NULL);
+                        (!global->silent || global->showerror)?
+                        stderr:NULL);
       if(result)
         break;
       config->state.inglob = inglob;
@@ -834,7 +834,8 @@ static CURLcode single_transfer(struct GlobalConfig *global,
           /* Unless explicitly shut off, we expand '{...}' and '[...]'
              expressions and return total number of URLs in pattern set */
           result = glob_url(&state->urls, urlnode->url, &state->urlnum,
-                            global->showerror?global->errors:NULL);
+                            (!global->silent || global->showerror)?
+                            stderr:NULL);
           if(result)
             break;
           urlnum = state->urlnum;
@@ -971,21 +972,23 @@ static CURLcode single_transfer(struct GlobalConfig *global,
             FILE *newfile;
 
             /*
-             * this checks if the previous transfer had the same
-             * OperationConfig, which would mean, that the an output file has
-             * already been created and data can be appened to it, instead
-             * of overwriting it.
+             * Since every transfer has its own file handle for dumping
+             * the headers, we need to open it in append mode, since transfers
+             * might finish in any order.
+             * The first transfer just clears the file.
              * TODO: Consider placing the file handle inside the
              * OperationConfig, so that it does not need to be opened/closed
              * for every transfer.
              */
-            if(per->prev && per->prev->config == config)
-              newfile = fopen(config->headerfile, "ab+");
-            else
-              newfile = fopen(config->headerfile, "wb+");
+            if(!per->prev || per->prev->config != config) {
+              newfile = fopen(config->headerfile, "wb");
+              if(newfile)
+                fclose(newfile);
+            }
+            newfile = fopen(config->headerfile, "ab");
 
             if(!newfile) {
-              warnf(global, "Failed to open %s\n", config->headerfile);
+              errorf(global, "Failed to open %s\n", config->headerfile);
               result = CURLE_WRITE_ERROR;
               break;
             }
@@ -1091,7 +1094,7 @@ static CURLcode single_transfer(struct GlobalConfig *global,
              file output call */
 
           if(config->create_dirs) {
-            result = create_dir_hierarchy(per->outfile, global->errors);
+            result = create_dir_hierarchy(per->outfile, stderr);
             /* create_dir_hierarchy shows error upon CURLE_WRITE_ERROR */
             if(result)
               break;
@@ -1207,22 +1210,27 @@ static CURLcode single_transfer(struct GlobalConfig *global,
           char *q = httpgetfields ? httpgetfields : config->query;
           CURLU *uh = curl_url();
           if(uh) {
-            char *updated;
-            if(curl_url_set(uh, CURLUPART_URL, per->this_url,
-                            CURLU_GUESS_SCHEME)) {
-              result = CURLE_FAILED_INIT;
+            CURLUcode uerr;
+            uerr = curl_url_set(uh, CURLUPART_URL, per->this_url,
+                            CURLU_GUESS_SCHEME);
+            if(uerr) {
+              result = urlerr_cvt(uerr);
               errorf(global, "(%d) Could not parse the URL, "
                      "failed to set query\n", result);
               config->synthetic_error = TRUE;
             }
-            else if(curl_url_set(uh, CURLUPART_QUERY, q, CURLU_APPENDQUERY) ||
-                    curl_url_get(uh, CURLUPART_URL, &updated,
-                                 CURLU_GUESS_SCHEME)) {
-              result = CURLE_OUT_OF_MEMORY;
-            }
             else {
-              Curl_safefree(per->this_url); /* free previous URL */
-              per->this_url = updated; /* use our new URL instead! */
+              char *updated = NULL;
+              uerr = curl_url_set(uh, CURLUPART_QUERY, q, CURLU_APPENDQUERY);
+              if(!uerr)
+                uerr = curl_url_get(uh, CURLUPART_URL, &updated,
+                                   CURLU_GUESS_SCHEME);
+              if(uerr)
+                result = urlerr_cvt(uerr);
+              else {
+                Curl_safefree(per->this_url); /* free previous URL */
+                per->this_url = updated; /* use our new URL instead! */
+              }
             }
             curl_url_cleanup(uh);
             if(result)
@@ -1230,9 +1238,6 @@ static CURLcode single_transfer(struct GlobalConfig *global,
           }
         }
 
-        if(!global->errors)
-          global->errors = stderr;
-
         if((!per->outfile || !strcmp(per->outfile, "-")) &&
            !config->use_ascii) {
           /* We get the output to stdout and we have not got the ASCII/text
@@ -1292,15 +1297,27 @@ static CURLcode single_transfer(struct GlobalConfig *global,
         my_setopt(curl, CURLOPT_SEEKDATA, input);
         my_setopt(curl, CURLOPT_SEEKFUNCTION, tool_seek_cb);
 
-        if(config->recvpersecond &&
-           (config->recvpersecond < BUFFER_SIZE))
-          /* use a smaller sized buffer for better sleeps */
-          my_setopt(curl, CURLOPT_BUFFERSIZE, (long)config->recvpersecond);
-        else
-          my_setopt(curl, CURLOPT_BUFFERSIZE, (long)BUFFER_SIZE);
+        {
+#ifdef CURLDEBUG
+          char *env = getenv("CURL_BUFFERSIZE");
+          if(env) {
+            long size = strtol(env, NULL, 10);
+            if(size)
+              my_setopt(curl, CURLOPT_BUFFERSIZE, size);
+          }
+          else
+#endif
+          if(config->recvpersecond &&
+             (config->recvpersecond < BUFFER_SIZE))
+            /* use a smaller sized buffer for better sleeps */
+            my_setopt(curl, CURLOPT_BUFFERSIZE, (long)config->recvpersecond);
+          else
+            my_setopt(curl, CURLOPT_BUFFERSIZE, (long)BUFFER_SIZE);
+        }
 
         my_setopt_str(curl, CURLOPT_URL, per->this_url);
-        my_setopt(curl, CURLOPT_NOPROGRESS, global->noprogress?1L:0L);
+        my_setopt(curl, CURLOPT_NOPROGRESS,
+                  global->noprogress || global->silent?1L:0L);
         if(config->no_body)
           my_setopt(curl, CURLOPT_NOBODY, 1L);
 
@@ -1553,6 +1570,9 @@ static CURLcode single_transfer(struct GlobalConfig *global,
         if(config->ssl_ec_curves)
           my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves);
 
+        if(config->writeout)
+          my_setopt_str(curl, CURLOPT_CERTINFO, 1L);
+
         if(feature_ssl) {
           /* Check if config->cert is a PKCS#11 URI and set the
            * config->cert_type if necessary */
@@ -1826,7 +1846,7 @@ static CURLcode single_transfer(struct GlobalConfig *global,
         my_setopt(curl, CURLOPT_TIMEVALUE_LARGE, config->condtime);
         my_setopt_str(curl, CURLOPT_CUSTOMREQUEST, config->customrequest);
         customrequest_helper(config, config->httpreq, config->customrequest);
-        my_setopt(curl, CURLOPT_STDERR, global->errors);
+        my_setopt(curl, CURLOPT_STDERR, stderr);
 
         /* three new ones in libcurl 7.3: */
         my_setopt_str(curl, CURLOPT_INTERFACE, config->iface);
@@ -1834,7 +1854,7 @@ static CURLcode single_transfer(struct GlobalConfig *global,
         progressbarinit(&per->progressbar, config);
 
         if((global->progressmode == CURL_PROGRESS_BAR) &&
-           !global->noprogress && !global->mute) {
+           !global->noprogress && !global->silent) {
           /* we want the alternative style, then we have to implement it
              ourselves! */
           my_setopt(curl, CURLOPT_XFERINFOFUNCTION, tool_progress_cb);
@@ -1939,8 +1959,7 @@ static CURLcode single_transfer(struct GlobalConfig *global,
 
         /* new in curl 7.19.4 */
         if(config->socks5_gssapi_nec)
-          my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC,
-                        config->socks5_gssapi_nec);
+          my_setopt_str(curl, CURLOPT_SOCKS5_GSSAPI_NEC, 1L);
 
         /* new in curl 7.55.0 */
         if(config->socks5_auth)
@@ -2418,6 +2437,7 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
     bool retry;
     long delay_ms;
     bool bailout = FALSE;
+    struct timeval start;
     result = pre_transfer(global, per);
     if(result)
       break;
@@ -2427,7 +2447,7 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
       if(result)
         break;
     }
-
+    start = tvnow();
 #ifdef CURLDEBUG
     if(global->test_event_based)
       result = curl_easy_perform_ev(per->curl);
@@ -2447,8 +2467,10 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
     else {
       /* setup the next one just before we delete this */
       result = create_transfer(global, share, &added);
-      if(result)
+      if(result) {
+        returncode = result;
         bailout = TRUE;
+      }
     }
 
     per = del_per_transfer(per);
@@ -2459,7 +2481,7 @@ static CURLcode serial_transfers(struct GlobalConfig *global,
     if(per && global->ms_per_transfer) {
       /* how long time did the most recent transfer take in number of
          milliseconds */
-      long milli = tvdiff(tvnow(), per->start);
+      long milli = tvdiff(tvnow(), start);
       if(milli < global->ms_per_transfer) {
         notef(global, "Transfer took %ld ms, waits %ldms as set by --rate\n",
               milli, global->ms_per_transfer - milli);
@@ -2490,7 +2512,7 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
 
   /* Check we have a url */
   if(!config->url_list || !config->url_list->url) {
-    helpf(global->errors, "no URL specified!\n");
+    helpf(stderr, "(%d) no URL specified!\n", CURLE_FAILED_INIT);
     return CURLE_FAILED_INIT;
   }
 
@@ -2548,7 +2570,7 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
           if(!config->capath) {
             curl_free(env);
             curl_easy_cleanup(curltls);
-            helpf(global->errors, "out of memory\n");
+            helpf(stderr, "out of memory\n");
             return CURLE_OUT_OF_MEMORY;
           }
           capath_from_env = true;
@@ -2666,7 +2688,7 @@ CURLcode operate(struct GlobalConfig *global, int argc, argv_item_t argv[])
 
     /* If we had no arguments then make sure a url was specified in .curlrc */
     if((argc < 2) && (!global->first->url_list)) {
-      helpf(global->errors, NULL);
+      helpf(stderr, NULL);
       result = CURLE_FAILED_INIT;
     }
   }
@@ -2722,6 +2744,7 @@ CURLcode operate(struct GlobalConfig *global, int argc, argv_item_t argv[])
         curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
         curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
         curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_PSL);
+        curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_HSTS);
 
         /* Get the required arguments for each operation */
         do {
diff --git a/src/tool_operate.h b/src/tool_operate.h
index 5c08b99ae..1d333e249 100644
--- a/src/tool_operate.h
+++ b/src/tool_operate.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -33,6 +33,7 @@ struct per_transfer {
   struct per_transfer *next;
   struct per_transfer *prev;
   struct OperationConfig *config; /* for this transfer */
+  struct curl_certinfo *certinfo;
   CURL *curl;
   long retry_numretries;
   long retry_sleep_default;
diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c
index eb58772fb..f11d65a94 100644
--- a/src/tool_operhlp.c
+++ b/src/tool_operhlp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -71,22 +71,43 @@ bool stdin_upload(const char *uploadfile)
           !strcmp(uploadfile, ".")) ? TRUE : FALSE;
 }
 
+/* Convert a CURLUcode into a CURLcode */
+CURLcode urlerr_cvt(CURLUcode ucode)
+{
+  if(ucode == CURLUE_OUT_OF_MEMORY)
+    return CURLE_OUT_OF_MEMORY;
+  else if(ucode == CURLUE_UNSUPPORTED_SCHEME)
+    return CURLE_UNSUPPORTED_PROTOCOL;
+  else if(ucode == CURLUE_LACKS_IDN)
+    return CURLE_NOT_BUILT_IN;
+  else if(ucode == CURLUE_BAD_HANDLE)
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+  return CURLE_URL_MALFORMAT;
+}
+
 /*
  * Adds the file name to the URL if it doesn't already have one.
  * url will be freed before return if the returned pointer is different
  */
 CURLcode add_file_name_to_url(CURL *curl, char **inurlp, const char *filename)
 {
-  CURLcode result = CURLE_OUT_OF_MEMORY;
+  CURLcode result = CURLE_URL_MALFORMAT;
+  CURLUcode uerr;
   CURLU *uh = curl_url();
   char *path = NULL;
   if(uh) {
     char *ptr;
-    if(curl_url_set(uh, CURLUPART_URL, *inurlp,
-                    CURLU_GUESS_SCHEME|CURLU_NON_SUPPORT_SCHEME))
+    uerr = curl_url_set(uh, CURLUPART_URL, *inurlp,
+                    CURLU_GUESS_SCHEME|CURLU_NON_SUPPORT_SCHEME);
+    if(uerr) {
+      result = urlerr_cvt(uerr);
       goto fail;
-    if(curl_url_get(uh, CURLUPART_PATH, &path, 0))
+    }
+    uerr = curl_url_get(uh, CURLUPART_PATH, &path, 0);
+    if(uerr) {
+      result = urlerr_cvt(uerr);
       goto fail;
+    }
 
     ptr = strrchr(path, '/');
     if(!ptr || !*++ptr) {
@@ -111,7 +132,6 @@ CURLcode add_file_name_to_url(CURL *curl, char **inurlp, const char *filename)
       if(encfile) {
         char *newpath;
         char *newurl;
-        CURLUcode uerr;
         if(ptr)
           /* there is a trailing slash on the path */
           newpath = aprintf("%s%s", path, encfile);
@@ -125,10 +145,15 @@ CURLcode add_file_name_to_url(CURL *curl, char **inurlp, const char *filename)
           goto fail;
         uerr = curl_url_set(uh, CURLUPART_PATH, newpath, 0);
         free(newpath);
-        if(uerr)
+        if(uerr) {
+          result = urlerr_cvt(uerr);
           goto fail;
-        if(curl_url_get(uh, CURLUPART_URL, &newurl, CURLU_DEFAULT_SCHEME))
+        }
+        uerr = curl_url_get(uh, CURLUPART_URL, &newurl, CURLU_DEFAULT_SCHEME);
+        if(uerr) {
+          result = urlerr_cvt(uerr);
           goto fail;
+        }
         free(*inurlp);
         *inurlp = newurl;
         result = CURLE_OK;
@@ -153,63 +178,70 @@ CURLcode get_url_file_name(char **filename, const char *url)
   const char *pc, *pc2;
   CURLU *uh = curl_url();
   char *path = NULL;
+  CURLUcode uerr;
 
   if(!uh)
     return CURLE_OUT_OF_MEMORY;
 
   *filename = NULL;
 
-  if(!curl_url_set(uh, CURLUPART_URL, url, CURLU_GUESS_SCHEME) &&
-     !curl_url_get(uh, CURLUPART_PATH, &path, 0)) {
-    curl_url_cleanup(uh);
+  uerr = curl_url_set(uh, CURLUPART_URL, url, CURLU_GUESS_SCHEME);
+  if(!uerr) {
+    uerr = curl_url_get(uh, CURLUPART_PATH, &path, 0);
+    if(!uerr) {
+      curl_url_cleanup(uh);
 
-    pc = strrchr(path, '/');
-    pc2 = strrchr(pc ? pc + 1 : path, '\\');
-    if(pc2)
-      pc = pc2;
+      pc = strrchr(path, '/');
+      pc2 = strrchr(pc ? pc + 1 : path, '\\');
+      if(pc2)
+        pc = pc2;
 
-    if(pc)
-      /* duplicate the string beyond the slash */
-      pc++;
-    else
-      /* no slash => empty string */
-      pc = "";
+      if(pc)
+        /* duplicate the string beyond the slash */
+        pc++;
+      else
+        /* no slash => empty string */
+        pc = "";
 
-    *filename = strdup(pc);
-    curl_free(path);
-    if(!*filename)
-      return CURLE_OUT_OF_MEMORY;
+      *filename = strdup(pc);
+      curl_free(path);
+      if(!*filename)
+        return CURLE_OUT_OF_MEMORY;
 
 #if defined(MSDOS) || defined(WIN32)
-    {
-      char *sanitized;
-      SANITIZEcode sc = sanitize_file_name(&sanitized, *filename, 0);
-      Curl_safefree(*filename);
-      if(sc)
-        return CURLE_URL_MALFORMAT;
-      *filename = sanitized;
-    }
+      {
+        char *sanitized;
+        SANITIZEcode sc = sanitize_file_name(&sanitized, *filename, 0);
+        Curl_safefree(*filename);
+        if(sc) {
+          if(sc == SANITIZE_ERR_OUT_OF_MEMORY)
+            return CURLE_OUT_OF_MEMORY;
+          return CURLE_URL_MALFORMAT;
+        }
+        *filename = sanitized;
+      }
 #endif /* MSDOS || WIN32 */
 
-    /* in case we built debug enabled, we allow an environment variable
-     * named CURL_TESTDIR to prefix the given file name to put it into a
-     * specific directory
-     */
+      /* in case we built debug enabled, we allow an environment variable
+       * named CURL_TESTDIR to prefix the given file name to put it into a
+       * specific directory
+       */
 #ifdef DEBUGBUILD
-    {
-      char *tdir = curlx_getenv("CURL_TESTDIR");
-      if(tdir) {
-        char *alt = aprintf("%s/%s", tdir, *filename);
-        Curl_safefree(*filename);
-        *filename = alt;
-        curl_free(tdir);
-        if(!*filename)
-          return CURLE_OUT_OF_MEMORY;
+      {
+        char *tdir = curlx_getenv("CURL_TESTDIR");
+        if(tdir) {
+          char *alt = aprintf("%s/%s", tdir, *filename);
+          Curl_safefree(*filename);
+          *filename = alt;
+          curl_free(tdir);
+          if(!*filename)
+            return CURLE_OUT_OF_MEMORY;
+        }
       }
-    }
 #endif
-    return CURLE_OK;
+      return CURLE_OK;
+    }
   }
   curl_url_cleanup(uh);
-  return CURLE_URL_MALFORMAT;
+  return urlerr_cvt(uerr);
 }
diff --git a/src/tool_operhlp.h b/src/tool_operhlp.h
index 8018d1a67..1d56fa040 100644
--- a/src/tool_operhlp.h
+++ b/src/tool_operhlp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,4 +37,6 @@ CURLcode add_file_name_to_url(CURL *curl, char **inurlp, const char *filename);
 
 CURLcode get_url_file_name(char **filename, const char *url);
 
+CURLcode urlerr_cvt(CURLUcode ucode);
+
 #endif /* HEADER_CURL_TOOL_OPERHLP_H */
diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index c4fd0a192..52f9fdefb 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_paramhlp.h b/src/tool_paramhlp.h
index 98cc8d09d..edb878195 100644
--- a/src/tool_paramhlp.h
+++ b/src/tool_paramhlp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index a166757f8..50d03f666 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -223,7 +223,7 @@ int parseconfig(const char *filename, struct GlobalConfig *global)
 #ifdef DEBUG_CONFIG
       fprintf(stderr, "PARAM: \"%s\"\n",(param ? param : "(null)"));
 #endif
-      res = getparameter(option, param, &usedarg, global, operation);
+      res = getparameter(option, param, NULL, &usedarg, global, operation);
       operation = global->last;
 
       if(!res && param && *param && !usedarg)
diff --git a/src/tool_parsecfg.h b/src/tool_parsecfg.h
index 90af61961..75f9127ee 100644
--- a/src/tool_parsecfg.h
+++ b/src/tool_parsecfg.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_progress.c b/src/tool_progress.c
index 266177b6e..782ad3b79 100644
--- a/src/tool_progress.c
+++ b/src/tool_progress.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -53,8 +53,6 @@ static char *max5data(curl_off_t bytes, char *max5)
               CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE,
               (bytes%ONE_MEGABYTE) / (ONE_MEGABYTE/CURL_OFF_T_C(10)) );
 
-#if (SIZEOF_CURL_OFF_T > 4)
-
   else if(bytes < CURL_OFF_T_C(10000) * ONE_MEGABYTE)
     /* 'XXXXM' is good until we're at 10000MB or above */
     msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
@@ -77,16 +75,8 @@ static char *max5data(curl_off_t bytes, char *max5)
     /* up to 10000PB, display without decimal: XXXXP */
     msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "P", bytes/ONE_PETABYTE);
 
-    /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number
-       can hold, but our data type is signed so 8192PB will be the maximum. */
-
-#else
-
-  else
-    msnprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
-
-#endif
-
+  /* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number can
+     hold, but our data type is signed so 8192PB will be the maximum. */
   return max5;
 }
 
@@ -173,7 +163,7 @@ bool progress_meter(struct GlobalConfig *global,
   struct timeval now;
   long diff;
 
-  if(global->noprogress)
+  if(global->noprogress || global->silent)
     return FALSE;
 
   now = tvnow();
@@ -183,7 +173,7 @@ bool progress_meter(struct GlobalConfig *global,
     header = TRUE;
     fputs("DL% UL%  Dled  Uled  Xfers  Live "
           "Total     Current  Left    Speed\n",
-          global->errors);
+          stderr);
   }
   if(final || (diff > 500)) {
     char time_left[10];
@@ -285,7 +275,7 @@ bool progress_meter(struct GlobalConfig *global,
     }
     time2str(time_spent, spent);
 
-    fprintf(global->errors,
+    fprintf(stderr,
             "\r"
             "%-3s " /* percent downloaded */
             "%-3s " /* percent uploaded */
diff --git a/src/tool_progress.h b/src/tool_progress.h
index 5f68474ff..4c869a0ac 100644
--- a/src/tool_progress.h
+++ b/src/tool_progress.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_sdecls.h b/src/tool_sdecls.h
index c468b640e..8223d6831 100644
--- a/src/tool_sdecls.h
+++ b/src/tool_sdecls.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index dae7704cd..3279e8595 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -91,6 +91,7 @@ const struct NameValue setopt_nv_CURL_HTTP_VERSION[] = {
   NV(CURL_HTTP_VERSION_2_0),
   NV(CURL_HTTP_VERSION_2TLS),
   NV(CURL_HTTP_VERSION_3),
+  NV(CURL_HTTP_VERSION_3ONLY),
   NVEND,
 };
 
diff --git a/src/tool_setopt.h b/src/tool_setopt.h
index bc5afe9bc..4396c0091 100644
--- a/src/tool_setopt.h
+++ b/src/tool_setopt.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_setup.h b/src/tool_setup.h
index 254319067..5d7b2305d 100644
--- a/src/tool_setup.h
+++ b/src/tool_setup.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,6 +37,15 @@
 
 #include "curl_setup.h" /* from the lib directory */
 
+extern FILE *tool_stderr;
+
+#if !defined(CURL_DO_NOT_OVERRIDE_STDERR) && !defined(UNITTESTS)
+#ifdef stderr
+#undef stderr
+#endif
+#define stderr tool_stderr
+#endif
+
 /*
  * curl tool certainly uses libcurl's external interface.
  */
diff --git a/src/tool_sleep.c b/src/tool_sleep.c
index c52425f9a..08d6f9028 100644
--- a/src/tool_sleep.c
+++ b/src/tool_sleep.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_sleep.h b/src/tool_sleep.h
index d84b467a4..de1d7e256 100644
--- a/src/tool_sleep.h
+++ b/src/tool_sleep.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_stderr.c b/src/tool_stderr.c
new file mode 100644
index 000000000..cd752508b
--- /dev/null
+++ b/src/tool_stderr.c
@@ -0,0 +1,72 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+/* In this file, stdio.h's stderr macro is not overridden. */
+#define CURL_DO_NOT_OVERRIDE_STDERR
+
+#include "tool_setup.h"
+
+#include "tool_stderr.h"
+
+#include "memdebug.h" /* keep this as LAST include */
+
+/* In other tool files stderr is defined as tool_stderr by tool_setup.h */
+FILE *tool_stderr;
+
+void tool_init_stderr(void)
+{
+  tool_stderr = stderr;
+}
+
+void tool_set_stderr_file(char *filename)
+{
+  FILE *fp;
+
+  if(!filename)
+    return;
+
+  if(!strcmp(filename, "-")) {
+    tool_stderr = stdout;
+    return;
+  }
+
+  /* precheck that filename is accessible to lessen the chance that the
+     subsequent freopen will fail. */
+  fp = fopen(filename, FOPEN_WRITETEXT);
+  if(!fp) {
+    fprintf(tool_stderr, "Warning: Failed to open %s!\n", filename);
+    return;
+  }
+  fclose(fp);
+
+  /* freopen the actual stderr (stdio.h stderr) instead of tool_stderr since
+     the latter may be set to stdout. */
+  fp = freopen(filename, FOPEN_WRITETEXT, stderr);
+  if(!fp) {
+    /* stderr may have been closed by freopen. there is nothing to be done. */
+    DEBUGASSERT(0);
+    return;
+  }
+  tool_stderr = stderr;
+}
diff --git a/lib/vquic/msh3.h b/src/tool_stderr.h
index ce884d92d..a3080259e 100644
--- a/lib/vquic/msh3.h
+++ b/src/tool_stderr.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_VQUIC_MSH3_H
-#define HEADER_CURL_VQUIC_MSH3_H
+#ifndef HEADER_CURL_TOOL_STDERR_H
+#define HEADER_CURL_TOOL_STDERR_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,18 +23,9 @@
  * SPDX-License-Identifier: curl
  *
  ***************************************************************************/
+#include "tool_setup.h"
 
-#include "curl_setup.h"
+void tool_init_stderr(void);
+void tool_set_stderr_file(char *filename);
 
-#ifdef USE_MSH3
-
-#include <msh3.h>
-
-struct quicsocket {
-  MSH3_API* api;
-  MSH3_CONNECTION* conn;
-};
-
-#endif /* USE_MSQUIC */
-
-#endif /* HEADER_CURL_VQUIC_MSH3_H */
+#endif /* HEADER_CURL_TOOL_STDERR_H */
diff --git a/src/tool_strdup.c b/src/tool_strdup.c
index 402f1c982..a5725d6d4 100644
--- a/src/tool_strdup.c
+++ b/src/tool_strdup.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_strdup.h b/src/tool_strdup.h
index c31c04652..9b2161896 100644
--- a/src/tool_strdup.h
+++ b/src/tool_strdup.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index a8e50c588..44dd9a748 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_urlglob.h b/src/tool_urlglob.h
index 80c1537f9..3d3cf00d3 100644
--- a/src/tool_urlglob.h
+++ b/src/tool_urlglob.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_util.c b/src/tool_util.c
index fb4829f84..a81fe9950 100644
--- a/src/tool_util.c
+++ b/src/tool_util.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_util.h b/src/tool_util.h
index 72b355e68..d68867265 100644
--- a/src/tool_util.h
+++ b/src/tool_util.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_version.h b/src/tool_version.h
index 62f082b77..7ca506181 100644
--- a/src/tool_version.h
+++ b/src/tool_version.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_vms.c b/src/tool_vms.c
index 7d45d5f10..940257420 100644
--- a/src/tool_vms.c
+++ b/src/tool_vms.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_vms.h b/src/tool_vms.h
index 949206dc5..cc2d31d05 100644
--- a/src/tool_vms.h
+++ b/src/tool_vms.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_writeout.c b/src/tool_writeout.c
index 2789ee20b..a2e3c39bb 100644
--- a/src/tool_writeout.c
+++ b/src/tool_writeout.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -28,6 +28,7 @@
 #include "tool_cfgable.h"
 #include "tool_writeout.h"
 #include "tool_writeout_json.h"
+#include "dynbuf.h"
 
 #include "memdebug.h" /* keep this as LAST include */
 
@@ -72,6 +73,7 @@ static const struct httpmap http_version[] = {
    Variable names should be in alphabetical order.
    */
 static const struct writeoutvar variables[] = {
+  {"certs", VAR_CERT, CURLINFO_NONE, writeString},
   {"content_type", VAR_CONTENT_TYPE, CURLINFO_CONTENT_TYPE, writeString},
   {"errormsg", VAR_ERRORMSG, CURLINFO_NONE, writeString},
   {"exitcode", VAR_EXITCODE, CURLINFO_NONE, writeLong},
@@ -85,6 +87,7 @@ static const struct writeoutvar variables[] = {
   {"local_ip", VAR_LOCAL_IP, CURLINFO_LOCAL_IP, writeString},
   {"local_port", VAR_LOCAL_PORT, CURLINFO_LOCAL_PORT, writeLong},
   {"method", VAR_EFFECTIVE_METHOD, CURLINFO_EFFECTIVE_METHOD, writeString},
+  {"num_certs", VAR_NUM_CERTS, CURLINFO_NONE, writeLong},
   {"num_connects", VAR_NUM_CONNECTS, CURLINFO_NUM_CONNECTS, writeLong},
   {"num_headers", VAR_NUM_HEADERS, CURLINFO_NONE, writeLong},
   {"num_redirects", VAR_REDIRECT_COUNT, CURLINFO_REDIRECT_COUNT, writeLong},
@@ -168,6 +171,8 @@ static int writeString(FILE *stream, const struct writeoutvar *wovar,
 {
   bool valid = false;
   const char *strinfo = NULL;
+  struct dynbuf buf;
+  curlx_dyn_init(&buf, 256*1024);
 
   DEBUGASSERT(wovar->writefunc == writeString);
 
@@ -193,6 +198,51 @@ static int writeString(FILE *stream, const struct writeoutvar *wovar,
   }
   else {
     switch(wovar->id) {
+    case VAR_CERT:
+      if(per->certinfo) {
+        int i;
+        bool error = FALSE;
+        for(i = 0; (i < per->certinfo->num_of_certs) && !error; i++) {
+          struct curl_slist *slist;
+
+          for(slist = per->certinfo->certinfo[i]; slist; slist = slist->next) {
+            size_t len;
+            if(curl_strnequal(slist->data, "cert:", 5)) {
+              if(curlx_dyn_add(&buf, &slist->data[5])) {
+                error = TRUE;
+                break;
+              }
+            }
+            else {
+              if(curlx_dyn_add(&buf, slist->data)) {
+                error = TRUE;
+                break;
+              }
+            }
+            len = curlx_dyn_len(&buf);
+            if(len) {
+              char *ptr = curlx_dyn_ptr(&buf);
+              if(ptr[len -1] != '\n') {
+                /* add a newline to make things look better */
+                if(curlx_dyn_addn(&buf, "\n", 1)) {
+                  error = TRUE;
+                  break;
+                }
+              }
+            }
+          }
+        }
+        if(!error) {
+          strinfo = curlx_dyn_ptr(&buf);
+          if(!strinfo)
+            /* maybe not a TLS protocol */
+            strinfo = "";
+          valid = true;
+        }
+      }
+      else
+        strinfo = ""; /* no cert info */
+      break;
     case VAR_ERRORMSG:
       if(per_result) {
         strinfo = (per->errorbuffer && per->errorbuffer[0]) ?
@@ -232,6 +282,7 @@ static int writeString(FILE *stream, const struct writeoutvar *wovar,
       fprintf(stream, "\"%s\":null", wovar->name);
   }
 
+  curlx_dyn_free(&buf);
   return 1; /* return 1 if anything was written */
 }
 
@@ -250,6 +301,10 @@ static int writeLong(FILE *stream, const struct writeoutvar *wovar,
   }
   else {
     switch(wovar->id) {
+    case VAR_NUM_CERTS:
+      longinfo = per->certinfo ? per->certinfo->num_of_certs : 0;
+      valid = true;
+      break;
     case VAR_NUM_HEADERS:
       longinfo = per->num_headers;
       valid = true;
@@ -321,12 +376,21 @@ static int writeOffset(FILE *stream, const struct writeoutvar *wovar,
   return 1; /* return 1 if anything was written */
 }
 
-void ourWriteOut(const char *writeinfo, struct per_transfer *per,
+void ourWriteOut(struct OperationConfig *config, struct per_transfer *per,
                  CURLcode per_result)
 {
   FILE *stream = stdout;
+  const char *writeinfo = config->writeout;
   const char *ptr = writeinfo;
   bool done = FALSE;
+  struct curl_certinfo *certinfo;
+  CURLcode res = curl_easy_getinfo(per->curl, CURLINFO_CERTINFO, &certinfo);
+
+  if(!writeinfo)
+    return;
+
+  if(!res && certinfo)
+    per->certinfo = certinfo;
 
   while(ptr && *ptr && !done) {
     if('%' == *ptr && ptr[1]) {
diff --git a/src/tool_writeout.h b/src/tool_writeout.h
index c7cdb9771..fac7bdd19 100644
--- a/src/tool_writeout.h
+++ b/src/tool_writeout.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -29,6 +29,7 @@
 typedef enum {
   VAR_NONE,       /* must be the first */
   VAR_APPCONNECT_TIME,
+  VAR_CERT,
   VAR_CONNECT_TIME,
   VAR_CONTENT_TYPE,
   VAR_EFFECTIVE_FILENAME,
@@ -47,6 +48,7 @@ typedef enum {
   VAR_LOCAL_IP,
   VAR_LOCAL_PORT,
   VAR_NAMELOOKUP_TIME,
+  VAR_NUM_CERTS,
   VAR_NUM_CONNECTS,
   VAR_NUM_HEADERS,
   VAR_ONERROR,
@@ -82,7 +84,7 @@ struct writeoutvar {
                    bool use_json);
 };
 
-void ourWriteOut(const char *writeinfo, struct per_transfer *per,
+void ourWriteOut(struct OperationConfig *config, struct per_transfer *per,
                  CURLcode per_result);
 
 #endif /* HEADER_CURL_TOOL_WRITEOUT_H */
diff --git a/src/tool_writeout_json.c b/src/tool_writeout_json.c
index a36d60c4f..6f21f2b2d 100644
--- a/src/tool_writeout_json.c
+++ b/src/tool_writeout_json.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -110,11 +110,6 @@ void headerJSON(FILE *stream, struct per_transfer *per)
   fputc('{', stream);
   while((header = curl_easy_nextheader(per->curl, CURLH_HEADER, -1,
                                        prev))) {
-    if(prev)
-      fputs(",\n", stream);
-    jsonWriteString(stream, header->name, TRUE);
-    fputc(':', stream);
-    prev = header;
     if(header->amount > 1) {
       if(!header->index) {
         /* act on the 0-index entry and pull the others in, then output in a
@@ -122,6 +117,11 @@ void headerJSON(FILE *stream, struct per_transfer *per)
         size_t a = header->amount;
         size_t i = 0;
         char *name = header->name;
+        if(prev)
+          fputs(",\n", stream);
+        jsonWriteString(stream, header->name, TRUE);
+        fputc(':', stream);
+        prev = header;
         fputc('[', stream);
         do {
           jsonWriteString(stream, header->value, FALSE);
@@ -132,13 +132,18 @@ void headerJSON(FILE *stream, struct per_transfer *per)
                               -1, &header))
             break;
         } while(1);
+        fputc(']', stream);
       }
-      fputc(']', stream);
     }
     else {
+      if(prev)
+        fputs(",\n", stream);
+      jsonWriteString(stream, header->name, TRUE);
+      fputc(':', stream);
       fputc('[', stream);
       jsonWriteString(stream, header->value, FALSE);
       fputc(']', stream);
+      prev = header;
     }
   }
   fputs("\n}", stream);
diff --git a/src/tool_writeout_json.h b/src/tool_writeout_json.h
index d8466051c..6d8f8d0dc 100644
--- a/src/tool_writeout_json.h
+++ b/src/tool_writeout_json.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_xattr.c b/src/tool_xattr.c
index bd0574996..a37416d7f 100644
--- a/src/tool_xattr.c
+++ b/src/tool_xattr.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/src/tool_xattr.h b/src/tool_xattr.h
index e85d4cded..2ffffd275 100644
--- a/src/tool_xattr.h
+++ b/src/tool_xattr.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/.gitignore b/tests/.gitignore
index d75f9e2ec..0158348b6 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/tests/CI.md b/tests/CI.md
index 60c499cb7..7baed8375 100644
--- a/tests/CI.md
+++ b/tests/CI.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
@@ -92,23 +92,7 @@ The tests are configured in `appveyor.yml`.
 
 ### Zuul
 
-[Zuul](https://zuul-ci.org/) is an open source CI tool. A number of Curl tests
-are run at [curl.zuul.vexxhost.dev](https://curl.zuul.vexxhost.dev/builds):
-
-- Source code is formatted according to expectations (`make checksrc`).
-- Curl compiled with a number of different TLS configurations (WolfSSL, rustls,
-BoringSSL, etc).
-- Curl compiled with different C compilers.
-
-As of November 2021, the tests run (sometimes) but do not run consistently and
-do not report results to the GitHub checks runner - you need to manually check
-for failures. See [#7522](https://github.com/curl/curl/issues/7522) for more
-information.
-
-As of November 2021 Daniel Stenberg is the only person with administrator
-access to the Zuul CI environment.
-
-These are configured in `zuul.d` and have test runners in `scripts/zuul`.
+Not used anymore.
 
 ### Circle CI
 
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 8ce7610f9..a9eb96f4a 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md
index 8143967db..aff0e2d4f 100644
--- a/tests/FILEFORMAT.md
+++ b/tests/FILEFORMAT.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
@@ -423,6 +423,7 @@ Features testable here are:
 - `oldlibssh` (versions before 0.9.4)
 - `libz`
 - `manual`
+- `mbedtls`
 - `Mime`
 - `netrc`
 - `NSS`
@@ -566,7 +567,7 @@ changing protocol data such as port numbers or user-agent strings.
 One perl op per line that operates on the protocol dump. This is pretty
 advanced. Example: `s/^EPRT .*/EPRT stripped/`.
 
-### `<protocol [nonewline="yes"] crlf="yes">`
+### `<protocol [nonewline="yes"][crlf="yes"]>`
 
 the protocol dump curl should transmit, if `nonewline` is set, we will cut off
 the trailing newline of this given data before comparing with the one actually
@@ -576,7 +577,7 @@ comparisons are made.
 `crlf=yes` forces the newlines to become CRLF even if not written so in the
 test.
 
-### `<proxy [nonewline="yes"]>`
+### `<proxy [nonewline="yes"][crlf="yes"]>`
 
 The protocol dump curl should transmit to an HTTP proxy (when the http-proxy
 server is used), if `nonewline` is set, we will cut off the trailing newline
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 49d391167..51a26d1e6 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -26,15 +26,14 @@ HTMLPAGES = testcurl.html runtests.html
 PDFPAGES = testcurl.pdf runtests.pdf
 MANDISTPAGES = runtests.1.dist testcurl.1.dist
 
-EXTRA_DIST = ftpserver.pl httpserver.pl secureserver.pl runtests.pl           \
- getpart.pm FILEFORMAT.md README.md stunnel.pem memanalyze.pl testcurl.pl     \
- valgrind.pm ftp.pm sshserver.pl sshhelp.pm pathhelp.pm testcurl.1 runtests.1 \
- serverhelp.pm tftpserver.pl rtspserver.pl directories.pm symbol-scan.pl      \
- CMakeLists.txt mem-include-scan.pl valgrind.supp extern-scan.pl              \
- manpage-scan.pl nroff-scan.pl http2-server.pl dictserver.py                  \
- negtelnetserver.py smbserver.py util.py disable-scan.pl manpage-syntax.pl    \
- error-codes.pl badsymbols.pl azure.pm appveyor.pm version-scan.pl            \
- options-scan.pl markdown-uppercase.pl check-deprecated.pl option-check.pl
+EXTRA_DIST = appveyor.pm azure.pm badsymbols.pl check-deprecated.pl CMakeLists.txt \
+ dictserver.py directories.pm disable-scan.pl error-codes.pl extern-scan.pl \
+ FILEFORMAT.md ftp.pm ftpserver.pl getpart.pm http-server.pl http2-server.pl http3-server.pl \
+ manpage-scan.pl manpage-syntax.pl markdown-uppercase.pl mem-include-scan.pl \
+ memanalyze.pl negtelnetserver.py nroff-scan.pl option-check.pl options-scan.pl \
+ pathhelp.pm README.md rtspserver.pl runtests.1 runtests.pl secureserver.pl \
+ serverhelp.pm smbserver.py sshhelp.pm sshserver.pl stunnel.pem symbol-scan.pl \
+ testcurl.1 testcurl.pl tftpserver.pl util.py valgrind.pm valgrind.supp version-scan.pl 
 
 DISTCLEANFILES = configurehelp.pm
 
@@ -49,7 +48,7 @@ BUILD_UNIT =
 DIST_UNIT = unit
 endif
 
-SUBDIRS = certs data server libtest $(BUILD_UNIT)
+SUBDIRS = certs data server libtest http $(BUILD_UNIT)
 DIST_SUBDIRS = $(SUBDIRS) $(DIST_UNIT)
 
 PERLFLAGS = -I$(srcdir)
diff --git a/tests/README.md b/tests/README.md
index a2a1c5407..86597d8be 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
@@ -158,7 +158,36 @@ SPDX-License-Identifier: curl
 
   All logs are generated in the log/ subdirectory (it is emptied first in the
   runtests.pl script). They remain in there after a test run.
+  
+### Log Verbosity
 
+  A curl build with `--enable-debug` offers more verbose output in the logs.
+  This applies not only for test cases, but also when running it standalone
+  with `curl -v`. While a curl debug built is
+  ***not suitable for production***, it is often helpful in tracking down
+  problems.
+  
+  Sometimes, one needs detailed logging of operations, but does not want
+  to drown in output. The newly introduced *connection filters* allows one to
+  dynamically increase log verbosity for a particular *filter type*. Example:
+  
+    CURL_DEBUG=ssl curl -v https://curl.se
+
+  will make the `ssl` connection filter log more details. One may do that for
+  every filter type and also use a combination of names, separated by `,` or 
+  space.
+  
+    CURL_DEBUG=ssl,http/2 curl -v https://curl.se
+
+   The order of filter type names is not relevant. Names used here are
+   case insensitive. Note that these names are implementation internals and
+   subject to change.
+   
+   Some, likely stable names are `tcp`, `ssl`, `http/2`. For a current list,
+   one may search the sources for `struct Curl_cftype` definitions and find
+   the names there. Also, some filters are only available with certain build
+   options, of course.
+   
 ### Test input files
 
   All test cases are put in the `data/` subdirectory. Each test is stored in
diff --git a/tests/appveyor.pm b/tests/appveyor.pm
index 182153464..0ef89714a 100644
--- a/tests/appveyor.pm
+++ b/tests/appveyor.pm
@@ -5,8 +5,8 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2020-2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-# Copyright (C) 2020-2022, Marc Hoersken, <info@marc-hoersken.de>
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Marc Hoersken, <info@marc-hoersken.de>
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/azure.pm b/tests/azure.pm
index e6d3bf8f7..97eac5b4b 100644
--- a/tests/azure.pm
+++ b/tests/azure.pm
@@ -5,8 +5,8 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2020-2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-# Copyright (C) 2020-2022, Marc Hoersken, <info@marc-hoersken.de>
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Marc Hoersken, <info@marc-hoersken.de>
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/badsymbols.pl b/tests/badsymbols.pl
index 205a4f5c7..a3a39d420 100755
--- a/tests/badsymbols.pl
+++ b/tests/badsymbols.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010-2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/certs/.gitignore b/tests/certs/.gitignore
index de0f308c5..f549fdf14 100644
--- a/tests/certs/.gitignore
+++ b/tests/certs/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 EdelCurlRoot-*-ca.cacert
diff --git a/tests/certs/EdelCurlRoot-ca.cacert b/tests/certs/EdelCurlRoot-ca.cacert
index c1d72d866..4e191f5e6 100644
--- a/tests/certs/EdelCurlRoot-ca.cacert
+++ b/tests/certs/EdelCurlRoot-ca.cacert
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668315 (0xf2ed3c2c15b)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980969522 (0xf3475512a32)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Apr 30 12:32:46 2039 GMT
+            Not Before: Dec 23 12:21:36 2022 GMT
+            Not After : May 28 12:21:36 2039 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,24 +18,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ed:13:ed:07:b6:ec:f7:fe:2b:93:d9:0a:e7:8e:
-                    2c:9c:51:34:48:d1:aa:98:58:7e:7a:a3:6a:b7:0e:
-                    72:1a:11:10:ba:e6:6c:4e:9e:e0:01:d9:0c:4d:07:
-                    cb:39:22:a9:71:dd:bd:2c:6e:82:dd:eb:4d:af:e2:
-                    ed:09:e7:e1:13:fc:7b:bf:e2:a7:04:d9:8e:4b:e1:
-                    63:cc:d6:ec:07:24:35:4f:cf:9f:42:89:0e:c9:7f:
-                    1c:81:2d:a5:10:4d:61:7a:1a:d4:26:be:74:8c:26:
-                    94:49:d7:fb:6c:09:6a:33:92:8c:c7:af:81:4f:dc:
-                    c1:af:8a:78:81:d7:98:f6:2c:6e:aa:f4:f6:c6:2b:
-                    e7:ae:47:cd:a5:50:68:c8:3a:20:cb:6e:66:8f:ff:
-                    46:e2:37:61:45:d1:87:16:a6:66:08:cb:8a:57:3a:
-                    06:89:54:af:d5:10:a1:01:99:bf:93:4c:e5:30:c5:
-                    9a:42:6b:d7:85:50:d8:0f:8f:1b:95:b3:7a:79:4d:
-                    48:84:44:1b:58:8e:0d:d7:f6:71:6c:34:77:37:a8:
-                    8c:d7:fe:eb:69:fa:eb:6f:a1:b3:ba:79:19:ce:47:
-                    e5:ec:fb:7d:b3:9d:a0:ef:60:0d:43:da:9a:0b:7f:
-                    31:fa:a9:5e:4d:a2:ff:70:7a:2c:3e:af:de:be:58:
-                    50:65
+                    00:a1:d8:60:15:d1:5b:09:3b:d1:4e:79:40:0a:03:
+                    81:07:60:ba:6b:03:f4:87:4e:1e:e9:77:b1:ea:83:
+                    66:56:c4:6c:19:5e:cf:64:23:44:03:f5:d0:27:e1:
+                    1d:a5:05:dd:a5:f2:c1:9a:28:e2:31:66:a2:7b:e0:
+                    3b:bb:f3:b4:06:b4:43:97:7b:80:3c:96:1b:ed:85:
+                    7c:8b:2e:0f:62:b9:53:69:3d:2b:19:af:16:d3:e2:
+                    a9:d3:2d:f2:ec:b1:31:76:2d:d9:78:67:91:ce:16:
+                    52:e3:68:34:f1:bc:f0:5e:99:bf:28:cf:91:88:31:
+                    a6:48:cc:fb:84:a1:87:85:8b:08:18:eb:39:e9:34:
+                    ee:1b:3a:a3:bd:2a:77:63:50:c8:88:6b:f1:d3:c4:
+                    b7:25:db:7f:eb:b9:84:73:a8:86:8a:69:7d:40:5a:
+                    c3:24:81:10:8d:97:ae:ce:45:eb:5d:fb:14:31:5b:
+                    a1:c2:d1:aa:2f:44:a0:42:28:38:16:c7:42:1e:dd:
+                    db:0f:a9:d9:70:25:cc:da:be:e9:8c:8c:84:48:a3:
+                    ab:af:20:7a:7e:b3:09:a9:05:0d:ce:f8:9b:c2:77:
+                    e8:82:f8:6a:56:21:db:92:a7:0a:3c:f1:0c:a0:d4:
+                    9c:8c:c0:62:2b:62:bc:5e:c4:ba:5e:3a:fc:1a:05:
+                    49:ef
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
@@ -43,56 +43,53 @@ Certificate:
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
             X509v3 Subject Key Identifier: 
-                52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         5d:d7:5d:15:93:31:d9:48:7c:15:6f:72:8e:ec:60:00:c2:89:
-         02:e0:26:91:c9:71:ec:e0:7e:90:62:ae:e0:56:e4:c7:cd:25:
-         27:fb:fb:b7:43:cc:50:0a:36:e4:18:b8:40:56:34:2c:18:41:
-         a8:5c:04:f8:cb:75:d8:96:aa:52:93:d1:e3:67:5a:4f:80:55:
-         ba:f7:66:88:a2:50:6c:3b:83:7a:72:04:73:66:25:dd:a6:b2:
-         6b:3e:9d:17:55:ba:37:50:be:1e:a7:46:09:21:dc:68:c8:04:
-         55:5f:dd:ff:b2:16:3f:39:cc:8f:66:2f:ee:d7:81:da:43:15:
-         4b:ef:3a:b6:c3:44:a7:57:a9:d8:97:7a:37:41:13:2e:b7:db:
-         d1:6e:23:09:60:a2:8f:28:f8:ca:a6:45:93:d3:63:da:79:63:
-         12:c4:3e:de:e2:5e:25:f6:06:bf:2b:8c:38:8d:0d:4e:6e:af:
-         c3:d6:2f:7b:26:c2:6a:f6:fa:35:2d:7a:25:05:03:e5:b1:65:
-         a8:17:bc:9c:2b:82:6c:c6:9b:32:08:1a:10:a4:84:77:18:6b:
-         fd:96:b3:c2:4f:64:08:08:fd:f3:eb:ff:a4:ea:1f:2a:93:19:
-         e5:6e:55:aa:60:81:01:0e:db:4b:07:34:8b:d4:3b:78:87:47:
-         a9:5d:58:39
+    Signature Value:
+        86:19:bd:3d:12:4f:6b:8c:8e:1b:72:db:8f:9b:67:68:96:f8:
+        f4:ad:d9:a0:b5:48:0e:19:f6:34:09:92:a5:b8:ab:70:c6:6b:
+        44:be:f7:fd:a4:75:ad:16:c4:ad:54:aa:c4:36:e6:86:87:84:
+        0d:d9:1f:ea:b5:95:3a:69:60:02:2f:5c:a2:a3:1d:c9:28:f6:
+        78:22:cd:e3:1d:47:37:a0:a0:a4:8a:3b:da:50:a9:12:e0:e4:
+        e7:1f:b6:bc:7e:e8:b6:a1:b7:99:9f:98:2c:c1:70:db:32:ea:
+        82:45:ff:71:ea:36:34:65:bd:ad:cd:c5:2b:a2:a1:6b:2e:a3:
+        30:b2:95:ea:77:a9:17:cf:bf:e4:df:4f:ef:6d:72:d0:a1:95:
+        c6:ef:e5:b8:70:0f:d2:82:b3:a7:54:4b:f7:2d:b9:2f:dc:37:
+        ff:f7:4d:26:b4:4b:6a:46:a3:f9:2c:ad:58:8c:96:e8:e6:a4:
+        aa:d0:c1:2d:35:db:b5:2f:ac:34:40:e3:7f:da:f7:34:f8:a2:
+        fd:6f:61:46:69:f0:24:20:32:f3:ad:e2:72:27:1a:58:a3:aa:
+        77:4e:fa:06:5e:34:40:d3:50:39:66:29:f6:a6:f5:40:3a:af:
+        97:23:19:cf:58:27:c9:8f:c4:b3:58:9e:87:78:2f:a7:24:9e:
+        3e:5d:d1:52
 -----BEGIN CERTIFICATE-----
-MIIENDCCAxygAwIBAgIGDy7TwsFbMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIENDCCAxygAwIBAgIGDzR1USoyMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zOTA0MzAxMjMyNDZaMGgxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzZaFw0zOTA1MjgxMjIxMzZaMGgxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAO0T7Qe27Pf+K5PZCueOLJxRNEjRqphY
-fnqjarcOchoRELrmbE6e4AHZDE0HyzkiqXHdvSxugt3rTa/i7Qnn4RP8e7/ipwTZ
-jkvhY8zW7AckNU/Pn0KJDsl/HIEtpRBNYXoa1Ca+dIwmlEnX+2wJajOSjMevgU/c
-wa+KeIHXmPYsbqr09sYr565HzaVQaMg6IMtuZo//RuI3YUXRhxamZgjLilc6BolU
-r9UQoQGZv5NM5TDFmkJr14VQ2A+PG5WzenlNSIREG1iODdf2cWw0dzeojNf+62n6
-62+hs7p5Gc5H5ez7fbOdoO9gDUPamgt/MfqpXk2i/3B6LD6v3r5YUGUCAwEAAaOB
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHYYBXRWwk70U55QAoDgQdgumsD9IdO
+Hul3seqDZlbEbBlez2QjRAP10CfhHaUF3aXywZoo4jFmonvgO7vztAa0Q5d7gDyW
+G+2FfIsuD2K5U2k9KxmvFtPiqdMt8uyxMXYt2Xhnkc4WUuNoNPG88F6ZvyjPkYgx
+pkjM+4Shh4WLCBjrOek07hs6o70qd2NQyIhr8dPEtyXbf+u5hHOohoppfUBawySB
+EI2Xrs5F6137FDFbocLRqi9EoEIoOBbHQh7d2w+p2XAlzNq+6YyMhEijq68gen6z
+CakFDc74m8J36IL4alYh25KnCjzxDKDUnIzAYitivF7Eul46/BoFSe8CAwEAAaOB
 4zCB4DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
-UkDu4U+VWCnKhGeMD4zM/o+p+qgwHwYDVR0jBBgwFoAUUkDu4U+VWCnKhGeMD4zM
-/o+p+qgwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vdGVzdC5j
+h8uxMy7BZ35x4+UrTE2ks27SW6kwHwYDVR0jBBgwFoAUh8uxMy7BZ35x4+UrTE2k
+s27SW6kwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vdGVzdC5j
 dXJsLnNlL2NhL0VkZWxDdXJsUm9vdC5jZXIwOAYDVR0fBDEwLzAtoCugKYYnaHR0
 cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY3JsMA0GCSqGSIb3DQEB
-CwUAA4IBAQBd110VkzHZSHwVb3KO7GAAwokC4CaRyXHs4H6QYq7gVuTHzSUn+/u3
-Q8xQCjbkGLhAVjQsGEGoXAT4y3XYlqpSk9HjZ1pPgFW692aIolBsO4N6cgRzZiXd
-prJrPp0XVbo3UL4ep0YJIdxoyARVX93/shY/OcyPZi/u14HaQxVL7zq2w0SnV6nY
-l3o3QRMut9vRbiMJYKKPKPjKpkWT02PaeWMSxD7e4l4l9ga/K4w4jQ1Obq/D1i97
-JsJq9vo1LXolBQPlsWWoF7ycK4JsxpsyCBoQpIR3GGv9lrPCT2QICP3z6/+k6h8q
-kxnlblWqYIEBDttLBzSL1Dt4h0epXVg5
+CwUAA4IBAQCGGb09Ek9rjI4bctuPm2dolvj0rdmgtUgOGfY0CZKluKtwxmtEvvf9
+pHWtFsStVKrENuaGh4QN2R/qtZU6aWACL1yiox3JKPZ4Is3jHUc3oKCkijvaUKkS
+4OTnH7a8fui2obeZn5gswXDbMuqCRf9x6jY0Zb2tzcUroqFrLqMwspXqd6kXz7/k
+30/vbXLQoZXG7+W4cA/SgrOnVEv3Lbkv3Df/900mtEtqRqP5LK1YjJbo5qSq0MEt
+Ndu1L6w0QON/2vc0+KL9b2FGafAkIDLzreJyJxpYo6p3TvoGXjRA01A5Zin2pvVA
+Oq+XIxnPWCfJj8SzWJ6HeC+nJJ4+XdFS
 -----END CERTIFICATE-----
diff --git a/tests/certs/EdelCurlRoot-ca.cnf b/tests/certs/EdelCurlRoot-ca.cnf
index ba998817e..b8c630b5d 100644
--- a/tests/certs/EdelCurlRoot-ca.cnf
+++ b/tests/certs/EdelCurlRoot-ca.cnf
@@ -6,6 +6,6 @@ database = EdelCurlRoot-ca.db
 certificate = EdelCurlRoot-ca.crt
 private_key = EdelCurlRoot-ca.key
 crlnumber = EdelCurlRoot-ca.cnt
-default_md = sha1
+default_md = sha256
 default_days = 365
 default_crl_days = 30
diff --git a/tests/certs/EdelCurlRoot-ca.crt b/tests/certs/EdelCurlRoot-ca.crt
index c1d72d866..4e191f5e6 100644
--- a/tests/certs/EdelCurlRoot-ca.crt
+++ b/tests/certs/EdelCurlRoot-ca.crt
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668315 (0xf2ed3c2c15b)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980969522 (0xf3475512a32)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Apr 30 12:32:46 2039 GMT
+            Not Before: Dec 23 12:21:36 2022 GMT
+            Not After : May 28 12:21:36 2039 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,24 +18,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ed:13:ed:07:b6:ec:f7:fe:2b:93:d9:0a:e7:8e:
-                    2c:9c:51:34:48:d1:aa:98:58:7e:7a:a3:6a:b7:0e:
-                    72:1a:11:10:ba:e6:6c:4e:9e:e0:01:d9:0c:4d:07:
-                    cb:39:22:a9:71:dd:bd:2c:6e:82:dd:eb:4d:af:e2:
-                    ed:09:e7:e1:13:fc:7b:bf:e2:a7:04:d9:8e:4b:e1:
-                    63:cc:d6:ec:07:24:35:4f:cf:9f:42:89:0e:c9:7f:
-                    1c:81:2d:a5:10:4d:61:7a:1a:d4:26:be:74:8c:26:
-                    94:49:d7:fb:6c:09:6a:33:92:8c:c7:af:81:4f:dc:
-                    c1:af:8a:78:81:d7:98:f6:2c:6e:aa:f4:f6:c6:2b:
-                    e7:ae:47:cd:a5:50:68:c8:3a:20:cb:6e:66:8f:ff:
-                    46:e2:37:61:45:d1:87:16:a6:66:08:cb:8a:57:3a:
-                    06:89:54:af:d5:10:a1:01:99:bf:93:4c:e5:30:c5:
-                    9a:42:6b:d7:85:50:d8:0f:8f:1b:95:b3:7a:79:4d:
-                    48:84:44:1b:58:8e:0d:d7:f6:71:6c:34:77:37:a8:
-                    8c:d7:fe:eb:69:fa:eb:6f:a1:b3:ba:79:19:ce:47:
-                    e5:ec:fb:7d:b3:9d:a0:ef:60:0d:43:da:9a:0b:7f:
-                    31:fa:a9:5e:4d:a2:ff:70:7a:2c:3e:af:de:be:58:
-                    50:65
+                    00:a1:d8:60:15:d1:5b:09:3b:d1:4e:79:40:0a:03:
+                    81:07:60:ba:6b:03:f4:87:4e:1e:e9:77:b1:ea:83:
+                    66:56:c4:6c:19:5e:cf:64:23:44:03:f5:d0:27:e1:
+                    1d:a5:05:dd:a5:f2:c1:9a:28:e2:31:66:a2:7b:e0:
+                    3b:bb:f3:b4:06:b4:43:97:7b:80:3c:96:1b:ed:85:
+                    7c:8b:2e:0f:62:b9:53:69:3d:2b:19:af:16:d3:e2:
+                    a9:d3:2d:f2:ec:b1:31:76:2d:d9:78:67:91:ce:16:
+                    52:e3:68:34:f1:bc:f0:5e:99:bf:28:cf:91:88:31:
+                    a6:48:cc:fb:84:a1:87:85:8b:08:18:eb:39:e9:34:
+                    ee:1b:3a:a3:bd:2a:77:63:50:c8:88:6b:f1:d3:c4:
+                    b7:25:db:7f:eb:b9:84:73:a8:86:8a:69:7d:40:5a:
+                    c3:24:81:10:8d:97:ae:ce:45:eb:5d:fb:14:31:5b:
+                    a1:c2:d1:aa:2f:44:a0:42:28:38:16:c7:42:1e:dd:
+                    db:0f:a9:d9:70:25:cc:da:be:e9:8c:8c:84:48:a3:
+                    ab:af:20:7a:7e:b3:09:a9:05:0d:ce:f8:9b:c2:77:
+                    e8:82:f8:6a:56:21:db:92:a7:0a:3c:f1:0c:a0:d4:
+                    9c:8c:c0:62:2b:62:bc:5e:c4:ba:5e:3a:fc:1a:05:
+                    49:ef
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
@@ -43,56 +43,53 @@ Certificate:
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
             X509v3 Subject Key Identifier: 
-                52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         5d:d7:5d:15:93:31:d9:48:7c:15:6f:72:8e:ec:60:00:c2:89:
-         02:e0:26:91:c9:71:ec:e0:7e:90:62:ae:e0:56:e4:c7:cd:25:
-         27:fb:fb:b7:43:cc:50:0a:36:e4:18:b8:40:56:34:2c:18:41:
-         a8:5c:04:f8:cb:75:d8:96:aa:52:93:d1:e3:67:5a:4f:80:55:
-         ba:f7:66:88:a2:50:6c:3b:83:7a:72:04:73:66:25:dd:a6:b2:
-         6b:3e:9d:17:55:ba:37:50:be:1e:a7:46:09:21:dc:68:c8:04:
-         55:5f:dd:ff:b2:16:3f:39:cc:8f:66:2f:ee:d7:81:da:43:15:
-         4b:ef:3a:b6:c3:44:a7:57:a9:d8:97:7a:37:41:13:2e:b7:db:
-         d1:6e:23:09:60:a2:8f:28:f8:ca:a6:45:93:d3:63:da:79:63:
-         12:c4:3e:de:e2:5e:25:f6:06:bf:2b:8c:38:8d:0d:4e:6e:af:
-         c3:d6:2f:7b:26:c2:6a:f6:fa:35:2d:7a:25:05:03:e5:b1:65:
-         a8:17:bc:9c:2b:82:6c:c6:9b:32:08:1a:10:a4:84:77:18:6b:
-         fd:96:b3:c2:4f:64:08:08:fd:f3:eb:ff:a4:ea:1f:2a:93:19:
-         e5:6e:55:aa:60:81:01:0e:db:4b:07:34:8b:d4:3b:78:87:47:
-         a9:5d:58:39
+    Signature Value:
+        86:19:bd:3d:12:4f:6b:8c:8e:1b:72:db:8f:9b:67:68:96:f8:
+        f4:ad:d9:a0:b5:48:0e:19:f6:34:09:92:a5:b8:ab:70:c6:6b:
+        44:be:f7:fd:a4:75:ad:16:c4:ad:54:aa:c4:36:e6:86:87:84:
+        0d:d9:1f:ea:b5:95:3a:69:60:02:2f:5c:a2:a3:1d:c9:28:f6:
+        78:22:cd:e3:1d:47:37:a0:a0:a4:8a:3b:da:50:a9:12:e0:e4:
+        e7:1f:b6:bc:7e:e8:b6:a1:b7:99:9f:98:2c:c1:70:db:32:ea:
+        82:45:ff:71:ea:36:34:65:bd:ad:cd:c5:2b:a2:a1:6b:2e:a3:
+        30:b2:95:ea:77:a9:17:cf:bf:e4:df:4f:ef:6d:72:d0:a1:95:
+        c6:ef:e5:b8:70:0f:d2:82:b3:a7:54:4b:f7:2d:b9:2f:dc:37:
+        ff:f7:4d:26:b4:4b:6a:46:a3:f9:2c:ad:58:8c:96:e8:e6:a4:
+        aa:d0:c1:2d:35:db:b5:2f:ac:34:40:e3:7f:da:f7:34:f8:a2:
+        fd:6f:61:46:69:f0:24:20:32:f3:ad:e2:72:27:1a:58:a3:aa:
+        77:4e:fa:06:5e:34:40:d3:50:39:66:29:f6:a6:f5:40:3a:af:
+        97:23:19:cf:58:27:c9:8f:c4:b3:58:9e:87:78:2f:a7:24:9e:
+        3e:5d:d1:52
 -----BEGIN CERTIFICATE-----
-MIIENDCCAxygAwIBAgIGDy7TwsFbMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIENDCCAxygAwIBAgIGDzR1USoyMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zOTA0MzAxMjMyNDZaMGgxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzZaFw0zOTA1MjgxMjIxMzZaMGgxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAO0T7Qe27Pf+K5PZCueOLJxRNEjRqphY
-fnqjarcOchoRELrmbE6e4AHZDE0HyzkiqXHdvSxugt3rTa/i7Qnn4RP8e7/ipwTZ
-jkvhY8zW7AckNU/Pn0KJDsl/HIEtpRBNYXoa1Ca+dIwmlEnX+2wJajOSjMevgU/c
-wa+KeIHXmPYsbqr09sYr565HzaVQaMg6IMtuZo//RuI3YUXRhxamZgjLilc6BolU
-r9UQoQGZv5NM5TDFmkJr14VQ2A+PG5WzenlNSIREG1iODdf2cWw0dzeojNf+62n6
-62+hs7p5Gc5H5ez7fbOdoO9gDUPamgt/MfqpXk2i/3B6LD6v3r5YUGUCAwEAAaOB
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHYYBXRWwk70U55QAoDgQdgumsD9IdO
+Hul3seqDZlbEbBlez2QjRAP10CfhHaUF3aXywZoo4jFmonvgO7vztAa0Q5d7gDyW
+G+2FfIsuD2K5U2k9KxmvFtPiqdMt8uyxMXYt2Xhnkc4WUuNoNPG88F6ZvyjPkYgx
+pkjM+4Shh4WLCBjrOek07hs6o70qd2NQyIhr8dPEtyXbf+u5hHOohoppfUBawySB
+EI2Xrs5F6137FDFbocLRqi9EoEIoOBbHQh7d2w+p2XAlzNq+6YyMhEijq68gen6z
+CakFDc74m8J36IL4alYh25KnCjzxDKDUnIzAYitivF7Eul46/BoFSe8CAwEAAaOB
 4zCB4DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
-UkDu4U+VWCnKhGeMD4zM/o+p+qgwHwYDVR0jBBgwFoAUUkDu4U+VWCnKhGeMD4zM
-/o+p+qgwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vdGVzdC5j
+h8uxMy7BZ35x4+UrTE2ks27SW6kwHwYDVR0jBBgwFoAUh8uxMy7BZ35x4+UrTE2k
+s27SW6kwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzAChidodHRwOi8vdGVzdC5j
 dXJsLnNlL2NhL0VkZWxDdXJsUm9vdC5jZXIwOAYDVR0fBDEwLzAtoCugKYYnaHR0
 cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY3JsMA0GCSqGSIb3DQEB
-CwUAA4IBAQBd110VkzHZSHwVb3KO7GAAwokC4CaRyXHs4H6QYq7gVuTHzSUn+/u3
-Q8xQCjbkGLhAVjQsGEGoXAT4y3XYlqpSk9HjZ1pPgFW692aIolBsO4N6cgRzZiXd
-prJrPp0XVbo3UL4ep0YJIdxoyARVX93/shY/OcyPZi/u14HaQxVL7zq2w0SnV6nY
-l3o3QRMut9vRbiMJYKKPKPjKpkWT02PaeWMSxD7e4l4l9ga/K4w4jQ1Obq/D1i97
-JsJq9vo1LXolBQPlsWWoF7ycK4JsxpsyCBoQpIR3GGv9lrPCT2QICP3z6/+k6h8q
-kxnlblWqYIEBDttLBzSL1Dt4h0epXVg5
+CwUAA4IBAQCGGb09Ek9rjI4bctuPm2dolvj0rdmgtUgOGfY0CZKluKtwxmtEvvf9
+pHWtFsStVKrENuaGh4QN2R/qtZU6aWACL1yiox3JKPZ4Is3jHUc3oKCkijvaUKkS
+4OTnH7a8fui2obeZn5gswXDbMuqCRf9x6jY0Zb2tzcUroqFrLqMwspXqd6kXz7/k
+30/vbXLQoZXG7+W4cA/SgrOnVEv3Lbkv3Df/900mtEtqRqP5LK1YjJbo5qSq0MEt
+Ndu1L6w0QON/2vc0+KL9b2FGafAkIDLzreJyJxpYo6p3TvoGXjRA01A5Zin2pvVA
+Oq+XIxnPWCfJj8SzWJ6HeC+nJJ4+XdFS
 -----END CERTIFICATE-----
diff --git a/tests/certs/EdelCurlRoot-ca.csr b/tests/certs/EdelCurlRoot-ca.csr
index 507aa1be7..2eeb6f055 100644
--- a/tests/certs/EdelCurlRoot-ca.csr
+++ b/tests/certs/EdelCurlRoot-ca.csr
@@ -2,16 +2,16 @@
 MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
 cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAkBgNVBAMMHU5vcnRoZXJu
 IE5vd2hlcmUgVHJ1c3QgQW5jaG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA7RPtB7bs9/4rk9kK544snFE0SNGqmFh+eqNqtw5yGhEQuuZsTp7gAdkM
-TQfLOSKpcd29LG6C3etNr+LtCefhE/x7v+KnBNmOS+FjzNbsByQ1T8+fQokOyX8c
-gS2lEE1hehrUJr50jCaUSdf7bAlqM5KMx6+BT9zBr4p4gdeY9ixuqvT2xivnrkfN
-pVBoyDogy25mj/9G4jdhRdGHFqZmCMuKVzoGiVSv1RChAZm/k0zlMMWaQmvXhVDY
-D48blbN6eU1IhEQbWI4N1/ZxbDR3N6iM1/7rafrrb6GzunkZzkfl7Pt9s52g72AN
-Q9qaC38x+qleTaL/cHosPq/evlhQZQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
-AEdJoc3iX92Y6BDjyxtHuciz0J6Ecbs3l8uKgyEXnCbuLzVVbiyMjJhXG65XXQpf
-Bo5FtCiVOfb082I8HM6m03zNVRwkBmAavXOTOAbhYbcuz3M9eo916lwaF/+gvF4Y
-lJUug1h/iWdWdfkV8sFT4DJGTLRFYH8pYUHO4z6p3mg1RKsPden1a7hBYldU8YBs
-l2nJ556PCfLa1CI8iOu7SbFNHD9j6HGetcR/DQgJDcDQdVCgWoFqnBRpUbNTfqu3
-FqFDkteQreqI7Wg8oc40SFIXYra+8DRQ67YU+mLDq1oDrwBz/kN8mNMsAKe3xt9+
-yTlKj2rQr793IIUudQCdgjw=
+CgKCAQEAodhgFdFbCTvRTnlACgOBB2C6awP0h04e6Xex6oNmVsRsGV7PZCNEA/XQ
+J+EdpQXdpfLBmijiMWaie+A7u/O0BrRDl3uAPJYb7YV8iy4PYrlTaT0rGa8W0+Kp
+0y3y7LExdi3ZeGeRzhZS42g08bzwXpm/KM+RiDGmSMz7hKGHhYsIGOs56TTuGzqj
+vSp3Y1DIiGvx08S3Jdt/67mEc6iGiml9QFrDJIEQjZeuzkXrXfsUMVuhwtGqL0Sg
+Qig4FsdCHt3bD6nZcCXM2r7pjIyESKOrryB6frMJqQUNzvibwnfogvhqViHbkqcK
+PPEMoNScjMBiK2K8XsS6Xjr8GgVJ7wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
+AGRzOAmRFC2HX9tV94v7PxAPLY8LC5IsCdk2E07gQ76kWU8B0qd3Okx970O6d9Iw
+jy27At8CIFmCwdiNpOfLv1uqtbBgitxRX6FfciN5Lu0D1wxICc2gX7tDgqLhrT8E
+fp8q7/F//UPT04l5B6b+2h210Rkzjs/EmjQt2cFGjQpGSy8nb1ey3/W91NAej7Aq
+Hrp3/64hC+0QZMpgYQpYx65LYOST+U8lnDbrlcRUQqkUmGidwbYqGQMv+Tk5TKjL
+zMOjuu/I6stoGSJGJvhrfToZazG0u9tT+sXQdbi3emXVP1tMVpkhOYvKaaCno9QR
+RREL1l6yq15NUoT030u7pvs=
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/EdelCurlRoot-ca.der b/tests/certs/EdelCurlRoot-ca.der
index 9ba75c0c8..9a4e2ef89 100644
--- a/tests/certs/EdelCurlRoot-ca.der
+++ b/tests/certs/EdelCurlRoot-ca.der
diff --git a/tests/certs/EdelCurlRoot-ca.key b/tests/certs/EdelCurlRoot-ca.key
index a2bdf9b9b..624ab3f54 100644
--- a/tests/certs/EdelCurlRoot-ca.key
+++ b/tests/certs/EdelCurlRoot-ca.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA7RPtB7bs9/4rk9kK544snFE0SNGqmFh+eqNqtw5yGhEQuuZs
-Tp7gAdkMTQfLOSKpcd29LG6C3etNr+LtCefhE/x7v+KnBNmOS+FjzNbsByQ1T8+f
-QokOyX8cgS2lEE1hehrUJr50jCaUSdf7bAlqM5KMx6+BT9zBr4p4gdeY9ixuqvT2
-xivnrkfNpVBoyDogy25mj/9G4jdhRdGHFqZmCMuKVzoGiVSv1RChAZm/k0zlMMWa
-QmvXhVDYD48blbN6eU1IhEQbWI4N1/ZxbDR3N6iM1/7rafrrb6GzunkZzkfl7Pt9
-s52g72ANQ9qaC38x+qleTaL/cHosPq/evlhQZQIDAQABAoIBAQCgPiyjX0Ayq0i3
-KSfWtWFv0u9dHOKLEJ2EtTonOwtilRBS0/Z2+an9dcB7vH3fQ492WGNKSfQIncgn
-z2FapbGbubfHTiKIA6jLny++v7JPbWjfZj2GUm99QH56zehY6YSubL3i5i6OoHDw
-rJzTPFXdP/wJ6JWl7le4GAc19Az+rmKcmlgVyqrI4NklRMpAhUzuGV/7nFFGm7cP
-L70uuX6wKn+Lyz+mlsOfbzkc5L1wq5e/w6hCnDcvMT0jy0Akvinlo+pJM0Qjo4YA
-ndBzCD9urG6dEXk+Wam+3KWWhSChm5Y+NdW4G0Dttyb9H3EpCE9VT6YbFbR8BvJH
-lEr3mbgBAoGBAPkqkubuXTewIAkXzlSTG1IOzrZCGsABgDW7NSFkORM2tCuo1FI0
-xHrDwXqC4TofsXP19DoooGZqZsYWdMPZB/NOh0mZ68LSWdWJtmyoQ8MMuxxVMDE/
-n62hgQml/TNSvwrJf4KopwxvQYiVm11wI5JLJTLD6TF/SbLQUaiIJ+plAoGBAPOU
-ejzrdT7kKC8KA9XvZDUAs19AX5tHWQ7lCHQ/Cr1xTPY3GVjwfppLYRL+0qEx7T0A
-VglBbmjuV8kvJzsLHtp8jjooM8GCXN9qV/wFu2rIweo2L89KErNhIVCYJws6Yn0r
-oepgQ5HsUnsEK1TmVwb3pur2iv1odRmpUuYVhW4BAoGBAOaPSZ3c5W8ZT5t6ZteF
-xBsbTpYB90TCXsPZdiFu3w1zaiaYM9fZshGzQD5AC29AUnDuH08NttbuECmuL9/l
-3OB8Qt2NS0ZcZPoeUyqaTRGYny9peI2pxPTi5EdsTC6Im/S8XXwm2WS9MlPTtA8z
-LAc797DQ7eB6W1TWRSmAzAatAoGAK8hQgIrCNF/GaU4fimDRXkWV+FUV2k9kzqyU
-bHC4eXzYHJmi0L3Jw+owtL1hFuBmiER7Moa0VeAhn2P+ZTqGfTdOSV3Yj7vi/bWb
-ww00tukHEhZTWasy2VNoLZhrzDTeZylknUBYZO5ZlQsWztfoZLQ3KJzQNuSDx+0L
-nZfYuAECgYEAga7iSi2hgNjUbuePrzLO7//1zG951RUmdvgN2gW/Lqgc92jgJdJW
-wO2UzKr13N+RuAbBy4TXQw/GvMbkF3L4ikO0D1zxwjdNUx/lL4ie0TQJbkbxVhol
-2NJoq+8IQdTRoQOcbmVL9N5q6LGn04m7IbtfWuT/Swpdf/YhYq+zb34=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCh2GAV0VsJO9FO
+eUAKA4EHYLprA/SHTh7pd7Hqg2ZWxGwZXs9kI0QD9dAn4R2lBd2l8sGaKOIxZqJ7
+4Du787QGtEOXe4A8lhvthXyLLg9iuVNpPSsZrxbT4qnTLfLssTF2Ldl4Z5HOFlLj
+aDTxvPBemb8oz5GIMaZIzPuEoYeFiwgY6znpNO4bOqO9KndjUMiIa/HTxLcl23/r
+uYRzqIaKaX1AWsMkgRCNl67ORetd+xQxW6HC0aovRKBCKDgWx0Ie3dsPqdlwJcza
+vumMjIRIo6uvIHp+swmpBQ3O+JvCd+iC+GpWIduSpwo88Qyg1JyMwGIrYrxexLpe
+OvwaBUnvAgMBAAECggEADFrjQucfhv3tBYuWCu2njPOiZ4b+xNF+5J3BlECBsIAA
+LJOjS2axy4eZY2H5DF79Q6zbgLQ8SD8oikJc7QU2qgha3JaN/JINAb3d+xYCEKxL
+JM6JmsVV/cjg5AEu+UixmO75Ggr2A4CKxVdwK0AcLWyZPjlSR85aflY/oSlfmh8a
+txULdID0fH+/tIVQE/xlS9M8xfHxqQQyoBsWkwPPcxhgPRgPpTxo/a12iZk2z+lV
+F/1TZxyb0MWRktVgHQwhmXSnEguosspjk6fqDXwM14WJLQA1XdFdblI3aiHmlc5h
+qanreSsaUgYsV1WvVxh1qfoljm6pUzoYvOChdz62SQKBgQDiavOlubV+kgFU4he+
+LzdaZJUlq6JO4dbbcgE4lZBnoJp2Ga5V1OvBnBcrdtiHO46V2Durq66YHa/tZfTN
+6RlA6GyPVLb6qlwbCYUnpSfuwIVJx7Zty7FrnOn9oRlwLpQQMG4AOsS3E+JY1vQZ
+9+8htuT9OprjY2Mx6wLm2EuZ3QKBgQC2/aZll+nRMerAsZLsTm1idkvxztvDPyoQ
+yQwGlDy79OvezjzXEAczGk/XDSRnGIptZQacxw5z/Lw8IHaaTp7GPFBrD7Lr84dc
+QopdLqqeQJ2n7WGjmJ3gLJCp7NHHP+xDkipc2Xq+nFGlS+PxVzB0hOq3wQdPV54e
+h+x9CNDkOwKBgA3TfiFmn8Ck5dPrIowIkhbBAaKVQooSnG42HgD4kSLi2cvQcabo
+I6VlBL0wurQ3XNOlqq8nArhjR7T1fud8DoC6MLbn82yHLqyv/iOXoEKiGwGQYoF9
+6M2rfVZxmf4RuhTrACyfahfL7QyDw9A6Ja4nXwBfrcmo7gvEUB8MokE5AoGBAKbY
+sZ5SG/wE4oGdp1PU0oGDUQ2CSfhFIGq7lT5ubM4HrASz0N9amuXqaL+xGO7zfkvu
+YFAUY0Y4O70q8FkTtEsVdVGYt8/RdSsW9KevxBuU2OrjUzJiFhjvKVv2NPPSge6+
+V+fe177yMrNfdc94axLimky/MJYUUnSOBH+gyS4/AoGBALJt7WqFnb3iazOgVUDd
+ZGOJUuBnlgS6MK/YxP+8csq+MPnGVVGruXx72hzWe3bJ8QM16QvHUPC9RNgnclXB
+Ekx45SNSG1g//rxHwCJAgcTlnhiTZQ21Fn3V2EckjOa/Z4udk/7PxFRto1beNznK
+nW2eB0xvsK+qq5yc3TQClWgc
+-----END PRIVATE KEY-----
diff --git a/tests/certs/Makefile.am b/tests/certs/Makefile.am
index 640d1f391..e21cdd5c4 100644
--- a/tests/certs/Makefile.am
+++ b/tests/certs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -30,7 +30,10 @@ CERTCONFIGS = \
   EdelCurlRoot-ca.cnf \
   Server-localhost-sv.prm \
   Server-localhost.nn-sv.prm \
-  Server-localhost0h-sv.prm
+  Server-localhost0h-sv.prm \
+  Server-localhost-firstSAN-sv.prm \
+  Server-localhost-lastSAN-sv.prm \
+  stunnel-sv.prm
 
 GENERATEDCERTS = \
   EdelCurlRoot-ca.cacert \
diff --git a/tests/certs/Server-localhost-firstSAN-sv.crl b/tests/certs/Server-localhost-firstSAN-sv.crl
index df7ecafde..1944a4a03 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.crl
+++ b/tests/certs/Server-localhost-firstSAN-sv.crl
@@ -1,17 +1,14 @@
 -----BEGIN X509 CRL-----
-MIICvzCCAacCAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
+MIICKDCCARACAQEwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
 BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
-BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjExMjUxMjMy
-NDZaFw0yMjEyMjUxMjMyNDZaMIH6MBcCBg8u0qPc0hcNMjIxMTI1MTIwMTI2WjAX
-AgYPLtKj3OQXDTIyMTEyNTEyMDEyNlowFwIGDy7So9z3Fw0yMjExMjUxMjAxMjZa
-MBcCBg8u0qPdCBcNMjIxMTI1MTIwMTI2WjAXAgYPLtKkBCoXDTIyMTEyNTEyMDEy
-N1owFwIGDy7SpAQ7Fw0yMjExMjUxMjAxMjdaMBcCBg8u08LBZhcNMjIxMTI1MTIz
-MjQ2WjAXAgYPLtPCwXwXDTIyMTEyNTEyMzI0NlowFwIGDy7TwsGSFw0yMjExMjUx
-MjMyNDZaMBcCBg8u08LBpxcNMjIxMTI1MTIzMjQ2WqAOMAwwCgYDVR0UBAMCAQEw
-DQYJKoZIhvcNAQEFBQADggEBAKZeOPSB0oQs+05aFuWakRmWcfIapiZGrWeHv5jZ
-xqU/wa/ksL8AZKZ8JvYXSjbQL8u2AvtokAkesciQ4GbRIwVjx7WlZeyZ9eaPUCVI
-+D4VhpOOF4lsH8WYO4Mu6GKC8IgGd0ilKvFXToFb00Uixnrwj7fpkWQBuKyDG5BN
-w3icWzw/SvtAuy1Tj9WBhXSI7uJt1pvnCSZp86FZHok72EUPtNAZMgOFkbm24cM0
-uKHS4nQ5etKfIB6RRrO+UnXkVqzBLc/ZuP4lYjcEwad46o+qdzQFeoD9q5hlsTbJ
-bVma+AeJWgQMBALHHtduNqBHL4D/pwnaGhtVrG8PvJR4Ngw=
+BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjEyMjMxMjIx
+MzhaFw0yMzAxMjIxMjIxMzhaMGQwFwIGDzR1USo8Fw0yMjEyMjMxMjIxMzZaMBcC
+Bg80dVFRYRcNMjIxMjIzMTIyMTM3WjAXAgYPNHVRUXUXDTIyMTIyMzEyMjEzN1ow
+FwIGDzR1UVGJFw0yMjEyMjMxMjIxMzhaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG
+9w0BAQsFAAOCAQEANTZwNcoHukPV2Wf9ykTUELJtpH3OCzinsOBm/h0LRWp06NAm
+0YJcStMclU7syd6izwPZPI9HT5tPQKHaxJDa8rZH4XRE8bSIAHQacj+22mcLV1EB
+5TdRRRHA6UvhebO8f6cf32SQIJ821LDW1FeFj3VvJqRfM6P9E0BNiCGvxJCFAE4K
++/uN5v/x12kKDl3+7wqh1q36qM99QRbNbWh+3ndxG5Gm8Zl2MWLstMLVDI0SjipZ
+mnMpQ0py5IdiStCY8iYiTk48QUqQ9Jki+bmjNwG05HQUVdUiwwtJhlYhyTpNIBE8
+MB+39cFiwpJ7YbFC8Quhppg/isJ2ZaBmTg7zpA==
 -----END X509 CRL-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.crt b/tests/certs/Server-localhost-firstSAN-sv.crt
index 081769624..6eadce2ca 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.crt
+++ b/tests/certs/Server-localhost-firstSAN-sv.crt
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668391 (0xf2ed3c2c1a7)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980979593 (0xf3475515189)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:38 2022 GMT
+            Not After : Mar 11 12:21:38 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,24 +18,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:cb:8b:5a:d0:7a:c1:40:03:23:e6:3c:45:44:ee:
-                    b9:c1:fd:09:5c:ef:24:77:4a:aa:14:42:aa:dc:05:
-                    a1:8d:03:9e:47:3a:7a:fe:e2:51:e3:05:ac:ad:62:
-                    74:87:bd:a9:a4:3b:ac:f0:c2:94:7d:1b:6d:ea:eb:
-                    4f:bf:3d:c7:91:92:b9:f5:32:b3:d8:a8:28:44:57:
-                    63:89:4a:14:f0:48:e4:9f:c2:4c:d7:47:fe:03:15:
-                    52:8f:0b:f2:01:0c:66:39:ef:19:c6:e0:ea:55:a4:
-                    33:43:f5:f4:2a:30:36:de:c6:db:3c:5d:6c:f9:c9:
-                    1f:5f:b8:0f:e3:e4:73:86:50:4b:57:17:4c:69:d8:
-                    a3:79:e6:d1:10:2f:d5:24:90:4b:7f:a6:2e:9d:c4:
-                    6c:f8:ad:82:46:57:8e:fe:45:ff:2a:b3:86:f0:38:
-                    e4:d7:ce:11:e8:f3:b5:81:7d:04:0d:33:ea:99:37:
-                    56:65:0a:7e:7e:1f:20:bf:93:8c:bc:52:6b:93:96:
-                    e4:53:f6:81:d0:03:7c:2a:b5:05:c5:39:04:48:db:
-                    4c:b4:e0:84:f9:5a:29:9c:72:ad:d9:7a:ae:a2:71:
-                    e7:40:6d:54:6f:c6:76:1d:73:9c:26:97:39:8c:97:
-                    c4:a1:e6:e5:26:df:1c:1f:50:fc:11:40:cc:5a:f5:
-                    03:77
+                    00:aa:14:6e:3d:82:1c:28:cd:8f:80:af:50:ed:17:
+                    97:6d:e6:a8:61:3e:ac:a8:ac:13:ce:99:eb:29:2c:
+                    49:73:f9:12:40:35:c4:79:84:0d:9e:b0:28:c4:9f:
+                    64:e3:c1:6d:2d:71:11:5d:4b:14:61:20:4b:18:a1:
+                    cb:21:6d:9e:78:1b:11:d2:83:1c:89:75:d5:77:3d:
+                    ca:c8:83:17:74:5c:44:b2:1f:ac:f3:8b:c5:6a:34:
+                    7a:86:ab:08:f5:3d:79:72:ab:36:48:23:de:2b:ba:
+                    4c:e0:ef:18:91:64:97:c6:09:92:ed:26:d2:a7:0d:
+                    a2:21:1f:34:06:c7:99:17:b2:50:96:b6:0f:9b:ed:
+                    45:ff:be:81:47:29:e5:f3:49:db:21:65:44:de:8d:
+                    2b:12:07:12:0d:59:cc:bb:4d:1a:33:c0:7a:7e:e5:
+                    5b:06:50:62:b2:7f:8f:5c:6d:91:cb:6a:5c:e3:e4:
+                    ae:b9:ab:0d:36:ef:0a:d5:6d:07:5b:25:58:20:0d:
+                    d2:4b:25:0f:e8:11:f5:ce:19:b1:29:c6:d3:49:d7:
+                    f2:4a:78:52:d2:c5:fc:4f:11:63:f1:4e:77:ae:0a:
+                    87:65:45:49:b6:ac:21:1b:c8:94:c1:0c:e7:13:e6:
+                    be:f3:ff:a2:bd:68:4c:c6:34:04:2b:fc:ff:c3:e8:
+                    23:57
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -45,59 +45,56 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                EA:00:0E:21:A0:51:6A:83:35:50:F0:A1:82:DF:21:1F:CB:60:10:F6
+                DB:7A:18:5E:83:AC:D3:48:C9:00:99:3C:EB:BF:A6:21:F0:39:80:CC
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         31:15:ee:12:39:5e:08:14:9e:85:8c:32:f9:92:a9:0f:fa:9d:
-         0d:fb:07:77:f3:92:5b:63:73:48:37:3a:c0:e9:e9:36:fd:be:
-         8f:9d:0d:d8:33:9a:e0:2f:5b:de:a0:55:62:f7:9f:be:60:a4:
-         98:dc:fe:2b:d6:84:3b:ef:6b:f2:a3:97:7e:14:6d:38:8f:41:
-         be:e1:72:b7:d5:5d:ff:73:0c:ef:76:69:cc:c8:50:ed:49:44:
-         9c:c4:dd:e5:02:1d:7e:17:b3:3a:79:39:0a:7a:94:a8:0d:3b:
-         17:c3:8a:7d:42:a6:e1:08:e5:09:51:e1:bf:6c:65:5b:e4:db:
-         49:78:de:0c:3a:38:23:38:13:13:98:14:a8:e0:e7:13:ce:07:
-         21:88:7f:08:b9:79:db:c7:90:89:2f:9a:1b:ed:5e:3b:84:a1:
-         a9:31:19:5c:a7:1e:5d:2b:33:07:36:67:4e:c4:06:0c:ed:0a:
-         f5:e8:c4:c8:e5:8b:b3:43:e1:4a:db:9d:77:a0:a6:7e:0d:ef:
-         e0:86:85:61:01:b0:7e:a0:24:2e:a6:a5:eb:c0:90:ab:e9:1a:
-         2f:32:9d:25:8e:40:90:55:87:e2:a4:67:70:77:4c:a3:39:72:
-         5b:fb:3d:20:81:3e:18:9e:5c:0e:a5:4f:0d:6e:e7:a3:8b:c1:
-         15:84:b5:1b
+    Signature Value:
+        75:0d:9b:eb:8a:df:ca:a7:7c:9d:9e:6a:eb:30:10:24:12:1b:
+        81:f6:cd:b0:a0:f8:de:10:f1:6e:b8:57:3a:3a:b0:a4:8c:1d:
+        c1:8f:95:22:e3:1f:8b:3a:21:89:e5:96:08:3d:83:33:37:66:
+        48:03:f7:98:dd:2f:6d:09:7a:82:26:c1:eb:16:b9:5e:5b:f5:
+        67:4c:a0:e7:93:e7:2e:d4:53:b8:77:5f:5e:6a:3a:d9:06:19:
+        ca:85:ca:7c:09:61:0d:08:8b:6a:b3:e2:03:8c:ea:b1:55:b2:
+        30:9b:aa:66:0e:6e:d7:0a:0a:22:ca:6d:8d:d8:53:a8:bc:df:
+        13:29:d3:b6:1e:9f:3e:a1:8d:f3:8c:48:bf:71:e9:4e:f4:76:
+        ed:77:97:3f:59:27:ca:bb:5b:7c:58:23:82:e7:b5:2d:39:02:
+        9f:52:07:2f:7b:17:6d:c8:af:90:f5:ed:81:99:a9:cf:80:fb:
+        eb:ba:9c:bc:9a:df:c5:04:78:2c:73:73:bf:95:23:cf:fb:c9:
+        3e:fa:5b:ee:02:39:8e:09:78:ca:89:08:fd:83:77:37:72:01:
+        6c:dd:fb:eb:70:20:df:87:28:b3:0f:a0:c5:b3:70:fb:5d:38:
+        72:23:46:7f:f5:d8:fc:b6:67:72:82:e5:ce:29:f5:b5:34:db:
+        a3:d5:fe:20
 -----BEGIN CERTIFICATE-----
-MIIEXzCCA0egAwIBAgIGDy7TwsGnMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIEXzCCA0egAwIBAgIGDzR1UVGJMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFcxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzhaFw0zMTAzMTExMjIxMzhaMFcxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDLi1rQesFAAyPmPEVE7rnB/Qlc7yR3SqoUQqrcBaGNA55HOnr+4lHj
-BaytYnSHvamkO6zwwpR9G23q60+/PceRkrn1MrPYqChEV2OJShTwSOSfwkzXR/4D
-FVKPC/IBDGY57xnG4OpVpDND9fQqMDbexts8XWz5yR9fuA/j5HOGUEtXF0xp2KN5
-5tEQL9UkkEt/pi6dxGz4rYJGV47+Rf8qs4bwOOTXzhHo87WBfQQNM+qZN1ZlCn5+
-HyC/k4y8UmuTluRT9oHQA3wqtQXFOQRI20y04IT5Wimccq3Zeq6icedAbVRvxnYd
-c5wmlzmMl8Sh5uUm3xwfUPwRQMxa9QN3AgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
+ggEKAoIBAQCqFG49ghwozY+Ar1DtF5dt5qhhPqyorBPOmespLElz+RJANcR5hA2e
+sCjEn2TjwW0tcRFdSxRhIEsYocshbZ54GxHSgxyJddV3PcrIgxd0XESyH6zzi8Vq
+NHqGqwj1PXlyqzZII94rukzg7xiRZJfGCZLtJtKnDaIhHzQGx5kXslCWtg+b7UX/
+voFHKeXzSdshZUTejSsSBxINWcy7TRozwHp+5VsGUGKyf49cbZHLalzj5K65qw02
+7wrVbQdbJVggDdJLJQ/oEfXOGbEpxtNJ1/JKeFLSxfxPEWPxTneuCodlRUm2rCEb
+yJTBDOcT5r7z/6K9aEzGNAQr/P/D6CNXAgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
 gglsb2NhbGhvc3SCCmxvY2FsaG9zdDGCCmxvY2FsaG9zdDIwCwYDVR0PBAQDAgOo
-MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTqAA4hoFFqgzVQ8KGC3yEf
-y2AQ9jAfBgNVHSMEGDAWgBRSQO7hT5VYKcqEZ4wPjMz+j6n6qDAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTbehheg6zTSMkAmTzrv6Yh
+8DmAzDAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj5StMTaSzbtJbqTAJBgNVHRMEAjAA
 MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYnaHR0cDovL3Rlc3QuY3VybC5z
 ZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly90
 ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOC
-AQEAMRXuEjleCBSehYwy+ZKpD/qdDfsHd/OSW2NzSDc6wOnpNv2+j50N2DOa4C9b
-3qBVYvefvmCkmNz+K9aEO+9r8qOXfhRtOI9BvuFyt9Vd/3MM73ZpzMhQ7UlEnMTd
-5QIdfhezOnk5CnqUqA07F8OKfUKm4QjlCVHhv2xlW+TbSXjeDDo4IzgTE5gUqODn
-E84HIYh/CLl528eQiS+aG+1eO4ShqTEZXKceXSszBzZnTsQGDO0K9ejEyOWLs0Ph
-Studd6Cmfg3v4IaFYQGwfqAkLqal68CQq+kaLzKdJY5AkFWH4qRncHdMozlyW/s9
-IIE+GJ5cDqVPDW7no4vBFYS1Gw==
+AQEAdQ2b64rfyqd8nZ5q6zAQJBIbgfbNsKD43hDxbrhXOjqwpIwdwY+VIuMfizoh
+ieWWCD2DMzdmSAP3mN0vbQl6gibB6xa5Xlv1Z0yg55PnLtRTuHdfXmo62QYZyoXK
+fAlhDQiLarPiA4zqsVWyMJuqZg5u1woKIsptjdhTqLzfEynTth6fPqGN84xIv3Hp
+TvR27XeXP1knyrtbfFgjgue1LTkCn1IHL3sXbcivkPXtgZmpz4D767qcvJrfxQR4
+LHNzv5Ujz/vJPvpb7gI5jgl4yokI/YN3N3IBbN3763Ag34cosw+gxbNw+104ciNG
+f/XY/LZncoLlzin1tTTbo9X+IA==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.csr b/tests/certs/Server-localhost-firstSAN-sv.csr
index 346219aa3..031639c5a 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.csr
+++ b/tests/certs/Server-localhost-firstSAN-sv.csr
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
 cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z
-dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMuLWtB6wUADI+Y8
-RUTuucH9CVzvJHdKqhRCqtwFoY0Dnkc6ev7iUeMFrK1idIe9qaQ7rPDClH0bberr
-T789x5GSufUys9ioKERXY4lKFPBI5J/CTNdH/gMVUo8L8gEMZjnvGcbg6lWkM0P1
-9CowNt7G2zxdbPnJH1+4D+Pkc4ZQS1cXTGnYo3nm0RAv1SSQS3+mLp3EbPitgkZX
-jv5F/yqzhvA45NfOEejztYF9BA0z6pk3VmUKfn4fIL+TjLxSa5OW5FP2gdADfCq1
-BcU5BEjbTLTghPlaKZxyrdl6rqJx50BtVG/Gdh1znCaXOYyXxKHm5SbfHB9Q/BFA
-zFr1A3cCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCwCCJVirlUk/g718nM0XMG
-QZ/j5uKefnQ0oF9ZSn02GHkF51gRFBUeVdaYsXRVUkkOAvmXwNHw5BkoTLAPC+wP
-NG7HwlHiKP2xJxqAB1qM/JKaxlB2cNBYTPBhDLLDFV36lBW/ApQOyhxLtG8WCKj3
-zDFjnwOcK+Jf/DMh/7yuJ8e9fz7xHEmc2Kync/L3EoJ7/js3cRSdDgAeRPI9zFNs
-VjqhuPz7a448PWiP0DQXrkbcLd/G7nSZR1jen40GaU+H2ztun4zKooEsSOsUZ5Ca
-piZ+sok3sg/uvZCyWFyzVfZ0rP7MS8VG8ilVx6AGZdkFHjtBxUCYR8RuchfGpdjf
+dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoUbj2CHCjNj4Cv
+UO0Xl23mqGE+rKisE86Z6yksSXP5EkA1xHmEDZ6wKMSfZOPBbS1xEV1LFGEgSxih
+yyFtnngbEdKDHIl11Xc9ysiDF3RcRLIfrPOLxWo0eoarCPU9eXKrNkgj3iu6TODv
+GJFkl8YJku0m0qcNoiEfNAbHmReyUJa2D5vtRf++gUcp5fNJ2yFlRN6NKxIHEg1Z
+zLtNGjPAen7lWwZQYrJ/j1xtkctqXOPkrrmrDTbvCtVtB1slWCAN0kslD+gR9c4Z
+sSnG00nX8kp4UtLF/E8RY/FOd64Kh2VFSbasIRvIlMEM5xPmvvP/or1oTMY0BCv8
+/8PoI1cCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBRfTSEtMHj/52TYk5kUHlY
+gTBoePcTVfRCBRfqlGGDAokBrvXq/dFU+5Z/CyulXWnqPji+qw6GDG8KPX0oA6wj
+4Yi2z0Dy4BYaRO4PWTGPZ6zsSXAtv0CVtf995O8Ko8axhYQhjDb54G8oMOr5XOHz
+GV4LolrlsgxNM0m/KJ2FPVnnfN78qbRO8DpqjFwDOS+ZCIHh+59X34Jyi1HCse+Y
+XJ4/YIV5Aw5rGabRproxESwV01Eq4HsXEKP9TtdNDFMkrObWisb7g2M40i4QTR9/
+BNCt3d5vcnAxi2rf+CEvHQDGROZ0tTOZ20HowBA4ahMbYsfC9U+pFkq08auaoe6n
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.der b/tests/certs/Server-localhost-firstSAN-sv.der
index af040ce6d..2c17c0f93 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.der
+++ b/tests/certs/Server-localhost-firstSAN-sv.der
diff --git a/tests/certs/Server-localhost-firstSAN-sv.key b/tests/certs/Server-localhost-firstSAN-sv.key
index 49b8d9e69..0b6bbaa90 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.key
+++ b/tests/certs/Server-localhost-firstSAN-sv.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAy4ta0HrBQAMj5jxFRO65wf0JXO8kd0qqFEKq3AWhjQOeRzp6
-/uJR4wWsrWJ0h72ppDus8MKUfRtt6utPvz3HkZK59TKz2KgoRFdjiUoU8Ejkn8JM
-10f+AxVSjwvyAQxmOe8ZxuDqVaQzQ/X0KjA23sbbPF1s+ckfX7gP4+RzhlBLVxdM
-adijeebREC/VJJBLf6YuncRs+K2CRleO/kX/KrOG8Djk184R6PO1gX0EDTPqmTdW
-ZQp+fh8gv5OMvFJrk5bkU/aB0AN8KrUFxTkESNtMtOCE+VopnHKt2XquonHnQG1U
-b8Z2HXOcJpc5jJfEoeblJt8cH1D8EUDMWvUDdwIDAQABAoIBACFvEYq/LzEhkusF
-qWcqQ27+7mPKkFXb+NX9IW2kqyWrm3sduwhVCphc3UFZs8R8PfpRJxYhEB0AvWxi
-HKZQMpDR5iPFoU8MSBj5tcreVVQm1Q787nxKQgolnXsLvkO30q7ffH9zgGpy30zh
-gKrRYqHzTh27RuQ8yh+B73JCm0tLaCSDVZQg342YMWzRI4bobaCVQYnQUzfQQ2c5
-ZP82CNKYvncbA92HtM53u1VnWss9Ov0OM8NtLtQPk0Tgn4gVKJ87WN/GWSRuchD1
-ROrLZH0oLBlrXFYKioHvK79qMg3Hg3pbDcJgJqs+d2BfhQXbky5XBrfCi9RVbZZS
-TsL22xkCgYEA59T91kPmDRiZeBZ1SFduMOe/ApD6UX6A2jkK64FAH0CF9yF9di0O
-OS6RxbHWBHqBDEMc4RwSDcuWCV2a2lm9kVrJ85CaGutL/ti2VRlqKpAxQAUG4vUV
-KapDOF6iGPpFs0TxdWCtB/8q0mrIG6EhakqpMeKsUwZSdfhsRJzogcMCgYEA4MNw
-C41DqeSaEFlKS+0eklRMDBZB6gKLs/pyLuaPrvV78RMREUpsdpSnSUVsEJwXbpVt
-UI112px1FXgvbjBXDaBqAoxZybtG1APwPABLMYHDNBny8QHAbsbjZEvVMlNDBsc5
-kVtj4v3L7JmdYcHhGpYo9kkjdOqjruMQesaACD0CgYEAzrdfw991UTYfGjJET8YN
-7jOmYR5u5Z28PVlhwE7Wo0dAbPUCzw4rwZchyjrhT8sAKLPrG1qRSpW+6gj6HDqq
-yuI+cxz8HIa0k8AfDNCFlwBNuf0Bf/vy69zy5V+UgFshLVGLUBNtFlVTlJ48Yk6R
-4hpCtcWdzMY1XxWtTJzwwUsCgYBnDFOviCnQl7Wm7zkoDGPq1Ok01XOM9XPVpWp6
-ZEzV+0jC42n80nFeAJOd/U0pZFc95RaESwcQnpDzsfGVBGa1IanY1z5HRiyYAeI/
-sCbJYOP9XDRNGO+AGoGgtz/c3d2qGuci5JKsPI4lQNyuODSbeuL239t4vCclhIdG
-swF6RQKBgFk5Exn8SnfNvjJl9XCEl25dFMilM6coJURXo5CiXmcN6rjzsgy033WU
-S5cbifZXcBuwKplxMXoHXVgp7e+XGo35siJEjIYIzcRIGMouIx9u3zL0hOYHE6wP
-6OD0sr/Zbg8+0Hqm200WdqV79WsDx8GX3MlJ+/Dv4tyxGpt7S5Wh
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqFG49ghwozY+A
+r1DtF5dt5qhhPqyorBPOmespLElz+RJANcR5hA2esCjEn2TjwW0tcRFdSxRhIEsY
+ocshbZ54GxHSgxyJddV3PcrIgxd0XESyH6zzi8VqNHqGqwj1PXlyqzZII94rukzg
+7xiRZJfGCZLtJtKnDaIhHzQGx5kXslCWtg+b7UX/voFHKeXzSdshZUTejSsSBxIN
+Wcy7TRozwHp+5VsGUGKyf49cbZHLalzj5K65qw027wrVbQdbJVggDdJLJQ/oEfXO
+GbEpxtNJ1/JKeFLSxfxPEWPxTneuCodlRUm2rCEbyJTBDOcT5r7z/6K9aEzGNAQr
+/P/D6CNXAgMBAAECggEABTfYrgT/xHXbOkOmuvieLp5ODH7joPLldvX3+FpqxxSL
+EhdB7qNaaVYftYLrkaVNvKS/3BDBfk+nwr+Qmy4X8wH5m0sdpSqWfDDLAPAss53y
+zi8ZLcBJ6v3TMa5AQolfBPPFzrfzAA8GNao3IuSLoK5BqMFMmhjr+8kGS8CrGn0c
+PaMd+zNUaCo0ml7dsO+14qjeLSSzKaYl7mOHeEq02B3UDa5twvkyVQiCHV7CThF0
+0oxJ+DOFzBefPB8pIurh6X0WwaDumEQVnEaaaOWEa1IayscTSrkLcNwkZC55/23M
+k9qaR/qGnfUSpu34NTlyy7ifbJOeHp+rZDEFKgBoWQKBgQDalQKzRAjpXn9sSBQS
+aTvP293zxP5ueJnv0TmViUfadDDPZ/VX6W0n7mGuOmNKaWnjM1rvMGpqo6e65eir
+obuUe7GfJAqexUK6VDFOIzFSBqWpquyjjHWa6C4zgL+BVDGItIhQI/6wYsQ0HgLV
+R/n3nqCcYAc/a131GDGdfshbwwKBgQDHMePvhNBZo3p1vUG5l3HiTQRmeDmhlOmT
+qU5XRBPDnh5Hdkq3G34QVwaLEDapyQOnbrylVlE0a+uaB+llzw4GrFOVcRi0K8M5
+wcwI8sSgfoOyv6WKH5780I9T1EiNBDmS5XFr+dkI16+GO1LJdI5JuMoio+0WBKHk
+m3He1rik3QKBgQC1ds/vE6RyWclfk9dWEZdeUSJKpli0Tds+hWxRAM9uRNfg2GWO
+vnOomvbtNfwIYstNm+z6di9iqMsvFn+7PWIFO0uS2tEWTp2/IvZr8DuZ5XrTCNu8
+S3e3StpQV6qlK8iTvY0NO1TOCrDos6GWf1K+iCq+p9pchD5Uo+lM31xnEQKBgHSL
++0pkEiewX/FNp4v4UTjQSTfPNiEVaMjtsZmbiljVRfAYBUU3f739vSVWejVDGLE5
+OIUgiOi8ECCSanwX9qPu5gS1JHgedt5vRnsh1+vzugi22xuCvto7CPFKbpybkTgi
+qQc9K0BiOh+2zAx09t+pkBNOiGRul26TiL+SMHy9AoGABbo9jk6Je4fcLmB9YtHT
+O8L+e2S88r/KuXGrqECD5c/FZL33oTrP9pzvL4Be2W8489DM2UMMD4w0uiUIq/Iu
+5Hp/Lsj8ha2OHoU2TbFaNFoS3fvaOz9zQ0GySjpMngZOKIoYtR9R4ZNI/hlmhAqq
+usJ3GDPcvFSsedJr8gP52QU=
+-----END PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.pem b/tests/certs/Server-localhost-firstSAN-sv.pem
index f96d2fbe2..3751e7b60 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.pem
+++ b/tests/certs/Server-localhost-firstSAN-sv.pem
@@ -37,45 +37,46 @@ commonName_value              = localhost.nn
 # The key
 # the certificate
 # some dhparam
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAy4ta0HrBQAMj5jxFRO65wf0JXO8kd0qqFEKq3AWhjQOeRzp6
-/uJR4wWsrWJ0h72ppDus8MKUfRtt6utPvz3HkZK59TKz2KgoRFdjiUoU8Ejkn8JM
-10f+AxVSjwvyAQxmOe8ZxuDqVaQzQ/X0KjA23sbbPF1s+ckfX7gP4+RzhlBLVxdM
-adijeebREC/VJJBLf6YuncRs+K2CRleO/kX/KrOG8Djk184R6PO1gX0EDTPqmTdW
-ZQp+fh8gv5OMvFJrk5bkU/aB0AN8KrUFxTkESNtMtOCE+VopnHKt2XquonHnQG1U
-b8Z2HXOcJpc5jJfEoeblJt8cH1D8EUDMWvUDdwIDAQABAoIBACFvEYq/LzEhkusF
-qWcqQ27+7mPKkFXb+NX9IW2kqyWrm3sduwhVCphc3UFZs8R8PfpRJxYhEB0AvWxi
-HKZQMpDR5iPFoU8MSBj5tcreVVQm1Q787nxKQgolnXsLvkO30q7ffH9zgGpy30zh
-gKrRYqHzTh27RuQ8yh+B73JCm0tLaCSDVZQg342YMWzRI4bobaCVQYnQUzfQQ2c5
-ZP82CNKYvncbA92HtM53u1VnWss9Ov0OM8NtLtQPk0Tgn4gVKJ87WN/GWSRuchD1
-ROrLZH0oLBlrXFYKioHvK79qMg3Hg3pbDcJgJqs+d2BfhQXbky5XBrfCi9RVbZZS
-TsL22xkCgYEA59T91kPmDRiZeBZ1SFduMOe/ApD6UX6A2jkK64FAH0CF9yF9di0O
-OS6RxbHWBHqBDEMc4RwSDcuWCV2a2lm9kVrJ85CaGutL/ti2VRlqKpAxQAUG4vUV
-KapDOF6iGPpFs0TxdWCtB/8q0mrIG6EhakqpMeKsUwZSdfhsRJzogcMCgYEA4MNw
-C41DqeSaEFlKS+0eklRMDBZB6gKLs/pyLuaPrvV78RMREUpsdpSnSUVsEJwXbpVt
-UI112px1FXgvbjBXDaBqAoxZybtG1APwPABLMYHDNBny8QHAbsbjZEvVMlNDBsc5
-kVtj4v3L7JmdYcHhGpYo9kkjdOqjruMQesaACD0CgYEAzrdfw991UTYfGjJET8YN
-7jOmYR5u5Z28PVlhwE7Wo0dAbPUCzw4rwZchyjrhT8sAKLPrG1qRSpW+6gj6HDqq
-yuI+cxz8HIa0k8AfDNCFlwBNuf0Bf/vy69zy5V+UgFshLVGLUBNtFlVTlJ48Yk6R
-4hpCtcWdzMY1XxWtTJzwwUsCgYBnDFOviCnQl7Wm7zkoDGPq1Ok01XOM9XPVpWp6
-ZEzV+0jC42n80nFeAJOd/U0pZFc95RaESwcQnpDzsfGVBGa1IanY1z5HRiyYAeI/
-sCbJYOP9XDRNGO+AGoGgtz/c3d2qGuci5JKsPI4lQNyuODSbeuL239t4vCclhIdG
-swF6RQKBgFk5Exn8SnfNvjJl9XCEl25dFMilM6coJURXo5CiXmcN6rjzsgy033WU
-S5cbifZXcBuwKplxMXoHXVgp7e+XGo35siJEjIYIzcRIGMouIx9u3zL0hOYHE6wP
-6OD0sr/Zbg8+0Hqm200WdqV79WsDx8GX3MlJ+/Dv4tyxGpt7S5Wh
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqFG49ghwozY+A
+r1DtF5dt5qhhPqyorBPOmespLElz+RJANcR5hA2esCjEn2TjwW0tcRFdSxRhIEsY
+ocshbZ54GxHSgxyJddV3PcrIgxd0XESyH6zzi8VqNHqGqwj1PXlyqzZII94rukzg
+7xiRZJfGCZLtJtKnDaIhHzQGx5kXslCWtg+b7UX/voFHKeXzSdshZUTejSsSBxIN
+Wcy7TRozwHp+5VsGUGKyf49cbZHLalzj5K65qw027wrVbQdbJVggDdJLJQ/oEfXO
+GbEpxtNJ1/JKeFLSxfxPEWPxTneuCodlRUm2rCEbyJTBDOcT5r7z/6K9aEzGNAQr
+/P/D6CNXAgMBAAECggEABTfYrgT/xHXbOkOmuvieLp5ODH7joPLldvX3+FpqxxSL
+EhdB7qNaaVYftYLrkaVNvKS/3BDBfk+nwr+Qmy4X8wH5m0sdpSqWfDDLAPAss53y
+zi8ZLcBJ6v3TMa5AQolfBPPFzrfzAA8GNao3IuSLoK5BqMFMmhjr+8kGS8CrGn0c
+PaMd+zNUaCo0ml7dsO+14qjeLSSzKaYl7mOHeEq02B3UDa5twvkyVQiCHV7CThF0
+0oxJ+DOFzBefPB8pIurh6X0WwaDumEQVnEaaaOWEa1IayscTSrkLcNwkZC55/23M
+k9qaR/qGnfUSpu34NTlyy7ifbJOeHp+rZDEFKgBoWQKBgQDalQKzRAjpXn9sSBQS
+aTvP293zxP5ueJnv0TmViUfadDDPZ/VX6W0n7mGuOmNKaWnjM1rvMGpqo6e65eir
+obuUe7GfJAqexUK6VDFOIzFSBqWpquyjjHWa6C4zgL+BVDGItIhQI/6wYsQ0HgLV
+R/n3nqCcYAc/a131GDGdfshbwwKBgQDHMePvhNBZo3p1vUG5l3HiTQRmeDmhlOmT
+qU5XRBPDnh5Hdkq3G34QVwaLEDapyQOnbrylVlE0a+uaB+llzw4GrFOVcRi0K8M5
+wcwI8sSgfoOyv6WKH5780I9T1EiNBDmS5XFr+dkI16+GO1LJdI5JuMoio+0WBKHk
+m3He1rik3QKBgQC1ds/vE6RyWclfk9dWEZdeUSJKpli0Tds+hWxRAM9uRNfg2GWO
+vnOomvbtNfwIYstNm+z6di9iqMsvFn+7PWIFO0uS2tEWTp2/IvZr8DuZ5XrTCNu8
+S3e3StpQV6qlK8iTvY0NO1TOCrDos6GWf1K+iCq+p9pchD5Uo+lM31xnEQKBgHSL
++0pkEiewX/FNp4v4UTjQSTfPNiEVaMjtsZmbiljVRfAYBUU3f739vSVWejVDGLE5
+OIUgiOi8ECCSanwX9qPu5gS1JHgedt5vRnsh1+vzugi22xuCvto7CPFKbpybkTgi
+qQc9K0BiOh+2zAx09t+pkBNOiGRul26TiL+SMHy9AoGABbo9jk6Je4fcLmB9YtHT
+O8L+e2S88r/KuXGrqECD5c/FZL33oTrP9pzvL4Be2W8489DM2UMMD4w0uiUIq/Iu
+5Hp/Lsj8ha2OHoU2TbFaNFoS3fvaOz9zQ0GySjpMngZOKIoYtR9R4ZNI/hlmhAqq
+usJ3GDPcvFSsedJr8gP52QU=
+-----END PRIVATE KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668391 (0xf2ed3c2c1a7)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980979593 (0xf3475515189)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:38 2022 GMT
+            Not After : Mar 11 12:21:38 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -84,24 +85,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:cb:8b:5a:d0:7a:c1:40:03:23:e6:3c:45:44:ee:
-                    b9:c1:fd:09:5c:ef:24:77:4a:aa:14:42:aa:dc:05:
-                    a1:8d:03:9e:47:3a:7a:fe:e2:51:e3:05:ac:ad:62:
-                    74:87:bd:a9:a4:3b:ac:f0:c2:94:7d:1b:6d:ea:eb:
-                    4f:bf:3d:c7:91:92:b9:f5:32:b3:d8:a8:28:44:57:
-                    63:89:4a:14:f0:48:e4:9f:c2:4c:d7:47:fe:03:15:
-                    52:8f:0b:f2:01:0c:66:39:ef:19:c6:e0:ea:55:a4:
-                    33:43:f5:f4:2a:30:36:de:c6:db:3c:5d:6c:f9:c9:
-                    1f:5f:b8:0f:e3:e4:73:86:50:4b:57:17:4c:69:d8:
-                    a3:79:e6:d1:10:2f:d5:24:90:4b:7f:a6:2e:9d:c4:
-                    6c:f8:ad:82:46:57:8e:fe:45:ff:2a:b3:86:f0:38:
-                    e4:d7:ce:11:e8:f3:b5:81:7d:04:0d:33:ea:99:37:
-                    56:65:0a:7e:7e:1f:20:bf:93:8c:bc:52:6b:93:96:
-                    e4:53:f6:81:d0:03:7c:2a:b5:05:c5:39:04:48:db:
-                    4c:b4:e0:84:f9:5a:29:9c:72:ad:d9:7a:ae:a2:71:
-                    e7:40:6d:54:6f:c6:76:1d:73:9c:26:97:39:8c:97:
-                    c4:a1:e6:e5:26:df:1c:1f:50:fc:11:40:cc:5a:f5:
-                    03:77
+                    00:aa:14:6e:3d:82:1c:28:cd:8f:80:af:50:ed:17:
+                    97:6d:e6:a8:61:3e:ac:a8:ac:13:ce:99:eb:29:2c:
+                    49:73:f9:12:40:35:c4:79:84:0d:9e:b0:28:c4:9f:
+                    64:e3:c1:6d:2d:71:11:5d:4b:14:61:20:4b:18:a1:
+                    cb:21:6d:9e:78:1b:11:d2:83:1c:89:75:d5:77:3d:
+                    ca:c8:83:17:74:5c:44:b2:1f:ac:f3:8b:c5:6a:34:
+                    7a:86:ab:08:f5:3d:79:72:ab:36:48:23:de:2b:ba:
+                    4c:e0:ef:18:91:64:97:c6:09:92:ed:26:d2:a7:0d:
+                    a2:21:1f:34:06:c7:99:17:b2:50:96:b6:0f:9b:ed:
+                    45:ff:be:81:47:29:e5:f3:49:db:21:65:44:de:8d:
+                    2b:12:07:12:0d:59:cc:bb:4d:1a:33:c0:7a:7e:e5:
+                    5b:06:50:62:b2:7f:8f:5c:6d:91:cb:6a:5c:e3:e4:
+                    ae:b9:ab:0d:36:ef:0a:d5:6d:07:5b:25:58:20:0d:
+                    d2:4b:25:0f:e8:11:f5:ce:19:b1:29:c6:d3:49:d7:
+                    f2:4a:78:52:d2:c5:fc:4f:11:63:f1:4e:77:ae:0a:
+                    87:65:45:49:b6:ac:21:1b:c8:94:c1:0c:e7:13:e6:
+                    be:f3:ff:a2:bd:68:4c:c6:34:04:2b:fc:ff:c3:e8:
+                    23:57
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -111,59 +112,56 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                EA:00:0E:21:A0:51:6A:83:35:50:F0:A1:82:DF:21:1F:CB:60:10:F6
+                DB:7A:18:5E:83:AC:D3:48:C9:00:99:3C:EB:BF:A6:21:F0:39:80:CC
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         31:15:ee:12:39:5e:08:14:9e:85:8c:32:f9:92:a9:0f:fa:9d:
-         0d:fb:07:77:f3:92:5b:63:73:48:37:3a:c0:e9:e9:36:fd:be:
-         8f:9d:0d:d8:33:9a:e0:2f:5b:de:a0:55:62:f7:9f:be:60:a4:
-         98:dc:fe:2b:d6:84:3b:ef:6b:f2:a3:97:7e:14:6d:38:8f:41:
-         be:e1:72:b7:d5:5d:ff:73:0c:ef:76:69:cc:c8:50:ed:49:44:
-         9c:c4:dd:e5:02:1d:7e:17:b3:3a:79:39:0a:7a:94:a8:0d:3b:
-         17:c3:8a:7d:42:a6:e1:08:e5:09:51:e1:bf:6c:65:5b:e4:db:
-         49:78:de:0c:3a:38:23:38:13:13:98:14:a8:e0:e7:13:ce:07:
-         21:88:7f:08:b9:79:db:c7:90:89:2f:9a:1b:ed:5e:3b:84:a1:
-         a9:31:19:5c:a7:1e:5d:2b:33:07:36:67:4e:c4:06:0c:ed:0a:
-         f5:e8:c4:c8:e5:8b:b3:43:e1:4a:db:9d:77:a0:a6:7e:0d:ef:
-         e0:86:85:61:01:b0:7e:a0:24:2e:a6:a5:eb:c0:90:ab:e9:1a:
-         2f:32:9d:25:8e:40:90:55:87:e2:a4:67:70:77:4c:a3:39:72:
-         5b:fb:3d:20:81:3e:18:9e:5c:0e:a5:4f:0d:6e:e7:a3:8b:c1:
-         15:84:b5:1b
+    Signature Value:
+        75:0d:9b:eb:8a:df:ca:a7:7c:9d:9e:6a:eb:30:10:24:12:1b:
+        81:f6:cd:b0:a0:f8:de:10:f1:6e:b8:57:3a:3a:b0:a4:8c:1d:
+        c1:8f:95:22:e3:1f:8b:3a:21:89:e5:96:08:3d:83:33:37:66:
+        48:03:f7:98:dd:2f:6d:09:7a:82:26:c1:eb:16:b9:5e:5b:f5:
+        67:4c:a0:e7:93:e7:2e:d4:53:b8:77:5f:5e:6a:3a:d9:06:19:
+        ca:85:ca:7c:09:61:0d:08:8b:6a:b3:e2:03:8c:ea:b1:55:b2:
+        30:9b:aa:66:0e:6e:d7:0a:0a:22:ca:6d:8d:d8:53:a8:bc:df:
+        13:29:d3:b6:1e:9f:3e:a1:8d:f3:8c:48:bf:71:e9:4e:f4:76:
+        ed:77:97:3f:59:27:ca:bb:5b:7c:58:23:82:e7:b5:2d:39:02:
+        9f:52:07:2f:7b:17:6d:c8:af:90:f5:ed:81:99:a9:cf:80:fb:
+        eb:ba:9c:bc:9a:df:c5:04:78:2c:73:73:bf:95:23:cf:fb:c9:
+        3e:fa:5b:ee:02:39:8e:09:78:ca:89:08:fd:83:77:37:72:01:
+        6c:dd:fb:eb:70:20:df:87:28:b3:0f:a0:c5:b3:70:fb:5d:38:
+        72:23:46:7f:f5:d8:fc:b6:67:72:82:e5:ce:29:f5:b5:34:db:
+        a3:d5:fe:20
 -----BEGIN CERTIFICATE-----
-MIIEXzCCA0egAwIBAgIGDy7TwsGnMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIEXzCCA0egAwIBAgIGDzR1UVGJMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFcxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzhaFw0zMTAzMTExMjIxMzhaMFcxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDLi1rQesFAAyPmPEVE7rnB/Qlc7yR3SqoUQqrcBaGNA55HOnr+4lHj
-BaytYnSHvamkO6zwwpR9G23q60+/PceRkrn1MrPYqChEV2OJShTwSOSfwkzXR/4D
-FVKPC/IBDGY57xnG4OpVpDND9fQqMDbexts8XWz5yR9fuA/j5HOGUEtXF0xp2KN5
-5tEQL9UkkEt/pi6dxGz4rYJGV47+Rf8qs4bwOOTXzhHo87WBfQQNM+qZN1ZlCn5+
-HyC/k4y8UmuTluRT9oHQA3wqtQXFOQRI20y04IT5Wimccq3Zeq6icedAbVRvxnYd
-c5wmlzmMl8Sh5uUm3xwfUPwRQMxa9QN3AgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
+ggEKAoIBAQCqFG49ghwozY+Ar1DtF5dt5qhhPqyorBPOmespLElz+RJANcR5hA2e
+sCjEn2TjwW0tcRFdSxRhIEsYocshbZ54GxHSgxyJddV3PcrIgxd0XESyH6zzi8Vq
+NHqGqwj1PXlyqzZII94rukzg7xiRZJfGCZLtJtKnDaIhHzQGx5kXslCWtg+b7UX/
+voFHKeXzSdshZUTejSsSBxINWcy7TRozwHp+5VsGUGKyf49cbZHLalzj5K65qw02
+7wrVbQdbJVggDdJLJQ/oEfXOGbEpxtNJ1/JKeFLSxfxPEWPxTneuCodlRUm2rCEb
+yJTBDOcT5r7z/6K9aEzGNAQr/P/D6CNXAgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
 gglsb2NhbGhvc3SCCmxvY2FsaG9zdDGCCmxvY2FsaG9zdDIwCwYDVR0PBAQDAgOo
-MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTqAA4hoFFqgzVQ8KGC3yEf
-y2AQ9jAfBgNVHSMEGDAWgBRSQO7hT5VYKcqEZ4wPjMz+j6n6qDAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTbehheg6zTSMkAmTzrv6Yh
+8DmAzDAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj5StMTaSzbtJbqTAJBgNVHRMEAjAA
 MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYnaHR0cDovL3Rlc3QuY3VybC5z
 ZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly90
 ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOC
-AQEAMRXuEjleCBSehYwy+ZKpD/qdDfsHd/OSW2NzSDc6wOnpNv2+j50N2DOa4C9b
-3qBVYvefvmCkmNz+K9aEO+9r8qOXfhRtOI9BvuFyt9Vd/3MM73ZpzMhQ7UlEnMTd
-5QIdfhezOnk5CnqUqA07F8OKfUKm4QjlCVHhv2xlW+TbSXjeDDo4IzgTE5gUqODn
-E84HIYh/CLl528eQiS+aG+1eO4ShqTEZXKceXSszBzZnTsQGDO0K9ejEyOWLs0Ph
-Studd6Cmfg3v4IaFYQGwfqAkLqal68CQq+kaLzKdJY5AkFWH4qRncHdMozlyW/s9
-IIE+GJ5cDqVPDW7no4vBFYS1Gw==
+AQEAdQ2b64rfyqd8nZ5q6zAQJBIbgfbNsKD43hDxbrhXOjqwpIwdwY+VIuMfizoh
+ieWWCD2DMzdmSAP3mN0vbQl6gibB6xa5Xlv1Z0yg55PnLtRTuHdfXmo62QYZyoXK
+fAlhDQiLarPiA4zqsVWyMJuqZg5u1woKIsptjdhTqLzfEynTth6fPqGN84xIv3Hp
+TvR27XeXP1knyrtbfFgjgue1LTkCn1IHL3sXbcivkPXtgZmpz4D767qcvJrfxQR4
+LHNzv5Ujz/vJPvpb7gI5jgl4yokI/YN3N3IBbN3763Ag34cosw+gxbNw+104ciNG
+f/XY/LZncoLlzin1tTTbo9X+IA==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.pub.der b/tests/certs/Server-localhost-firstSAN-sv.pub.der
index 6fa1b0c14..0bb787737 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.pub.der
+++ b/tests/certs/Server-localhost-firstSAN-sv.pub.der
diff --git a/tests/certs/Server-localhost-firstSAN-sv.pub.pem b/tests/certs/Server-localhost-firstSAN-sv.pub.pem
index 241eb65b5..4bc6c6936 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.pub.pem
+++ b/tests/certs/Server-localhost-firstSAN-sv.pub.pem
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4ta0HrBQAMj5jxFRO65
-wf0JXO8kd0qqFEKq3AWhjQOeRzp6/uJR4wWsrWJ0h72ppDus8MKUfRtt6utPvz3H
-kZK59TKz2KgoRFdjiUoU8Ejkn8JM10f+AxVSjwvyAQxmOe8ZxuDqVaQzQ/X0KjA2
-3sbbPF1s+ckfX7gP4+RzhlBLVxdMadijeebREC/VJJBLf6YuncRs+K2CRleO/kX/
-KrOG8Djk184R6PO1gX0EDTPqmTdWZQp+fh8gv5OMvFJrk5bkU/aB0AN8KrUFxTkE
-SNtMtOCE+VopnHKt2XquonHnQG1Ub8Z2HXOcJpc5jJfEoeblJt8cH1D8EUDMWvUD
-dwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhRuPYIcKM2PgK9Q7ReX
+beaoYT6sqKwTzpnrKSxJc/kSQDXEeYQNnrAoxJ9k48FtLXERXUsUYSBLGKHLIW2e
+eBsR0oMciXXVdz3KyIMXdFxEsh+s84vFajR6hqsI9T15cqs2SCPeK7pM4O8YkWSX
+xgmS7SbSpw2iIR80BseZF7JQlrYPm+1F/76BRynl80nbIWVE3o0rEgcSDVnMu00a
+M8B6fuVbBlBisn+PXG2Ry2pc4+SuuasNNu8K1W0HWyVYIA3SSyUP6BH1zhmxKcbT
+SdfySnhS0sX8TxFj8U53rgqHZUVJtqwhG8iUwQznE+a+8/+ivWhMxjQEK/z/w+gj
+VwIDAQAB
 -----END PUBLIC KEY-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.pubkey-pinned b/tests/certs/Server-localhost-firstSAN-sv.pubkey-pinned
index 448ab8ebd..892077d8e 100644
--- a/tests/certs/Server-localhost-firstSAN-sv.pubkey-pinned
+++ b/tests/certs/Server-localhost-firstSAN-sv.pubkey-pinned
@@ -1 +1 @@
-oJS9QMxcK/CpyjyXd39IA4UI/Cjvwel58zbB7285mCA=
++V1rGPoCoOLZjthRz6LwtLV9Z/6Gds5LH3j8KUrCIwc=
diff --git a/tests/certs/Server-localhost-lastSAN-sv.crl b/tests/certs/Server-localhost-lastSAN-sv.crl
index 5b5b65350..e47a90cfd 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.crl
+++ b/tests/certs/Server-localhost-lastSAN-sv.crl
@@ -1,18 +1,15 @@
 -----BEGIN X509 CRL-----
-MIIC2TCCAcECAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
+MIICQTCCASkCAQEwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
 BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
-BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjExMjUxMjMy
-NDZaFw0yMjEyMjUxMjMyNDZaMIIBEzAXAgYPLtKj3NIXDTIyMTEyNTEyMDEyNlow
-FwIGDy7So9zkFw0yMjExMjUxMjAxMjZaMBcCBg8u0qPc9xcNMjIxMTI1MTIwMTI2
-WjAXAgYPLtKj3QgXDTIyMTEyNTEyMDEyNlowFwIGDy7SpAQqFw0yMjExMjUxMjAx
-MjdaMBcCBg8u0qQEOxcNMjIxMTI1MTIwMTI3WjAXAgYPLtPCwWYXDTIyMTEyNTEy
-MzI0NlowFwIGDy7TwsF8Fw0yMjExMjUxMjMyNDZaMBcCBg8u08LBkhcNMjIxMTI1
-MTIzMjQ2WjAXAgYPLtPCwacXDTIyMTEyNTEyMzI0NlowFwIGDy7TwsG8Fw0yMjEx
-MjUxMjMyNDZaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOCAQEA4GkA
-COd+Hvr1zIEuD4yWmNoukrFOVko6NycrYRZbmDotYZ0q6begZbd+rxG4kddWvZyQ
-k5CZ6amg8uY/GLJmf5gFkptBrTpR8RJye0F0YLMSt9qYuSYiRiXi9QolYjYWPNYg
-UIPHixJrPSqm8WJUPdgcogSKi8/v5uXIUElnnOuuE8T7keNyzuRjZNoEQa7B5TTg
-hvLssZm4aU3nOIXP6lvPIggihKvZ1XS10XOh72hTRYUwKI4T0s3pghEdrLrouxyA
-KYOJybec5EH7D5ITKGCyWp9wm30GBems5LERrPpfDgfAPhNy/RunQ9JH3S0fBfxi
-wwZJN5brUfmyBt0MiQ==
+BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjEyMjMxMjIx
+MzhaFw0yMzAxMjIxMjIxMzhaMH0wFwIGDzR1USo8Fw0yMjEyMjMxMjIxMzZaMBcC
+Bg80dVFRYRcNMjIxMjIzMTIyMTM3WjAXAgYPNHVRUXUXDTIyMTIyMzEyMjEzN1ow
+FwIGDzR1UVGJFw0yMjEyMjMxMjIxMzhaMBcCBg80dVF4rhcNMjIxMjIzMTIyMTM4
+WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADggEBADZeuue7woDyqDdc
+DCxuNE94pNl78cTedT+V9svX0gbMExAI0WRovb9FudimX+CRofFTwZ4RSDF7AdHw
+PqbVSMjZtGTlQrKrMAZ5kBMs9ZI1tWGpGVJNxv4hKMt2VITLPJ22CP8j3yZahNpw
+/kgJQx+7aIRKTC1n6UEAsOsLyDsrFDvdXU2euU0NIx6KudeRUagdgyOntwrLaeeW
++g18IZTewQWefx4iA6eW6y3E9CM0n3d4n7VAxLb95TysLAUoxOeVxtUSa+wm8jWt
+gjm/2UkFxX79dDhDMc5LsL9mBDL3dasunhcUCtI5CTL1aX2Fg2YkztsyQiO0lNx/
+meUHDNM=
 -----END X509 CRL-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.crt b/tests/certs/Server-localhost-lastSAN-sv.crt
index 498012eec..ec37cf15a 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.crt
+++ b/tests/certs/Server-localhost-lastSAN-sv.crt
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668412 (0xf2ed3c2c1bc)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980989614 (0xf34755178ae)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:38 2022 GMT
+            Not After : Mar 11 12:21:38 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,24 +18,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:d3:a3:0a:9d:f6:3c:79:ce:37:e9:92:85:a0:4b:
-                    6e:1e:68:99:2d:5d:84:47:33:f6:f7:5e:b5:64:6e:
-                    a5:61:b0:b7:21:99:c2:41:09:f4:04:b1:38:5c:65:
-                    fc:34:1d:e9:2c:7b:e1:b6:02:50:09:48:0e:b2:6e:
-                    97:39:ae:51:93:de:cf:99:55:85:51:19:92:5a:3c:
-                    8f:e7:03:7f:ba:b3:30:4e:fb:fc:40:3b:3a:04:9f:
-                    e9:07:52:41:56:7b:07:c9:a7:b5:84:d8:b4:6b:44:
-                    86:6a:34:bf:51:f1:d7:08:c7:36:66:f7:89:ac:a8:
-                    f9:55:6f:29:fa:d6:8c:16:a3:f3:79:07:60:65:75:
-                    84:2e:f0:cd:f2:1f:8f:40:fd:99:21:5a:f0:1c:b7:
-                    53:8f:9d:79:6c:a4:23:46:90:52:ab:5a:78:03:2a:
-                    16:51:9d:7f:a8:1d:52:bd:1a:db:a1:a7:9a:ed:3b:
-                    b7:4f:b4:00:63:77:b4:35:e3:f7:4e:7e:02:14:db:
-                    55:cb:96:32:4e:0e:b0:00:cc:e1:b5:83:53:96:4b:
-                    8d:25:fb:21:1b:a8:32:60:f5:45:38:a8:99:18:7b:
-                    3f:be:35:68:d3:f7:bd:49:2a:e4:23:40:ba:c2:d7:
-                    3b:a0:98:65:d5:10:84:bb:93:74:82:67:82:a4:05:
-                    64:d9
+                    00:c8:84:fe:69:64:33:c3:dc:b5:74:8a:c7:b2:bb:
+                    d9:69:e2:a9:95:6d:5f:b7:25:e6:82:00:2b:f5:53:
+                    21:e7:28:ae:66:b6:38:fd:15:b1:91:88:52:31:29:
+                    bb:73:e2:e0:99:62:95:44:35:51:d7:54:c8:d2:6d:
+                    25:3c:f0:2e:03:1b:a8:a1:25:e1:83:9a:5c:bd:65:
+                    57:93:44:7e:a3:cc:dd:ac:59:69:60:01:e0:80:b9:
+                    d0:c4:70:63:cf:17:a0:c6:13:0f:21:3b:c8:c1:46:
+                    4e:18:fd:6a:36:76:24:4a:57:d8:73:2f:13:42:a0:
+                    2e:90:1f:bf:84:9d:81:e7:bd:f8:75:53:f3:fa:52:
+                    e1:f0:aa:f6:23:d7:0d:61:17:0c:e5:9a:ab:e2:d5:
+                    e8:c3:c9:6b:2a:a6:da:f9:cb:f6:4d:1d:40:53:7e:
+                    68:2f:51:9f:d3:17:95:34:21:32:0d:47:d6:a9:4d:
+                    28:bb:e0:50:13:2f:5b:76:a1:90:5a:51:48:2f:ce:
+                    db:d9:da:2e:d1:3a:0f:fb:80:61:24:0b:0b:79:b2:
+                    45:cd:1d:2d:66:ee:4a:96:5d:08:b7:c4:80:95:2d:
+                    4e:8e:ac:0e:15:fa:2c:06:0c:49:74:49:81:77:17:
+                    a5:b2:01:de:aa:88:2b:9a:66:13:bb:06:b4:89:fb:
+                    e4:91
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -45,59 +45,56 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                D2:27:97:9D:58:B2:B5:4A:98:58:67:93:0E:AB:C4:CB:F2:58:1C:6A
+                B3:77:93:C4:CA:9A:B3:62:CF:51:0D:17:1D:8E:87:F6:C2:3E:17:75
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         cb:49:88:ac:b3:08:6c:04:74:3d:a0:6c:86:73:bb:b3:6e:7e:
-         bd:40:dd:ba:b7:ad:87:88:3f:c2:c5:61:d0:39:01:3c:1b:db:
-         a5:04:6e:1d:ef:d3:af:cc:14:38:8e:2b:71:8d:2b:a1:11:fe:
-         cf:6f:a3:1c:6e:1d:9e:e1:5f:db:b5:57:4c:04:8e:4c:e3:77:
-         92:d7:5c:27:c8:0c:82:13:98:09:5b:aa:b5:71:fd:10:31:15:
-         0c:9b:95:23:9d:3d:08:ab:7c:f9:ed:2a:d1:f5:9a:7a:90:a8:
-         d7:db:47:a9:60:ba:e1:12:d4:11:0d:71:42:1b:37:0b:1e:10:
-         3f:3c:59:ea:d2:46:cb:ad:f1:48:77:09:a5:18:eb:27:56:2f:
-         e6:bf:34:9b:c1:16:10:d6:4b:ab:87:58:79:b4:a8:55:83:9b:
-         c7:30:6c:a2:72:4c:c8:3a:d7:0b:5f:12:9f:c3:35:10:a3:30:
-         02:91:37:eb:b1:b6:cb:c7:80:49:d1:06:92:f8:e7:fb:1b:22:
-         12:73:c9:71:27:56:0e:8e:4e:c8:21:cb:33:65:77:f9:87:e5:
-         e4:5e:70:32:d5:7e:b4:24:88:d9:ec:d3:63:95:ba:4b:69:06:
-         28:3e:55:24:f2:c7:18:e8:cc:cb:1f:fd:79:33:bb:59:0b:2a:
-         cc:52:c3:81
+    Signature Value:
+        10:22:60:56:f6:14:b7:03:18:c4:01:ba:06:c7:65:49:98:d7:
+        64:64:d4:2a:2b:19:16:d1:0e:e9:b0:04:86:01:fb:ae:37:e4:
+        c9:19:37:d5:02:27:63:da:6f:de:a2:d0:23:36:7f:2f:3e:55:
+        d2:b5:ef:23:5d:f7:ac:71:3f:95:77:bc:74:d3:1e:51:d9:7d:
+        7e:0d:8e:03:f3:82:95:3e:88:dd:3c:ed:3a:aa:b4:e1:85:fb:
+        d8:ea:3f:6a:7d:34:b7:b3:df:b1:fe:2b:ec:af:e0:1c:9c:ec:
+        43:63:80:17:3a:32:ca:13:35:2d:c7:3d:3e:ac:aa:55:d6:1a:
+        6d:3f:f0:ff:23:4f:e0:88:a1:42:d9:91:1c:a5:6b:87:14:1b:
+        0b:4d:24:a8:33:36:7a:21:f7:e2:86:9c:65:36:f3:7c:0c:4d:
+        be:f1:98:45:c3:27:e4:11:4a:7d:8a:e3:70:ae:fb:ac:9f:a6:
+        f4:0d:dc:a7:83:39:50:c3:1e:1a:95:68:0d:b0:56:8f:64:d2:
+        db:a1:a7:97:d1:2c:ea:7a:f9:9b:2f:5f:4d:ed:7c:f9:df:74:
+        1a:81:73:79:f8:00:2a:78:18:23:72:7a:4b:66:6b:61:da:95:
+        29:85:7c:4d:42:76:2e:43:70:6d:ac:0c:dc:98:d5:47:da:e1:
+        54:0c:71:bf
 -----BEGIN CERTIFICATE-----
-MIIEXzCCA0egAwIBAgIGDy7TwsG8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIEXzCCA0egAwIBAgIGDzR1UXiuMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFcxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzhaFw0zMTAzMTExMjIxMzhaMFcxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDTowqd9jx5zjfpkoWgS24eaJktXYRHM/b3XrVkbqVhsLchmcJBCfQE
-sThcZfw0Hekse+G2AlAJSA6ybpc5rlGT3s+ZVYVRGZJaPI/nA3+6szBO+/xAOzoE
-n+kHUkFWewfJp7WE2LRrRIZqNL9R8dcIxzZm94msqPlVbyn61owWo/N5B2BldYQu
-8M3yH49A/ZkhWvAct1OPnXlspCNGkFKrWngDKhZRnX+oHVK9Gtuhp5rtO7dPtABj
-d7Q14/dOfgIU21XLljJODrAAzOG1g1OWS40l+yEbqDJg9UU4qJkYez++NWjT971J
-KuQjQLrC1zugmGXVEIS7k3SCZ4KkBWTZAgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
+ggEKAoIBAQDIhP5pZDPD3LV0iseyu9lp4qmVbV+3JeaCACv1UyHnKK5mtjj9FbGR
+iFIxKbtz4uCZYpVENVHXVMjSbSU88C4DG6ihJeGDmly9ZVeTRH6jzN2sWWlgAeCA
+udDEcGPPF6DGEw8hO8jBRk4Y/Wo2diRKV9hzLxNCoC6QH7+EnYHnvfh1U/P6UuHw
+qvYj1w1hFwzlmqvi1ejDyWsqptr5y/ZNHUBTfmgvUZ/TF5U0ITINR9apTSi74FAT
+L1t2oZBaUUgvztvZ2i7ROg/7gGEkCwt5skXNHS1m7kqWXQi3xICVLU6OrA4V+iwG
+DEl0SYF3F6WyAd6qiCuaZhO7BrSJ++SRAgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
 ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3Qygglsb2NhbGhvc3QwCwYDVR0PBAQDAgOo
-MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTSJ5edWLK1SphYZ5MOq8TL
-8lgcajAfBgNVHSMEGDAWgBRSQO7hT5VYKcqEZ4wPjMz+j6n6qDAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSzd5PEypqzYs9RDRcdjof2
+wj4XdTAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj5StMTaSzbtJbqTAJBgNVHRMEAjAA
 MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYnaHR0cDovL3Rlc3QuY3VybC5z
 ZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly90
 ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOC
-AQEAy0mIrLMIbAR0PaBshnO7s25+vUDdureth4g/wsVh0DkBPBvbpQRuHe/Tr8wU
-OI4rcY0roRH+z2+jHG4dnuFf27VXTASOTON3ktdcJ8gMghOYCVuqtXH9EDEVDJuV
-I509CKt8+e0q0fWaepCo19tHqWC64RLUEQ1xQhs3Cx4QPzxZ6tJGy63xSHcJpRjr
-J1Yv5r80m8EWENZLq4dYebSoVYObxzBsonJMyDrXC18Sn8M1EKMwApE367G2y8eA
-SdEGkvjn+xsiEnPJcSdWDo5OyCHLM2V3+Yfl5F5wMtV+tCSI2ezTY5W6S2kGKD5V
-JPLHGOjMyx/9eTO7WQsqzFLDgQ==
+AQEAECJgVvYUtwMYxAG6BsdlSZjXZGTUKisZFtEO6bAEhgH7rjfkyRk31QInY9pv
+3qLQIzZ/Lz5V0rXvI133rHE/lXe8dNMeUdl9fg2OA/OClT6I3TztOqq04YX72Oo/
+an00t7Pfsf4r7K/gHJzsQ2OAFzoyyhM1Lcc9PqyqVdYabT/w/yNP4IihQtmRHKVr
+hxQbC00kqDM2eiH34oacZTbzfAxNvvGYRcMn5BFKfYrjcK77rJ+m9A3cp4M5UMMe
+GpVoDbBWj2TS26Gnl9Es6nr5my9fTe18+d90GoFzefgAKngYI3J6S2ZrYdqVKYV8
+TUJ2LkNwbawM3JjVR9rhVAxxvw==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.csr b/tests/certs/Server-localhost-lastSAN-sv.csr
index 5af562331..ec930784d 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.csr
+++ b/tests/certs/Server-localhost-lastSAN-sv.csr
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
 cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z
-dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOjCp32PHnON+mS
-haBLbh5omS1dhEcz9vdetWRupWGwtyGZwkEJ9ASxOFxl/DQd6Sx74bYCUAlIDrJu
-lzmuUZPez5lVhVEZklo8j+cDf7qzME77/EA7OgSf6QdSQVZ7B8mntYTYtGtEhmo0
-v1Hx1wjHNmb3iayo+VVvKfrWjBaj83kHYGV1hC7wzfIfj0D9mSFa8By3U4+deWyk
-I0aQUqtaeAMqFlGdf6gdUr0a26Gnmu07t0+0AGN3tDXj905+AhTbVcuWMk4OsADM
-4bWDU5ZLjSX7IRuoMmD1RTiomRh7P741aNP3vUkq5CNAusLXO6CYZdUQhLuTdIJn
-gqQFZNkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAcuulUCKEb+owaSGTkPE5K
-R4uBFOW1FG+waOhl1YAFc10jv4DQP+c0Zu19FJrfyaoSafqiCOAMQN85VcPeJa3T
-76yD6gY+G4hduT6PGNZP+AROROafL+Sh5/INz5LHcOiGVHuOgYBa+0dSkrwHqqCj
-fKWt/ZdEZjwIgcRgFC6OllIPyJ3yOPToVrjY3DwKt229icwlx6X/sEYrcixRc6Vk
-H2Ccb/eVywu9ze6b2BQcd6B8lTAHKRbSjPd/brT+Qxn/IioOYxOwjSnzD50+tjJW
-LMxW8MUz1P6cb9Gubpt4pAqwH9jvEQeCKb23tgcnj0ZYizLA3jbAZEfGYcavf/K8
+dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiE/mlkM8PctXSK
+x7K72WniqZVtX7cl5oIAK/VTIecorma2OP0VsZGIUjEpu3Pi4JlilUQ1UddUyNJt
+JTzwLgMbqKEl4YOaXL1lV5NEfqPM3axZaWAB4IC50MRwY88XoMYTDyE7yMFGThj9
+ajZ2JEpX2HMvE0KgLpAfv4Sdgee9+HVT8/pS4fCq9iPXDWEXDOWaq+LV6MPJayqm
+2vnL9k0dQFN+aC9Rn9MXlTQhMg1H1qlNKLvgUBMvW3ahkFpRSC/O29naLtE6D/uA
+YSQLC3myRc0dLWbuSpZdCLfEgJUtTo6sDhX6LAYMSXRJgXcXpbIB3qqIK5pmE7sG
+tIn75JECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCeDxLX9uy0Fv7yaY/gqL/G
+x+TFx7xoKOJwqu3NqrGiTfs6SeXvmxIj5oOE2gBi9cjc184TUa/zHSW+iYug2RVO
+f18zO3sOUXeFLN10f1OEgkOEm6k9I4MuWhEJuCY0FePAl6i71b4iy2O6n0CxLNKB
+D+IM8MBOjx18Ev+BETXmf2R6zyQaVY+VP541XRtcCwcMU9IV92CilhfHjPJy3g4V
+7mQIcvgdpQMuQLsBvMY+yFRUwRpWiPjOOot5q6bQKgA5pcRU7UtraqLzT7gG9cF2
+SDN2y9A05EWYZB7/hlg+URdJKjrCLn20i5BR52VVepLDWUOCBafkdCOp1O6JTRK2
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.der b/tests/certs/Server-localhost-lastSAN-sv.der
index 602b08d45..c4706a58e 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.der
+++ b/tests/certs/Server-localhost-lastSAN-sv.der
diff --git a/tests/certs/Server-localhost-lastSAN-sv.key b/tests/certs/Server-localhost-lastSAN-sv.key
index 3b19584fa..7a5d854fb 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.key
+++ b/tests/certs/Server-localhost-lastSAN-sv.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA06MKnfY8ec436ZKFoEtuHmiZLV2ERzP29161ZG6lYbC3IZnC
-QQn0BLE4XGX8NB3pLHvhtgJQCUgOsm6XOa5Rk97PmVWFURmSWjyP5wN/urMwTvv8
-QDs6BJ/pB1JBVnsHyae1hNi0a0SGajS/UfHXCMc2ZveJrKj5VW8p+taMFqPzeQdg
-ZXWELvDN8h+PQP2ZIVrwHLdTj515bKQjRpBSq1p4AyoWUZ1/qB1SvRrboaea7Tu3
-T7QAY3e0NeP3Tn4CFNtVy5YyTg6wAMzhtYNTlkuNJfshG6gyYPVFOKiZGHs/vjVo
-0/e9SSrkI0C6wtc7oJhl1RCEu5N0gmeCpAVk2QIDAQABAoIBAQDLiN3JFOsMadsz
-8wo4ItMAw6+tBWcV40/8j0T8Fb1PulglJG7BhgT8DkQZ+KsYpDt/4JQuKwM2KeqY
-h+tAOfmSsJIO8USJvoIV7nCmx6Krt3EaRRVP4KXnlLLTq7PSq/fNZFEaNh8tmnV6
-5seo02DuvEgBtsbdGpTQKVzCNFv92GepMYAvG3jswQiePaESQcZlwfCL4A9rHhuf
-18IZ67G38yKuBYLFZofNQYvCGSL/DMQcZV7H1iYLFVY6Cl7Zm7dfYCJxHepHs8eS
-bf4PeEmWDGwzD9+vt9h2GvhwkEZD4icUFcO3/sHeFsa0Bx7PiFU8M+dstkQv4Z+4
-8H+zflqRAoGBAOwe8TSDuKa0V3nRPect2H6Ybl9PrtPVXV+d86w9QsFt5GeHQVYZ
-5Kb3TLxwzmXjMBK3x1Tu4EPNd6pjxXyIOOiP/s+VU/Q1BsQQQgXIE1KXKBV84gNy
-Gf8revJGJyoyqRtUaPkoe/R7mtjl1bTOcLFlN+xQ4xogOeoPsy1FLgJXAoGBAOV0
-ZtCObQMjUD7EVLPaqODcXbLYwsl5kN5WG8RQt2ZubOgjfl0qaSKQxU7IA5a9irTm
-HaFH3koXERu+U/4lUbgsEy/rnqgRmQpghl982rEmj62JbtKSTusQvwmUMLlfR6SX
-TWMvac7Tu9uwx1/eoiVrL7g+FQKaSU/aFOKizzRPAoGAfgRxlSZryUTcnt4mnJgi
-QEZYObQMSXBJWjuxjg5P724YBYzxOOOu3dGEedn2vfgHcyX0U4b92BHzuNNw1erZ
-/HzFcMJwwRf/2WoX4oAKl/ymXvl8onwmFcJ95om8Y1AQYs6lC70okq3ZUcMwUEQR
-bwvnUc9FtW7XmezxIssWKBcCgYEAj4lai9qc3RqpJyqgJgaCIHAZ+ThZ2bk/Y6aQ
-JiWsJNqtLCaP9O4D6MiRdS/v9stJStKs9GhF6Sk23ZkZZ+GmlkSUGCUYEeE4UGKD
-jJZJJAqQVKmldvppfejy6KYYOM4evhqcIZDWarjPSqXygsl9u1Sq/GFxuTgU5mvx
-JrlcT0cCgYAxSM0hKHFq2lAACnbmqAKqWH+JNTm1CQnI4Axf9al/AuWt5gfZs9K3
-uW8b2Bfa2k0l+sBKYRM44/cqRKmnptbROA/u1fX9pb1ZDhLTg+GGhEaWh4lmWn1V
-ZwQwOsWSnAEraFLcOImDiPkRngwIkZLV33p/MQdMY0aZh2fdM2gcrw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIhP5pZDPD3LV0
+iseyu9lp4qmVbV+3JeaCACv1UyHnKK5mtjj9FbGRiFIxKbtz4uCZYpVENVHXVMjS
+bSU88C4DG6ihJeGDmly9ZVeTRH6jzN2sWWlgAeCAudDEcGPPF6DGEw8hO8jBRk4Y
+/Wo2diRKV9hzLxNCoC6QH7+EnYHnvfh1U/P6UuHwqvYj1w1hFwzlmqvi1ejDyWsq
+ptr5y/ZNHUBTfmgvUZ/TF5U0ITINR9apTSi74FATL1t2oZBaUUgvztvZ2i7ROg/7
+gGEkCwt5skXNHS1m7kqWXQi3xICVLU6OrA4V+iwGDEl0SYF3F6WyAd6qiCuaZhO7
+BrSJ++SRAgMBAAECggEAApUDLABsPI6EGqj/1dDJRa2zcSxm92DfpUG9zytVIYN6
+rXFqw0g10LyF5xf/uogLzDCCtg25YlG3QqMWVUDNguDmt2kutycJddnkemMUfg+m
+X3CzpJbEQ+bApgrsH2+micPB5d5odnlX35wByQuVP4zT3sssJGc+JOvNEkwvRE3o
+0x+B7qnW5YWDA9X67Sb9Kgcg9xExC7lbUqQoDetpa6x36LVx2OCqmomIKf8CQqHr
+FOOTKNkTs6mal3jxxxwvLmj7Bkz+InSIRK0VE9d5G2VWliwcRMVjB9c5oh/P6Le3
+/jCyi18omkMgQK0Hm6CJBjsT+PdJu09hbo1TXD8cbQKBgQD8CwQNzHSolSUoKMpd
+SfsAIB5gjILns7xAAtemkHEn15ga6p7510wtvkWAzOqBtt3RrTqb/AoWKUkHwfRd
+AYFE1RrGVUA0Yohuf4eJFjAXuEQXNKx2uuHIpwEf0UpfiyAFLzDyUmTjMHLw15ZP
+OrhIHJBRfWiU9nWIScNZC4/A7QKBgQDLquZxndjls3h/LotU62CcjZSqU59Wbhfs
+VoGDgvj5jxxdcy4u7BntYYBKsaIL7k/Q6vyrNWnQoUgazhIqJ3RJ2p3OzaCLjKY8
+7+vf8F1bSZL+VbHTJZfuPKKShGlIfZ0ixjuP0vEUh+xblEwsmgNN4XOc/M/mVyid
+qek2xFPRtQKBgA8SXZCxrDw0hv9KyScg+Gh+gzKE1IMkhVpSkTC9rHaUdt0NMKqC
+DGUj3qYgGtnc5JDYSgvv226N03cqSwGQyHkkQTChAnDff4cUCzfQYtnYRAIbPUDw
+VfYYvoF3k3n5KNYGh2fGM5A+YnEygyODwGdXhe3JkQpvXoHi31Kg1VzVAoGBAKGa
+JCmopq50PjskElg6P7lYucqAeaCZ0I+tgCx6otVZ0ZbwyodevZ/WSnZ6BetTl69c
+lUnAIwrwvgbO1ijuj13+glLSY/32hv05Hb7duSWy9liqZGP2o1vcbt61A9kKGsG5
+6w7OwI2a4Fc2D08gkVideB/rlYbeR5L6e9sB4sQ1AoGAcLMiz2/cF40/pMhqq/C/
+SyFDa1OAquW00PujVrTbgIHY+2HdjaIlzwNVFWIY/K7LCJtLvK6mVCVbo1n7/Agp
+qYZZzPEUwJ84ZY1ZNxC0Z89dBFmJeFvyNSan9zGujye7Kx8QctCvn5DzjoWtA52k
+MvALyxOMqzvGI5bC4r1o3Hw=
+-----END PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.pem b/tests/certs/Server-localhost-lastSAN-sv.pem
index e0a45e23a..b1cbd4b6b 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.pem
+++ b/tests/certs/Server-localhost-lastSAN-sv.pem
@@ -36,45 +36,46 @@ commonName_value              = localhost.nn
 # The key
 # the certificate
 # some dhparam
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA06MKnfY8ec436ZKFoEtuHmiZLV2ERzP29161ZG6lYbC3IZnC
-QQn0BLE4XGX8NB3pLHvhtgJQCUgOsm6XOa5Rk97PmVWFURmSWjyP5wN/urMwTvv8
-QDs6BJ/pB1JBVnsHyae1hNi0a0SGajS/UfHXCMc2ZveJrKj5VW8p+taMFqPzeQdg
-ZXWELvDN8h+PQP2ZIVrwHLdTj515bKQjRpBSq1p4AyoWUZ1/qB1SvRrboaea7Tu3
-T7QAY3e0NeP3Tn4CFNtVy5YyTg6wAMzhtYNTlkuNJfshG6gyYPVFOKiZGHs/vjVo
-0/e9SSrkI0C6wtc7oJhl1RCEu5N0gmeCpAVk2QIDAQABAoIBAQDLiN3JFOsMadsz
-8wo4ItMAw6+tBWcV40/8j0T8Fb1PulglJG7BhgT8DkQZ+KsYpDt/4JQuKwM2KeqY
-h+tAOfmSsJIO8USJvoIV7nCmx6Krt3EaRRVP4KXnlLLTq7PSq/fNZFEaNh8tmnV6
-5seo02DuvEgBtsbdGpTQKVzCNFv92GepMYAvG3jswQiePaESQcZlwfCL4A9rHhuf
-18IZ67G38yKuBYLFZofNQYvCGSL/DMQcZV7H1iYLFVY6Cl7Zm7dfYCJxHepHs8eS
-bf4PeEmWDGwzD9+vt9h2GvhwkEZD4icUFcO3/sHeFsa0Bx7PiFU8M+dstkQv4Z+4
-8H+zflqRAoGBAOwe8TSDuKa0V3nRPect2H6Ybl9PrtPVXV+d86w9QsFt5GeHQVYZ
-5Kb3TLxwzmXjMBK3x1Tu4EPNd6pjxXyIOOiP/s+VU/Q1BsQQQgXIE1KXKBV84gNy
-Gf8revJGJyoyqRtUaPkoe/R7mtjl1bTOcLFlN+xQ4xogOeoPsy1FLgJXAoGBAOV0
-ZtCObQMjUD7EVLPaqODcXbLYwsl5kN5WG8RQt2ZubOgjfl0qaSKQxU7IA5a9irTm
-HaFH3koXERu+U/4lUbgsEy/rnqgRmQpghl982rEmj62JbtKSTusQvwmUMLlfR6SX
-TWMvac7Tu9uwx1/eoiVrL7g+FQKaSU/aFOKizzRPAoGAfgRxlSZryUTcnt4mnJgi
-QEZYObQMSXBJWjuxjg5P724YBYzxOOOu3dGEedn2vfgHcyX0U4b92BHzuNNw1erZ
-/HzFcMJwwRf/2WoX4oAKl/ymXvl8onwmFcJ95om8Y1AQYs6lC70okq3ZUcMwUEQR
-bwvnUc9FtW7XmezxIssWKBcCgYEAj4lai9qc3RqpJyqgJgaCIHAZ+ThZ2bk/Y6aQ
-JiWsJNqtLCaP9O4D6MiRdS/v9stJStKs9GhF6Sk23ZkZZ+GmlkSUGCUYEeE4UGKD
-jJZJJAqQVKmldvppfejy6KYYOM4evhqcIZDWarjPSqXygsl9u1Sq/GFxuTgU5mvx
-JrlcT0cCgYAxSM0hKHFq2lAACnbmqAKqWH+JNTm1CQnI4Axf9al/AuWt5gfZs9K3
-uW8b2Bfa2k0l+sBKYRM44/cqRKmnptbROA/u1fX9pb1ZDhLTg+GGhEaWh4lmWn1V
-ZwQwOsWSnAEraFLcOImDiPkRngwIkZLV33p/MQdMY0aZh2fdM2gcrw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIhP5pZDPD3LV0
+iseyu9lp4qmVbV+3JeaCACv1UyHnKK5mtjj9FbGRiFIxKbtz4uCZYpVENVHXVMjS
+bSU88C4DG6ihJeGDmly9ZVeTRH6jzN2sWWlgAeCAudDEcGPPF6DGEw8hO8jBRk4Y
+/Wo2diRKV9hzLxNCoC6QH7+EnYHnvfh1U/P6UuHwqvYj1w1hFwzlmqvi1ejDyWsq
+ptr5y/ZNHUBTfmgvUZ/TF5U0ITINR9apTSi74FATL1t2oZBaUUgvztvZ2i7ROg/7
+gGEkCwt5skXNHS1m7kqWXQi3xICVLU6OrA4V+iwGDEl0SYF3F6WyAd6qiCuaZhO7
+BrSJ++SRAgMBAAECggEAApUDLABsPI6EGqj/1dDJRa2zcSxm92DfpUG9zytVIYN6
+rXFqw0g10LyF5xf/uogLzDCCtg25YlG3QqMWVUDNguDmt2kutycJddnkemMUfg+m
+X3CzpJbEQ+bApgrsH2+micPB5d5odnlX35wByQuVP4zT3sssJGc+JOvNEkwvRE3o
+0x+B7qnW5YWDA9X67Sb9Kgcg9xExC7lbUqQoDetpa6x36LVx2OCqmomIKf8CQqHr
+FOOTKNkTs6mal3jxxxwvLmj7Bkz+InSIRK0VE9d5G2VWliwcRMVjB9c5oh/P6Le3
+/jCyi18omkMgQK0Hm6CJBjsT+PdJu09hbo1TXD8cbQKBgQD8CwQNzHSolSUoKMpd
+SfsAIB5gjILns7xAAtemkHEn15ga6p7510wtvkWAzOqBtt3RrTqb/AoWKUkHwfRd
+AYFE1RrGVUA0Yohuf4eJFjAXuEQXNKx2uuHIpwEf0UpfiyAFLzDyUmTjMHLw15ZP
+OrhIHJBRfWiU9nWIScNZC4/A7QKBgQDLquZxndjls3h/LotU62CcjZSqU59Wbhfs
+VoGDgvj5jxxdcy4u7BntYYBKsaIL7k/Q6vyrNWnQoUgazhIqJ3RJ2p3OzaCLjKY8
+7+vf8F1bSZL+VbHTJZfuPKKShGlIfZ0ixjuP0vEUh+xblEwsmgNN4XOc/M/mVyid
+qek2xFPRtQKBgA8SXZCxrDw0hv9KyScg+Gh+gzKE1IMkhVpSkTC9rHaUdt0NMKqC
+DGUj3qYgGtnc5JDYSgvv226N03cqSwGQyHkkQTChAnDff4cUCzfQYtnYRAIbPUDw
+VfYYvoF3k3n5KNYGh2fGM5A+YnEygyODwGdXhe3JkQpvXoHi31Kg1VzVAoGBAKGa
+JCmopq50PjskElg6P7lYucqAeaCZ0I+tgCx6otVZ0ZbwyodevZ/WSnZ6BetTl69c
+lUnAIwrwvgbO1ijuj13+glLSY/32hv05Hb7duSWy9liqZGP2o1vcbt61A9kKGsG5
+6w7OwI2a4Fc2D08gkVideB/rlYbeR5L6e9sB4sQ1AoGAcLMiz2/cF40/pMhqq/C/
+SyFDa1OAquW00PujVrTbgIHY+2HdjaIlzwNVFWIY/K7LCJtLvK6mVCVbo1n7/Agp
+qYZZzPEUwJ84ZY1ZNxC0Z89dBFmJeFvyNSan9zGujye7Kx8QctCvn5DzjoWtA52k
+MvALyxOMqzvGI5bC4r1o3Hw=
+-----END PRIVATE KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668412 (0xf2ed3c2c1bc)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980989614 (0xf34755178ae)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:38 2022 GMT
+            Not After : Mar 11 12:21:38 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -83,24 +84,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:d3:a3:0a:9d:f6:3c:79:ce:37:e9:92:85:a0:4b:
-                    6e:1e:68:99:2d:5d:84:47:33:f6:f7:5e:b5:64:6e:
-                    a5:61:b0:b7:21:99:c2:41:09:f4:04:b1:38:5c:65:
-                    fc:34:1d:e9:2c:7b:e1:b6:02:50:09:48:0e:b2:6e:
-                    97:39:ae:51:93:de:cf:99:55:85:51:19:92:5a:3c:
-                    8f:e7:03:7f:ba:b3:30:4e:fb:fc:40:3b:3a:04:9f:
-                    e9:07:52:41:56:7b:07:c9:a7:b5:84:d8:b4:6b:44:
-                    86:6a:34:bf:51:f1:d7:08:c7:36:66:f7:89:ac:a8:
-                    f9:55:6f:29:fa:d6:8c:16:a3:f3:79:07:60:65:75:
-                    84:2e:f0:cd:f2:1f:8f:40:fd:99:21:5a:f0:1c:b7:
-                    53:8f:9d:79:6c:a4:23:46:90:52:ab:5a:78:03:2a:
-                    16:51:9d:7f:a8:1d:52:bd:1a:db:a1:a7:9a:ed:3b:
-                    b7:4f:b4:00:63:77:b4:35:e3:f7:4e:7e:02:14:db:
-                    55:cb:96:32:4e:0e:b0:00:cc:e1:b5:83:53:96:4b:
-                    8d:25:fb:21:1b:a8:32:60:f5:45:38:a8:99:18:7b:
-                    3f:be:35:68:d3:f7:bd:49:2a:e4:23:40:ba:c2:d7:
-                    3b:a0:98:65:d5:10:84:bb:93:74:82:67:82:a4:05:
-                    64:d9
+                    00:c8:84:fe:69:64:33:c3:dc:b5:74:8a:c7:b2:bb:
+                    d9:69:e2:a9:95:6d:5f:b7:25:e6:82:00:2b:f5:53:
+                    21:e7:28:ae:66:b6:38:fd:15:b1:91:88:52:31:29:
+                    bb:73:e2:e0:99:62:95:44:35:51:d7:54:c8:d2:6d:
+                    25:3c:f0:2e:03:1b:a8:a1:25:e1:83:9a:5c:bd:65:
+                    57:93:44:7e:a3:cc:dd:ac:59:69:60:01:e0:80:b9:
+                    d0:c4:70:63:cf:17:a0:c6:13:0f:21:3b:c8:c1:46:
+                    4e:18:fd:6a:36:76:24:4a:57:d8:73:2f:13:42:a0:
+                    2e:90:1f:bf:84:9d:81:e7:bd:f8:75:53:f3:fa:52:
+                    e1:f0:aa:f6:23:d7:0d:61:17:0c:e5:9a:ab:e2:d5:
+                    e8:c3:c9:6b:2a:a6:da:f9:cb:f6:4d:1d:40:53:7e:
+                    68:2f:51:9f:d3:17:95:34:21:32:0d:47:d6:a9:4d:
+                    28:bb:e0:50:13:2f:5b:76:a1:90:5a:51:48:2f:ce:
+                    db:d9:da:2e:d1:3a:0f:fb:80:61:24:0b:0b:79:b2:
+                    45:cd:1d:2d:66:ee:4a:96:5d:08:b7:c4:80:95:2d:
+                    4e:8e:ac:0e:15:fa:2c:06:0c:49:74:49:81:77:17:
+                    a5:b2:01:de:aa:88:2b:9a:66:13:bb:06:b4:89:fb:
+                    e4:91
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -110,59 +111,56 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                D2:27:97:9D:58:B2:B5:4A:98:58:67:93:0E:AB:C4:CB:F2:58:1C:6A
+                B3:77:93:C4:CA:9A:B3:62:CF:51:0D:17:1D:8E:87:F6:C2:3E:17:75
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         cb:49:88:ac:b3:08:6c:04:74:3d:a0:6c:86:73:bb:b3:6e:7e:
-         bd:40:dd:ba:b7:ad:87:88:3f:c2:c5:61:d0:39:01:3c:1b:db:
-         a5:04:6e:1d:ef:d3:af:cc:14:38:8e:2b:71:8d:2b:a1:11:fe:
-         cf:6f:a3:1c:6e:1d:9e:e1:5f:db:b5:57:4c:04:8e:4c:e3:77:
-         92:d7:5c:27:c8:0c:82:13:98:09:5b:aa:b5:71:fd:10:31:15:
-         0c:9b:95:23:9d:3d:08:ab:7c:f9:ed:2a:d1:f5:9a:7a:90:a8:
-         d7:db:47:a9:60:ba:e1:12:d4:11:0d:71:42:1b:37:0b:1e:10:
-         3f:3c:59:ea:d2:46:cb:ad:f1:48:77:09:a5:18:eb:27:56:2f:
-         e6:bf:34:9b:c1:16:10:d6:4b:ab:87:58:79:b4:a8:55:83:9b:
-         c7:30:6c:a2:72:4c:c8:3a:d7:0b:5f:12:9f:c3:35:10:a3:30:
-         02:91:37:eb:b1:b6:cb:c7:80:49:d1:06:92:f8:e7:fb:1b:22:
-         12:73:c9:71:27:56:0e:8e:4e:c8:21:cb:33:65:77:f9:87:e5:
-         e4:5e:70:32:d5:7e:b4:24:88:d9:ec:d3:63:95:ba:4b:69:06:
-         28:3e:55:24:f2:c7:18:e8:cc:cb:1f:fd:79:33:bb:59:0b:2a:
-         cc:52:c3:81
+    Signature Value:
+        10:22:60:56:f6:14:b7:03:18:c4:01:ba:06:c7:65:49:98:d7:
+        64:64:d4:2a:2b:19:16:d1:0e:e9:b0:04:86:01:fb:ae:37:e4:
+        c9:19:37:d5:02:27:63:da:6f:de:a2:d0:23:36:7f:2f:3e:55:
+        d2:b5:ef:23:5d:f7:ac:71:3f:95:77:bc:74:d3:1e:51:d9:7d:
+        7e:0d:8e:03:f3:82:95:3e:88:dd:3c:ed:3a:aa:b4:e1:85:fb:
+        d8:ea:3f:6a:7d:34:b7:b3:df:b1:fe:2b:ec:af:e0:1c:9c:ec:
+        43:63:80:17:3a:32:ca:13:35:2d:c7:3d:3e:ac:aa:55:d6:1a:
+        6d:3f:f0:ff:23:4f:e0:88:a1:42:d9:91:1c:a5:6b:87:14:1b:
+        0b:4d:24:a8:33:36:7a:21:f7:e2:86:9c:65:36:f3:7c:0c:4d:
+        be:f1:98:45:c3:27:e4:11:4a:7d:8a:e3:70:ae:fb:ac:9f:a6:
+        f4:0d:dc:a7:83:39:50:c3:1e:1a:95:68:0d:b0:56:8f:64:d2:
+        db:a1:a7:97:d1:2c:ea:7a:f9:9b:2f:5f:4d:ed:7c:f9:df:74:
+        1a:81:73:79:f8:00:2a:78:18:23:72:7a:4b:66:6b:61:da:95:
+        29:85:7c:4d:42:76:2e:43:70:6d:ac:0c:dc:98:d5:47:da:e1:
+        54:0c:71:bf
 -----BEGIN CERTIFICATE-----
-MIIEXzCCA0egAwIBAgIGDy7TwsG8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIEXzCCA0egAwIBAgIGDzR1UXiuMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFcxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzhaFw0zMTAzMTExMjIxMzhaMFcxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDTowqd9jx5zjfpkoWgS24eaJktXYRHM/b3XrVkbqVhsLchmcJBCfQE
-sThcZfw0Hekse+G2AlAJSA6ybpc5rlGT3s+ZVYVRGZJaPI/nA3+6szBO+/xAOzoE
-n+kHUkFWewfJp7WE2LRrRIZqNL9R8dcIxzZm94msqPlVbyn61owWo/N5B2BldYQu
-8M3yH49A/ZkhWvAct1OPnXlspCNGkFKrWngDKhZRnX+oHVK9Gtuhp5rtO7dPtABj
-d7Q14/dOfgIU21XLljJODrAAzOG1g1OWS40l+yEbqDJg9UU4qJkYez++NWjT971J
-KuQjQLrC1zugmGXVEIS7k3SCZ4KkBWTZAgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
+ggEKAoIBAQDIhP5pZDPD3LV0iseyu9lp4qmVbV+3JeaCACv1UyHnKK5mtjj9FbGR
+iFIxKbtz4uCZYpVENVHXVMjSbSU88C4DG6ihJeGDmly9ZVeTRH6jzN2sWWlgAeCA
+udDEcGPPF6DGEw8hO8jBRk4Y/Wo2diRKV9hzLxNCoC6QH7+EnYHnvfh1U/P6UuHw
+qvYj1w1hFwzlmqvi1ejDyWsqptr5y/ZNHUBTfmgvUZ/TF5U0ITINR9apTSi74FAT
+L1t2oZBaUUgvztvZ2i7ROg/7gGEkCwt5skXNHS1m7kqWXQi3xICVLU6OrA4V+iwG
+DEl0SYF3F6WyAd6qiCuaZhO7BrSJ++SRAgMBAAGjggEeMIIBGjAsBgNVHREEJTAj
 ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3Qygglsb2NhbGhvc3QwCwYDVR0PBAQDAgOo
-MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTSJ5edWLK1SphYZ5MOq8TL
-8lgcajAfBgNVHSMEGDAWgBRSQO7hT5VYKcqEZ4wPjMz+j6n6qDAJBgNVHRMEAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSzd5PEypqzYs9RDRcdjof2
+wj4XdTAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj5StMTaSzbtJbqTAJBgNVHRMEAjAA
 MEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcwAoYnaHR0cDovL3Rlc3QuY3VybC5z
 ZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly90
 ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOC
-AQEAy0mIrLMIbAR0PaBshnO7s25+vUDdureth4g/wsVh0DkBPBvbpQRuHe/Tr8wU
-OI4rcY0roRH+z2+jHG4dnuFf27VXTASOTON3ktdcJ8gMghOYCVuqtXH9EDEVDJuV
-I509CKt8+e0q0fWaepCo19tHqWC64RLUEQ1xQhs3Cx4QPzxZ6tJGy63xSHcJpRjr
-J1Yv5r80m8EWENZLq4dYebSoVYObxzBsonJMyDrXC18Sn8M1EKMwApE367G2y8eA
-SdEGkvjn+xsiEnPJcSdWDo5OyCHLM2V3+Yfl5F5wMtV+tCSI2ezTY5W6S2kGKD5V
-JPLHGOjMyx/9eTO7WQsqzFLDgQ==
+AQEAECJgVvYUtwMYxAG6BsdlSZjXZGTUKisZFtEO6bAEhgH7rjfkyRk31QInY9pv
+3qLQIzZ/Lz5V0rXvI133rHE/lXe8dNMeUdl9fg2OA/OClT6I3TztOqq04YX72Oo/
+an00t7Pfsf4r7K/gHJzsQ2OAFzoyyhM1Lcc9PqyqVdYabT/w/yNP4IihQtmRHKVr
+hxQbC00kqDM2eiH34oacZTbzfAxNvvGYRcMn5BFKfYrjcK77rJ+m9A3cp4M5UMMe
+GpVoDbBWj2TS26Gnl9Es6nr5my9fTe18+d90GoFzefgAKngYI3J6S2ZrYdqVKYV8
+TUJ2LkNwbawM3JjVR9rhVAxxvw==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.pub.der b/tests/certs/Server-localhost-lastSAN-sv.pub.der
index b820f62f4..fc61b6de9 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.pub.der
+++ b/tests/certs/Server-localhost-lastSAN-sv.pub.der
diff --git a/tests/certs/Server-localhost-lastSAN-sv.pub.pem b/tests/certs/Server-localhost-lastSAN-sv.pub.pem
index 11506756a..3644fd9a9 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.pub.pem
+++ b/tests/certs/Server-localhost-lastSAN-sv.pub.pem
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06MKnfY8ec436ZKFoEtu
-HmiZLV2ERzP29161ZG6lYbC3IZnCQQn0BLE4XGX8NB3pLHvhtgJQCUgOsm6XOa5R
-k97PmVWFURmSWjyP5wN/urMwTvv8QDs6BJ/pB1JBVnsHyae1hNi0a0SGajS/UfHX
-CMc2ZveJrKj5VW8p+taMFqPzeQdgZXWELvDN8h+PQP2ZIVrwHLdTj515bKQjRpBS
-q1p4AyoWUZ1/qB1SvRrboaea7Tu3T7QAY3e0NeP3Tn4CFNtVy5YyTg6wAMzhtYNT
-lkuNJfshG6gyYPVFOKiZGHs/vjVo0/e9SSrkI0C6wtc7oJhl1RCEu5N0gmeCpAVk
-2QIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIT+aWQzw9y1dIrHsrvZ
+aeKplW1ftyXmggAr9VMh5yiuZrY4/RWxkYhSMSm7c+LgmWKVRDVR11TI0m0lPPAu
+AxuooSXhg5pcvWVXk0R+o8zdrFlpYAHggLnQxHBjzxegxhMPITvIwUZOGP1qNnYk
+SlfYcy8TQqAukB+/hJ2B5734dVPz+lLh8Kr2I9cNYRcM5Zqr4tXow8lrKqba+cv2
+TR1AU35oL1Gf0xeVNCEyDUfWqU0ou+BQEy9bdqGQWlFIL87b2dou0ToP+4BhJAsL
+ebJFzR0tZu5Kll0It8SAlS1OjqwOFfosBgxJdEmBdxelsgHeqogrmmYTuwa0ifvk
+kQIDAQAB
 -----END PUBLIC KEY-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.pubkey-pinned b/tests/certs/Server-localhost-lastSAN-sv.pubkey-pinned
index 9c8bbd65f..bcb4d4253 100644
--- a/tests/certs/Server-localhost-lastSAN-sv.pubkey-pinned
+++ b/tests/certs/Server-localhost-lastSAN-sv.pubkey-pinned
@@ -1 +1 @@
-Cc7QBXN38qk2w7PNL5Cyqu2m9l1jS8xm1joxK1R8SKU=
+1iO+QG+cArKLLyo3az2OBu0lM1t8v5bLLI3pNXoJJQ0=
diff --git a/tests/certs/Server-localhost-sv.crl b/tests/certs/Server-localhost-sv.crl
index 2edec2377..d10b90c4c 100644
--- a/tests/certs/Server-localhost-sv.crl
+++ b/tests/certs/Server-localhost-sv.crl
@@ -1,16 +1,12 @@
 -----BEGIN X509 CRL-----
-MIICdDCCAVwCAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
-BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
-BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjExMjUxMjMy
-NDZaFw0yMjEyMjUxMjMyNDZaMIGvMBcCBg8u0qPc0hcNMjIxMTI1MTIwMTI2WjAX
-AgYPLtKj3OQXDTIyMTEyNTEyMDEyNlowFwIGDy7So9z3Fw0yMjExMjUxMjAxMjZa
-MBcCBg8u0qPdCBcNMjIxMTI1MTIwMTI2WjAXAgYPLtKkBCoXDTIyMTEyNTEyMDEy
-N1owFwIGDy7SpAQ7Fw0yMjExMjUxMjAxMjdaMBcCBg8u08LBZhcNMjIxMTI1MTIz
-MjQ2WqAOMAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAOKwb4Kqovda
-z3lxrqr0LBvGY/DhDxKPOQDZ+sEcvPEb4sm0PB30JLVaVP4Uuk69xrMZKJif2iQb
-Y37jAlYf/LH54DqTvCxUm/Eer+dhHeqxt0Bfe6ZxpDjykhcSABvRtV1s9MD1FP8b
-1MN83NkMGYlAQwYzkutoq926OcyYkhrqwHnOdOg4TNFRAxt3tUecNdazbGmQGB0r
-kjTRInaMzpi5UgBWzbALGgOqMlo+R8lASfPj6FTv9xRg8eHR5Rftn2YjbeVdbmOA
-985Fxx7YRMQ9MH1IUXK2KHElFs2zKc30U6qk6VHtYYzNMy9ELlKQoWYtfBl3G62d
-aRYdGQwed7M=
+MIIB3DCBxQIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE
+CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG
+A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTIyMTIyMzEyMjEz
+NloXDTIzMDEyMjEyMjEzNlowGTAXAgYPNHVRKjwXDTIyMTIyMzEyMjEzNlqgDjAM
+MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBU6nAPnIyD/G6eK21pfHeh
+myCoBy+B9b8R1Ed1Y3YDoWS6KFXAoPJxWmy0gdo0sbhzVvC4iSb1iZzWjki/rAVL
+lkYdJr+r/D5y7A80+Kngf18j77oLvtRkNiVT4Kac1kHg7h9oznO42T+DI90PPd33
+puX+J/aH9V51NUyZcQWQjY7ZiOMbMUnCjozwhidVPL65pK/ggrTFy08WorHpx4Ew
+i1oT5qD478+/4alUxs+EFJMvVTBPrKbpBYq2fr1n1L1/XdRGLi4U3M9B4jsXdmXd
+JyHPVlMNNBPTM8S95vNko4Q94UuZrCQv0TlPJtQI1B0KDDWCJxuyA/3+hYRFglBe
 -----END X509 CRL-----
diff --git a/tests/certs/Server-localhost-sv.crt b/tests/certs/Server-localhost-sv.crt
index d8ed30230..06355e3e6 100644
--- a/tests/certs/Server-localhost-sv.crt
+++ b/tests/certs/Server-localhost-sv.crt
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668326 (0xf2ed3c2c166)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980969532 (0xf3475512a3c)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:36 2022 GMT
+            Not After : Mar 11 12:21:36 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,24 +18,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ab:68:32:4f:0e:cb:4f:7d:32:90:86:ae:b2:a8:
-                    84:8f:64:7c:2d:af:a8:c3:2b:c6:54:e1:8e:72:5d:
-                    17:18:39:ae:13:75:1c:85:cc:cb:c8:94:84:47:f6:
-                    8a:d6:db:92:a8:ff:28:26:26:20:2c:7c:2a:01:11:
-                    1f:29:78:2d:a5:3e:6f:14:01:02:ba:12:1f:ca:eb:
-                    c9:76:05:07:58:6a:39:0a:0d:8d:8c:e0:3d:0d:47:
-                    59:51:5f:9d:c9:d1:a3:42:ee:93:42:1b:17:4f:5b:
-                    56:16:a5:2f:0e:63:7b:d7:8a:08:13:02:d1:3e:fe:
-                    c3:4e:fa:b1:8a:44:8e:dd:4e:1a:97:f7:62:6a:36:
-                    63:50:83:c6:0f:f3:22:f4:23:f1:b9:c6:2e:5c:c2:
-                    ff:e2:63:00:94:c4:15:b3:46:04:a9:bd:52:db:f5:
-                    7b:a9:5b:87:8f:ee:96:e9:f4:39:d3:ac:50:e0:fd:
-                    8a:18:cf:60:ae:de:26:59:04:22:dd:f2:57:1a:31:
-                    9f:c8:94:d0:6a:5a:98:d4:eb:87:d6:86:71:ce:06:
-                    fe:2a:96:1b:7a:e6:c5:00:82:b0:73:cb:11:72:87:
-                    8b:a6:13:c0:37:73:cc:b3:5e:10:07:a9:cc:da:66:
-                    4b:bb:ff:5c:b5:ab:84:b5:6b:1a:b7:fb:a8:82:84:
-                    18:b5
+                    00:c6:b8:04:3d:d6:fa:31:a0:d7:f7:e9:88:4b:5a:
+                    5e:6f:6f:db:f4:c9:4b:7e:6c:2a:cf:34:7b:2a:ba:
+                    1a:71:ad:7f:78:6c:f7:1e:ca:07:d0:29:03:49:e4:
+                    63:86:4c:f6:67:3f:bd:32:69:cb:b8:15:e7:0e:cf:
+                    28:3d:9e:96:91:8e:4f:73:a9:27:77:4c:26:61:cd:
+                    d6:e7:4e:3c:64:c3:13:ba:8e:ec:03:0f:bc:d4:83:
+                    b3:94:f2:be:d0:18:30:c5:52:49:cb:9a:60:cf:f3:
+                    b9:ca:2f:63:9d:34:ee:87:3a:58:e7:a1:99:dd:dc:
+                    56:87:e1:a0:d7:6b:37:ae:bb:13:db:7d:fa:2a:3d:
+                    9c:39:79:f6:01:a6:e3:3a:e7:18:14:cb:c7:57:b9:
+                    83:d1:ba:b8:2c:5a:c4:97:2f:ee:8d:68:48:37:f8:
+                    17:db:32:b9:ea:25:4f:28:57:01:39:13:dc:c0:f7:
+                    d0:cc:65:f9:2b:b8:4c:a1:5b:11:ce:44:e2:28:b9:
+                    63:62:fd:08:fa:b6:cd:49:d5:b9:fe:9e:68:9c:9a:
+                    b5:1a:3e:cc:bf:0e:74:db:52:3f:25:30:cd:7d:02:
+                    41:c7:c9:8a:58:12:35:25:21:95:c4:6b:c3:f5:79:
+                    c2:00:cb:ef:7f:d7:9f:89:c9:ff:c0:b9:72:59:4c:
+                    33:47
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -45,58 +45,55 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                64:67:EE:AA:EE:F6:F1:0B:41:A6:62:B9:76:D2:C7:A9:29:D6:32:41
+                4A:F1:79:1B:13:71:A4:0F:F9:06:CC:B6:2C:CD:24:46:DF:E6:08:2D
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         31:d9:63:a2:0c:ca:2f:b0:5a:81:c5:07:b9:c2:49:f1:a8:8e:
-         04:e9:b7:89:f9:b0:90:10:33:76:ec:c3:8f:da:c5:54:a7:99:
-         4d:a7:53:e0:91:b9:89:51:83:6c:38:32:f2:8f:56:e6:e4:bc:
-         22:45:a5:91:10:e0:c6:bc:2c:36:41:16:2e:58:0d:82:7e:54:
-         41:f1:90:60:f8:98:54:f1:67:a4:df:2b:82:03:c5:c7:2e:a5:
-         28:97:b8:3d:9f:bb:fb:4f:33:8f:a1:f6:bd:34:86:1b:f4:33:
-         58:0e:23:b7:cf:39:07:22:e0:bf:31:9d:47:71:4d:e7:26:6b:
-         50:08:4d:8e:5f:c8:6d:3c:c8:04:2d:07:dc:3d:d1:d4:b6:3e:
-         c7:5b:dd:cd:c6:31:81:ac:0a:84:cd:e4:e3:67:f9:34:dc:7a:
-         9b:aa:57:a0:ca:a9:3e:e4:f0:cc:b4:30:56:4d:31:14:65:7d:
-         6a:3a:6f:26:ad:02:c4:3b:bb:f8:06:5a:e5:1f:13:6a:af:2c:
-         bc:b6:ec:ae:6c:84:9b:5f:76:0b:18:f3:d6:1e:8e:37:ad:d3:
-         15:ec:7f:74:c3:53:54:8d:f0:42:f9:40:0d:f1:48:a5:e6:94:
-         2f:7c:fc:16:0c:95:c8:86:a3:b7:71:10:c1:19:be:50:73:2a:
-         22:15:19:56
+    Signature Value:
+        67:ef:ad:8f:fa:ee:f1:fd:33:67:62:06:5f:09:55:7c:cf:82:
+        1a:e8:fc:f5:97:ba:63:bd:d0:a0:8b:85:2c:fc:f0:34:4a:97:
+        b2:18:d7:63:34:63:f4:1f:50:c7:0e:13:d9:bc:3b:73:3d:41:
+        93:16:b3:30:95:88:cd:75:c8:8c:58:4b:ab:96:e6:78:68:15:
+        0f:84:e7:8e:17:94:1a:b3:f3:12:ab:26:fd:fa:73:31:33:36:
+        85:83:2d:e3:3a:f2:a6:29:c6:37:30:3d:17:d2:39:31:d1:56:
+        1b:8d:df:fb:07:ad:81:0b:91:e5:bd:7b:37:a0:a0:5a:2c:33:
+        2b:8d:69:8b:d7:c1:45:61:85:ef:32:45:dd:00:a2:81:98:44:
+        0d:eb:01:95:fc:ac:0f:b5:34:a4:5f:35:5c:68:63:50:5a:69:
+        56:f3:99:c4:67:70:89:13:30:c0:64:ff:f1:a6:77:68:69:63:
+        9e:6f:f8:3c:6f:cd:af:7f:de:0d:87:55:ae:39:b3:b2:f5:4f:
+        47:79:1f:32:ee:ae:8f:32:dc:88:30:cd:38:6c:4b:28:55:c3:
+        7d:74:6b:de:d0:49:c9:05:ea:62:71:a6:f8:1e:76:da:3c:a7:
+        17:cd:1a:92:a3:c4:e8:85:d1:ad:34:0c:71:37:3f:6c:d3:7f:
+        9a:d6:ca:de
 -----BEGIN CERTIFICATE-----
-MIIERDCCAyygAwIBAgIGDy7TwsFmMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIERDCCAyygAwIBAgIGDzR1USo8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzZaFw0zMTAzMTExMjIxMzZaMFQxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCraDJPDstPfTKQhq6yqISPZHwtr6jDK8ZU4Y5yXRcYOa4TdRyFzMvIlIRH
-9orW25Ko/ygmJiAsfCoBER8peC2lPm8UAQK6Eh/K68l2BQdYajkKDY2M4D0NR1lR
-X53J0aNC7pNCGxdPW1YWpS8OY3vXiggTAtE+/sNO+rGKRI7dThqX92JqNmNQg8YP
-8yL0I/G5xi5cwv/iYwCUxBWzRgSpvVLb9XupW4eP7pbp9DnTrFDg/YoYz2Cu3iZZ
-BCLd8lcaMZ/IlNBqWpjU64fWhnHOBv4qlht65sUAgrBzyxFyh4umE8A3c8yzXhAH
-qczaZku7/1y1q4S1axq3+6iChBi1AgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
+AoIBAQDGuAQ91voxoNf36YhLWl5vb9v0yUt+bCrPNHsquhpxrX94bPceygfQKQNJ
+5GOGTPZnP70yacu4FecOzyg9npaRjk9zqSd3TCZhzdbnTjxkwxO6juwDD7zUg7OU
+8r7QGDDFUknLmmDP87nKL2OdNO6HOljnoZnd3FaH4aDXazeuuxPbffoqPZw5efYB
+puM65xgUy8dXuYPRurgsWsSXL+6NaEg3+BfbMrnqJU8oVwE5E9zA99DMZfkruEyh
+WxHOROIouWNi/Qj6ts1J1bn+nmicmrUaPsy/DnTbUj8lMM19AkHHyYpYEjUlIZXE
+a8P1ecIAy+9/15+Jyf/AuXJZTDNHAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
 b2NhbGhvc3QwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud
-DgQWBBRkZ+6q7vbxC0GmYrl20sepKdYyQTAfBgNVHSMEGDAWgBRSQO7hT5VYKcqE
-Z4wPjMz+j6n6qDAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
+DgQWBBRK8XkbE3GkD/kGzLYszSRG3+YILTAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj
+5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
 AoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1Ud
 HwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290
-LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAMdljogzKL7BagcUHucJJ8aiOBOm3ifmw
-kBAzduzDj9rFVKeZTadT4JG5iVGDbDgy8o9W5uS8IkWlkRDgxrwsNkEWLlgNgn5U
-QfGQYPiYVPFnpN8rggPFxy6lKJe4PZ+7+08zj6H2vTSGG/QzWA4jt885ByLgvzGd
-R3FN5yZrUAhNjl/IbTzIBC0H3D3R1LY+x1vdzcYxgawKhM3k42f5NNx6m6pXoMqp
-PuTwzLQwVk0xFGV9ajpvJq0CxDu7+AZa5R8Taq8svLbsrmyEm192Cxjz1h6ON63T
-Fex/dMNTVI3wQvlADfFIpeaUL3z8FgyVyIajt3EQwRm+UHMqIhUZVg==
+LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAZ++tj/ru8f0zZ2IGXwlVfM+CGuj89Ze6
+Y73QoIuFLPzwNEqXshjXYzRj9B9Qxw4T2bw7cz1BkxazMJWIzXXIjFhLq5bmeGgV
+D4TnjheUGrPzEqsm/fpzMTM2hYMt4zrypinGNzA9F9I5MdFWG43f+wetgQuR5b17
+N6CgWiwzK41pi9fBRWGF7zJF3QCigZhEDesBlfysD7U0pF81XGhjUFppVvOZxGdw
+iRMwwGT/8aZ3aGljnm/4PG/Nr3/eDYdVrjmzsvVPR3kfMu6ujzLciDDNOGxLKFXD
+fXRr3tBJyQXqYnGm+B522jynF80akqPE6IXRrTQMcTc/bNN/mtbK3g==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-sv.csr b/tests/certs/Server-localhost-sv.csr
index be90e9dba..aa3dc8ccc 100644
--- a/tests/certs/Server-localhost-sv.csr
+++ b/tests/certs/Server-localhost-sv.csr
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIICmTCCAYECAQAwVDELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
 cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxEjAQBgNVBAMMCWxvY2FsaG9z
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKtoMk8Oy099MpCGrrKo
-hI9kfC2vqMMrxlThjnJdFxg5rhN1HIXMy8iUhEf2itbbkqj/KCYmICx8KgERHyl4
-LaU+bxQBAroSH8rryXYFB1hqOQoNjYzgPQ1HWVFfncnRo0Luk0IbF09bVhalLw5j
-e9eKCBMC0T7+w076sYpEjt1OGpf3Ymo2Y1CDxg/zIvQj8bnGLlzC/+JjAJTEFbNG
-BKm9Utv1e6lbh4/ulun0OdOsUOD9ihjPYK7eJlkEIt3yVxoxn8iU0GpamNTrh9aG
-cc4G/iqWG3rmxQCCsHPLEXKHi6YTwDdzzLNeEAepzNpmS7v/XLWrhLVrGrf7qIKE
-GLUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB4KV4QM8sB8DIER47BAZwo1BrQ
-P1YSU2+dl63urL9NyXBRiw08GmfL/afK8Gto3SNXs64pLmNDrp5DqheFb/VqK1OP
-K8mlqTPcedMgte0Ej9/Bcn6cMW+cOfMus3DjFrTi/lwZs8xOtT9UZw6s7ZeHT2OR
-bGN6HFL7X3ggXIM5Om+/Key4JllEtvfwLrWreSQsbwLP5cWkKjtnKa6+i73fD55I
-NVjRYg4Oh1BY13gO6Kz+S6L+z+4/QgDOR9pvnghbDCcTdfMEc93OVU6n/rr6tPA7
-TSU9v6XCOlrSBBHZKKGEMXvpTu+yM6NDl0ikh/p4e3qqa6aG4sDmkVAAvUas
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMa4BD3W+jGg1/fpiEta
+Xm9v2/TJS35sKs80eyq6GnGtf3hs9x7KB9ApA0nkY4ZM9mc/vTJpy7gV5w7PKD2e
+lpGOT3OpJ3dMJmHN1udOPGTDE7qO7AMPvNSDs5TyvtAYMMVSScuaYM/zucovY500
+7oc6WOehmd3cVofhoNdrN667E9t9+io9nDl59gGm4zrnGBTLx1e5g9G6uCxaxJcv
+7o1oSDf4F9syueolTyhXATkT3MD30Mxl+Su4TKFbEc5E4ii5Y2L9CPq2zUnVuf6e
+aJyatRo+zL8OdNtSPyUwzX0CQcfJilgSNSUhlcRrw/V5wgDL73/Xn4nJ/8C5cllM
+M0cCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBtz8OLB7+70UnIZ1s3VNIoYetH
+yqnBkNQusZrWmv4kHrIUP4K8zq0HCTGTWdxOAp23aU+yZyceu75aD8WosZoT0Q71
+zTLMMjo+ZRkeWuTo+xyLYoSdlkmyQN9xaj0owQ6UycL07aainnf2+n/ybaMFtUYB
+g1LVOwSvtyLQTxByZZ7mJvl+fczSN+E4AuNA8feECXh3oZ/MmWKFGIhkJ36Q4DYD
+PZ9J2RAV11KeHXLAKjnxsetQRiEdlvKetRknMCptgjVO23qIV62EbyL5mKrlz9Kx
+lTzM788YjSx+u2PTWJi4gduTcsirVel3yFJyHjvSEhMPTPuSDfD1fXSvp22G
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost-sv.der b/tests/certs/Server-localhost-sv.der
index 7e65d4d4e..2e56bd991 100644
--- a/tests/certs/Server-localhost-sv.der
+++ b/tests/certs/Server-localhost-sv.der
diff --git a/tests/certs/Server-localhost-sv.key b/tests/certs/Server-localhost-sv.key
index 2a62b44ea..a2c95eea9 100644
--- a/tests/certs/Server-localhost-sv.key
+++ b/tests/certs/Server-localhost-sv.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAq2gyTw7LT30ykIausqiEj2R8La+owyvGVOGOcl0XGDmuE3Uc
-hczLyJSER/aK1tuSqP8oJiYgLHwqAREfKXgtpT5vFAECuhIfyuvJdgUHWGo5Cg2N
-jOA9DUdZUV+dydGjQu6TQhsXT1tWFqUvDmN714oIEwLRPv7DTvqxikSO3U4al/di
-ajZjUIPGD/Mi9CPxucYuXML/4mMAlMQVs0YEqb1S2/V7qVuHj+6W6fQ506xQ4P2K
-GM9grt4mWQQi3fJXGjGfyJTQalqY1OuH1oZxzgb+KpYbeubFAIKwc8sRcoeLphPA
-N3PMs14QB6nM2mZLu/9ctauEtWsat/uogoQYtQIDAQABAoIBAQCBzQUUA1MJHfkV
-ozhWSPEhmWnEOxqkudiWXLy/dClSChP93hi8ZisH+Rf3Wwcmz95PJfJkeUiyB1DT
-wACGKeD/GrmJP36uI5150Haebg5y8PXC3CKORR1WmepUigD2XU+yFvLjA5ryWGtn
-+K0ay1F0Fq4on2CPwONsQsIBwAskIIxrrwP1ICglMRvffG8xa6oxysjmbfGVoA/K
-Svm+SpunzW1s76t3eKRAy+hqrUzMSW0iZ/6SSJCxAzgi0oOMSR4qCjG23Tcq3Ly/
-KgRcW6Ct13Or1B663/fj5JVavBB11ev6m66Jg/aGzhUXiOy3sO9rs/pD4ObrQSgh
-aaY5uiL9AoGBAN94RoqZPv4pSuODoirCTv7ZAMkqRxlneKJw9BmbvLukVnlQC2sQ
-teYkvyBOTIr4+VEdsaVvOiGydILQb2peezGoymd/xtg4y8j3ndqi0ongVvvOnOSj
-4elv3EISmnYPfTHyC52ZIocot0P+5qb4OI8UopMunblU4ge7g22SvPxvAoGBAMRb
-xanm2OHuGSFaKSot2GA131UrWdRwT9l3nW73IAFQVeip34JIrtBOHiFimc4IdQUu
-D89LoSV0Z6bwEWuJmRXb6M6rHdHGPDw0Rz8koV3v4mCK8iEH3+JmhSIblk0ljUSz
-gJHi9L9ZrP4c2915QDaaNkKeaOFbDpVzle2jUJcbAoGBAKcWnVgAYXNUmKQoxlZG
-Vx6CTu4a6HJ8RVzgLAQByEpdBDNMwFzbb8aW7zlOkjjPFEuscimKUuLjNe6hvsy/
-vElTNZPRnHILdYPccXEKkXV6Ak/hGrpyNvZ+JyhYFJn11txDaJ/74i9BKFZ0/y0V
-J+UDvtNh5ZiveRnjANArCZeNAoGAeh95uEnS6fFjv9KLd6g7wtq+pAHqRK31e5Nh
-Xvpj9W05gRLl5+m8j+GF682fSv0HiskzHAI1n03eiX0V2IQjqeyzxpW2XhmkrOz2
-wtbNZdckPFcucEyteem5M5VkzWZljiz18cXt4nSrmv/n3r7iqRMQXC6ZnE89qsXQ
-oZPJM7ECgYEA0rkNhSPsd6ioh6g7Z+X45NR3K5xii6og4IcF7AHKUzmsv2FdHR9+
-K9Pudy0IZhoX6EKN3VkBZAP1AhX4nSQA5hlh2Yzheju6qAyEGF0edVgtF6kur6iq
-SJYTEPhkybV1nZif6Ej/U3tZus5ozO9FkAexsSKJX3ZC46O5bHCCz2o=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDGuAQ91voxoNf3
+6YhLWl5vb9v0yUt+bCrPNHsquhpxrX94bPceygfQKQNJ5GOGTPZnP70yacu4FecO
+zyg9npaRjk9zqSd3TCZhzdbnTjxkwxO6juwDD7zUg7OU8r7QGDDFUknLmmDP87nK
+L2OdNO6HOljnoZnd3FaH4aDXazeuuxPbffoqPZw5efYBpuM65xgUy8dXuYPRurgs
+WsSXL+6NaEg3+BfbMrnqJU8oVwE5E9zA99DMZfkruEyhWxHOROIouWNi/Qj6ts1J
+1bn+nmicmrUaPsy/DnTbUj8lMM19AkHHyYpYEjUlIZXEa8P1ecIAy+9/15+Jyf/A
+uXJZTDNHAgMBAAECggEAH48J3WhOw6LvqYeFBbKMXNY+8FknjCRRiCaliNuVZ4hO
+PinP9SvQodZhl1KWG7YNS8hrm54BpHKWB1wO3/pXnzYimBO9GM0XK2EtR/68yKPS
+dkZMZRASxQ1Fb9o9Q38T/8JZxeP2jBAA6YMtJsJJP2Cczex0Ky/a7il/CbcVWMJF
+VCqHEWCBge59xZifsKiAiK/Yw5W6uyi9OZ9a2D7bzJh0sojPIY90d7EhW4u/QCzk
+aXn78RbgxDkQyz5AQrIQzEMcOYr+AxiVT5S1v15FoaoWlm1IrNpEmf63PvwRKPZM
+ZW1cqR8onTQBndzAdwn9qHjtuRvhoHMe5RWs4rzDAQKBgQDTq2NGbkNdK14oSu7/
+t+z4Z3nGhHmY9pI1jF5/s3ialO/7YD4ul5MXaJt6dbklkPqsN0vmhPeeavAy6tsG
+iU4SdTuptKg5aZMZnDa9zu9lM4raJpDf9AuncffjVFqy9EDII5Wi1UIRDTD8D1gp
+LBYuFUTpo7R+JD3yqLXvbOw8UQKBgQDwVkgTqbAwbx35sKhpFo0VOAj3GVZkC6zt
+nFS03MmHPjge69u3B3I6oavYtwROq+6S9rj3MLuj4DhVbO5Yxi+XqY5wXhFUPPSp
+1ejXF8aAwWtZEeMTTsaN8jl3nfzdNul8G5mVfpY/VmZMhuAXclsAR9ke/x+FcmrQ
+Furd0lxIFwKBgQDSXVobzEf817YLW3WuBbBorAY1ysFCyYND3s6oIcjx8KWU8fC6
+w3+3WwpyqX8pm63V7Frtriaede9k2050b498/rAeGGK8NHWylTM+buQzcwdDieKg
+AN54Ouc/Mj217tRXVC5KF6JCahbN274lpSAiCpdjkIQ4fXJnsU6ntlwOEQKBgQDr
+rCAHsAkGpZ+mPlYWnreADC+2ZtExT8WmRvtFU5AHH7sWj0An7ZRU7D5AR89gefZ7
+hJaCRvZpTzDOi//5a3Y16V200Hl7uj5M4GbvrO/JSGHEuOaMA15uyQ0TQAg6wGMa
+gVIMp1IcD9RGzKeoNkoIL2w4mgJF8JnPLfnnxSUaxwKBgQCXP6btCbX7fryeIfUB
+PC1TOtyNvNWeoPJNT9eeNHxPC5VW2AC78XKxbHsVec16KJsOgj4Elc3h8/+X0wAU
+7Zo9CD7M2i1Tm5sKh90yBsZsU6jBWOBorLQnatDKVPXHLblVAEgK0qTJTAW8hLDn
+myYsFbt36qBXf1dVvo+5yhCxAw==
+-----END PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost-sv.pem b/tests/certs/Server-localhost-sv.pem
index 6b6495cde..583831f8f 100644
--- a/tests/certs/Server-localhost-sv.pem
+++ b/tests/certs/Server-localhost-sv.pem
@@ -36,45 +36,46 @@ commonName_value              = localhost
 # The key
 # the certificate
 # some dhparam
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAq2gyTw7LT30ykIausqiEj2R8La+owyvGVOGOcl0XGDmuE3Uc
-hczLyJSER/aK1tuSqP8oJiYgLHwqAREfKXgtpT5vFAECuhIfyuvJdgUHWGo5Cg2N
-jOA9DUdZUV+dydGjQu6TQhsXT1tWFqUvDmN714oIEwLRPv7DTvqxikSO3U4al/di
-ajZjUIPGD/Mi9CPxucYuXML/4mMAlMQVs0YEqb1S2/V7qVuHj+6W6fQ506xQ4P2K
-GM9grt4mWQQi3fJXGjGfyJTQalqY1OuH1oZxzgb+KpYbeubFAIKwc8sRcoeLphPA
-N3PMs14QB6nM2mZLu/9ctauEtWsat/uogoQYtQIDAQABAoIBAQCBzQUUA1MJHfkV
-ozhWSPEhmWnEOxqkudiWXLy/dClSChP93hi8ZisH+Rf3Wwcmz95PJfJkeUiyB1DT
-wACGKeD/GrmJP36uI5150Haebg5y8PXC3CKORR1WmepUigD2XU+yFvLjA5ryWGtn
-+K0ay1F0Fq4on2CPwONsQsIBwAskIIxrrwP1ICglMRvffG8xa6oxysjmbfGVoA/K
-Svm+SpunzW1s76t3eKRAy+hqrUzMSW0iZ/6SSJCxAzgi0oOMSR4qCjG23Tcq3Ly/
-KgRcW6Ct13Or1B663/fj5JVavBB11ev6m66Jg/aGzhUXiOy3sO9rs/pD4ObrQSgh
-aaY5uiL9AoGBAN94RoqZPv4pSuODoirCTv7ZAMkqRxlneKJw9BmbvLukVnlQC2sQ
-teYkvyBOTIr4+VEdsaVvOiGydILQb2peezGoymd/xtg4y8j3ndqi0ongVvvOnOSj
-4elv3EISmnYPfTHyC52ZIocot0P+5qb4OI8UopMunblU4ge7g22SvPxvAoGBAMRb
-xanm2OHuGSFaKSot2GA131UrWdRwT9l3nW73IAFQVeip34JIrtBOHiFimc4IdQUu
-D89LoSV0Z6bwEWuJmRXb6M6rHdHGPDw0Rz8koV3v4mCK8iEH3+JmhSIblk0ljUSz
-gJHi9L9ZrP4c2915QDaaNkKeaOFbDpVzle2jUJcbAoGBAKcWnVgAYXNUmKQoxlZG
-Vx6CTu4a6HJ8RVzgLAQByEpdBDNMwFzbb8aW7zlOkjjPFEuscimKUuLjNe6hvsy/
-vElTNZPRnHILdYPccXEKkXV6Ak/hGrpyNvZ+JyhYFJn11txDaJ/74i9BKFZ0/y0V
-J+UDvtNh5ZiveRnjANArCZeNAoGAeh95uEnS6fFjv9KLd6g7wtq+pAHqRK31e5Nh
-Xvpj9W05gRLl5+m8j+GF682fSv0HiskzHAI1n03eiX0V2IQjqeyzxpW2XhmkrOz2
-wtbNZdckPFcucEyteem5M5VkzWZljiz18cXt4nSrmv/n3r7iqRMQXC6ZnE89qsXQ
-oZPJM7ECgYEA0rkNhSPsd6ioh6g7Z+X45NR3K5xii6og4IcF7AHKUzmsv2FdHR9+
-K9Pudy0IZhoX6EKN3VkBZAP1AhX4nSQA5hlh2Yzheju6qAyEGF0edVgtF6kur6iq
-SJYTEPhkybV1nZif6Ej/U3tZus5ozO9FkAexsSKJX3ZC46O5bHCCz2o=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDGuAQ91voxoNf3
+6YhLWl5vb9v0yUt+bCrPNHsquhpxrX94bPceygfQKQNJ5GOGTPZnP70yacu4FecO
+zyg9npaRjk9zqSd3TCZhzdbnTjxkwxO6juwDD7zUg7OU8r7QGDDFUknLmmDP87nK
+L2OdNO6HOljnoZnd3FaH4aDXazeuuxPbffoqPZw5efYBpuM65xgUy8dXuYPRurgs
+WsSXL+6NaEg3+BfbMrnqJU8oVwE5E9zA99DMZfkruEyhWxHOROIouWNi/Qj6ts1J
+1bn+nmicmrUaPsy/DnTbUj8lMM19AkHHyYpYEjUlIZXEa8P1ecIAy+9/15+Jyf/A
+uXJZTDNHAgMBAAECggEAH48J3WhOw6LvqYeFBbKMXNY+8FknjCRRiCaliNuVZ4hO
+PinP9SvQodZhl1KWG7YNS8hrm54BpHKWB1wO3/pXnzYimBO9GM0XK2EtR/68yKPS
+dkZMZRASxQ1Fb9o9Q38T/8JZxeP2jBAA6YMtJsJJP2Cczex0Ky/a7il/CbcVWMJF
+VCqHEWCBge59xZifsKiAiK/Yw5W6uyi9OZ9a2D7bzJh0sojPIY90d7EhW4u/QCzk
+aXn78RbgxDkQyz5AQrIQzEMcOYr+AxiVT5S1v15FoaoWlm1IrNpEmf63PvwRKPZM
+ZW1cqR8onTQBndzAdwn9qHjtuRvhoHMe5RWs4rzDAQKBgQDTq2NGbkNdK14oSu7/
+t+z4Z3nGhHmY9pI1jF5/s3ialO/7YD4ul5MXaJt6dbklkPqsN0vmhPeeavAy6tsG
+iU4SdTuptKg5aZMZnDa9zu9lM4raJpDf9AuncffjVFqy9EDII5Wi1UIRDTD8D1gp
+LBYuFUTpo7R+JD3yqLXvbOw8UQKBgQDwVkgTqbAwbx35sKhpFo0VOAj3GVZkC6zt
+nFS03MmHPjge69u3B3I6oavYtwROq+6S9rj3MLuj4DhVbO5Yxi+XqY5wXhFUPPSp
+1ejXF8aAwWtZEeMTTsaN8jl3nfzdNul8G5mVfpY/VmZMhuAXclsAR9ke/x+FcmrQ
+Furd0lxIFwKBgQDSXVobzEf817YLW3WuBbBorAY1ysFCyYND3s6oIcjx8KWU8fC6
+w3+3WwpyqX8pm63V7Frtriaede9k2050b498/rAeGGK8NHWylTM+buQzcwdDieKg
+AN54Ouc/Mj217tRXVC5KF6JCahbN274lpSAiCpdjkIQ4fXJnsU6ntlwOEQKBgQDr
+rCAHsAkGpZ+mPlYWnreADC+2ZtExT8WmRvtFU5AHH7sWj0An7ZRU7D5AR89gefZ7
+hJaCRvZpTzDOi//5a3Y16V200Hl7uj5M4GbvrO/JSGHEuOaMA15uyQ0TQAg6wGMa
+gVIMp1IcD9RGzKeoNkoIL2w4mgJF8JnPLfnnxSUaxwKBgQCXP6btCbX7fryeIfUB
+PC1TOtyNvNWeoPJNT9eeNHxPC5VW2AC78XKxbHsVec16KJsOgj4Elc3h8/+X0wAU
+7Zo9CD7M2i1Tm5sKh90yBsZsU6jBWOBorLQnatDKVPXHLblVAEgK0qTJTAW8hLDn
+myYsFbt36qBXf1dVvo+5yhCxAw==
+-----END PRIVATE KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668326 (0xf2ed3c2c166)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980969532 (0xf3475512a3c)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:36 2022 GMT
+            Not After : Mar 11 12:21:36 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -83,24 +84,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ab:68:32:4f:0e:cb:4f:7d:32:90:86:ae:b2:a8:
-                    84:8f:64:7c:2d:af:a8:c3:2b:c6:54:e1:8e:72:5d:
-                    17:18:39:ae:13:75:1c:85:cc:cb:c8:94:84:47:f6:
-                    8a:d6:db:92:a8:ff:28:26:26:20:2c:7c:2a:01:11:
-                    1f:29:78:2d:a5:3e:6f:14:01:02:ba:12:1f:ca:eb:
-                    c9:76:05:07:58:6a:39:0a:0d:8d:8c:e0:3d:0d:47:
-                    59:51:5f:9d:c9:d1:a3:42:ee:93:42:1b:17:4f:5b:
-                    56:16:a5:2f:0e:63:7b:d7:8a:08:13:02:d1:3e:fe:
-                    c3:4e:fa:b1:8a:44:8e:dd:4e:1a:97:f7:62:6a:36:
-                    63:50:83:c6:0f:f3:22:f4:23:f1:b9:c6:2e:5c:c2:
-                    ff:e2:63:00:94:c4:15:b3:46:04:a9:bd:52:db:f5:
-                    7b:a9:5b:87:8f:ee:96:e9:f4:39:d3:ac:50:e0:fd:
-                    8a:18:cf:60:ae:de:26:59:04:22:dd:f2:57:1a:31:
-                    9f:c8:94:d0:6a:5a:98:d4:eb:87:d6:86:71:ce:06:
-                    fe:2a:96:1b:7a:e6:c5:00:82:b0:73:cb:11:72:87:
-                    8b:a6:13:c0:37:73:cc:b3:5e:10:07:a9:cc:da:66:
-                    4b:bb:ff:5c:b5:ab:84:b5:6b:1a:b7:fb:a8:82:84:
-                    18:b5
+                    00:c6:b8:04:3d:d6:fa:31:a0:d7:f7:e9:88:4b:5a:
+                    5e:6f:6f:db:f4:c9:4b:7e:6c:2a:cf:34:7b:2a:ba:
+                    1a:71:ad:7f:78:6c:f7:1e:ca:07:d0:29:03:49:e4:
+                    63:86:4c:f6:67:3f:bd:32:69:cb:b8:15:e7:0e:cf:
+                    28:3d:9e:96:91:8e:4f:73:a9:27:77:4c:26:61:cd:
+                    d6:e7:4e:3c:64:c3:13:ba:8e:ec:03:0f:bc:d4:83:
+                    b3:94:f2:be:d0:18:30:c5:52:49:cb:9a:60:cf:f3:
+                    b9:ca:2f:63:9d:34:ee:87:3a:58:e7:a1:99:dd:dc:
+                    56:87:e1:a0:d7:6b:37:ae:bb:13:db:7d:fa:2a:3d:
+                    9c:39:79:f6:01:a6:e3:3a:e7:18:14:cb:c7:57:b9:
+                    83:d1:ba:b8:2c:5a:c4:97:2f:ee:8d:68:48:37:f8:
+                    17:db:32:b9:ea:25:4f:28:57:01:39:13:dc:c0:f7:
+                    d0:cc:65:f9:2b:b8:4c:a1:5b:11:ce:44:e2:28:b9:
+                    63:62:fd:08:fa:b6:cd:49:d5:b9:fe:9e:68:9c:9a:
+                    b5:1a:3e:cc:bf:0e:74:db:52:3f:25:30:cd:7d:02:
+                    41:c7:c9:8a:58:12:35:25:21:95:c4:6b:c3:f5:79:
+                    c2:00:cb:ef:7f:d7:9f:89:c9:ff:c0:b9:72:59:4c:
+                    33:47
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -110,58 +111,55 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                64:67:EE:AA:EE:F6:F1:0B:41:A6:62:B9:76:D2:C7:A9:29:D6:32:41
+                4A:F1:79:1B:13:71:A4:0F:F9:06:CC:B6:2C:CD:24:46:DF:E6:08:2D
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         31:d9:63:a2:0c:ca:2f:b0:5a:81:c5:07:b9:c2:49:f1:a8:8e:
-         04:e9:b7:89:f9:b0:90:10:33:76:ec:c3:8f:da:c5:54:a7:99:
-         4d:a7:53:e0:91:b9:89:51:83:6c:38:32:f2:8f:56:e6:e4:bc:
-         22:45:a5:91:10:e0:c6:bc:2c:36:41:16:2e:58:0d:82:7e:54:
-         41:f1:90:60:f8:98:54:f1:67:a4:df:2b:82:03:c5:c7:2e:a5:
-         28:97:b8:3d:9f:bb:fb:4f:33:8f:a1:f6:bd:34:86:1b:f4:33:
-         58:0e:23:b7:cf:39:07:22:e0:bf:31:9d:47:71:4d:e7:26:6b:
-         50:08:4d:8e:5f:c8:6d:3c:c8:04:2d:07:dc:3d:d1:d4:b6:3e:
-         c7:5b:dd:cd:c6:31:81:ac:0a:84:cd:e4:e3:67:f9:34:dc:7a:
-         9b:aa:57:a0:ca:a9:3e:e4:f0:cc:b4:30:56:4d:31:14:65:7d:
-         6a:3a:6f:26:ad:02:c4:3b:bb:f8:06:5a:e5:1f:13:6a:af:2c:
-         bc:b6:ec:ae:6c:84:9b:5f:76:0b:18:f3:d6:1e:8e:37:ad:d3:
-         15:ec:7f:74:c3:53:54:8d:f0:42:f9:40:0d:f1:48:a5:e6:94:
-         2f:7c:fc:16:0c:95:c8:86:a3:b7:71:10:c1:19:be:50:73:2a:
-         22:15:19:56
+    Signature Value:
+        67:ef:ad:8f:fa:ee:f1:fd:33:67:62:06:5f:09:55:7c:cf:82:
+        1a:e8:fc:f5:97:ba:63:bd:d0:a0:8b:85:2c:fc:f0:34:4a:97:
+        b2:18:d7:63:34:63:f4:1f:50:c7:0e:13:d9:bc:3b:73:3d:41:
+        93:16:b3:30:95:88:cd:75:c8:8c:58:4b:ab:96:e6:78:68:15:
+        0f:84:e7:8e:17:94:1a:b3:f3:12:ab:26:fd:fa:73:31:33:36:
+        85:83:2d:e3:3a:f2:a6:29:c6:37:30:3d:17:d2:39:31:d1:56:
+        1b:8d:df:fb:07:ad:81:0b:91:e5:bd:7b:37:a0:a0:5a:2c:33:
+        2b:8d:69:8b:d7:c1:45:61:85:ef:32:45:dd:00:a2:81:98:44:
+        0d:eb:01:95:fc:ac:0f:b5:34:a4:5f:35:5c:68:63:50:5a:69:
+        56:f3:99:c4:67:70:89:13:30:c0:64:ff:f1:a6:77:68:69:63:
+        9e:6f:f8:3c:6f:cd:af:7f:de:0d:87:55:ae:39:b3:b2:f5:4f:
+        47:79:1f:32:ee:ae:8f:32:dc:88:30:cd:38:6c:4b:28:55:c3:
+        7d:74:6b:de:d0:49:c9:05:ea:62:71:a6:f8:1e:76:da:3c:a7:
+        17:cd:1a:92:a3:c4:e8:85:d1:ad:34:0c:71:37:3f:6c:d3:7f:
+        9a:d6:ca:de
 -----BEGIN CERTIFICATE-----
-MIIERDCCAyygAwIBAgIGDy7TwsFmMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIERDCCAyygAwIBAgIGDzR1USo8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzZaFw0zMTAzMTExMjIxMzZaMFQxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCraDJPDstPfTKQhq6yqISPZHwtr6jDK8ZU4Y5yXRcYOa4TdRyFzMvIlIRH
-9orW25Ko/ygmJiAsfCoBER8peC2lPm8UAQK6Eh/K68l2BQdYajkKDY2M4D0NR1lR
-X53J0aNC7pNCGxdPW1YWpS8OY3vXiggTAtE+/sNO+rGKRI7dThqX92JqNmNQg8YP
-8yL0I/G5xi5cwv/iYwCUxBWzRgSpvVLb9XupW4eP7pbp9DnTrFDg/YoYz2Cu3iZZ
-BCLd8lcaMZ/IlNBqWpjU64fWhnHOBv4qlht65sUAgrBzyxFyh4umE8A3c8yzXhAH
-qczaZku7/1y1q4S1axq3+6iChBi1AgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
+AoIBAQDGuAQ91voxoNf36YhLWl5vb9v0yUt+bCrPNHsquhpxrX94bPceygfQKQNJ
+5GOGTPZnP70yacu4FecOzyg9npaRjk9zqSd3TCZhzdbnTjxkwxO6juwDD7zUg7OU
+8r7QGDDFUknLmmDP87nKL2OdNO6HOljnoZnd3FaH4aDXazeuuxPbffoqPZw5efYB
+puM65xgUy8dXuYPRurgsWsSXL+6NaEg3+BfbMrnqJU8oVwE5E9zA99DMZfkruEyh
+WxHOROIouWNi/Qj6ts1J1bn+nmicmrUaPsy/DnTbUj8lMM19AkHHyYpYEjUlIZXE
+a8P1ecIAy+9/15+Jyf/AuXJZTDNHAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
 b2NhbGhvc3QwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud
-DgQWBBRkZ+6q7vbxC0GmYrl20sepKdYyQTAfBgNVHSMEGDAWgBRSQO7hT5VYKcqE
-Z4wPjMz+j6n6qDAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
+DgQWBBRK8XkbE3GkD/kGzLYszSRG3+YILTAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj
+5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
 AoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1Ud
 HwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290
-LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAMdljogzKL7BagcUHucJJ8aiOBOm3ifmw
-kBAzduzDj9rFVKeZTadT4JG5iVGDbDgy8o9W5uS8IkWlkRDgxrwsNkEWLlgNgn5U
-QfGQYPiYVPFnpN8rggPFxy6lKJe4PZ+7+08zj6H2vTSGG/QzWA4jt885ByLgvzGd
-R3FN5yZrUAhNjl/IbTzIBC0H3D3R1LY+x1vdzcYxgawKhM3k42f5NNx6m6pXoMqp
-PuTwzLQwVk0xFGV9ajpvJq0CxDu7+AZa5R8Taq8svLbsrmyEm192Cxjz1h6ON63T
-Fex/dMNTVI3wQvlADfFIpeaUL3z8FgyVyIajt3EQwRm+UHMqIhUZVg==
+LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAZ++tj/ru8f0zZ2IGXwlVfM+CGuj89Ze6
+Y73QoIuFLPzwNEqXshjXYzRj9B9Qxw4T2bw7cz1BkxazMJWIzXXIjFhLq5bmeGgV
+D4TnjheUGrPzEqsm/fpzMTM2hYMt4zrypinGNzA9F9I5MdFWG43f+wetgQuR5b17
+N6CgWiwzK41pi9fBRWGF7zJF3QCigZhEDesBlfysD7U0pF81XGhjUFppVvOZxGdw
+iRMwwGT/8aZ3aGljnm/4PG/Nr3/eDYdVrjmzsvVPR3kfMu6ujzLciDDNOGxLKFXD
+fXRr3tBJyQXqYnGm+B522jynF80akqPE6IXRrTQMcTc/bNN/mtbK3g==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-sv.pub.der b/tests/certs/Server-localhost-sv.pub.der
index 4992bec83..000c72163 100644
--- a/tests/certs/Server-localhost-sv.pub.der
+++ b/tests/certs/Server-localhost-sv.pub.der
diff --git a/tests/certs/Server-localhost-sv.pub.pem b/tests/certs/Server-localhost-sv.pub.pem
index fe3b6dd82..24fe14454 100644
--- a/tests/certs/Server-localhost-sv.pub.pem
+++ b/tests/certs/Server-localhost-sv.pub.pem
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2gyTw7LT30ykIausqiE
-j2R8La+owyvGVOGOcl0XGDmuE3UchczLyJSER/aK1tuSqP8oJiYgLHwqAREfKXgt
-pT5vFAECuhIfyuvJdgUHWGo5Cg2NjOA9DUdZUV+dydGjQu6TQhsXT1tWFqUvDmN7
-14oIEwLRPv7DTvqxikSO3U4al/diajZjUIPGD/Mi9CPxucYuXML/4mMAlMQVs0YE
-qb1S2/V7qVuHj+6W6fQ506xQ4P2KGM9grt4mWQQi3fJXGjGfyJTQalqY1OuH1oZx
-zgb+KpYbeubFAIKwc8sRcoeLphPAN3PMs14QB6nM2mZLu/9ctauEtWsat/uogoQY
-tQIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrgEPdb6MaDX9+mIS1pe
+b2/b9MlLfmwqzzR7Kroaca1/eGz3HsoH0CkDSeRjhkz2Zz+9MmnLuBXnDs8oPZ6W
+kY5Pc6knd0wmYc3W5048ZMMTuo7sAw+81IOzlPK+0BgwxVJJy5pgz/O5yi9jnTTu
+hzpY56GZ3dxWh+Gg12s3rrsT2336Kj2cOXn2AabjOucYFMvHV7mD0bq4LFrEly/u
+jWhIN/gX2zK56iVPKFcBORPcwPfQzGX5K7hMoVsRzkTiKLljYv0I+rbNSdW5/p5o
+nJq1Gj7Mvw5021I/JTDNfQJBx8mKWBI1JSGVxGvD9XnCAMvvf9eficn/wLlyWUwz
+RwIDAQAB
 -----END PUBLIC KEY-----
diff --git a/tests/certs/Server-localhost-sv.pubkey-pinned b/tests/certs/Server-localhost-sv.pubkey-pinned
index 9c6007f2c..96a362a6c 100644
--- a/tests/certs/Server-localhost-sv.pubkey-pinned
+++ b/tests/certs/Server-localhost-sv.pubkey-pinned
@@ -1 +1 @@
-d6NWnt6Q9+jU//Ak49bc7+k96pcarb3XjHYM8BMPxg0=
+AAUDLk4c98xcFUDvA9i/MnA9HuO03IPi15r+Cx9OXnc=
diff --git a/tests/certs/Server-localhost.nn-sv.crl b/tests/certs/Server-localhost.nn-sv.crl
index 22f16d59c..a944c3375 100644
--- a/tests/certs/Server-localhost.nn-sv.crl
+++ b/tests/certs/Server-localhost.nn-sv.crl
@@ -1,16 +1,13 @@
 -----BEGIN X509 CRL-----
-MIICjTCCAXUCAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
-BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
-BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjExMjUxMjMy
-NDZaFw0yMjEyMjUxMjMyNDZaMIHIMBcCBg8u0qPc0hcNMjIxMTI1MTIwMTI2WjAX
-AgYPLtKj3OQXDTIyMTEyNTEyMDEyNlowFwIGDy7So9z3Fw0yMjExMjUxMjAxMjZa
-MBcCBg8u0qPdCBcNMjIxMTI1MTIwMTI2WjAXAgYPLtKkBCoXDTIyMTEyNTEyMDEy
-N1owFwIGDy7SpAQ7Fw0yMjExMjUxMjAxMjdaMBcCBg8u08LBZhcNMjIxMTI1MTIz
-MjQ2WjAXAgYPLtPCwXwXDTIyMTEyNTEyMzI0NlqgDjAMMAoGA1UdFAQDAgEBMA0G
-CSqGSIb3DQEBBQUAA4IBAQDDFeGwdAu3Bi2P8BaqmLhE6MsDckgxbJf6fWPZbKaT
-1IxMK6G76AiV5CSJGqVCuaVJaw6GlUKBb1SgtQO96SKHCsLVON2nXadcmqJdoxdR
-cVRe0Ow/j0jmv+jzG3tc5gbWNA3SYNm/EcJKF+vUZitQwzw8x5POuHVO1VYO/NlB
-V9nuEjsSA4FYJla7Z783VsvVovXF8/arqeXUgjXzo/Q/Gju3wcUu87QyN4V/PBdD
-9zHLjL8inzPCjb25RJQG1x+bGtcsNfkBpXy2WJUX+PrS4Zt9hwWhT+XNS2RAiXcT
-niv2Eoq0Qy1kPojUH4phSzJij52wlonPz4AkOzykLqV0
+MIIB9TCB3gIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE
+CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG
+A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTIyMTIyMzEyMjEz
+N1oXDTIzMDEyMjEyMjEzN1owMjAXAgYPNHVRKjwXDTIyMTIyMzEyMjEzNlowFwIG
+DzR1UVFhFw0yMjEyMjMxMjIxMzdaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
+AQsFAAOCAQEAii+pMstYDtBKHc84kkIEwV+zwGAAJo+jf/AHnqbagpoPKn61ci74
+74Q8BlrYTOksAJhVA/DwFnB8rwGHtGpnDvXtjpVMpvrQSGwi6D6FdjwUkq1aTQrF
+AZEHps1FCWYrOprz3YF49xQAKuq6yX+UxJXdUOqXZPgbtdGZBHNAdVK3Hu45C25e
+7U1CWKOHRMLyGJ4ynzysf3cUiSqHZG1A+WB6BeSz6guOVyb8I8/VZ+e3whcxAa5+
+YORoKFRS24bO/c9/XBsSC3E6i3kuPg/UVdI726DQwOXBYwtrkESzMsMMgeEXrNFm
+j3IyctWm2G/i/WkCNrt3bfTKV4th8tHdlA==
 -----END X509 CRL-----
diff --git a/tests/certs/Server-localhost.nn-sv.crt b/tests/certs/Server-localhost.nn-sv.crt
index f37532c7b..7738e5ba6 100644
--- a/tests/certs/Server-localhost.nn-sv.crt
+++ b/tests/certs/Server-localhost.nn-sv.crt
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668348 (0xf2ed3c2c17c)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980979553 (0xf3475515161)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:37 2022 GMT
+            Not After : Mar 11 12:21:37 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,24 +18,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:cd:67:b9:25:97:15:68:02:60:19:59:4a:d1:1e:
-                    33:11:fa:ad:1b:a7:1f:34:34:25:24:af:68:b8:b2:
-                    a7:bd:0f:d8:34:22:85:88:4a:4e:25:c8:79:9e:f2:
-                    a3:2d:07:f6:2c:28:12:95:08:63:2c:0c:62:93:f5:
-                    ed:cb:77:69:c4:f3:58:fa:41:d0:41:bb:83:29:49:
-                    44:bb:1c:bd:e0:0e:08:13:79:f3:d6:fb:8e:90:69:
-                    30:65:97:b4:14:8c:4e:23:83:96:71:3d:d4:e9:05:
-                    45:7c:b0:f6:b3:40:e7:b8:eb:98:65:45:25:e8:6c:
-                    dd:b8:f7:37:6a:51:4e:3e:40:e1:00:21:8f:af:2b:
-                    02:44:b9:1f:06:bc:ee:a2:e0:48:5a:47:c3:dc:49:
-                    3b:c3:e7:ed:69:bd:d8:3a:ce:ba:9f:8c:31:8f:c3:
-                    8a:36:74:5a:f1:c1:8c:ab:30:f1:9f:78:70:32:bf:
-                    1b:6e:cd:19:67:6f:c4:39:9a:85:3e:b4:87:29:e4:
-                    67:2e:df:3b:48:6c:a0:58:52:f8:e2:97:16:2a:7c:
-                    b3:33:6b:6c:d2:26:1f:25:94:0e:8e:da:2f:8a:e3:
-                    5b:8d:8d:78:c7:cb:fc:3e:aa:37:08:63:95:80:ff:
-                    70:16:cc:2b:2b:5d:56:55:33:54:38:37:66:db:c7:
-                    10:9b
+                    00:a3:9a:e4:0f:e0:bd:93:a9:5a:a7:5e:ad:85:5e:
+                    d6:e0:98:b4:e9:22:e0:62:90:c3:d9:57:37:16:5d:
+                    57:3d:68:ca:e2:cf:2f:46:67:1a:0c:af:0e:89:86:
+                    01:06:df:d6:c9:80:15:0a:43:85:40:3f:da:ee:ee:
+                    78:09:7c:90:e4:89:63:92:40:0b:22:1c:e2:d3:16:
+                    a9:93:62:e4:04:7a:b0:ab:25:3a:74:02:44:ea:f1:
+                    31:89:94:29:74:a0:e2:bb:ae:e7:0f:f1:38:6a:87:
+                    1e:dd:5b:e6:a4:cc:97:ac:d3:01:9a:71:27:a3:22:
+                    6d:d8:4a:c7:49:5c:16:ae:61:a7:06:3a:90:b4:df:
+                    71:af:a5:fd:51:46:75:cd:78:e0:0c:52:99:41:4f:
+                    56:29:a6:a2:a3:dd:d9:7e:29:3e:68:a5:af:c0:34:
+                    b5:73:52:12:04:90:07:1b:f5:8b:a3:71:56:c5:95:
+                    4e:62:18:d4:ec:e9:4e:90:1b:91:25:bb:32:15:db:
+                    15:38:59:14:c9:c5:c6:0a:08:aa:2d:f5:67:aa:2f:
+                    eb:97:74:8a:8b:3e:5f:09:27:b0:bf:b3:a3:85:e9:
+                    7a:f5:39:dc:1d:c7:f4:34:73:d8:f2:ed:b0:c9:1d:
+                    2a:85:ee:e2:fb:51:09:5e:ff:bf:bc:79:c3:6d:30:
+                    89:b9
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -45,58 +45,55 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                17:E7:2A:D5:F1:53:08:2E:A5:6B:02:E8:E2:49:14:9F:92:84:0D:2B
+                85:A2:1D:76:BD:C6:8B:D6:D2:2D:05:77:24:EC:78:7B:70:71:77:C1
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         3a:ef:ac:65:27:49:37:3a:af:e0:e3:21:62:74:5d:12:d7:bf:
-         5c:54:27:76:d6:97:a0:b4:37:fa:ba:a9:39:61:53:9d:d3:e8:
-         e7:57:ed:ed:89:e3:4a:5c:ac:88:78:cd:11:7c:fe:95:ed:8c:
-         89:91:a9:aa:af:8b:4b:f5:98:b5:07:60:9c:4c:9b:53:8a:73:
-         62:1e:3c:26:2d:cc:a1:29:47:2f:3a:6f:b4:03:31:24:d2:64:
-         ca:20:d6:5e:54:d2:80:7f:cb:d7:aa:6f:27:33:ee:66:c0:69:
-         3c:1a:a0:23:80:d7:2a:e3:3c:06:ac:5b:c4:04:57:6e:7d:61:
-         d8:cd:72:17:ef:18:98:5b:1b:b9:1d:08:82:cb:4f:b2:0e:46:
-         4e:68:3e:dc:6c:85:38:7c:01:b1:5f:6e:be:de:81:8e:3f:8d:
-         f2:8f:92:54:13:6c:79:d4:0f:5b:27:cd:2c:27:80:8d:10:58:
-         75:9e:20:ed:54:02:bf:42:81:39:45:77:81:a7:04:34:ec:4f:
-         ca:c9:3f:11:4f:8f:ef:e8:e4:02:b7:84:f0:12:93:81:5c:22:
-         35:6b:0e:3d:2f:0f:97:f4:1d:88:c6:c1:ff:ca:44:0b:94:87:
-         ab:c9:39:18:7e:ce:33:ae:79:f9:ef:9c:b4:5e:04:5e:53:51:
-         3b:87:7f:96
+    Signature Value:
+        66:8f:f5:ea:6a:5d:58:b6:50:b0:5b:7b:1f:c1:54:d9:a3:bb:
+        36:1b:eb:19:4a:0e:1c:26:43:32:84:de:cb:c9:eb:08:9a:ee:
+        9d:d5:a6:62:3e:70:de:61:89:a9:d0:11:20:2a:a6:5c:19:ab:
+        91:71:78:f6:5f:ab:e6:03:94:b3:94:42:7b:42:c6:37:f0:4c:
+        b7:49:5d:90:c5:e3:24:2c:a0:ce:fe:be:71:11:3e:e6:0b:13:
+        85:8d:36:e6:db:82:8b:fd:51:a3:3d:42:4c:0d:fd:cf:0b:d8:
+        37:ab:f2:e5:53:15:3f:01:d7:a9:78:d5:99:fe:33:88:d7:c6:
+        31:dd:bf:b1:d2:e6:31:17:6e:28:91:19:26:36:d7:bc:98:04:
+        4c:30:cb:58:ec:b3:c9:1d:22:bf:28:bc:17:6d:2d:5d:36:c3:
+        e5:12:80:5d:02:4c:61:48:95:a8:77:96:49:e2:17:87:fd:3b:
+        cc:55:15:0d:b8:13:5e:31:97:05:78:78:7b:0d:8e:3d:ac:25:
+        99:81:61:77:c4:a4:a2:25:f1:70:34:17:40:f7:cb:f3:fd:da:
+        ad:bd:6d:f1:dc:85:0f:dd:4d:21:9e:19:6a:97:b3:43:44:71:
+        db:74:3f:bf:8a:8d:06:54:48:fd:9e:88:e8:5d:d2:be:ee:b4:
+        69:1b:63:11
 -----BEGIN CERTIFICATE-----
-MIIESjCCAzKgAwIBAgIGDy7TwsF8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIESjCCAzKgAwIBAgIGDzR1UVFhMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFcxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzdaFw0zMTAzMTExMjIxMzdaMFcxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDNZ7kllxVoAmAZWUrRHjMR+q0bpx80NCUkr2i4sqe9D9g0IoWISk4l
-yHme8qMtB/YsKBKVCGMsDGKT9e3Ld2nE81j6QdBBu4MpSUS7HL3gDggTefPW+46Q
-aTBll7QUjE4jg5ZxPdTpBUV8sPazQOe465hlRSXobN249zdqUU4+QOEAIY+vKwJE
-uR8GvO6i4EhaR8PcSTvD5+1pvdg6zrqfjDGPw4o2dFrxwYyrMPGfeHAyvxtuzRln
-b8Q5moU+tIcp5Gcu3ztIbKBYUvjilxYqfLMza2zSJh8llA6O2i+K41uNjXjHy/w+
-qjcIY5WA/3AWzCsrXVZVM1Q4N2bbxxCbAgMBAAGjggEJMIIBBTAXBgNVHREEEDAO
+ggEKAoIBAQCjmuQP4L2TqVqnXq2FXtbgmLTpIuBikMPZVzcWXVc9aMrizy9GZxoM
+rw6JhgEG39bJgBUKQ4VAP9ru7ngJfJDkiWOSQAsiHOLTFqmTYuQEerCrJTp0AkTq
+8TGJlCl0oOK7rucP8Thqhx7dW+akzJes0wGacSejIm3YSsdJXBauYacGOpC033Gv
+pf1RRnXNeOAMUplBT1YppqKj3dl+KT5opa/ANLVzUhIEkAcb9YujcVbFlU5iGNTs
+6U6QG5EluzIV2xU4WRTJxcYKCKot9WeqL+uXdIqLPl8JJ7C/s6OF6Xr1Odwdx/Q0
+c9jy7bDJHSqF7uL7UQle/7+8ecNtMIm5AgMBAAGjggEJMIIBBTAXBgNVHREEEDAO
 ggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMB
-MB0GA1UdDgQWBBQX5yrV8VMILqVrAujiSRSfkoQNKzAfBgNVHSMEGDAWgBRSQO7h
-T5VYKcqEZ4wPjMz+j6n6qDAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggr
+MB0GA1UdDgQWBBSFoh12vcaL1tItBXck7Hh7cHF3wTAfBgNVHSMEGDAWgBSHy7Ez
+LsFnfnHj5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggr
 BgEFBQcwAoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2Vy
 MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1
-cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAOu+sZSdJNzqv4OMhYnRdEte/
-XFQndtaXoLQ3+rqpOWFTndPo51ft7YnjSlysiHjNEXz+le2MiZGpqq+LS/WYtQdg
-nEybU4pzYh48Ji3MoSlHLzpvtAMxJNJkyiDWXlTSgH/L16pvJzPuZsBpPBqgI4DX
-KuM8BqxbxARXbn1h2M1yF+8YmFsbuR0IgstPsg5GTmg+3GyFOHwBsV9uvt6Bjj+N
-8o+SVBNsedQPWyfNLCeAjRBYdZ4g7VQCv0KBOUV3gacENOxPysk/EU+P7+jkAreE
-8BKTgVwiNWsOPS8Pl/QdiMbB/8pEC5SHq8k5GH7OM655+e+ctF4EXlNRO4d/lg==
+cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAZo/16mpdWLZQsFt7H8FU2aO7
+NhvrGUoOHCZDMoTey8nrCJrundWmYj5w3mGJqdARICqmXBmrkXF49l+r5gOUs5RC
+e0LGN/BMt0ldkMXjJCygzv6+cRE+5gsThY025tuCi/1Roz1CTA39zwvYN6vy5VMV
+PwHXqXjVmf4ziNfGMd2/sdLmMRduKJEZJjbXvJgETDDLWOyzyR0ivyi8F20tXTbD
+5RKAXQJMYUiVqHeWSeIXh/07zFUVDbgTXjGXBXh4ew2OPawlmYFhd8SkoiXxcDQX
+QPfL8/3arb1t8dyFD91NIZ4ZapezQ0Rx23Q/v4qNBlRI/Z6I6F3Svu60aRtjEQ==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost.nn-sv.csr b/tests/certs/Server-localhost.nn-sv.csr
index ca1b7bfc6..af0d1c485 100644
--- a/tests/certs/Server-localhost.nn-sv.csr
+++ b/tests/certs/Server-localhost.nn-sv.csr
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIICnDCCAYQCAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
 cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z
-dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1nuSWXFWgCYBlZ
-StEeMxH6rRunHzQ0JSSvaLiyp70P2DQihYhKTiXIeZ7yoy0H9iwoEpUIYywMYpP1
-7ct3acTzWPpB0EG7gylJRLscveAOCBN589b7jpBpMGWXtBSMTiODlnE91OkFRXyw
-9rNA57jrmGVFJehs3bj3N2pRTj5A4QAhj68rAkS5Hwa87qLgSFpHw9xJO8Pn7Wm9
-2DrOup+MMY/DijZ0WvHBjKsw8Z94cDK/G27NGWdvxDmahT60hynkZy7fO0hsoFhS
-+OKXFip8szNrbNImHyWUDo7aL4rjW42NeMfL/D6qNwhjlYD/cBbMKytdVlUzVDg3
-ZtvHEJsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAUPJ06kDD0g0h4MT66CfdG
-NSiwO5rNLKbXxhI1yZG6fpkqWtkU97pRwmu3r2bckze1267qxqAhkVwB0Zuip1Qf
-KrOoAf2+yljEFpz/yl0tlkN9K+jWiQrPORhyRCECs+pXurg+djSUs79eqLWpgb7p
-IfDYOHCAUdVO6pg9zTTWGmqyTA3upVXcNPMZaVmzGKL+1oZ9RO9dtoE3OujwrnYP
-5QhuMefpPTDE31cXtvOtGwCsS4PUQ5MXEBgQOMia7lpISseak2VjYSEMkh3JSbAk
-WsfQ4oDXqcSezgxH5tWSUDB9oBx9eIl2Wc4GbQCsvzS8b/FdVLg0tu/J6ZURRFWU
+dC5ubjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKOa5A/gvZOpWqde
+rYVe1uCYtOki4GKQw9lXNxZdVz1oyuLPL0ZnGgyvDomGAQbf1smAFQpDhUA/2u7u
+eAl8kOSJY5JACyIc4tMWqZNi5AR6sKslOnQCROrxMYmUKXSg4ruu5w/xOGqHHt1b
+5qTMl6zTAZpxJ6MibdhKx0lcFq5hpwY6kLTfca+l/VFGdc144AxSmUFPVimmoqPd
+2X4pPmilr8A0tXNSEgSQBxv1i6NxVsWVTmIY1OzpTpAbkSW7MhXbFThZFMnFxgoI
+qi31Z6ov65d0ios+XwknsL+zo4XpevU53B3H9DRz2PLtsMkdKoXu4vtRCV7/v7x5
+w20wibkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQArdsmGDGMvCUZ4dOwsUDdP
+C0RCBrgwRM7jQf1f4u2avePF/sl0RYhNLYhGUT2KUqLNs5+j7wKErthD32lWSPpa
+orPnibZkEKaO7ZVFUtcN7EOmluXFXsapKilYPDCEeSsHwM5Aaofl8Mkb5e5H+idf
+Vea2DuEKFQfumczzaD9JK9tPzsVbJ6FwiPeI46XpH7vrf1DZmauDp83GfAXc1Mrm
+dd8QdoGhdNjTi7H+36l1jY+7xnZ+s1vwqxIt4BCf6p6iBy4GHApFaD7bP6dizEUq
+weTUXHllb2bgz4cHHvV5n3NXzC6oE9sVw0nLdnfPFiZpGn8VnUW1ZvE3pGcWkAzC
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost.nn-sv.der b/tests/certs/Server-localhost.nn-sv.der
index 9e0479100..10b7e3558 100644
--- a/tests/certs/Server-localhost.nn-sv.der
+++ b/tests/certs/Server-localhost.nn-sv.der
diff --git a/tests/certs/Server-localhost.nn-sv.key b/tests/certs/Server-localhost.nn-sv.key
index 1be98caa6..3e4af202e 100644
--- a/tests/certs/Server-localhost.nn-sv.key
+++ b/tests/certs/Server-localhost.nn-sv.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAzWe5JZcVaAJgGVlK0R4zEfqtG6cfNDQlJK9ouLKnvQ/YNCKF
-iEpOJch5nvKjLQf2LCgSlQhjLAxik/Xty3dpxPNY+kHQQbuDKUlEuxy94A4IE3nz
-1vuOkGkwZZe0FIxOI4OWcT3U6QVFfLD2s0DnuOuYZUUl6GzduPc3alFOPkDhACGP
-rysCRLkfBrzuouBIWkfD3Ek7w+ftab3YOs66n4wxj8OKNnRa8cGMqzDxn3hwMr8b
-bs0ZZ2/EOZqFPrSHKeRnLt87SGygWFL44pcWKnyzM2ts0iYfJZQOjtoviuNbjY14
-x8v8Pqo3CGOVgP9wFswrK11WVTNUODdm28cQmwIDAQABAoIBAQC2VM9eFdoTpKAn
-gELQlG0jFZEajeQ+E9ew0+Ayq6wIQItb5BUCoWrzURzcwmekrn+QPNYZ4wMdc7UB
-wHmgdlS2VolyRH+YCdppCLfxHJdTz0DOASA5gr3PZQBn/h0FbHJkRgeCaC+Z1WsU
-P4YOIpxPYxq5MoNu6Ux8Rz6yqo+444kXhyQxB0PMpXrvKaaSt02ofTWM3J7NOQmI
-N91Zr0L8JxB2Fj7Hdawc6wVuyqaIS2WO0cHYbJ+RI8RkQfCqrwVtPxUAcA1u6i6c
-jGondiq0OUUTEj6Mf8s4X9GDCeouAuLHXdwLy1DadV8Uw5nIIqE00Laloa+TiNVA
-jHNILhjhAoGBAO+JOfytZGIdvCXvp1uVk3UYgGPWoODtYvALM7ev3pJQ2HkNRYkq
-vuR3KdTJ83KH+QljRMl0E+AWLssKdbk9hESCEog1v6v/rbTOKXD5oDivJnKtQOX2
-4fuSt+U4pEjcBMl8Az2afv8PE3E+/sg3aYWXPVkIPzlvlVeDRkDlux1RAoGBANuF
-8cxBxCPbEJnlOC5luF9HIoOVFTh+HSSdynOMF772L3lHLu+rXcnvu9lwYlzP4Avf
-c0bHfryXGOnDv2jK0k8Sl3h8u9F0cdD6t+/yktl5wLriIY9piIhzSmCV+x9ZTjVL
-tSOGlMoUTOT1mAxDrsXkkDNY8pqkBXCWmyv4LeQrAoGBAOQ4Ybg919unqwCWAmU+
-8Nxq+MCm2GcVpeNBOQg1FyFex7EmFO9oe7IfWwqzUzD3Hi50lzA9WUZyvCiVka5p
-TyEasN94HmOY2f7fQhqyq5X2QvKV4bR48byIgI9z1QraHfF+J3RFQ+Rtj7+hHozS
-RsaSX0/5jIuDpc1YdNIWT53RAoGAEJV64dpqDedjxqyJZP/sQM5n7hbaJo1oeDav
-b7E6rgN9LKVTB2ojyLiisVeLJsXRgDQeSk+R5H9ps2dFU45W+wBFjyWlLrqkSoxW
-Tvs9Ws6W38drj6ECXoSPLuLFuOWPQfl5MrjdDrMf6AAhv3NxhaOxvR9QHJydiJbo
-HBdAqEcCgYEA3yr+4G5HKeZ+3lpMhXY07+1dJeXkKQmNBbjFBslKemTNIX3kMWgE
-qSTIZyYCVy5VHok9s4TtiWw0EoZMIDIc+RnQNOR8gxhsSGu6wtI8MGUmXyGbpDJ3
-COywieQ8FqTeop+lG5i7eArTHSoV70rOr0F918KpMuAE3MoVFoBmHGY=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjmuQP4L2TqVqn
+Xq2FXtbgmLTpIuBikMPZVzcWXVc9aMrizy9GZxoMrw6JhgEG39bJgBUKQ4VAP9ru
+7ngJfJDkiWOSQAsiHOLTFqmTYuQEerCrJTp0AkTq8TGJlCl0oOK7rucP8Thqhx7d
+W+akzJes0wGacSejIm3YSsdJXBauYacGOpC033Gvpf1RRnXNeOAMUplBT1YppqKj
+3dl+KT5opa/ANLVzUhIEkAcb9YujcVbFlU5iGNTs6U6QG5EluzIV2xU4WRTJxcYK
+CKot9WeqL+uXdIqLPl8JJ7C/s6OF6Xr1Odwdx/Q0c9jy7bDJHSqF7uL7UQle/7+8
+ecNtMIm5AgMBAAECggEATTaCwAOfNRtOT4NdfX5fByzK5OSy5ZHQ/LgupX1z+OWG
+KzkA5McwAiB0Se9WeLoXko3CYE+xibsZRn6BZGjHsTQuLA3Rs03StzEQ4yBe4MZO
+rtcpGSsg/4jJilbEoeh0WYOYRWvg5lXS+UGwPsLYKpaDQTJ6NIHBOb1BBJxTkASA
+ti7+uGn5DvRlOgFICBpNzRl83akeV8oLOJAqMZAlGI54jZa+cHkGfkJp+JyMbtjA
+zML+oen1BYGHP++uM8fg4bn9bpixpg784qiJJsjzjQVofpZc1CaTJ32hzBCvEYrw
+kQS5zhFsEP6fn278VWijFd2QOnxoyergumVOvBbNCQKBgQC+hB56kNGVuPcfSekW
+xa5BytDlfAiAvo34N5VhHHNbe/RDtJ2w5z2ZqKg2AL0efWPb4kCMaiXZf9my0Kjm
+iRv4LQA/hj1M7W33ubg93LZ9gnVdZSzuslR6CgXoIkmP4GZPF6n7+HxKStmeqBiE
+TMc80OVE1ogXbPGcKOjxHvglawKBgQDb1tECQ9TFQtVveys69ycFSjQAFt569mQT
+PBnVLtJ8RT3JX5rTKHLmYSl7kNylIzqO43+R8HZLGj09euRjTcKpatNkg7l74/PM
+YUDQki8voWfXchpbN9pbRVhuw9TBNUvMiL9pEdoBl85MyDhydD/gC9809ljZyo+y
+q8RCrP4yawKBgBXI+cs+IBkky21SgErQU/rF/Fkhc791CrrlcDlojXBanjXXw2hl
+KNAXTxTNxNJluDN+ja8AvE9ApV4jKg0ihIY+bxbUfNH9HGQFYqIASQXVEyKY3Sh2
+T96cosxGj27aVBibNh7P7TZ5lKTlx9fpB6dWo8DZXzp+hKo8q1ZXGjz9AoGAdNuy
+zKZr8tO9Cv6JE1YPqvMvwyBk8S4KMmNPRBAYmTBhUKr+bOJieW4KlAGEGFAqr4vk
+4xnUd8Wh6g1qXBMYt9/uMM8IiP+6N9k2j+g1JveAcHjZ48VD0CKDiJWWgYGoIjhK
+rzprDU+5vPztbIG49oq5Ark0r8jKK+q8b8jvcrMCgYB/eTv2L5ReL99Hvrtm5oVE
+BkkLS4dr8hnA7QJyo84yy8yq1w5KzOiMpnnK7v6N9NkGMn7Ia8HMqFyGuqaINzlY
+NdYt+qoxLXdIDzKTSS91GAwfF25iyptx2DsdY2j2Smhp4put1/QygAbvlwXZy+kG
+T8c+FOuI1h2Bg0bSSoTfIQ==
+-----END PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost.nn-sv.pem b/tests/certs/Server-localhost.nn-sv.pem
index fad1006c1..29dc52ce0 100644
--- a/tests/certs/Server-localhost.nn-sv.pem
+++ b/tests/certs/Server-localhost.nn-sv.pem
@@ -36,45 +36,46 @@ commonName_value              = localhost.nn
 # The key
 # the certificate
 # some dhparam
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAzWe5JZcVaAJgGVlK0R4zEfqtG6cfNDQlJK9ouLKnvQ/YNCKF
-iEpOJch5nvKjLQf2LCgSlQhjLAxik/Xty3dpxPNY+kHQQbuDKUlEuxy94A4IE3nz
-1vuOkGkwZZe0FIxOI4OWcT3U6QVFfLD2s0DnuOuYZUUl6GzduPc3alFOPkDhACGP
-rysCRLkfBrzuouBIWkfD3Ek7w+ftab3YOs66n4wxj8OKNnRa8cGMqzDxn3hwMr8b
-bs0ZZ2/EOZqFPrSHKeRnLt87SGygWFL44pcWKnyzM2ts0iYfJZQOjtoviuNbjY14
-x8v8Pqo3CGOVgP9wFswrK11WVTNUODdm28cQmwIDAQABAoIBAQC2VM9eFdoTpKAn
-gELQlG0jFZEajeQ+E9ew0+Ayq6wIQItb5BUCoWrzURzcwmekrn+QPNYZ4wMdc7UB
-wHmgdlS2VolyRH+YCdppCLfxHJdTz0DOASA5gr3PZQBn/h0FbHJkRgeCaC+Z1WsU
-P4YOIpxPYxq5MoNu6Ux8Rz6yqo+444kXhyQxB0PMpXrvKaaSt02ofTWM3J7NOQmI
-N91Zr0L8JxB2Fj7Hdawc6wVuyqaIS2WO0cHYbJ+RI8RkQfCqrwVtPxUAcA1u6i6c
-jGondiq0OUUTEj6Mf8s4X9GDCeouAuLHXdwLy1DadV8Uw5nIIqE00Laloa+TiNVA
-jHNILhjhAoGBAO+JOfytZGIdvCXvp1uVk3UYgGPWoODtYvALM7ev3pJQ2HkNRYkq
-vuR3KdTJ83KH+QljRMl0E+AWLssKdbk9hESCEog1v6v/rbTOKXD5oDivJnKtQOX2
-4fuSt+U4pEjcBMl8Az2afv8PE3E+/sg3aYWXPVkIPzlvlVeDRkDlux1RAoGBANuF
-8cxBxCPbEJnlOC5luF9HIoOVFTh+HSSdynOMF772L3lHLu+rXcnvu9lwYlzP4Avf
-c0bHfryXGOnDv2jK0k8Sl3h8u9F0cdD6t+/yktl5wLriIY9piIhzSmCV+x9ZTjVL
-tSOGlMoUTOT1mAxDrsXkkDNY8pqkBXCWmyv4LeQrAoGBAOQ4Ybg919unqwCWAmU+
-8Nxq+MCm2GcVpeNBOQg1FyFex7EmFO9oe7IfWwqzUzD3Hi50lzA9WUZyvCiVka5p
-TyEasN94HmOY2f7fQhqyq5X2QvKV4bR48byIgI9z1QraHfF+J3RFQ+Rtj7+hHozS
-RsaSX0/5jIuDpc1YdNIWT53RAoGAEJV64dpqDedjxqyJZP/sQM5n7hbaJo1oeDav
-b7E6rgN9LKVTB2ojyLiisVeLJsXRgDQeSk+R5H9ps2dFU45W+wBFjyWlLrqkSoxW
-Tvs9Ws6W38drj6ECXoSPLuLFuOWPQfl5MrjdDrMf6AAhv3NxhaOxvR9QHJydiJbo
-HBdAqEcCgYEA3yr+4G5HKeZ+3lpMhXY07+1dJeXkKQmNBbjFBslKemTNIX3kMWgE
-qSTIZyYCVy5VHok9s4TtiWw0EoZMIDIc+RnQNOR8gxhsSGu6wtI8MGUmXyGbpDJ3
-COywieQ8FqTeop+lG5i7eArTHSoV70rOr0F918KpMuAE3MoVFoBmHGY=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjmuQP4L2TqVqn
+Xq2FXtbgmLTpIuBikMPZVzcWXVc9aMrizy9GZxoMrw6JhgEG39bJgBUKQ4VAP9ru
+7ngJfJDkiWOSQAsiHOLTFqmTYuQEerCrJTp0AkTq8TGJlCl0oOK7rucP8Thqhx7d
+W+akzJes0wGacSejIm3YSsdJXBauYacGOpC033Gvpf1RRnXNeOAMUplBT1YppqKj
+3dl+KT5opa/ANLVzUhIEkAcb9YujcVbFlU5iGNTs6U6QG5EluzIV2xU4WRTJxcYK
+CKot9WeqL+uXdIqLPl8JJ7C/s6OF6Xr1Odwdx/Q0c9jy7bDJHSqF7uL7UQle/7+8
+ecNtMIm5AgMBAAECggEATTaCwAOfNRtOT4NdfX5fByzK5OSy5ZHQ/LgupX1z+OWG
+KzkA5McwAiB0Se9WeLoXko3CYE+xibsZRn6BZGjHsTQuLA3Rs03StzEQ4yBe4MZO
+rtcpGSsg/4jJilbEoeh0WYOYRWvg5lXS+UGwPsLYKpaDQTJ6NIHBOb1BBJxTkASA
+ti7+uGn5DvRlOgFICBpNzRl83akeV8oLOJAqMZAlGI54jZa+cHkGfkJp+JyMbtjA
+zML+oen1BYGHP++uM8fg4bn9bpixpg784qiJJsjzjQVofpZc1CaTJ32hzBCvEYrw
+kQS5zhFsEP6fn278VWijFd2QOnxoyergumVOvBbNCQKBgQC+hB56kNGVuPcfSekW
+xa5BytDlfAiAvo34N5VhHHNbe/RDtJ2w5z2ZqKg2AL0efWPb4kCMaiXZf9my0Kjm
+iRv4LQA/hj1M7W33ubg93LZ9gnVdZSzuslR6CgXoIkmP4GZPF6n7+HxKStmeqBiE
+TMc80OVE1ogXbPGcKOjxHvglawKBgQDb1tECQ9TFQtVveys69ycFSjQAFt569mQT
+PBnVLtJ8RT3JX5rTKHLmYSl7kNylIzqO43+R8HZLGj09euRjTcKpatNkg7l74/PM
+YUDQki8voWfXchpbN9pbRVhuw9TBNUvMiL9pEdoBl85MyDhydD/gC9809ljZyo+y
+q8RCrP4yawKBgBXI+cs+IBkky21SgErQU/rF/Fkhc791CrrlcDlojXBanjXXw2hl
+KNAXTxTNxNJluDN+ja8AvE9ApV4jKg0ihIY+bxbUfNH9HGQFYqIASQXVEyKY3Sh2
+T96cosxGj27aVBibNh7P7TZ5lKTlx9fpB6dWo8DZXzp+hKo8q1ZXGjz9AoGAdNuy
+zKZr8tO9Cv6JE1YPqvMvwyBk8S4KMmNPRBAYmTBhUKr+bOJieW4KlAGEGFAqr4vk
+4xnUd8Wh6g1qXBMYt9/uMM8IiP+6N9k2j+g1JveAcHjZ48VD0CKDiJWWgYGoIjhK
+rzprDU+5vPztbIG49oq5Ark0r8jKK+q8b8jvcrMCgYB/eTv2L5ReL99Hvrtm5oVE
+BkkLS4dr8hnA7QJyo84yy8yq1w5KzOiMpnnK7v6N9NkGMn7Ia8HMqFyGuqaINzlY
+NdYt+qoxLXdIDzKTSS91GAwfF25iyptx2DsdY2j2Smhp4put1/QygAbvlwXZy+kG
+T8c+FOuI1h2Bg0bSSoTfIQ==
+-----END PRIVATE KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668348 (0xf2ed3c2c17c)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980979553 (0xf3475515161)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:37 2022 GMT
+            Not After : Mar 11 12:21:37 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -83,24 +84,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:cd:67:b9:25:97:15:68:02:60:19:59:4a:d1:1e:
-                    33:11:fa:ad:1b:a7:1f:34:34:25:24:af:68:b8:b2:
-                    a7:bd:0f:d8:34:22:85:88:4a:4e:25:c8:79:9e:f2:
-                    a3:2d:07:f6:2c:28:12:95:08:63:2c:0c:62:93:f5:
-                    ed:cb:77:69:c4:f3:58:fa:41:d0:41:bb:83:29:49:
-                    44:bb:1c:bd:e0:0e:08:13:79:f3:d6:fb:8e:90:69:
-                    30:65:97:b4:14:8c:4e:23:83:96:71:3d:d4:e9:05:
-                    45:7c:b0:f6:b3:40:e7:b8:eb:98:65:45:25:e8:6c:
-                    dd:b8:f7:37:6a:51:4e:3e:40:e1:00:21:8f:af:2b:
-                    02:44:b9:1f:06:bc:ee:a2:e0:48:5a:47:c3:dc:49:
-                    3b:c3:e7:ed:69:bd:d8:3a:ce:ba:9f:8c:31:8f:c3:
-                    8a:36:74:5a:f1:c1:8c:ab:30:f1:9f:78:70:32:bf:
-                    1b:6e:cd:19:67:6f:c4:39:9a:85:3e:b4:87:29:e4:
-                    67:2e:df:3b:48:6c:a0:58:52:f8:e2:97:16:2a:7c:
-                    b3:33:6b:6c:d2:26:1f:25:94:0e:8e:da:2f:8a:e3:
-                    5b:8d:8d:78:c7:cb:fc:3e:aa:37:08:63:95:80:ff:
-                    70:16:cc:2b:2b:5d:56:55:33:54:38:37:66:db:c7:
-                    10:9b
+                    00:a3:9a:e4:0f:e0:bd:93:a9:5a:a7:5e:ad:85:5e:
+                    d6:e0:98:b4:e9:22:e0:62:90:c3:d9:57:37:16:5d:
+                    57:3d:68:ca:e2:cf:2f:46:67:1a:0c:af:0e:89:86:
+                    01:06:df:d6:c9:80:15:0a:43:85:40:3f:da:ee:ee:
+                    78:09:7c:90:e4:89:63:92:40:0b:22:1c:e2:d3:16:
+                    a9:93:62:e4:04:7a:b0:ab:25:3a:74:02:44:ea:f1:
+                    31:89:94:29:74:a0:e2:bb:ae:e7:0f:f1:38:6a:87:
+                    1e:dd:5b:e6:a4:cc:97:ac:d3:01:9a:71:27:a3:22:
+                    6d:d8:4a:c7:49:5c:16:ae:61:a7:06:3a:90:b4:df:
+                    71:af:a5:fd:51:46:75:cd:78:e0:0c:52:99:41:4f:
+                    56:29:a6:a2:a3:dd:d9:7e:29:3e:68:a5:af:c0:34:
+                    b5:73:52:12:04:90:07:1b:f5:8b:a3:71:56:c5:95:
+                    4e:62:18:d4:ec:e9:4e:90:1b:91:25:bb:32:15:db:
+                    15:38:59:14:c9:c5:c6:0a:08:aa:2d:f5:67:aa:2f:
+                    eb:97:74:8a:8b:3e:5f:09:27:b0:bf:b3:a3:85:e9:
+                    7a:f5:39:dc:1d:c7:f4:34:73:d8:f2:ed:b0:c9:1d:
+                    2a:85:ee:e2:fb:51:09:5e:ff:bf:bc:79:c3:6d:30:
+                    89:b9
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -110,58 +111,55 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                17:E7:2A:D5:F1:53:08:2E:A5:6B:02:E8:E2:49:14:9F:92:84:0D:2B
+                85:A2:1D:76:BD:C6:8B:D6:D2:2D:05:77:24:EC:78:7B:70:71:77:C1
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         3a:ef:ac:65:27:49:37:3a:af:e0:e3:21:62:74:5d:12:d7:bf:
-         5c:54:27:76:d6:97:a0:b4:37:fa:ba:a9:39:61:53:9d:d3:e8:
-         e7:57:ed:ed:89:e3:4a:5c:ac:88:78:cd:11:7c:fe:95:ed:8c:
-         89:91:a9:aa:af:8b:4b:f5:98:b5:07:60:9c:4c:9b:53:8a:73:
-         62:1e:3c:26:2d:cc:a1:29:47:2f:3a:6f:b4:03:31:24:d2:64:
-         ca:20:d6:5e:54:d2:80:7f:cb:d7:aa:6f:27:33:ee:66:c0:69:
-         3c:1a:a0:23:80:d7:2a:e3:3c:06:ac:5b:c4:04:57:6e:7d:61:
-         d8:cd:72:17:ef:18:98:5b:1b:b9:1d:08:82:cb:4f:b2:0e:46:
-         4e:68:3e:dc:6c:85:38:7c:01:b1:5f:6e:be:de:81:8e:3f:8d:
-         f2:8f:92:54:13:6c:79:d4:0f:5b:27:cd:2c:27:80:8d:10:58:
-         75:9e:20:ed:54:02:bf:42:81:39:45:77:81:a7:04:34:ec:4f:
-         ca:c9:3f:11:4f:8f:ef:e8:e4:02:b7:84:f0:12:93:81:5c:22:
-         35:6b:0e:3d:2f:0f:97:f4:1d:88:c6:c1:ff:ca:44:0b:94:87:
-         ab:c9:39:18:7e:ce:33:ae:79:f9:ef:9c:b4:5e:04:5e:53:51:
-         3b:87:7f:96
+    Signature Value:
+        66:8f:f5:ea:6a:5d:58:b6:50:b0:5b:7b:1f:c1:54:d9:a3:bb:
+        36:1b:eb:19:4a:0e:1c:26:43:32:84:de:cb:c9:eb:08:9a:ee:
+        9d:d5:a6:62:3e:70:de:61:89:a9:d0:11:20:2a:a6:5c:19:ab:
+        91:71:78:f6:5f:ab:e6:03:94:b3:94:42:7b:42:c6:37:f0:4c:
+        b7:49:5d:90:c5:e3:24:2c:a0:ce:fe:be:71:11:3e:e6:0b:13:
+        85:8d:36:e6:db:82:8b:fd:51:a3:3d:42:4c:0d:fd:cf:0b:d8:
+        37:ab:f2:e5:53:15:3f:01:d7:a9:78:d5:99:fe:33:88:d7:c6:
+        31:dd:bf:b1:d2:e6:31:17:6e:28:91:19:26:36:d7:bc:98:04:
+        4c:30:cb:58:ec:b3:c9:1d:22:bf:28:bc:17:6d:2d:5d:36:c3:
+        e5:12:80:5d:02:4c:61:48:95:a8:77:96:49:e2:17:87:fd:3b:
+        cc:55:15:0d:b8:13:5e:31:97:05:78:78:7b:0d:8e:3d:ac:25:
+        99:81:61:77:c4:a4:a2:25:f1:70:34:17:40:f7:cb:f3:fd:da:
+        ad:bd:6d:f1:dc:85:0f:dd:4d:21:9e:19:6a:97:b3:43:44:71:
+        db:74:3f:bf:8a:8d:06:54:48:fd:9e:88:e8:5d:d2:be:ee:b4:
+        69:1b:63:11
 -----BEGIN CERTIFICATE-----
-MIIESjCCAzKgAwIBAgIGDy7TwsF8MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIESjCCAzKgAwIBAgIGDzR1UVFhMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFcxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzdaFw0zMTAzMTExMjIxMzdaMFcxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDNZ7kllxVoAmAZWUrRHjMR+q0bpx80NCUkr2i4sqe9D9g0IoWISk4l
-yHme8qMtB/YsKBKVCGMsDGKT9e3Ld2nE81j6QdBBu4MpSUS7HL3gDggTefPW+46Q
-aTBll7QUjE4jg5ZxPdTpBUV8sPazQOe465hlRSXobN249zdqUU4+QOEAIY+vKwJE
-uR8GvO6i4EhaR8PcSTvD5+1pvdg6zrqfjDGPw4o2dFrxwYyrMPGfeHAyvxtuzRln
-b8Q5moU+tIcp5Gcu3ztIbKBYUvjilxYqfLMza2zSJh8llA6O2i+K41uNjXjHy/w+
-qjcIY5WA/3AWzCsrXVZVM1Q4N2bbxxCbAgMBAAGjggEJMIIBBTAXBgNVHREEEDAO
+ggEKAoIBAQCjmuQP4L2TqVqnXq2FXtbgmLTpIuBikMPZVzcWXVc9aMrizy9GZxoM
+rw6JhgEG39bJgBUKQ4VAP9ru7ngJfJDkiWOSQAsiHOLTFqmTYuQEerCrJTp0AkTq
+8TGJlCl0oOK7rucP8Thqhx7dW+akzJes0wGacSejIm3YSsdJXBauYacGOpC033Gv
+pf1RRnXNeOAMUplBT1YppqKj3dl+KT5opa/ANLVzUhIEkAcb9YujcVbFlU5iGNTs
+6U6QG5EluzIV2xU4WRTJxcYKCKot9WeqL+uXdIqLPl8JJ7C/s6OF6Xr1Odwdx/Q0
+c9jy7bDJHSqF7uL7UQle/7+8ecNtMIm5AgMBAAGjggEJMIIBBTAXBgNVHREEEDAO
 ggxsb2NhbGhvc3Qubm4wCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMB
-MB0GA1UdDgQWBBQX5yrV8VMILqVrAujiSRSfkoQNKzAfBgNVHSMEGDAWgBRSQO7h
-T5VYKcqEZ4wPjMz+j6n6qDAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggr
+MB0GA1UdDgQWBBSFoh12vcaL1tItBXck7Hh7cHF3wTAfBgNVHSMEGDAWgBSHy7Ez
+LsFnfnHj5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggr
 BgEFBQcwAoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2Vy
 MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1
-cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAOu+sZSdJNzqv4OMhYnRdEte/
-XFQndtaXoLQ3+rqpOWFTndPo51ft7YnjSlysiHjNEXz+le2MiZGpqq+LS/WYtQdg
-nEybU4pzYh48Ji3MoSlHLzpvtAMxJNJkyiDWXlTSgH/L16pvJzPuZsBpPBqgI4DX
-KuM8BqxbxARXbn1h2M1yF+8YmFsbuR0IgstPsg5GTmg+3GyFOHwBsV9uvt6Bjj+N
-8o+SVBNsedQPWyfNLCeAjRBYdZ4g7VQCv0KBOUV3gacENOxPysk/EU+P7+jkAreE
-8BKTgVwiNWsOPS8Pl/QdiMbB/8pEC5SHq8k5GH7OM655+e+ctF4EXlNRO4d/lg==
+cmxSb290LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAZo/16mpdWLZQsFt7H8FU2aO7
+NhvrGUoOHCZDMoTey8nrCJrundWmYj5w3mGJqdARICqmXBmrkXF49l+r5gOUs5RC
+e0LGN/BMt0ldkMXjJCygzv6+cRE+5gsThY025tuCi/1Roz1CTA39zwvYN6vy5VMV
+PwHXqXjVmf4ziNfGMd2/sdLmMRduKJEZJjbXvJgETDDLWOyzyR0ivyi8F20tXTbD
+5RKAXQJMYUiVqHeWSeIXh/07zFUVDbgTXjGXBXh4ew2OPawlmYFhd8SkoiXxcDQX
+QPfL8/3arb1t8dyFD91NIZ4ZapezQ0Rx23Q/v4qNBlRI/Z6I6F3Svu60aRtjEQ==
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost.nn-sv.pub.der b/tests/certs/Server-localhost.nn-sv.pub.der
index c846d49dc..af9bcfa47 100644
--- a/tests/certs/Server-localhost.nn-sv.pub.der
+++ b/tests/certs/Server-localhost.nn-sv.pub.der
diff --git a/tests/certs/Server-localhost.nn-sv.pub.pem b/tests/certs/Server-localhost.nn-sv.pub.pem
index ae7041946..85636ddd5 100644
--- a/tests/certs/Server-localhost.nn-sv.pub.pem
+++ b/tests/certs/Server-localhost.nn-sv.pub.pem
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWe5JZcVaAJgGVlK0R4z
-EfqtG6cfNDQlJK9ouLKnvQ/YNCKFiEpOJch5nvKjLQf2LCgSlQhjLAxik/Xty3dp
-xPNY+kHQQbuDKUlEuxy94A4IE3nz1vuOkGkwZZe0FIxOI4OWcT3U6QVFfLD2s0Dn
-uOuYZUUl6GzduPc3alFOPkDhACGPrysCRLkfBrzuouBIWkfD3Ek7w+ftab3YOs66
-n4wxj8OKNnRa8cGMqzDxn3hwMr8bbs0ZZ2/EOZqFPrSHKeRnLt87SGygWFL44pcW
-KnyzM2ts0iYfJZQOjtoviuNbjY14x8v8Pqo3CGOVgP9wFswrK11WVTNUODdm28cQ
-mwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5rkD+C9k6lap16thV7W
+4Ji06SLgYpDD2Vc3Fl1XPWjK4s8vRmcaDK8OiYYBBt/WyYAVCkOFQD/a7u54CXyQ
+5IljkkALIhzi0xapk2LkBHqwqyU6dAJE6vExiZQpdKDiu67nD/E4aoce3VvmpMyX
+rNMBmnEnoyJt2ErHSVwWrmGnBjqQtN9xr6X9UUZ1zXjgDFKZQU9WKaaio93Zfik+
+aKWvwDS1c1ISBJAHG/WLo3FWxZVOYhjU7OlOkBuRJbsyFdsVOFkUycXGCgiqLfVn
+qi/rl3SKiz5fCSewv7Ojhel69TncHcf0NHPY8u2wyR0qhe7i+1EJXv+/vHnDbTCJ
+uQIDAQAB
 -----END PUBLIC KEY-----
diff --git a/tests/certs/Server-localhost.nn-sv.pubkey-pinned b/tests/certs/Server-localhost.nn-sv.pubkey-pinned
index d71c39ece..ce49b2857 100644
--- a/tests/certs/Server-localhost.nn-sv.pubkey-pinned
+++ b/tests/certs/Server-localhost.nn-sv.pubkey-pinned
@@ -1 +1 @@
-C3Mr0sELJaERorkKmg7rgex1BxmJPmWxvoTk4VqdWXs=
+YRy84GLJxpJBGddJjhnqze5DJhkOUWytnCEqS0u0mTA=
diff --git a/tests/certs/Server-localhost0h-sv.crl b/tests/certs/Server-localhost0h-sv.crl
index 8840808e9..f1d440149 100644
--- a/tests/certs/Server-localhost0h-sv.crl
+++ b/tests/certs/Server-localhost0h-sv.crl
@@ -1,17 +1,14 @@
 -----BEGIN X509 CRL-----
-MIICpjCCAY4CAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
-BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
-BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjExMjUxMjMy
-NDZaFw0yMjEyMjUxMjMyNDZaMIHhMBcCBg8u0qPc0hcNMjIxMTI1MTIwMTI2WjAX
-AgYPLtKj3OQXDTIyMTEyNTEyMDEyNlowFwIGDy7So9z3Fw0yMjExMjUxMjAxMjZa
-MBcCBg8u0qPdCBcNMjIxMTI1MTIwMTI2WjAXAgYPLtKkBCoXDTIyMTEyNTEyMDEy
-N1owFwIGDy7SpAQ7Fw0yMjExMjUxMjAxMjdaMBcCBg8u08LBZhcNMjIxMTI1MTIz
-MjQ2WjAXAgYPLtPCwXwXDTIyMTEyNTEyMzI0NlowFwIGDy7TwsGSFw0yMjExMjUx
-MjMyNDZaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQUFAAOCAQEAXvhraNxs
-1nGCU9kggrxGKy/2rj41q1bRKpafjPWcpeJf+2bqoBQZOs82jArHCBBLJ2cBXw0S
-GiKDGsD6ShPBlakMQ4+7fWzfMgPbuQ0XOZVxORMykrMApLKkNlwSd9b43JWSEfGO
-HyJ+JxDpjFbug7W8DchcfC5E4+SudhYJai+nAmcM8ZLcAgtjH2KIdsKdqltqug3i
-neLevvrDOAvTQGbFZbuLAJDxNw/nvx7Tw+yLqvmObpbwweuEe6763XPtDWbZSziE
-XeNviJikizppm7/g44/C4SZubR7PLrlf6Z3D1ITmoMejVVkQY7UkL/U74QMmIgXb
-yzCYcD99Xgt2pA==
+MIICDjCB9wIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE
+CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG
+A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTIyMTIyMzEyMjEz
+N1oXDTIzMDEyMjEyMjEzN1owSzAXAgYPNHVRKjwXDTIyMTIyMzEyMjEzNlowFwIG
+DzR1UVFhFw0yMjEyMjMxMjIxMzdaMBcCBg80dVFRdRcNMjIxMjIzMTIyMTM3WqAO
+MAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQELBQADggEBAEYPECPj+TzlRKUcYBwN
+SWqSBzua1dBket0sNYYnm2Jvst27guK10XwGcD4Jei7VDdTXfxLiXMQahWO/SIUE
+ZGrFhU6vdq7rSk179acREDYFgYDNxgSKgyU4SjzTJ+VantWs+ky0lsyiu2Sh8B4G
+bDmG4mEPXPykHufpbmkUCLqFd89JiuhNTripOUzJfAWLDPPYf4gn2ktenz/hFwJA
+o5CSWsn13iO+9NRVJ/5ErIuoLEdGzRVoCfDNKAJ2XE0ZhRPclmRHThaoxRnBeQFg
+AVGB+xLd3BSZQuOw3pxn4smGXg/9BW3qEba5W24P4WA4ldw2j4q8WviOygvUVBQ7
+pCw=
 -----END X509 CRL-----
diff --git a/tests/certs/Server-localhost0h-sv.crt b/tests/certs/Server-localhost0h-sv.crt
index b7a377e39..e9892d043 100644
--- a/tests/certs/Server-localhost0h-sv.crt
+++ b/tests/certs/Server-localhost0h-sv.crt
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668370 (0xf2ed3c2c192)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980979573 (0xf3475515175)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:37 2022 GMT
+            Not After : Mar 11 12:21:37 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,85 +18,82 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ea:d0:1c:06:61:72:c7:92:87:40:f3:c3:39:72:
-                    25:af:ee:a1:56:8b:da:f0:e9:79:5c:5a:01:ac:2e:
-                    0a:08:6f:f4:25:dc:fd:18:af:9c:c0:c9:7f:14:0f:
-                    95:2f:ea:6d:87:c4:4c:04:0d:c5:9a:9a:a8:44:b8:
-                    c6:01:95:a4:88:37:69:85:68:0b:77:d8:eb:cd:85:
-                    2e:09:2c:cd:2d:31:1c:73:4f:bf:50:6c:dc:65:1e:
-                    1f:9b:c0:b6:fd:8e:0f:8d:d0:58:a5:8c:82:9d:10:
-                    07:04:a9:66:47:78:02:01:ed:68:f4:67:8c:16:d5:
-                    a8:c0:26:eb:25:e6:d0:a1:fa:d0:eb:b9:30:ee:ef:
-                    36:c1:5f:4f:29:48:66:66:ca:db:96:14:40:ca:d7:
-                    9e:24:5b:c8:90:fc:df:3d:1b:14:c1:76:da:f6:61:
-                    ca:8a:0e:c4:ff:cd:13:1f:b7:48:8f:ce:80:09:4c:
-                    c7:71:e9:50:5c:3f:d3:62:25:db:93:e3:0b:c4:a3:
-                    6a:f3:6c:42:0b:e5:0c:45:22:2f:93:19:52:40:1b:
-                    12:d9:1f:26:2d:a0:39:db:15:de:46:82:02:1e:ad:
-                    41:72:c3:8b:99:05:83:43:58:d2:65:3b:d2:8f:97:
-                    7a:dc:40:de:e0:65:b4:97:19:11:59:94:f2:f4:6f:
-                    cc:fb
+                    00:df:29:93:58:82:1d:a2:b8:07:2a:b2:8f:93:0e:
+                    df:15:49:72:06:93:19:4a:2d:c5:bd:56:92:5a:da:
+                    f4:d3:9a:01:1c:ee:47:57:0e:9e:d8:d7:0d:c4:ce:
+                    4b:a2:f0:fc:07:ec:91:e9:95:08:f4:e9:5d:f2:49:
+                    f3:0b:98:f0:d8:c7:d4:67:2f:fb:f2:94:3b:14:c8:
+                    06:da:39:70:8a:f9:4b:70:a8:74:6b:3f:5b:d1:a4:
+                    1c:ea:bd:f1:9e:c1:e2:e7:98:88:4f:e9:4b:b6:c8:
+                    d6:9e:01:f3:b7:c9:ee:cd:e2:d7:96:68:14:d7:44:
+                    c6:11:13:9f:6c:06:4e:57:98:53:c8:40:de:9d:44:
+                    1f:6a:f4:01:b0:56:47:5e:3b:b5:3c:29:9b:96:f3:
+                    9a:5a:78:d1:11:51:25:0e:43:82:4a:d3:df:54:5a:
+                    46:00:de:b0:a2:2e:65:54:44:40:9c:64:d3:e8:3f:
+                    e8:ac:e3:0c:fb:36:0a:c5:79:37:a9:a2:ef:06:14:
+                    43:ac:9e:20:de:30:d2:ea:79:7d:ef:f2:0c:93:70:
+                    8d:bb:14:ff:4c:56:41:e4:2a:de:92:0a:ce:65:2c:
+                    d3:fb:29:0f:4f:f9:16:d7:62:54:4e:4c:a8:05:34:
+                    5d:e6:20:e3:89:bc:7b:1f:df:21:57:66:a9:20:ce:
+                    e6:b3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
-                DNS:localhost
+                0
+..localhost.h
             X509v3 Key Usage: 
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                0C:BC:82:3B:78:FB:2E:45:68:C1:8C:F3:D3:90:EA:EB:B4:01:D1:4F
+                6B:56:00:F3:01:BC:16:8B:EB:CF:75:A1:89:DB:26:B1:C4:ED:71:64
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         a3:57:b0:64:17:36:45:e1:66:41:3b:73:67:31:03:e8:8e:a7:
-         cc:eb:b3:0c:94:1f:65:37:e9:fd:f3:b7:a2:78:74:70:fd:16:
-         22:5f:e9:01:25:67:6f:7a:6b:1d:b9:28:09:77:92:05:f0:dd:
-         7e:55:b3:4a:5d:a9:31:e4:cd:2b:52:01:3d:d0:1b:b6:15:5d:
-         e8:e4:97:ec:1c:56:6a:e8:4d:cf:32:a2:f4:b5:d7:af:1b:9a:
-         14:26:3b:b8:02:39:d4:15:6e:60:09:b5:23:fd:e5:ec:f4:3a:
-         17:08:15:de:16:79:07:dd:3e:ae:52:23:b4:71:39:1e:9f:3a:
-         22:e7:09:10:28:41:01:50:18:3e:bd:88:d2:3b:9d:0a:4b:98:
-         8e:dc:c3:ee:09:aa:76:7f:53:1e:f6:8b:56:72:64:60:02:29:
-         ed:d8:d2:4e:75:76:f0:e6:40:4c:09:73:ea:a7:2e:3b:ba:35:
-         4b:af:93:83:4b:99:10:b8:68:7d:79:3b:19:22:b7:36:e0:c3:
-         5a:43:80:7d:e5:6d:6f:f8:78:4a:19:8b:60:26:2b:43:4c:96:
-         f9:cf:42:b6:8d:01:ee:c7:b9:48:6d:64:e8:a7:1f:e1:d0:f5:
-         f2:a2:6d:a0:c9:15:9d:12:17:1b:b1:8f:24:62:2f:41:46:51:
-         8a:cf:8c:90
+    Signature Value:
+        5a:b2:83:c0:94:ce:25:aa:a0:f4:b6:71:fb:16:b4:e0:10:3c:
+        9c:a0:db:2a:fc:b7:f8:97:64:cc:19:92:56:63:a9:e6:50:d6:
+        6d:79:b6:a3:62:23:d2:48:21:37:46:46:3e:9d:cd:1f:55:18:
+        77:fd:7f:35:ea:d8:68:9c:1c:2f:c8:23:43:a2:cd:77:3c:5c:
+        21:94:93:80:84:d0:6a:8a:5b:ae:11:be:79:3e:80:17:32:9e:
+        73:0b:dd:0d:f5:f6:4f:3f:1b:a3:eb:aa:21:06:a7:ef:c7:bf:
+        e5:87:67:2c:38:a3:c1:d4:f2:b4:ce:72:9d:2e:f8:b9:91:cb:
+        83:1a:c9:be:74:bb:ac:78:5c:d9:3e:fd:1f:9d:ac:19:5e:b3:
+        00:66:38:71:7e:06:2e:fe:1a:c0:ad:f7:82:1d:85:6d:3d:3c:
+        9d:62:66:cd:1e:6d:f1:67:7a:05:4a:58:6e:7a:a7:1f:2f:7c:
+        5f:c0:2c:19:df:de:c6:2d:13:c6:3b:ea:6d:98:d0:55:98:4c:
+        00:a7:e2:2f:7d:86:24:49:2d:86:c3:75:d0:71:41:16:8c:7b:
+        49:25:eb:d2:cd:9b:08:b4:5f:6e:aa:4a:2d:6c:5b:89:67:7f:
+        3f:0c:43:43:bd:83:f7:ef:1e:ee:e7:6a:e7:3a:c1:c7:aa:1d:
+        5b:34:1b:d1
 -----BEGIN CERTIFICATE-----
-MIIERjCCAy6gAwIBAgIGDy7TwsGSMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIERjCCAy6gAwIBAgIGDzR1UVF1MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzdaFw0zMTAzMTExMjIxMzdaMFQxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDq0BwGYXLHkodA88M5ciWv7qFWi9rw6XlcWgGsLgoIb/Ql3P0Yr5zAyX8U
-D5Uv6m2HxEwEDcWamqhEuMYBlaSIN2mFaAt32OvNhS4JLM0tMRxzT79QbNxlHh+b
-wLb9jg+N0FiljIKdEAcEqWZHeAIB7Wj0Z4wW1ajAJusl5tCh+tDruTDu7zbBX08p
-SGZmytuWFEDK154kW8iQ/N89GxTBdtr2YcqKDsT/zRMft0iPzoAJTMdx6VBcP9Ni
-JduT4wvEo2rzbEIL5QxFIi+TGVJAGxLZHyYtoDnbFd5GggIerUFyw4uZBYNDWNJl
-O9KPl3rcQN7gZbSXGRFZlPL0b8z7AgMBAAGjggEIMIIBBDAWBgNVHREEDzANggts
+AoIBAQDfKZNYgh2iuAcqso+TDt8VSXIGkxlKLcW9VpJa2vTTmgEc7kdXDp7Y1w3E
+zkui8PwH7JHplQj06V3ySfMLmPDYx9RnL/vylDsUyAbaOXCK+UtwqHRrP1vRpBzq
+vfGeweLnmIhP6Uu2yNaeAfO3ye7N4teWaBTXRMYRE59sBk5XmFPIQN6dRB9q9AGw
+VkdeO7U8KZuW85paeNERUSUOQ4JK099UWkYA3rCiLmVURECcZNPoP+is4wz7NgrF
+eTepou8GFEOsniDeMNLqeX3v8gyTcI27FP9MVkHkKt6SCs5lLNP7KQ9P+RbXYlRO
+TKgFNF3mIOOJvHsf3yFXZqkgzuazAgMBAAGjggEIMIIBBDAWBgNVHREEDzANggts
 b2NhbGhvc3QAaDALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYD
-VR0OBBYEFAy8gjt4+y5FaMGM89OQ6uu0AdFPMB8GA1UdIwQYMBaAFFJA7uFPlVgp
-yoRnjA+MzP6PqfqoMAkGA1UdEwQCMAAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF
+VR0OBBYEFGtWAPMBvBaL6891oYnbJrHE7XFkMB8GA1UdIwQYMBaAFIfLsTMuwWd+
+cePlK0xNpLNu0lupMAkGA1UdEwQCMAAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF
 BzAChidodHRwOi8vdGVzdC5jdXJsLnNlL2NhL0VkZWxDdXJsUm9vdC5jZXIwOAYD
 VR0fBDEwLzAtoCugKYYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJv
-b3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCjV7BkFzZF4WZBO3NnMQPojqfM67MM
-lB9lN+n987eieHRw/RYiX+kBJWdvemsduSgJd5IF8N1+VbNKXakx5M0rUgE90Bu2
-FV3o5JfsHFZq6E3PMqL0tdevG5oUJju4AjnUFW5gCbUj/eXs9DoXCBXeFnkH3T6u
-UiO0cTkenzoi5wkQKEEBUBg+vYjSO50KS5iO3MPuCap2f1Me9otWcmRgAint2NJO
-dXbw5kBMCXPqpy47ujVLr5ODS5kQuGh9eTsZIrc24MNaQ4B95W1v+HhKGYtgJitD
-TJb5z0K2jQHux7lIbWTopx/h0PXyom2gyRWdEhcbsY8kYi9BRlGKz4yQ
+b3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBasoPAlM4lqqD0tnH7FrTgEDycoNsq
+/Lf4l2TMGZJWY6nmUNZtebajYiPSSCE3RkY+nc0fVRh3/X816thonBwvyCNDos13
+PFwhlJOAhNBqiluuEb55PoAXMp5zC90N9fZPPxuj66ohBqfvx7/lh2csOKPB1PK0
+znKdLvi5kcuDGsm+dLuseFzZPv0fnawZXrMAZjhxfgYu/hrArfeCHYVtPTydYmbN
+Hm3xZ3oFSlhueqcfL3xfwCwZ397GLRPGO+ptmNBVmEwAp+IvfYYkSS2Gw3XQcUEW
+jHtJJevSzZsItF9uqkotbFuJZ38/DENDvYP37x7u52rnOsHHqh1bNBvR
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost0h-sv.csr b/tests/certs/Server-localhost0h-sv.csr
index b943fa329..d2a021e58 100644
--- a/tests/certs/Server-localhost0h-sv.csr
+++ b/tests/certs/Server-localhost0h-sv.csr
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIICmTCCAYECAQAwVDELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
 cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxEjAQBgNVBAMMCWxvY2FsaG9z
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOrQHAZhcseSh0Dzwzly
-Ja/uoVaL2vDpeVxaAawuCghv9CXc/RivnMDJfxQPlS/qbYfETAQNxZqaqES4xgGV
-pIg3aYVoC3fY682FLgkszS0xHHNPv1Bs3GUeH5vAtv2OD43QWKWMgp0QBwSpZkd4
-AgHtaPRnjBbVqMAm6yXm0KH60Ou5MO7vNsFfTylIZmbK25YUQMrXniRbyJD83z0b
-FMF22vZhyooOxP/NEx+3SI/OgAlMx3HpUFw/02Il25PjC8SjavNsQgvlDEUiL5MZ
-UkAbEtkfJi2gOdsV3kaCAh6tQXLDi5kFg0NY0mU70o+XetxA3uBltJcZEVmU8vRv
-zPsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBsppJ1iHS1FeT6Pf+75vnSrZqh
-RCQAGH6c9CYHJoiiGIsmaeDilRg4wCy4B2YTbF33PoV/+iY81jyaKs03IexyaePg
-Gz0k0UXUzZvs226XUS/AIEQgQbYnkWOerO36QqH12nYnE9Ib1tTaR7eVb4Y9gscy
-ddnywHn8/j8yaU228MZKTVbahgUg+rocaRSCdglA5XQsLQws+MKFoKKesUsyV7c0
-ZVYlXL7KIMM0LLnZat37sv5/GvMNeAO7Gh7AAZTsSxpd2HKXKOP4eyXsVk7pdfA+
-+8VAyShcKLCuscho4R27QZLJOzak6BWha1jglmLwQvIQQuEHn7vYk/84dZ54
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8pk1iCHaK4Byqyj5MO
+3xVJcgaTGUotxb1Wklra9NOaARzuR1cOntjXDcTOS6Lw/AfskemVCPTpXfJJ8wuY
+8NjH1Gcv+/KUOxTIBto5cIr5S3CodGs/W9GkHOq98Z7B4ueYiE/pS7bI1p4B87fJ
+7s3i15ZoFNdExhETn2wGTleYU8hA3p1EH2r0AbBWR147tTwpm5bzmlp40RFRJQ5D
+gkrT31RaRgDesKIuZVREQJxk0+g/6KzjDPs2CsV5N6mi7wYUQ6yeIN4w0up5fe/y
+DJNwjbsU/0xWQeQq3pIKzmUs0/spD0/5FtdiVE5MqAU0XeYg44m8ex/fIVdmqSDO
+5rMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAMIFsOpe5YFYwa7F2qr1CoBYhR
+XNOEK5Yc6pY4ND+/1hbsSkT285Ar7yIA4+fFwYa4F4DkpzfZ0DLwHPqQE85pQf2M
+YyjwMIU97xwNKLHrrObpgVJ+hs8cDj0zYJVGnIWiK1556I5lotupuzzig7Fyo0XY
+OSbg+NxaXMHil4eLWIs8CapWAU4gHcZnDpkYL86aWfeFAYixB/FkcAzZJR+fOSif
+KYTc0kKR34nDpJVN1pck03tCvRY48SRliHnNpAP/Enf57BLSJvA15f64Iz3hthxL
+47xJsj2zs+CkHvfYnaLhDpTlOxr73uK4dhWcyynufvjElO2G+MOMcFRduWU6
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost0h-sv.der b/tests/certs/Server-localhost0h-sv.der
index a0fb3e44b..cdadd76bb 100644
--- a/tests/certs/Server-localhost0h-sv.der
+++ b/tests/certs/Server-localhost0h-sv.der
diff --git a/tests/certs/Server-localhost0h-sv.key b/tests/certs/Server-localhost0h-sv.key
index 09b2b00f8..0e0533ec3 100644
--- a/tests/certs/Server-localhost0h-sv.key
+++ b/tests/certs/Server-localhost0h-sv.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA6tAcBmFyx5KHQPPDOXIlr+6hVova8Ol5XFoBrC4KCG/0Jdz9
-GK+cwMl/FA+VL+pth8RMBA3FmpqoRLjGAZWkiDdphWgLd9jrzYUuCSzNLTEcc0+/
-UGzcZR4fm8C2/Y4PjdBYpYyCnRAHBKlmR3gCAe1o9GeMFtWowCbrJebQofrQ67kw
-7u82wV9PKUhmZsrblhRAyteeJFvIkPzfPRsUwXba9mHKig7E/80TH7dIj86ACUzH
-celQXD/TYiXbk+MLxKNq82xCC+UMRSIvkxlSQBsS2R8mLaA52xXeRoICHq1BcsOL
-mQWDQ1jSZTvSj5d63EDe4GW0lxkRWZTy9G/M+wIDAQABAoIBAGAciKwP7RRFJLlw
-TUNRNp3Zdg5ftmEPn44uhSq9uXuUn4Fz/+C/2NCMaUiDzFPNh8GflmG+ZViP3zop
-y1pQrwTWcYmaeb83eeUokxxMSzspM/T6+lroBBobh2KQMhZ8tF8enXo9liTFr6m3
-0NaGB4RUcbZAP/YExErKY0ujO1hg8Zr4lPkFx0Gt3neIz2h869ra1fTF5559XSei
-zAQ5MHgxpoAcs+8VzloS8hDgVVe5GBRmcyzqdFiZqo3isG7QaaSgZpw0LO43AHR1
-FANoYNox1dQgsYtYp7oCjyoqeY5kMrqXlHOQ5NbZ4HzUOwJjKUK0miVytRCOSNhm
-jv4tlEECgYEA/WTIh37BfR9juVPQgKVtT7k6P6HTEoW52JuDa3Zmnbh3VvpppJs3
-+GM+SGnb0cbiJYrIesoNF91kD0AA0ba97Vn0kR2BWx+g2yfts1QPI8Pt6jfb5xuR
-BhYdYdCNxXVgfDgvgz54ngJDEN2SXSQsBbKc7K++wU8kDBGNlJ7qZRsCgYEA7Tpm
-luPFFt3lBgCccvI28LWS/B2TnYdbRbceZJ8Fk6R1OdqYJryTqGBsIQz3DTwqF1ok
-X7XTXxt7zABZco8Z31W8Ju4yqDgvK8jWOxlKyZjUFyzvGKrzhp5J7WYzkbZ7SJNl
-J8TcHtTlF12RqLze2XlUHhHgVFp3xSJRt4ThFaECgYEAgb7aIu7Xeg7ZjCqLZ2PN
-HfY1CiH9Js3MREoUt7CviHDMwn+EGmHT/d4rJP73LGnOn/R5BM5yd9bHhjt6b+dH
-RsI5xRg7hQIj5jOCtcED44dOShCCC8sErf4i21PjU8jvN4u5YFVbg2SbHIanjAOa
-euxjB5pRbT/tsDRIr2HTmSMCgYEA0zskLAkF7lWIXy7eH4/DEdRr26euUB89SzdB
-jdD3Ez7lzqzwu9VAGTY6Mbesp5FB3Wc7aimp207KjZxmCRaYr/9UOMnyO01D21XK
-Q/dCW32EpFozT6CwlNaO9x8AnieBYN81vBKS+bURhBuh3kDGoZhiKSA7woCHkvX7
-E1DzZuECgYEA1v8fntlJTSJtaahxIimbuTV5XbxysbK+AaWigLaqbGH8nmN1+Pda
-saqFgqIu19z3rryiD+aKqZcamhQbZPMufWWEwqk4M+fewvLx/o4rB/0KL/9Lwq00
-luOQzIjTtcNbS47CLIuhfOhGBhiAOtC3Ub6icZ+6+AYXfvJAsqRy2p4=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfKZNYgh2iuAcq
+so+TDt8VSXIGkxlKLcW9VpJa2vTTmgEc7kdXDp7Y1w3Ezkui8PwH7JHplQj06V3y
+SfMLmPDYx9RnL/vylDsUyAbaOXCK+UtwqHRrP1vRpBzqvfGeweLnmIhP6Uu2yNae
+AfO3ye7N4teWaBTXRMYRE59sBk5XmFPIQN6dRB9q9AGwVkdeO7U8KZuW85paeNER
+USUOQ4JK099UWkYA3rCiLmVURECcZNPoP+is4wz7NgrFeTepou8GFEOsniDeMNLq
+eX3v8gyTcI27FP9MVkHkKt6SCs5lLNP7KQ9P+RbXYlROTKgFNF3mIOOJvHsf3yFX
+ZqkgzuazAgMBAAECggEAa31sIpKx0aHQmeleLJhaLbetu6r44HkBqPxdDHQwvweM
+B7JiHHXHX2zejfBMEFUBIJP7iEYoBUeu37hs4CYvxEskbPt44NQzTQQ4AL7wDZCc
+nMwXH11qTaU95HfPPQfo0mLvLYaS2J0Oexc3nEwgwXzFGQZTG4ld2fXYsUCsVZX8
+PoHbkKWEHveQEFDmGezguc2UG3DrXaZv5gbMhVik048zX3P5cn0ic9TK9yEFZDXS
+8Qiq/SHTHEnkZV5J8s12pcDyQdi1cN96MVZ1/feeg1Pc06q7PN7xvkmZHCQ1tOdl
+b7STXNPrJ0P7OwbeB0Q3xNwqI25wicN1oaBvdR/PAQKBgQD4gN6+sR74FNC4q99T
+fuFqwJ36W8GG0jc9joJTbITXGSdArQHm838Mippp0P3MrUTLqXI0nhjH8ePjF83R
+KRWGoUvSc2Xe7LjzzEmg9CmtB+QD97Qir0468izqnlP1Ef16kbbIMLsoVgIht6YY
+klUYs7x3AtDBvHV7EKlP63kUgQKBgQDl5QDW+KZRvQU/G7tWsOZ6iQ3Ed8Zt4uRk
+EshPeCoz0S0ks8pzpa+YaAAUKsHvgiL7oLMFquuVHn7TctYBoe2/bwdj0/IW/1pP
+oDJqRJIbamjYj6qKG7Ihx0yx+z7f7vbKCgC5ifzy0Xl60E9fRIf3/dVopU+3qtwG
+qOphkrNRMwKBgQCrEixFIjGrnsjBGLC5DhOoJcmbXCcx5O1aVwyo2X/pg8td3rv8
+fYvs2k3KorDVgkJl4dRZHKz6mC7FWtG5N4s2DzvfOMncWSJJ00ysnOlD0LbLdG5x
+ojU8pxL8wNoTT7sr8bvevI1bCzqUc5TIPZSPWMxZMXr8o/xMKAAmoHfOAQKBgDBH
+VlTO5Qa3XlmxdjcvcUd8bsK6sJY1FueZNi3SO3KkVAmoJDUDL4wfEx0pGY810ijr
+x4zCJzUqsVGwhRbUrbwNEg053lZMC+g66Tt96P0O7LPF//d+93q2gvnBnKOkaHln
+fl14iAFqUkujYXfNSYyf5uhSBxq4K/rOEGKrTzMXAoGBAL3Hz3s5Gvy44SMV0UHl
+18gEqR0y9mXfgON9Rk0yE+fFYFRnFf4iHIxhodXPIGeu1CpqtXjEcG8JXVXniaao
+qNGbVs2QoBUVW81sHG9h/ulHCAwjFvZhFYgDiRQPcVd3lNJM4gigjRyw/nRnQH+2
+MVCJe5htDEMM58h8LepU4T8M
+-----END PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost0h-sv.pem b/tests/certs/Server-localhost0h-sv.pem
index 386d00dbe..72f326dfb 100644
--- a/tests/certs/Server-localhost0h-sv.pem
+++ b/tests/certs/Server-localhost0h-sv.pem
@@ -37,45 +37,46 @@ commonName_value              = localhost
 # The key
 # the certificate
 # some dhparam
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA6tAcBmFyx5KHQPPDOXIlr+6hVova8Ol5XFoBrC4KCG/0Jdz9
-GK+cwMl/FA+VL+pth8RMBA3FmpqoRLjGAZWkiDdphWgLd9jrzYUuCSzNLTEcc0+/
-UGzcZR4fm8C2/Y4PjdBYpYyCnRAHBKlmR3gCAe1o9GeMFtWowCbrJebQofrQ67kw
-7u82wV9PKUhmZsrblhRAyteeJFvIkPzfPRsUwXba9mHKig7E/80TH7dIj86ACUzH
-celQXD/TYiXbk+MLxKNq82xCC+UMRSIvkxlSQBsS2R8mLaA52xXeRoICHq1BcsOL
-mQWDQ1jSZTvSj5d63EDe4GW0lxkRWZTy9G/M+wIDAQABAoIBAGAciKwP7RRFJLlw
-TUNRNp3Zdg5ftmEPn44uhSq9uXuUn4Fz/+C/2NCMaUiDzFPNh8GflmG+ZViP3zop
-y1pQrwTWcYmaeb83eeUokxxMSzspM/T6+lroBBobh2KQMhZ8tF8enXo9liTFr6m3
-0NaGB4RUcbZAP/YExErKY0ujO1hg8Zr4lPkFx0Gt3neIz2h869ra1fTF5559XSei
-zAQ5MHgxpoAcs+8VzloS8hDgVVe5GBRmcyzqdFiZqo3isG7QaaSgZpw0LO43AHR1
-FANoYNox1dQgsYtYp7oCjyoqeY5kMrqXlHOQ5NbZ4HzUOwJjKUK0miVytRCOSNhm
-jv4tlEECgYEA/WTIh37BfR9juVPQgKVtT7k6P6HTEoW52JuDa3Zmnbh3VvpppJs3
-+GM+SGnb0cbiJYrIesoNF91kD0AA0ba97Vn0kR2BWx+g2yfts1QPI8Pt6jfb5xuR
-BhYdYdCNxXVgfDgvgz54ngJDEN2SXSQsBbKc7K++wU8kDBGNlJ7qZRsCgYEA7Tpm
-luPFFt3lBgCccvI28LWS/B2TnYdbRbceZJ8Fk6R1OdqYJryTqGBsIQz3DTwqF1ok
-X7XTXxt7zABZco8Z31W8Ju4yqDgvK8jWOxlKyZjUFyzvGKrzhp5J7WYzkbZ7SJNl
-J8TcHtTlF12RqLze2XlUHhHgVFp3xSJRt4ThFaECgYEAgb7aIu7Xeg7ZjCqLZ2PN
-HfY1CiH9Js3MREoUt7CviHDMwn+EGmHT/d4rJP73LGnOn/R5BM5yd9bHhjt6b+dH
-RsI5xRg7hQIj5jOCtcED44dOShCCC8sErf4i21PjU8jvN4u5YFVbg2SbHIanjAOa
-euxjB5pRbT/tsDRIr2HTmSMCgYEA0zskLAkF7lWIXy7eH4/DEdRr26euUB89SzdB
-jdD3Ez7lzqzwu9VAGTY6Mbesp5FB3Wc7aimp207KjZxmCRaYr/9UOMnyO01D21XK
-Q/dCW32EpFozT6CwlNaO9x8AnieBYN81vBKS+bURhBuh3kDGoZhiKSA7woCHkvX7
-E1DzZuECgYEA1v8fntlJTSJtaahxIimbuTV5XbxysbK+AaWigLaqbGH8nmN1+Pda
-saqFgqIu19z3rryiD+aKqZcamhQbZPMufWWEwqk4M+fewvLx/o4rB/0KL/9Lwq00
-luOQzIjTtcNbS47CLIuhfOhGBhiAOtC3Ub6icZ+6+AYXfvJAsqRy2p4=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfKZNYgh2iuAcq
+so+TDt8VSXIGkxlKLcW9VpJa2vTTmgEc7kdXDp7Y1w3Ezkui8PwH7JHplQj06V3y
+SfMLmPDYx9RnL/vylDsUyAbaOXCK+UtwqHRrP1vRpBzqvfGeweLnmIhP6Uu2yNae
+AfO3ye7N4teWaBTXRMYRE59sBk5XmFPIQN6dRB9q9AGwVkdeO7U8KZuW85paeNER
+USUOQ4JK099UWkYA3rCiLmVURECcZNPoP+is4wz7NgrFeTepou8GFEOsniDeMNLq
+eX3v8gyTcI27FP9MVkHkKt6SCs5lLNP7KQ9P+RbXYlROTKgFNF3mIOOJvHsf3yFX
+ZqkgzuazAgMBAAECggEAa31sIpKx0aHQmeleLJhaLbetu6r44HkBqPxdDHQwvweM
+B7JiHHXHX2zejfBMEFUBIJP7iEYoBUeu37hs4CYvxEskbPt44NQzTQQ4AL7wDZCc
+nMwXH11qTaU95HfPPQfo0mLvLYaS2J0Oexc3nEwgwXzFGQZTG4ld2fXYsUCsVZX8
+PoHbkKWEHveQEFDmGezguc2UG3DrXaZv5gbMhVik048zX3P5cn0ic9TK9yEFZDXS
+8Qiq/SHTHEnkZV5J8s12pcDyQdi1cN96MVZ1/feeg1Pc06q7PN7xvkmZHCQ1tOdl
+b7STXNPrJ0P7OwbeB0Q3xNwqI25wicN1oaBvdR/PAQKBgQD4gN6+sR74FNC4q99T
+fuFqwJ36W8GG0jc9joJTbITXGSdArQHm838Mippp0P3MrUTLqXI0nhjH8ePjF83R
+KRWGoUvSc2Xe7LjzzEmg9CmtB+QD97Qir0468izqnlP1Ef16kbbIMLsoVgIht6YY
+klUYs7x3AtDBvHV7EKlP63kUgQKBgQDl5QDW+KZRvQU/G7tWsOZ6iQ3Ed8Zt4uRk
+EshPeCoz0S0ks8pzpa+YaAAUKsHvgiL7oLMFquuVHn7TctYBoe2/bwdj0/IW/1pP
+oDJqRJIbamjYj6qKG7Ihx0yx+z7f7vbKCgC5ifzy0Xl60E9fRIf3/dVopU+3qtwG
+qOphkrNRMwKBgQCrEixFIjGrnsjBGLC5DhOoJcmbXCcx5O1aVwyo2X/pg8td3rv8
+fYvs2k3KorDVgkJl4dRZHKz6mC7FWtG5N4s2DzvfOMncWSJJ00ysnOlD0LbLdG5x
+ojU8pxL8wNoTT7sr8bvevI1bCzqUc5TIPZSPWMxZMXr8o/xMKAAmoHfOAQKBgDBH
+VlTO5Qa3XlmxdjcvcUd8bsK6sJY1FueZNi3SO3KkVAmoJDUDL4wfEx0pGY810ijr
+x4zCJzUqsVGwhRbUrbwNEg053lZMC+g66Tt96P0O7LPF//d+93q2gvnBnKOkaHln
+fl14iAFqUkujYXfNSYyf5uhSBxq4K/rOEGKrTzMXAoGBAL3Hz3s5Gvy44SMV0UHl
+18gEqR0y9mXfgON9Rk0yE+fFYFRnFf4iHIxhodXPIGeu1CpqtXjEcG8JXVXniaao
+qNGbVs2QoBUVW81sHG9h/ulHCAwjFvZhFYgDiRQPcVd3lNJM4gigjRyw/nRnQH+2
+MVCJe5htDEMM58h8LepU4T8M
+-----END PRIVATE KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668370 (0xf2ed3c2c192)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980979573 (0xf3475515175)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:37 2022 GMT
+            Not After : Mar 11 12:21:37 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -84,85 +85,82 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:ea:d0:1c:06:61:72:c7:92:87:40:f3:c3:39:72:
-                    25:af:ee:a1:56:8b:da:f0:e9:79:5c:5a:01:ac:2e:
-                    0a:08:6f:f4:25:dc:fd:18:af:9c:c0:c9:7f:14:0f:
-                    95:2f:ea:6d:87:c4:4c:04:0d:c5:9a:9a:a8:44:b8:
-                    c6:01:95:a4:88:37:69:85:68:0b:77:d8:eb:cd:85:
-                    2e:09:2c:cd:2d:31:1c:73:4f:bf:50:6c:dc:65:1e:
-                    1f:9b:c0:b6:fd:8e:0f:8d:d0:58:a5:8c:82:9d:10:
-                    07:04:a9:66:47:78:02:01:ed:68:f4:67:8c:16:d5:
-                    a8:c0:26:eb:25:e6:d0:a1:fa:d0:eb:b9:30:ee:ef:
-                    36:c1:5f:4f:29:48:66:66:ca:db:96:14:40:ca:d7:
-                    9e:24:5b:c8:90:fc:df:3d:1b:14:c1:76:da:f6:61:
-                    ca:8a:0e:c4:ff:cd:13:1f:b7:48:8f:ce:80:09:4c:
-                    c7:71:e9:50:5c:3f:d3:62:25:db:93:e3:0b:c4:a3:
-                    6a:f3:6c:42:0b:e5:0c:45:22:2f:93:19:52:40:1b:
-                    12:d9:1f:26:2d:a0:39:db:15:de:46:82:02:1e:ad:
-                    41:72:c3:8b:99:05:83:43:58:d2:65:3b:d2:8f:97:
-                    7a:dc:40:de:e0:65:b4:97:19:11:59:94:f2:f4:6f:
-                    cc:fb
+                    00:df:29:93:58:82:1d:a2:b8:07:2a:b2:8f:93:0e:
+                    df:15:49:72:06:93:19:4a:2d:c5:bd:56:92:5a:da:
+                    f4:d3:9a:01:1c:ee:47:57:0e:9e:d8:d7:0d:c4:ce:
+                    4b:a2:f0:fc:07:ec:91:e9:95:08:f4:e9:5d:f2:49:
+                    f3:0b:98:f0:d8:c7:d4:67:2f:fb:f2:94:3b:14:c8:
+                    06:da:39:70:8a:f9:4b:70:a8:74:6b:3f:5b:d1:a4:
+                    1c:ea:bd:f1:9e:c1:e2:e7:98:88:4f:e9:4b:b6:c8:
+                    d6:9e:01:f3:b7:c9:ee:cd:e2:d7:96:68:14:d7:44:
+                    c6:11:13:9f:6c:06:4e:57:98:53:c8:40:de:9d:44:
+                    1f:6a:f4:01:b0:56:47:5e:3b:b5:3c:29:9b:96:f3:
+                    9a:5a:78:d1:11:51:25:0e:43:82:4a:d3:df:54:5a:
+                    46:00:de:b0:a2:2e:65:54:44:40:9c:64:d3:e8:3f:
+                    e8:ac:e3:0c:fb:36:0a:c5:79:37:a9:a2:ef:06:14:
+                    43:ac:9e:20:de:30:d2:ea:79:7d:ef:f2:0c:93:70:
+                    8d:bb:14:ff:4c:56:41:e4:2a:de:92:0a:ce:65:2c:
+                    d3:fb:29:0f:4f:f9:16:d7:62:54:4e:4c:a8:05:34:
+                    5d:e6:20:e3:89:bc:7b:1f:df:21:57:66:a9:20:ce:
+                    e6:b3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
-                DNS:localhost
+                0
+..localhost.h
             X509v3 Key Usage: 
                 Digital Signature, Key Encipherment, Key Agreement
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                0C:BC:82:3B:78:FB:2E:45:68:C1:8C:F3:D3:90:EA:EB:B4:01:D1:4F
+                6B:56:00:F3:01:BC:16:8B:EB:CF:75:A1:89:DB:26:B1:C4:ED:71:64
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         a3:57:b0:64:17:36:45:e1:66:41:3b:73:67:31:03:e8:8e:a7:
-         cc:eb:b3:0c:94:1f:65:37:e9:fd:f3:b7:a2:78:74:70:fd:16:
-         22:5f:e9:01:25:67:6f:7a:6b:1d:b9:28:09:77:92:05:f0:dd:
-         7e:55:b3:4a:5d:a9:31:e4:cd:2b:52:01:3d:d0:1b:b6:15:5d:
-         e8:e4:97:ec:1c:56:6a:e8:4d:cf:32:a2:f4:b5:d7:af:1b:9a:
-         14:26:3b:b8:02:39:d4:15:6e:60:09:b5:23:fd:e5:ec:f4:3a:
-         17:08:15:de:16:79:07:dd:3e:ae:52:23:b4:71:39:1e:9f:3a:
-         22:e7:09:10:28:41:01:50:18:3e:bd:88:d2:3b:9d:0a:4b:98:
-         8e:dc:c3:ee:09:aa:76:7f:53:1e:f6:8b:56:72:64:60:02:29:
-         ed:d8:d2:4e:75:76:f0:e6:40:4c:09:73:ea:a7:2e:3b:ba:35:
-         4b:af:93:83:4b:99:10:b8:68:7d:79:3b:19:22:b7:36:e0:c3:
-         5a:43:80:7d:e5:6d:6f:f8:78:4a:19:8b:60:26:2b:43:4c:96:
-         f9:cf:42:b6:8d:01:ee:c7:b9:48:6d:64:e8:a7:1f:e1:d0:f5:
-         f2:a2:6d:a0:c9:15:9d:12:17:1b:b1:8f:24:62:2f:41:46:51:
-         8a:cf:8c:90
+    Signature Value:
+        5a:b2:83:c0:94:ce:25:aa:a0:f4:b6:71:fb:16:b4:e0:10:3c:
+        9c:a0:db:2a:fc:b7:f8:97:64:cc:19:92:56:63:a9:e6:50:d6:
+        6d:79:b6:a3:62:23:d2:48:21:37:46:46:3e:9d:cd:1f:55:18:
+        77:fd:7f:35:ea:d8:68:9c:1c:2f:c8:23:43:a2:cd:77:3c:5c:
+        21:94:93:80:84:d0:6a:8a:5b:ae:11:be:79:3e:80:17:32:9e:
+        73:0b:dd:0d:f5:f6:4f:3f:1b:a3:eb:aa:21:06:a7:ef:c7:bf:
+        e5:87:67:2c:38:a3:c1:d4:f2:b4:ce:72:9d:2e:f8:b9:91:cb:
+        83:1a:c9:be:74:bb:ac:78:5c:d9:3e:fd:1f:9d:ac:19:5e:b3:
+        00:66:38:71:7e:06:2e:fe:1a:c0:ad:f7:82:1d:85:6d:3d:3c:
+        9d:62:66:cd:1e:6d:f1:67:7a:05:4a:58:6e:7a:a7:1f:2f:7c:
+        5f:c0:2c:19:df:de:c6:2d:13:c6:3b:ea:6d:98:d0:55:98:4c:
+        00:a7:e2:2f:7d:86:24:49:2d:86:c3:75:d0:71:41:16:8c:7b:
+        49:25:eb:d2:cd:9b:08:b4:5f:6e:aa:4a:2d:6c:5b:89:67:7f:
+        3f:0c:43:43:bd:83:f7:ef:1e:ee:e7:6a:e7:3a:c1:c7:aa:1d:
+        5b:34:1b:d1
 -----BEGIN CERTIFICATE-----
-MIIERjCCAy6gAwIBAgIGDy7TwsGSMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIERjCCAy6gAwIBAgIGDzR1UVF1MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzdaFw0zMTAzMTExMjIxMzdaMFQxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDq0BwGYXLHkodA88M5ciWv7qFWi9rw6XlcWgGsLgoIb/Ql3P0Yr5zAyX8U
-D5Uv6m2HxEwEDcWamqhEuMYBlaSIN2mFaAt32OvNhS4JLM0tMRxzT79QbNxlHh+b
-wLb9jg+N0FiljIKdEAcEqWZHeAIB7Wj0Z4wW1ajAJusl5tCh+tDruTDu7zbBX08p
-SGZmytuWFEDK154kW8iQ/N89GxTBdtr2YcqKDsT/zRMft0iPzoAJTMdx6VBcP9Ni
-JduT4wvEo2rzbEIL5QxFIi+TGVJAGxLZHyYtoDnbFd5GggIerUFyw4uZBYNDWNJl
-O9KPl3rcQN7gZbSXGRFZlPL0b8z7AgMBAAGjggEIMIIBBDAWBgNVHREEDzANggts
+AoIBAQDfKZNYgh2iuAcqso+TDt8VSXIGkxlKLcW9VpJa2vTTmgEc7kdXDp7Y1w3E
+zkui8PwH7JHplQj06V3ySfMLmPDYx9RnL/vylDsUyAbaOXCK+UtwqHRrP1vRpBzq
+vfGeweLnmIhP6Uu2yNaeAfO3ye7N4teWaBTXRMYRE59sBk5XmFPIQN6dRB9q9AGw
+VkdeO7U8KZuW85paeNERUSUOQ4JK099UWkYA3rCiLmVURECcZNPoP+is4wz7NgrF
+eTepou8GFEOsniDeMNLqeX3v8gyTcI27FP9MVkHkKt6SCs5lLNP7KQ9P+RbXYlRO
+TKgFNF3mIOOJvHsf3yFXZqkgzuazAgMBAAGjggEIMIIBBDAWBgNVHREEDzANggts
 b2NhbGhvc3QAaDALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYD
-VR0OBBYEFAy8gjt4+y5FaMGM89OQ6uu0AdFPMB8GA1UdIwQYMBaAFFJA7uFPlVgp
-yoRnjA+MzP6PqfqoMAkGA1UdEwQCMAAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF
+VR0OBBYEFGtWAPMBvBaL6891oYnbJrHE7XFkMB8GA1UdIwQYMBaAFIfLsTMuwWd+
+cePlK0xNpLNu0lupMAkGA1UdEwQCMAAwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF
 BzAChidodHRwOi8vdGVzdC5jdXJsLnNlL2NhL0VkZWxDdXJsUm9vdC5jZXIwOAYD
 VR0fBDEwLzAtoCugKYYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJv
-b3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCjV7BkFzZF4WZBO3NnMQPojqfM67MM
-lB9lN+n987eieHRw/RYiX+kBJWdvemsduSgJd5IF8N1+VbNKXakx5M0rUgE90Bu2
-FV3o5JfsHFZq6E3PMqL0tdevG5oUJju4AjnUFW5gCbUj/eXs9DoXCBXeFnkH3T6u
-UiO0cTkenzoi5wkQKEEBUBg+vYjSO50KS5iO3MPuCap2f1Me9otWcmRgAint2NJO
-dXbw5kBMCXPqpy47ujVLr5ODS5kQuGh9eTsZIrc24MNaQ4B95W1v+HhKGYtgJitD
-TJb5z0K2jQHux7lIbWTopx/h0PXyom2gyRWdEhcbsY8kYi9BRlGKz4yQ
+b3QuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBasoPAlM4lqqD0tnH7FrTgEDycoNsq
+/Lf4l2TMGZJWY6nmUNZtebajYiPSSCE3RkY+nc0fVRh3/X816thonBwvyCNDos13
+PFwhlJOAhNBqiluuEb55PoAXMp5zC90N9fZPPxuj66ohBqfvx7/lh2csOKPB1PK0
+znKdLvi5kcuDGsm+dLuseFzZPv0fnawZXrMAZjhxfgYu/hrArfeCHYVtPTydYmbN
+Hm3xZ3oFSlhueqcfL3xfwCwZ397GLRPGO+ptmNBVmEwAp+IvfYYkSS2Gw3XQcUEW
+jHtJJevSzZsItF9uqkotbFuJZ38/DENDvYP37x7u52rnOsHHqh1bNBvR
 -----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost0h-sv.pub.der b/tests/certs/Server-localhost0h-sv.pub.der
index e404791a1..5c0e00d05 100644
--- a/tests/certs/Server-localhost0h-sv.pub.der
+++ b/tests/certs/Server-localhost0h-sv.pub.der
diff --git a/tests/certs/Server-localhost0h-sv.pub.pem b/tests/certs/Server-localhost0h-sv.pub.pem
index 37734703d..b8a1ee9e2 100644
--- a/tests/certs/Server-localhost0h-sv.pub.pem
+++ b/tests/certs/Server-localhost0h-sv.pub.pem
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tAcBmFyx5KHQPPDOXIl
-r+6hVova8Ol5XFoBrC4KCG/0Jdz9GK+cwMl/FA+VL+pth8RMBA3FmpqoRLjGAZWk
-iDdphWgLd9jrzYUuCSzNLTEcc0+/UGzcZR4fm8C2/Y4PjdBYpYyCnRAHBKlmR3gC
-Ae1o9GeMFtWowCbrJebQofrQ67kw7u82wV9PKUhmZsrblhRAyteeJFvIkPzfPRsU
-wXba9mHKig7E/80TH7dIj86ACUzHcelQXD/TYiXbk+MLxKNq82xCC+UMRSIvkxlS
-QBsS2R8mLaA52xXeRoICHq1BcsOLmQWDQ1jSZTvSj5d63EDe4GW0lxkRWZTy9G/M
-+wIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ymTWIIdorgHKrKPkw7f
+FUlyBpMZSi3FvVaSWtr005oBHO5HVw6e2NcNxM5LovD8B+yR6ZUI9Old8knzC5jw
+2MfUZy/78pQ7FMgG2jlwivlLcKh0az9b0aQc6r3xnsHi55iIT+lLtsjWngHzt8nu
+zeLXlmgU10TGEROfbAZOV5hTyEDenUQfavQBsFZHXju1PCmblvOaWnjREVElDkOC
+StPfVFpGAN6woi5lVERAnGTT6D/orOMM+zYKxXk3qaLvBhRDrJ4g3jDS6nl97/IM
+k3CNuxT/TFZB5CrekgrOZSzT+ykPT/kW12JUTkyoBTRd5iDjibx7H98hV2apIM7m
+swIDAQAB
 -----END PUBLIC KEY-----
diff --git a/tests/certs/Server-localhost0h-sv.pubkey-pinned b/tests/certs/Server-localhost0h-sv.pubkey-pinned
index d79ae28da..0347fc0f5 100644
--- a/tests/certs/Server-localhost0h-sv.pubkey-pinned
+++ b/tests/certs/Server-localhost0h-sv.pubkey-pinned
@@ -1 +1 @@
-niXJtQz7iLYOWlwo1ZD4Roqa5l0fDDDMBjaOQnDgZLg=
+uWdzTJv+PXoad5XzSPC85Nm6FcqVkGl+8tTRW5KCLbA=
diff --git a/tests/certs/scripts/Makefile.am b/tests/certs/scripts/Makefile.am
index c7e8a16c2..82b5f277e 100644
--- a/tests/certs/scripts/Makefile.am
+++ b/tests/certs/scripts/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/certs/scripts/genroot.sh b/tests/certs/scripts/genroot.sh
index 6d0bd880a..17fd30887 100755
--- a/tests/certs/scripts/genroot.sh
+++ b/tests/certs/scripts/genroot.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2000 - 2022, EdelWeb for EdelKey and OpenEvidence
+# Copyright (C) EdelWeb for EdelKey and OpenEvidence
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -63,8 +63,8 @@ set -e
 
 echo SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
 
-echo "openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout XXX"
-openssl genrsa -out $PREFIX-ca.key $KEYSIZE -passout pass:secret
+echo "openssl genrsa -out $PREFIX-ca.key -passout XXX $KEYSIZE"
+openssl genrsa -out $PREFIX-ca.key -passout pass:secret $KEYSIZE
 
 echo "openssl req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr"
 $OPENSSL req -config $PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret
diff --git a/tests/certs/scripts/genserv.sh b/tests/certs/scripts/genserv.sh
index 969ae4c71..7e0b4429c 100755
--- a/tests/certs/scripts/genserv.sh
+++ b/tests/certs/scripts/genserv.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2000 - 2022, EdelWeb for EdelKey and OpenEvidence
+# Copyright (C) EdelWeb for EdelKey and OpenEvidence
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/certs/stunnel-sv.crl b/tests/certs/stunnel-sv.crl
index 02e5d39b5..494ce7358 100644
--- a/tests/certs/stunnel-sv.crl
+++ b/tests/certs/stunnel-sv.crl
@@ -1,18 +1,15 @@
 -----BEGIN X509 CRL-----
-MIIC8jCCAdoCAQEwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
+MIICWzCCAUMCAQEwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UEBhMCTk4xMTAvBgNV
 BAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJjAk
-BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjExMjUxMjMy
-NDZaFw0yMjEyMjUxMjMyNDZaMIIBLDAXAgYPLtKj3NIXDTIyMTEyNTEyMDEyNlow
-FwIGDy7So9zkFw0yMjExMjUxMjAxMjZaMBcCBg8u0qPc9xcNMjIxMTI1MTIwMTI2
-WjAXAgYPLtKj3QgXDTIyMTEyNTEyMDEyNlowFwIGDy7SpAQqFw0yMjExMjUxMjAx
-MjdaMBcCBg8u0qQEOxcNMjIxMTI1MTIwMTI3WjAXAgYPLtPCwWYXDTIyMTEyNTEy
-MzI0NlowFwIGDy7TwsF8Fw0yMjExMjUxMjMyNDZaMBcCBg8u08LBkhcNMjIxMTI1
-MTIzMjQ2WjAXAgYPLtPCwacXDTIyMTEyNTEyMzI0NlowFwIGDy7TwsG8Fw0yMjEx
-MjUxMjMyNDZaMBcCBg8u08LB0RcNMjIxMTI1MTIzMjQ2WqAOMAwwCgYDVR0UBAMC
-AQEwDQYJKoZIhvcNAQEFBQADggEBAAorcW9V+mMBj2OSxZcL5+igiOFk4AbIAgQV
-QU4RayJbNdylZeiHN2iQrEOQO6SeZ9HYrW/qNhDlQ7XUCTiX8A438jKpyzTwH1vd
-xeexri4YpDwujFT3iJpu67AtAIk7ZzEDE209dZ7YFLQste7wck7GEw77N8vHzMos
-9ct60LeBl7lz8bC9DGoumAA/4uLwKgULHlSgNnijWeMbQaVrAYD9hVRyEAu6rN06
-L4NoLsI4FY4gZrYId4mtP8+7Fgd0FzJ6zrHC1Ep0uQQvxFhu5Jr+9dBEfWX8t/LL
-TXV6nLInCTUtFm3FcsJctAt1GNqETAydo8o2djvup0N87kZNWf0=
+BgNVBAMMHU5vcnRoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yFw0yMjEyMjMxMjIx
+MzlaFw0yMzAxMjIxMjIxMzlaMIGWMBcCBg80dVEqPBcNMjIxMjIzMTIyMTM2WjAX
+AgYPNHVRUWEXDTIyMTIyMzEyMjEzN1owFwIGDzR1UVF1Fw0yMjEyMjMxMjIxMzda
+MBcCBg80dVFRiRcNMjIxMjIzMTIyMTM4WjAXAgYPNHVReK4XDTIyMTIyMzEyMjEz
+OFowFwIGDzR1UZ/TFw0yMjEyMjMxMjIxMzlaoA4wDDAKBgNVHRQEAwIBATANBgkq
+hkiG9w0BAQsFAAOCAQEAMcVpjkRfr71+8t8qMGDR7jNycVDsEw8H+t4wXq44EkVu
+Z3uB7IPa5KQJ4HNZ5U/5yfWrLQ14YsOHEPIWaDyXG+MYKa82t/VGSzkWdiPE/onz
+Y3PBkclURacEZ5NHWTDGJXGttO7cHPPN4FsKxAsS7EWPRSCCKBGIxY3L+4QcziZV
+G9zsrzn0B7NI11E9+VGm0HbhSxXUthayPvHeUmjpeJ+711R22ANNTV2jAMqFn2ZP
+i6PNenZXC3xt1cZd4/T6343TT5jd0QB1JUiSFGYWZw3sSga6d57Mf5WTOCAfJsWL
+X1Wds0WsQ/XbsGySCLXPWfOaxrfhk3FJHSwIDjKoAg==
 -----END X509 CRL-----
diff --git a/tests/certs/stunnel-sv.crt b/tests/certs/stunnel-sv.crt
index 260a10b0d..82285808c 100644
--- a/tests/certs/stunnel-sv.crt
+++ b/tests/certs/stunnel-sv.crt
@@ -1,15 +1,15 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668433 (0xf2ed3c2c1d1)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980999635 (0xf3475519fd3)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:39 2022 GMT
+            Not After : Mar 11 12:21:39 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -18,24 +18,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:aa:ae:0f:dd:20:a3:6b:0d:13:6c:00:b8:03:79:
-                    58:a6:20:b7:15:af:54:95:1b:97:a9:89:14:0e:83:
-                    32:74:2b:fc:91:d8:c6:e4:ed:e5:ac:55:45:b5:45:
-                    8e:1d:1f:48:ae:ce:ac:0a:f3:d2:e4:8f:09:c5:9b:
-                    57:fc:a9:3b:72:94:fc:e5:0f:e9:53:4d:46:d9:81:
-                    97:a9:cf:73:d5:2b:8a:72:50:80:55:14:29:c3:b1:
-                    89:51:9a:ae:c4:4e:75:b7:df:cd:4d:5b:8b:c6:ae:
-                    95:09:b3:32:b1:d1:0b:32:04:9d:54:32:4a:4b:ab:
-                    ee:0e:1a:11:d4:e7:67:d8:36:31:62:76:af:c3:64:
-                    f0:8c:2d:2c:60:81:c6:66:a8:31:3a:eb:a2:ce:ec:
-                    d6:65:fe:80:b2:e8:6e:3b:1e:50:65:b1:91:9c:0a:
-                    05:06:8e:89:4c:46:c2:df:68:bd:1e:cf:0a:cd:04:
-                    99:aa:01:66:ec:74:1b:f5:15:13:4d:cf:e7:cd:2a:
-                    8e:61:d6:4c:79:17:cd:9e:55:ee:48:05:35:a9:55:
-                    16:1a:75:0b:12:51:8d:d5:55:89:50:36:93:af:b5:
-                    5a:0a:16:66:d6:80:a8:99:78:eb:09:1c:5f:26:aa:
-                    a1:db:2a:d3:9e:c7:f2:a2:f0:69:af:6e:75:81:a0:
-                    ee:f3
+                    00:ab:0a:b0:03:d0:76:fe:5e:ce:15:de:61:d5:e3:
+                    91:6f:7c:d6:bb:ca:26:8e:78:be:26:35:d1:a6:59:
+                    f1:d5:3c:55:3e:09:2c:ec:a0:d4:af:0e:3c:5a:a2:
+                    b5:b0:78:51:95:62:80:80:71:c8:4e:9f:59:59:93:
+                    40:12:b2:a9:ce:b2:cd:17:8b:9f:27:f3:e3:cf:23:
+                    78:06:d2:06:23:5f:9b:20:ec:42:77:66:ad:a4:5e:
+                    82:b4:4d:94:72:ea:13:64:72:fc:cb:83:2c:d7:a1:
+                    8b:f5:2e:4c:d3:c1:88:b2:c8:98:19:5f:ef:98:fc:
+                    62:80:b3:67:cc:1f:23:fc:5f:38:cd:82:6e:2d:96:
+                    d9:35:93:fe:29:a2:69:65:c0:df:45:ab:3f:ac:17:
+                    18:00:80:4a:b7:c9:ba:b8:5f:29:bb:c4:ac:16:97:
+                    cc:57:34:10:c9:36:65:6c:3e:d8:89:45:c8:a5:42:
+                    84:7c:5e:cd:1a:e8:f1:3e:55:b3:21:0f:d0:36:13:
+                    f2:c4:2f:b9:73:41:fa:87:aa:dc:44:d6:64:96:e4:
+                    5a:50:f9:4a:9f:e0:a2:e7:69:f4:ad:5a:cf:3a:20:
+                    e5:a7:09:e2:cf:e8:19:a1:00:ae:a8:bb:22:02:34:
+                    5c:b3:cf:b5:24:4c:76:bf:ad:e9:f1:b8:d3:86:ba:
+                    7d:93
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -45,58 +45,55 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                7A:9A:8C:C7:59:5D:12:8D:51:2F:B1:06:58:1B:0A:B4:9F:31:8D:7F
+                9C:97:B0:3D:B3:50:B1:F6:D4:71:E2:EB:CB:80:EA:93:7C:98:CC:72
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         84:61:d9:d9:fb:1e:7e:e7:70:fb:1f:2f:e7:53:14:d5:0b:af:
-         0b:7d:30:83:a2:50:5d:7d:80:52:03:25:a4:7e:fb:6a:27:2d:
-         c7:2e:db:56:21:c9:90:13:aa:84:d8:0c:ec:fc:76:43:3a:35:
-         e6:e9:fe:99:36:eb:ce:5c:43:ea:5b:93:ac:e1:97:00:5f:05:
-         e8:a4:69:5b:a9:6a:9a:44:52:f2:75:2c:d7:0d:b1:4b:01:bf:
-         b4:18:e3:d6:65:90:06:8e:1d:bc:40:89:75:83:ea:d6:c3:1b:
-         57:d8:fa:e9:42:bc:83:1e:e9:27:e7:01:30:46:a8:be:dd:e2:
-         1e:96:05:56:a5:03:76:f8:40:a1:8b:1b:5d:3b:45:37:2f:8e:
-         d9:b0:d9:ab:5d:b4:9c:fa:7c:ad:db:10:ff:55:40:01:1c:49:
-         1c:af:20:cb:9d:5d:74:d9:83:8e:ae:54:3e:57:ce:77:de:1b:
-         83:f6:6d:3f:6d:ef:b1:bd:11:aa:10:f5:15:bf:a2:ba:c5:63:
-         6c:22:86:d6:78:72:75:7c:68:fb:4a:1c:1f:da:90:53:b3:44:
-         dd:db:95:c2:dc:dc:45:9b:78:a8:73:8a:74:a7:91:8f:6d:c7:
-         72:a0:00:3b:3f:ea:e6:c9:14:f0:a1:c5:1a:bb:8f:65:d8:75:
-         da:3d:4d:cc
+    Signature Value:
+        0b:8a:ed:6a:87:fa:71:15:88:25:58:85:1b:4a:09:bf:43:00:
+        35:93:78:0d:72:14:30:51:e2:93:83:a1:da:1b:2f:a9:31:ae:
+        b7:c7:4c:72:c2:5e:32:24:f1:96:93:70:d5:3f:b5:85:80:13:
+        75:32:cf:0e:f8:5d:c4:a2:29:84:43:2c:75:81:26:12:6a:a0:
+        cb:7b:57:c1:92:78:85:08:fa:64:50:c2:7b:83:02:4d:79:13:
+        bc:61:64:4d:b8:6b:d5:f1:84:6b:12:5c:69:90:ad:40:47:c0:
+        ed:dd:ea:8a:66:7e:87:85:19:aa:89:d3:3c:08:72:08:a1:4d:
+        63:60:5b:9b:17:9e:00:12:a1:00:52:ca:78:01:88:18:c7:ed:
+        5b:c7:e4:d9:eb:bd:3f:af:92:53:3f:fe:58:57:0d:fc:f4:7b:
+        7b:a2:4f:e9:b9:5c:b5:a4:52:50:b4:56:5a:44:8e:d9:d0:ed:
+        de:8f:7e:ac:1c:58:76:5b:a8:79:c9:95:ab:85:1d:db:4c:13:
+        82:4a:a5:41:1b:29:f5:d3:96:df:80:d1:1e:00:7d:ba:35:94:
+        57:81:e1:08:2a:81:6b:1c:30:50:37:01:1a:0e:26:4f:6b:ed:
+        c9:50:17:37:2b:33:3f:68:fe:c6:f0:21:8c:e7:b2:79:55:f2:
+        42:bd:2f:b0
 -----BEGIN CERTIFICATE-----
-MIIERDCCAyygAwIBAgIGDy7TwsHRMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIERDCCAyygAwIBAgIGDzR1UZ/TMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzlaFw0zMTAzMTExMjIxMzlaMFQxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCqrg/dIKNrDRNsALgDeVimILcVr1SVG5epiRQOgzJ0K/yR2Mbk7eWsVUW1
-RY4dH0iuzqwK89LkjwnFm1f8qTtylPzlD+lTTUbZgZepz3PVK4pyUIBVFCnDsYlR
-mq7ETnW3381NW4vGrpUJszKx0QsyBJ1UMkpLq+4OGhHU52fYNjFidq/DZPCMLSxg
-gcZmqDE666LO7NZl/oCy6G47HlBlsZGcCgUGjolMRsLfaL0ezwrNBJmqAWbsdBv1
-FRNNz+fNKo5h1kx5F82eVe5IBTWpVRYadQsSUY3VVYlQNpOvtVoKFmbWgKiZeOsJ
-HF8mqqHbKtOex/Ki8GmvbnWBoO7zAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
+AoIBAQCrCrAD0Hb+Xs4V3mHV45FvfNa7yiaOeL4mNdGmWfHVPFU+CSzsoNSvDjxa
+orWweFGVYoCAcchOn1lZk0ASsqnOss0Xi58n8+PPI3gG0gYjX5sg7EJ3Zq2kXoK0
+TZRy6hNkcvzLgyzXoYv1LkzTwYiyyJgZX++Y/GKAs2fMHyP8XzjNgm4tltk1k/4p
+omllwN9Fqz+sFxgAgEq3ybq4Xym7xKwWl8xXNBDJNmVsPtiJRcilQoR8Xs0a6PE+
+VbMhD9A2E/LEL7lzQfqHqtxE1mSW5FpQ+Uqf4KLnafStWs86IOWnCeLP6BmhAK6o
+uyICNFyzz7UkTHa/renxuNOGun2TAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
 b2NhbGhvc3QwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud
-DgQWBBR6mozHWV0SjVEvsQZYGwq0nzGNfzAfBgNVHSMEGDAWgBRSQO7hT5VYKcqE
-Z4wPjMz+j6n6qDAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
+DgQWBBScl7A9s1Cx9tRx4uvLgOqTfJjMcjAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj
+5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
 AoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1Ud
 HwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290
-LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAhGHZ2fsefudw+x8v51MU1QuvC30wg6JQ
-XX2AUgMlpH77aictxy7bViHJkBOqhNgM7Px2Qzo15un+mTbrzlxD6luTrOGXAF8F
-6KRpW6lqmkRS8nUs1w2xSwG/tBjj1mWQBo4dvECJdYPq1sMbV9j66UK8gx7pJ+cB
-MEaovt3iHpYFVqUDdvhAoYsbXTtFNy+O2bDZq120nPp8rdsQ/1VAARxJHK8gy51d
-dNmDjq5UPlfOd94bg/ZtP23vsb0RqhD1Fb+iusVjbCKG1nhydXxo+0ocH9qQU7NE
-3duVwtzcRZt4qHOKdKeRj23HcqAAOz/q5skU8KHFGruPZdh12j1NzA==
+LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAC4rtaof6cRWIJViFG0oJv0MANZN4DXIU
+MFHik4Oh2hsvqTGut8dMcsJeMiTxlpNw1T+1hYATdTLPDvhdxKIphEMsdYEmEmqg
+y3tXwZJ4hQj6ZFDCe4MCTXkTvGFkTbhr1fGEaxJcaZCtQEfA7d3qimZ+h4UZqonT
+PAhyCKFNY2BbmxeeABKhAFLKeAGIGMftW8fk2eu9P6+SUz/+WFcN/PR7e6JP6blc
+taRSULRWWkSO2dDt3o9+rBxYdluoecmVq4Ud20wTgkqlQRsp9dOW34DRHgB9ujWU
+V4HhCCqBaxwwUDcBGg4mT2vtyVAXNyszP2j+xvAhjOeyeVXyQr0vsA==
 -----END CERTIFICATE-----
diff --git a/tests/certs/stunnel-sv.csr b/tests/certs/stunnel-sv.csr
index 1509b8864..739cd68eb 100644
--- a/tests/certs/stunnel-sv.csr
+++ b/tests/certs/stunnel-sv.csr
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIICmTCCAYECAQAwVDELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
 cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxEjAQBgNVBAMMCWxvY2FsaG9z
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKquD90go2sNE2wAuAN5
-WKYgtxWvVJUbl6mJFA6DMnQr/JHYxuTt5axVRbVFjh0fSK7OrArz0uSPCcWbV/yp
-O3KU/OUP6VNNRtmBl6nPc9UrinJQgFUUKcOxiVGarsROdbffzU1bi8aulQmzMrHR
-CzIEnVQySkur7g4aEdTnZ9g2MWJ2r8Nk8IwtLGCBxmaoMTrros7s1mX+gLLobjse
-UGWxkZwKBQaOiUxGwt9ovR7PCs0EmaoBZux0G/UVE03P580qjmHWTHkXzZ5V7kgF
-NalVFhp1CxJRjdVViVA2k6+1WgoWZtaAqJl46wkcXyaqodsq057H8qLwaa9udYGg
-7vMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB+vdGsn8infk15uyFAiN6hjzif
-8WQU6tfY7jOBropMRHYv9XXQJGYiwHwSCHkI4EQy3wMdGyjGPjBvIMeUp4hb9Tw+
-u/Yc3htE/bDtfcRKMAK/A+h4dIpIzI84nu62WBwr7vmM9WpoL0wcxhji6a3k3xS3
-oQhPiqOLt+MJTPNSZl8C93hx8Nq20iqCJpBXALzOalx6WWxuNv5E8PqmQtcJrlAp
-mLpIL0AiACbtNeV5VFc3ezo/79mRMYV/Vxnb0XIEkwty6HUnWmgNYCYawXEybc+f
-fzCUZnu+0giFDSZ80xS+vdb1IQdFO8oRYLs+RxTFPW14LuQrPKQY5zsrwE1u
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKsKsAPQdv5ezhXeYdXj
+kW981rvKJo54viY10aZZ8dU8VT4JLOyg1K8OPFqitbB4UZVigIBxyE6fWVmTQBKy
+qc6yzReLnyfz488jeAbSBiNfmyDsQndmraRegrRNlHLqE2Ry/MuDLNehi/UuTNPB
+iLLImBlf75j8YoCzZ8wfI/xfOM2Cbi2W2TWT/imiaWXA30WrP6wXGACASrfJurhf
+KbvErBaXzFc0EMk2ZWw+2IlFyKVChHxezRro8T5VsyEP0DYT8sQvuXNB+oeq3ETW
+ZJbkWlD5Sp/goudp9K1azzog5acJ4s/oGaEArqi7IgI0XLPPtSRMdr+t6fG404a6
+fZMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAauiYRPParSazzDjwG98G8YzZk
+1V/Q3rOzPN5a4veBMVO0kTxrTLImX/+BU6Bj6YgbpUGzIUqbkEunCQ5vtbFTrooD
+uT2tZtENXrj6i1fR3BArnLiP1Pg+PO1ONvTuY+384v2CIeE7AP6V0wZw5W9OJSkP
+eM8RU5OJn5zJkxhmUdREg5d3VuIE67ABcbCsxqMAhJuPw6mFgN6ffZl06nZ2cR5k
+TeOmze7EL8UCNByTtwqBdgryPQu3UEsBq0GxQJcBzcmB3vfClLhnTLic4sRHGdTO
+Ql+6CFqNnP5+bEMWqExPmWsdogFtwJsiQvr2nk/i2ogKAoRs+T0siTcF1+RM
 -----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/stunnel-sv.der b/tests/certs/stunnel-sv.der
index 35ce6fc6c..9c015f8fc 100644
--- a/tests/certs/stunnel-sv.der
+++ b/tests/certs/stunnel-sv.der
diff --git a/tests/certs/stunnel-sv.key b/tests/certs/stunnel-sv.key
index 8e8151b84..84c86c2ee 100644
--- a/tests/certs/stunnel-sv.key
+++ b/tests/certs/stunnel-sv.key
@@ -1,27 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAqq4P3SCjaw0TbAC4A3lYpiC3Fa9UlRuXqYkUDoMydCv8kdjG
-5O3lrFVFtUWOHR9Irs6sCvPS5I8JxZtX/Kk7cpT85Q/pU01G2YGXqc9z1SuKclCA
-VRQpw7GJUZquxE51t9/NTVuLxq6VCbMysdELMgSdVDJKS6vuDhoR1Odn2DYxYnav
-w2TwjC0sYIHGZqgxOuuizuzWZf6AsuhuOx5QZbGRnAoFBo6JTEbC32i9Hs8KzQSZ
-qgFm7HQb9RUTTc/nzSqOYdZMeRfNnlXuSAU1qVUWGnULElGN1VWJUDaTr7VaChZm
-1oComXjrCRxfJqqh2yrTnsfyovBpr251gaDu8wIDAQABAoIBAQCdg9n8Fxz5tK2R
-5O/ttNVNK7ALgS2sFjTXLzylUAsGD3oeF1Mm/y4Q5vlYG4LV+YMYYH+B9BdS+3bn
-OT/wWzYTvs/NjeulBxI1tVWET4H03yP777Mf0WXhxjyWZQyY+lfFg/NySuQqTgAZ
-XZmRZPzSAlQ32dmbEGa3+PMv6wd5Drei9dW8zXHg0Hhxu1ZQffwAuqMaH7JRf7Vz
-947E59YrTVOSz7V8q9B0Jw/y3ozdVF4XsYuTZu6hcFRGu7hyBblp8JXhbpRpk1+0
-8iYas3Wh5qXbe7IMmRuyHKQilweCnOvLwsd6zkyPmf/RfElbVwMfy9YQZ9r5t3cG
-8JLTmexhAoGBAOB7xb6kzBgRVKC1IMos18l9sj/4x14Iu9QSoOUyPiC+tnXaSV2a
-6Wx/5e0x3de3fv4CpcIPrO243CAvzAY8dKfUN0L0DLH0RTWtu7G8yAe8rTGDN3Vk
-xg1bfNaaciOyq1MKf5o5VBNdf8wqz4tOMuWc0hB69+7NJl65icWZSmk5AoGBAMKk
-hRr+q1bokENma9RDAZQG2CvELfetgvs8i40UQk/KUTsg9xOJvf7sohoYUEqxFTOR
-5lmM01wwdRuHLwg333sP1zLwR1KlxUWp+hOVxY3utAiCNMQKkMZGoTtx/S4c3fJX
-ETyNgXnXRGe7S6feqaubEmYn2/zRtQMEsUC2+TWLAoGAOeFwEUHopeQCEBXjyH1b
-fkZ8qWX58dMKqxnKho432rWR0j1gYVRKD4HCxS/wZWiYw+Hm32yvR/Q8PchVMN5x
-rbxYK1lF1LSJC9gp5yAn62bIuVV9/TTopBUM0UCtYWr2Jck1MYzKktuu0fPP47lc
-Ajw3JayvNNGMrSvlzB9EQnECgYEAsDO/S3DAKyzdbCaL9tux0g9gIj62XkD1Efr9
-Wfm9Df5ZCu4MveMz3FLbbEQWa4djagvqO6cAr7QuT31RVl8+MGlmpvZdmrP2odn+
-STyMWrB8yjcVDWODK/tEekv2pof7ZCbts6NmUqZNhppHIvCvKGp5fYEX5Qbylojo
-7Wy2rYECgYBlgx30rVT0S+fqAxje6EU1u2L/vx7Bb+VwxVwz66jXgOp3WJRex29z
-te8vPrByqaWDRB5cT2aRMQESc8HjUr7GC6DRpBV09g+alJnjuwKwl+gY9zg6cb0l
-jcKnwIobQdxoptlCppDgyzaa0YobJw4Bp6n2o0IRt6Tfl2Gh+BvpXw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrCrAD0Hb+Xs4V
+3mHV45FvfNa7yiaOeL4mNdGmWfHVPFU+CSzsoNSvDjxaorWweFGVYoCAcchOn1lZ
+k0ASsqnOss0Xi58n8+PPI3gG0gYjX5sg7EJ3Zq2kXoK0TZRy6hNkcvzLgyzXoYv1
+LkzTwYiyyJgZX++Y/GKAs2fMHyP8XzjNgm4tltk1k/4pomllwN9Fqz+sFxgAgEq3
+ybq4Xym7xKwWl8xXNBDJNmVsPtiJRcilQoR8Xs0a6PE+VbMhD9A2E/LEL7lzQfqH
+qtxE1mSW5FpQ+Uqf4KLnafStWs86IOWnCeLP6BmhAK6ouyICNFyzz7UkTHa/renx
+uNOGun2TAgMBAAECggEAH0BsKb5Ax7h90jwYRzL141d9isFkaxq/r46c2FbN24bT
+EmstxKycP8ILoAnjxbMuQOvHC/D+RvNRqY7Aocn4Qdakp50wvuWOpc3Ww/RC/9qb
+pxfUCyn9Jy/HlPcp3RdM5MknzG2S13Fid7F2gyh0+CmztMs1JZBT1S0ylXbJJfbY
+1pdlHcf9oEbYo36vGd9rtJHAFzsFfwua0idl76XYuOnR3bpOkHl1B5cJ8jpOliPv
+VTmzn0cIgAmk7IByHHqGQ0u30PFiElI9kEbkKWoxAM1hq1pFU58jQhvp0ZkjVENL
+bSFB2B4DbyosxPlbUgvJCN4B7nclqzYqBdrrk6/ZLQKBgQC1lDrPSGIGXLwvkZYS
+xc0wtaCC7u6m7zV8rzh5HGcEoVvtmya/VyoZR8KGIpSor8COIkZqFtan6C77C3MH
+wClbu2Kn3FkGb76D5U2Xwl38zepzjn8Z5qXc3bZfccrsDY1gXPicgsmcKUY9xV5/
+T0RjESDKB+xxkJpCjia6klm2NQKBgQDxJNuqB6frDYKaj7mW/rvyHqkeT94J6eDY
+BcMZVKeHRNWcBMOvJDChVmpsCjJPOWHhHOlAE755NxWn8wpgyiUcac3BiysMgvTT
+pyH8UVWaP/DWYOfpuhtcLPkIjKnPijOvshpyWBxfXNIejiovoT6E3IXKOxr5g5yq
+U/9a5+I9pwKBgDyJG4YpkoyedBrDxa2ihkL7+nRMZgH/c+yKmiA+aNXxWa2AcU2P
+KLje5KpFcxw948s/AAy0aoH19Vu6uHHYDbHIah6eZouvy2s7kj/LC/yRRd2anyMq
+cxeMTxXI4ScLaZu7wyKis8Y9OG61k0iMS7dfaXgRZjGCTPttWtoOmpwVAoGAd2k+
+EXuLDl15UBpd18S6wxGlw2nfVN9oxPBNhUyjTNusP38oe6EbJ7mIJ4oBEbQjoPrV
+EjL0vkelxK4YdIeFSwWlqvLEVYS/wdNgg/auwhxpoW8JSHctNz7Z7v7g0/Hm2FkE
+uZyiKCLptdHGWCGruNUOt27/U5F10e6YY6ayJL8CgYEAoE/ddHIlrKFzcZ0cu47R
+ky4D4x32ceC2au4eGPLMDItPjceXe8I6zgB5P8/U5U3PRw5oWabpAf5lAcRwa12c
+23xgy9O5QNlyps/rAdnVjwxqGwEd5E2LrZ2+JDflPRGunx2VO5v9CxXvsxu9F3Rj
+tREtebHe2H7u5jNsIQArnRI=
+-----END PRIVATE KEY-----
diff --git a/tests/certs/stunnel-sv.pem b/tests/certs/stunnel-sv.pem
index 3ec7702e9..b7dd1e879 100644
--- a/tests/certs/stunnel-sv.pem
+++ b/tests/certs/stunnel-sv.pem
@@ -36,45 +36,46 @@ commonName_value              = localhost
 # The key
 # the certificate
 # some dhparam
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAqq4P3SCjaw0TbAC4A3lYpiC3Fa9UlRuXqYkUDoMydCv8kdjG
-5O3lrFVFtUWOHR9Irs6sCvPS5I8JxZtX/Kk7cpT85Q/pU01G2YGXqc9z1SuKclCA
-VRQpw7GJUZquxE51t9/NTVuLxq6VCbMysdELMgSdVDJKS6vuDhoR1Odn2DYxYnav
-w2TwjC0sYIHGZqgxOuuizuzWZf6AsuhuOx5QZbGRnAoFBo6JTEbC32i9Hs8KzQSZ
-qgFm7HQb9RUTTc/nzSqOYdZMeRfNnlXuSAU1qVUWGnULElGN1VWJUDaTr7VaChZm
-1oComXjrCRxfJqqh2yrTnsfyovBpr251gaDu8wIDAQABAoIBAQCdg9n8Fxz5tK2R
-5O/ttNVNK7ALgS2sFjTXLzylUAsGD3oeF1Mm/y4Q5vlYG4LV+YMYYH+B9BdS+3bn
-OT/wWzYTvs/NjeulBxI1tVWET4H03yP777Mf0WXhxjyWZQyY+lfFg/NySuQqTgAZ
-XZmRZPzSAlQ32dmbEGa3+PMv6wd5Drei9dW8zXHg0Hhxu1ZQffwAuqMaH7JRf7Vz
-947E59YrTVOSz7V8q9B0Jw/y3ozdVF4XsYuTZu6hcFRGu7hyBblp8JXhbpRpk1+0
-8iYas3Wh5qXbe7IMmRuyHKQilweCnOvLwsd6zkyPmf/RfElbVwMfy9YQZ9r5t3cG
-8JLTmexhAoGBAOB7xb6kzBgRVKC1IMos18l9sj/4x14Iu9QSoOUyPiC+tnXaSV2a
-6Wx/5e0x3de3fv4CpcIPrO243CAvzAY8dKfUN0L0DLH0RTWtu7G8yAe8rTGDN3Vk
-xg1bfNaaciOyq1MKf5o5VBNdf8wqz4tOMuWc0hB69+7NJl65icWZSmk5AoGBAMKk
-hRr+q1bokENma9RDAZQG2CvELfetgvs8i40UQk/KUTsg9xOJvf7sohoYUEqxFTOR
-5lmM01wwdRuHLwg333sP1zLwR1KlxUWp+hOVxY3utAiCNMQKkMZGoTtx/S4c3fJX
-ETyNgXnXRGe7S6feqaubEmYn2/zRtQMEsUC2+TWLAoGAOeFwEUHopeQCEBXjyH1b
-fkZ8qWX58dMKqxnKho432rWR0j1gYVRKD4HCxS/wZWiYw+Hm32yvR/Q8PchVMN5x
-rbxYK1lF1LSJC9gp5yAn62bIuVV9/TTopBUM0UCtYWr2Jck1MYzKktuu0fPP47lc
-Ajw3JayvNNGMrSvlzB9EQnECgYEAsDO/S3DAKyzdbCaL9tux0g9gIj62XkD1Efr9
-Wfm9Df5ZCu4MveMz3FLbbEQWa4djagvqO6cAr7QuT31RVl8+MGlmpvZdmrP2odn+
-STyMWrB8yjcVDWODK/tEekv2pof7ZCbts6NmUqZNhppHIvCvKGp5fYEX5Qbylojo
-7Wy2rYECgYBlgx30rVT0S+fqAxje6EU1u2L/vx7Bb+VwxVwz66jXgOp3WJRex29z
-te8vPrByqaWDRB5cT2aRMQESc8HjUr7GC6DRpBV09g+alJnjuwKwl+gY9zg6cb0l
-jcKnwIobQdxoptlCppDgyzaa0YobJw4Bp6n2o0IRt6Tfl2Gh+BvpXw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrCrAD0Hb+Xs4V
+3mHV45FvfNa7yiaOeL4mNdGmWfHVPFU+CSzsoNSvDjxaorWweFGVYoCAcchOn1lZ
+k0ASsqnOss0Xi58n8+PPI3gG0gYjX5sg7EJ3Zq2kXoK0TZRy6hNkcvzLgyzXoYv1
+LkzTwYiyyJgZX++Y/GKAs2fMHyP8XzjNgm4tltk1k/4pomllwN9Fqz+sFxgAgEq3
+ybq4Xym7xKwWl8xXNBDJNmVsPtiJRcilQoR8Xs0a6PE+VbMhD9A2E/LEL7lzQfqH
+qtxE1mSW5FpQ+Uqf4KLnafStWs86IOWnCeLP6BmhAK6ouyICNFyzz7UkTHa/renx
+uNOGun2TAgMBAAECggEAH0BsKb5Ax7h90jwYRzL141d9isFkaxq/r46c2FbN24bT
+EmstxKycP8ILoAnjxbMuQOvHC/D+RvNRqY7Aocn4Qdakp50wvuWOpc3Ww/RC/9qb
+pxfUCyn9Jy/HlPcp3RdM5MknzG2S13Fid7F2gyh0+CmztMs1JZBT1S0ylXbJJfbY
+1pdlHcf9oEbYo36vGd9rtJHAFzsFfwua0idl76XYuOnR3bpOkHl1B5cJ8jpOliPv
+VTmzn0cIgAmk7IByHHqGQ0u30PFiElI9kEbkKWoxAM1hq1pFU58jQhvp0ZkjVENL
+bSFB2B4DbyosxPlbUgvJCN4B7nclqzYqBdrrk6/ZLQKBgQC1lDrPSGIGXLwvkZYS
+xc0wtaCC7u6m7zV8rzh5HGcEoVvtmya/VyoZR8KGIpSor8COIkZqFtan6C77C3MH
+wClbu2Kn3FkGb76D5U2Xwl38zepzjn8Z5qXc3bZfccrsDY1gXPicgsmcKUY9xV5/
+T0RjESDKB+xxkJpCjia6klm2NQKBgQDxJNuqB6frDYKaj7mW/rvyHqkeT94J6eDY
+BcMZVKeHRNWcBMOvJDChVmpsCjJPOWHhHOlAE755NxWn8wpgyiUcac3BiysMgvTT
+pyH8UVWaP/DWYOfpuhtcLPkIjKnPijOvshpyWBxfXNIejiovoT6E3IXKOxr5g5yq
+U/9a5+I9pwKBgDyJG4YpkoyedBrDxa2ihkL7+nRMZgH/c+yKmiA+aNXxWa2AcU2P
+KLje5KpFcxw948s/AAy0aoH19Vu6uHHYDbHIah6eZouvy2s7kj/LC/yRRd2anyMq
+cxeMTxXI4ScLaZu7wyKis8Y9OG61k0iMS7dfaXgRZjGCTPttWtoOmpwVAoGAd2k+
+EXuLDl15UBpd18S6wxGlw2nfVN9oxPBNhUyjTNusP38oe6EbJ7mIJ4oBEbQjoPrV
+EjL0vkelxK4YdIeFSwWlqvLEVYS/wdNgg/auwhxpoW8JSHctNz7Z7v7g0/Hm2FkE
+uZyiKCLptdHGWCGruNUOt27/U5F10e6YY6ayJL8CgYEAoE/ddHIlrKFzcZ0cu47R
+ky4D4x32ceC2au4eGPLMDItPjceXe8I6zgB5P8/U5U3PRw5oWabpAf5lAcRwa12c
+23xgy9O5QNlyps/rAdnVjwxqGwEd5E2LrZ2+JDflPRGunx2VO5v9CxXvsxu9F3Rj
+tREtebHe2H7u5jNsIQArnRI=
+-----END PRIVATE KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668433 (0xf2ed3c2c1d1)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980999635 (0xf3475519fd3)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:39 2022 GMT
+            Not After : Mar 11 12:21:39 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -83,24 +84,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:aa:ae:0f:dd:20:a3:6b:0d:13:6c:00:b8:03:79:
-                    58:a6:20:b7:15:af:54:95:1b:97:a9:89:14:0e:83:
-                    32:74:2b:fc:91:d8:c6:e4:ed:e5:ac:55:45:b5:45:
-                    8e:1d:1f:48:ae:ce:ac:0a:f3:d2:e4:8f:09:c5:9b:
-                    57:fc:a9:3b:72:94:fc:e5:0f:e9:53:4d:46:d9:81:
-                    97:a9:cf:73:d5:2b:8a:72:50:80:55:14:29:c3:b1:
-                    89:51:9a:ae:c4:4e:75:b7:df:cd:4d:5b:8b:c6:ae:
-                    95:09:b3:32:b1:d1:0b:32:04:9d:54:32:4a:4b:ab:
-                    ee:0e:1a:11:d4:e7:67:d8:36:31:62:76:af:c3:64:
-                    f0:8c:2d:2c:60:81:c6:66:a8:31:3a:eb:a2:ce:ec:
-                    d6:65:fe:80:b2:e8:6e:3b:1e:50:65:b1:91:9c:0a:
-                    05:06:8e:89:4c:46:c2:df:68:bd:1e:cf:0a:cd:04:
-                    99:aa:01:66:ec:74:1b:f5:15:13:4d:cf:e7:cd:2a:
-                    8e:61:d6:4c:79:17:cd:9e:55:ee:48:05:35:a9:55:
-                    16:1a:75:0b:12:51:8d:d5:55:89:50:36:93:af:b5:
-                    5a:0a:16:66:d6:80:a8:99:78:eb:09:1c:5f:26:aa:
-                    a1:db:2a:d3:9e:c7:f2:a2:f0:69:af:6e:75:81:a0:
-                    ee:f3
+                    00:ab:0a:b0:03:d0:76:fe:5e:ce:15:de:61:d5:e3:
+                    91:6f:7c:d6:bb:ca:26:8e:78:be:26:35:d1:a6:59:
+                    f1:d5:3c:55:3e:09:2c:ec:a0:d4:af:0e:3c:5a:a2:
+                    b5:b0:78:51:95:62:80:80:71:c8:4e:9f:59:59:93:
+                    40:12:b2:a9:ce:b2:cd:17:8b:9f:27:f3:e3:cf:23:
+                    78:06:d2:06:23:5f:9b:20:ec:42:77:66:ad:a4:5e:
+                    82:b4:4d:94:72:ea:13:64:72:fc:cb:83:2c:d7:a1:
+                    8b:f5:2e:4c:d3:c1:88:b2:c8:98:19:5f:ef:98:fc:
+                    62:80:b3:67:cc:1f:23:fc:5f:38:cd:82:6e:2d:96:
+                    d9:35:93:fe:29:a2:69:65:c0:df:45:ab:3f:ac:17:
+                    18:00:80:4a:b7:c9:ba:b8:5f:29:bb:c4:ac:16:97:
+                    cc:57:34:10:c9:36:65:6c:3e:d8:89:45:c8:a5:42:
+                    84:7c:5e:cd:1a:e8:f1:3e:55:b3:21:0f:d0:36:13:
+                    f2:c4:2f:b9:73:41:fa:87:aa:dc:44:d6:64:96:e4:
+                    5a:50:f9:4a:9f:e0:a2:e7:69:f4:ad:5a:cf:3a:20:
+                    e5:a7:09:e2:cf:e8:19:a1:00:ae:a8:bb:22:02:34:
+                    5c:b3:cf:b5:24:4c:76:bf:ad:e9:f1:b8:d3:86:ba:
+                    7d:93
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -110,58 +111,55 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                7A:9A:8C:C7:59:5D:12:8D:51:2F:B1:06:58:1B:0A:B4:9F:31:8D:7F
+                9C:97:B0:3D:B3:50:B1:F6:D4:71:E2:EB:CB:80:EA:93:7C:98:CC:72
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         84:61:d9:d9:fb:1e:7e:e7:70:fb:1f:2f:e7:53:14:d5:0b:af:
-         0b:7d:30:83:a2:50:5d:7d:80:52:03:25:a4:7e:fb:6a:27:2d:
-         c7:2e:db:56:21:c9:90:13:aa:84:d8:0c:ec:fc:76:43:3a:35:
-         e6:e9:fe:99:36:eb:ce:5c:43:ea:5b:93:ac:e1:97:00:5f:05:
-         e8:a4:69:5b:a9:6a:9a:44:52:f2:75:2c:d7:0d:b1:4b:01:bf:
-         b4:18:e3:d6:65:90:06:8e:1d:bc:40:89:75:83:ea:d6:c3:1b:
-         57:d8:fa:e9:42:bc:83:1e:e9:27:e7:01:30:46:a8:be:dd:e2:
-         1e:96:05:56:a5:03:76:f8:40:a1:8b:1b:5d:3b:45:37:2f:8e:
-         d9:b0:d9:ab:5d:b4:9c:fa:7c:ad:db:10:ff:55:40:01:1c:49:
-         1c:af:20:cb:9d:5d:74:d9:83:8e:ae:54:3e:57:ce:77:de:1b:
-         83:f6:6d:3f:6d:ef:b1:bd:11:aa:10:f5:15:bf:a2:ba:c5:63:
-         6c:22:86:d6:78:72:75:7c:68:fb:4a:1c:1f:da:90:53:b3:44:
-         dd:db:95:c2:dc:dc:45:9b:78:a8:73:8a:74:a7:91:8f:6d:c7:
-         72:a0:00:3b:3f:ea:e6:c9:14:f0:a1:c5:1a:bb:8f:65:d8:75:
-         da:3d:4d:cc
+    Signature Value:
+        0b:8a:ed:6a:87:fa:71:15:88:25:58:85:1b:4a:09:bf:43:00:
+        35:93:78:0d:72:14:30:51:e2:93:83:a1:da:1b:2f:a9:31:ae:
+        b7:c7:4c:72:c2:5e:32:24:f1:96:93:70:d5:3f:b5:85:80:13:
+        75:32:cf:0e:f8:5d:c4:a2:29:84:43:2c:75:81:26:12:6a:a0:
+        cb:7b:57:c1:92:78:85:08:fa:64:50:c2:7b:83:02:4d:79:13:
+        bc:61:64:4d:b8:6b:d5:f1:84:6b:12:5c:69:90:ad:40:47:c0:
+        ed:dd:ea:8a:66:7e:87:85:19:aa:89:d3:3c:08:72:08:a1:4d:
+        63:60:5b:9b:17:9e:00:12:a1:00:52:ca:78:01:88:18:c7:ed:
+        5b:c7:e4:d9:eb:bd:3f:af:92:53:3f:fe:58:57:0d:fc:f4:7b:
+        7b:a2:4f:e9:b9:5c:b5:a4:52:50:b4:56:5a:44:8e:d9:d0:ed:
+        de:8f:7e:ac:1c:58:76:5b:a8:79:c9:95:ab:85:1d:db:4c:13:
+        82:4a:a5:41:1b:29:f5:d3:96:df:80:d1:1e:00:7d:ba:35:94:
+        57:81:e1:08:2a:81:6b:1c:30:50:37:01:1a:0e:26:4f:6b:ed:
+        c9:50:17:37:2b:33:3f:68:fe:c6:f0:21:8c:e7:b2:79:55:f2:
+        42:bd:2f:b0
 -----BEGIN CERTIFICATE-----
-MIIERDCCAyygAwIBAgIGDy7TwsHRMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIERDCCAyygAwIBAgIGDzR1UZ/TMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzlaFw0zMTAzMTExMjIxMzlaMFQxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCqrg/dIKNrDRNsALgDeVimILcVr1SVG5epiRQOgzJ0K/yR2Mbk7eWsVUW1
-RY4dH0iuzqwK89LkjwnFm1f8qTtylPzlD+lTTUbZgZepz3PVK4pyUIBVFCnDsYlR
-mq7ETnW3381NW4vGrpUJszKx0QsyBJ1UMkpLq+4OGhHU52fYNjFidq/DZPCMLSxg
-gcZmqDE666LO7NZl/oCy6G47HlBlsZGcCgUGjolMRsLfaL0ezwrNBJmqAWbsdBv1
-FRNNz+fNKo5h1kx5F82eVe5IBTWpVRYadQsSUY3VVYlQNpOvtVoKFmbWgKiZeOsJ
-HF8mqqHbKtOex/Ki8GmvbnWBoO7zAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
+AoIBAQCrCrAD0Hb+Xs4V3mHV45FvfNa7yiaOeL4mNdGmWfHVPFU+CSzsoNSvDjxa
+orWweFGVYoCAcchOn1lZk0ASsqnOss0Xi58n8+PPI3gG0gYjX5sg7EJ3Zq2kXoK0
+TZRy6hNkcvzLgyzXoYv1LkzTwYiyyJgZX++Y/GKAs2fMHyP8XzjNgm4tltk1k/4p
+omllwN9Fqz+sFxgAgEq3ybq4Xym7xKwWl8xXNBDJNmVsPtiJRcilQoR8Xs0a6PE+
+VbMhD9A2E/LEL7lzQfqHqtxE1mSW5FpQ+Uqf4KLnafStWs86IOWnCeLP6BmhAK6o
+uyICNFyzz7UkTHa/renxuNOGun2TAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
 b2NhbGhvc3QwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud
-DgQWBBR6mozHWV0SjVEvsQZYGwq0nzGNfzAfBgNVHSMEGDAWgBRSQO7hT5VYKcqE
-Z4wPjMz+j6n6qDAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
+DgQWBBScl7A9s1Cx9tRx4uvLgOqTfJjMcjAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj
+5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
 AoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1Ud
 HwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290
-LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAhGHZ2fsefudw+x8v51MU1QuvC30wg6JQ
-XX2AUgMlpH77aictxy7bViHJkBOqhNgM7Px2Qzo15un+mTbrzlxD6luTrOGXAF8F
-6KRpW6lqmkRS8nUs1w2xSwG/tBjj1mWQBo4dvECJdYPq1sMbV9j66UK8gx7pJ+cB
-MEaovt3iHpYFVqUDdvhAoYsbXTtFNy+O2bDZq120nPp8rdsQ/1VAARxJHK8gy51d
-dNmDjq5UPlfOd94bg/ZtP23vsb0RqhD1Fb+iusVjbCKG1nhydXxo+0ocH9qQU7NE
-3duVwtzcRZt4qHOKdKeRj23HcqAAOz/q5skU8KHFGruPZdh12j1NzA==
+LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAC4rtaof6cRWIJViFG0oJv0MANZN4DXIU
+MFHik4Oh2hsvqTGut8dMcsJeMiTxlpNw1T+1hYATdTLPDvhdxKIphEMsdYEmEmqg
+y3tXwZJ4hQj6ZFDCe4MCTXkTvGFkTbhr1fGEaxJcaZCtQEfA7d3qimZ+h4UZqonT
+PAhyCKFNY2BbmxeeABKhAFLKeAGIGMftW8fk2eu9P6+SUz/+WFcN/PR7e6JP6blc
+taRSULRWWkSO2dDt3o9+rBxYdluoecmVq4Ud20wTgkqlQRsp9dOW34DRHgB9ujWU
+V4HhCCqBaxwwUDcBGg4mT2vtyVAXNyszP2j+xvAhjOeyeVXyQr0vsA==
 -----END CERTIFICATE-----
diff --git a/tests/certs/stunnel-sv.pub.der b/tests/certs/stunnel-sv.pub.der
index 1d7684149..434e87937 100644
--- a/tests/certs/stunnel-sv.pub.der
+++ b/tests/certs/stunnel-sv.pub.der
diff --git a/tests/certs/stunnel-sv.pub.pem b/tests/certs/stunnel-sv.pub.pem
index 00688a54f..5458d6573 100644
--- a/tests/certs/stunnel-sv.pub.pem
+++ b/tests/certs/stunnel-sv.pub.pem
@@ -1,9 +1,9 @@
 -----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqq4P3SCjaw0TbAC4A3lY
-piC3Fa9UlRuXqYkUDoMydCv8kdjG5O3lrFVFtUWOHR9Irs6sCvPS5I8JxZtX/Kk7
-cpT85Q/pU01G2YGXqc9z1SuKclCAVRQpw7GJUZquxE51t9/NTVuLxq6VCbMysdEL
-MgSdVDJKS6vuDhoR1Odn2DYxYnavw2TwjC0sYIHGZqgxOuuizuzWZf6AsuhuOx5Q
-ZbGRnAoFBo6JTEbC32i9Hs8KzQSZqgFm7HQb9RUTTc/nzSqOYdZMeRfNnlXuSAU1
-qVUWGnULElGN1VWJUDaTr7VaChZm1oComXjrCRxfJqqh2yrTnsfyovBpr251gaDu
-8wIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwqwA9B2/l7OFd5h1eOR
+b3zWu8omjni+JjXRplnx1TxVPgks7KDUrw48WqK1sHhRlWKAgHHITp9ZWZNAErKp
+zrLNF4ufJ/PjzyN4BtIGI1+bIOxCd2atpF6CtE2UcuoTZHL8y4Ms16GL9S5M08GI
+ssiYGV/vmPxigLNnzB8j/F84zYJuLZbZNZP+KaJpZcDfRas/rBcYAIBKt8m6uF8p
+u8SsFpfMVzQQyTZlbD7YiUXIpUKEfF7NGujxPlWzIQ/QNhPyxC+5c0H6h6rcRNZk
+luRaUPlKn+Ci52n0rVrPOiDlpwniz+gZoQCuqLsiAjRcs8+1JEx2v63p8bjThrp9
+kwIDAQAB
 -----END PUBLIC KEY-----
diff --git a/tests/certs/stunnel-sv.pubkey-pinned b/tests/certs/stunnel-sv.pubkey-pinned
index 5ed32024b..4829e494a 100644
--- a/tests/certs/stunnel-sv.pubkey-pinned
+++ b/tests/certs/stunnel-sv.pubkey-pinned
@@ -1 +1 @@
-FTKoDanZ4V+UHGPhEPNPfhhsC13PdyowGphNw0WCAnk=
+LpY019g4f7/9H+Q+AwdGYQsvwIj2JzM6m1jlyyJK1ro=
diff --git a/tests/check-deprecated.pl b/tests/check-deprecated.pl
index ab1bc4953..73417225b 100755
--- a/tests/check-deprecated.pl
+++ b/tests/check-deprecated.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/config.in b/tests/config.in
index d08ffb7b6..f5aa9862a 100644
--- a/tests/config.in
+++ b/tests/config.in
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/conftest.py b/tests/conftest.py
new file mode 100644
index 000000000..312fcdd6f
--- /dev/null
+++ b/tests/conftest.py
@@ -0,0 +1,62 @@
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2008 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import sys, os
+
+sys.path.append(os.path.join(os.path.dirname(__file__), 'http'))
+
+import pytest
+from testenv import Env
+
+def pytest_report_header(config, startdir):
+    # Env inits its base properties only once, we can report them here
+    env = Env()
+    report = [
+        f'Testing curl {env.curl_version()}',
+        f'  httpd: {env.httpd_version()}, http:{env.http_port} https:{env.https_port}',
+        f'  httpd-proxy: {env.httpd_version()}, http:{env.proxy_port} https:{env.proxys_port}'
+    ]
+    if env.have_h3():
+        report.extend([
+            f'  nghttpx: {env.nghttpx_version()}, h3:{env.https_port}'
+        ])
+    if env.has_caddy():
+        report.extend([
+            f'  Caddy: {env.caddy_version()}, http:{env.caddy_http_port} https:{env.caddy_https_port}'
+        ])
+    return '\n'.join(report)
+
+
+def pytest_addoption(parser):
+    parser.addoption("--repeat", action="store", type=int, default=1,
+                     help='Number of times to repeat each test')
+
+
+def pytest_generate_tests(metafunc):
+    if "repeat" in metafunc.fixturenames:
+        count = int(metafunc.config.getoption("repeat"))
+        metafunc.fixturenames.append('tmp_ct')
+        metafunc.parametrize('repeat', range(count))
+
+
diff --git a/tests/convsrctest.pl b/tests/convsrctest.pl
index 68d6f8bfc..73969c5d0 100755
--- a/tests/convsrctest.pl
+++ b/tests/convsrctest.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/data/.gitattributes b/tests/data/.gitattributes
index 031f33cd3..bb1b92830 100644
--- a/tests/data/.gitattributes
+++ b/tests/data/.gitattributes
@@ -1,4 +1,4 @@
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/tests/data/.gitignore b/tests/data/.gitignore
index 194773aac..52ecd174e 100644
--- a/tests/data/.gitignore
+++ b/tests/data/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/tests/data/CMakeLists.txt b/tests/data/CMakeLists.txt
index dfe0fe2f8..ed0b88f18 100644
--- a/tests/data/CMakeLists.txt
+++ b/tests/data/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/data/DISABLED b/tests/data/DISABLED
index ce40196b9..3d23895dc 100644
--- a/tests/data/DISABLED
+++ b/tests/data/DISABLED
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -77,11 +77,15 @@
 1943
 2301
 2302
+2305
 %endif
 2043
-# Tests that are disabled here for rustls are SUPPOSED to work
+# The CRL test (313) doesn't work with rustls because rustls doesn't support
+# CRLs.
+# Tests that rely on connecting to an IP address over TLS don't work because
+# rustls doesn't support IP address certificates yet. That's the 400 series of
+# tests listed here, plus 1112 and 1272
 %if rustls
-312
 313
 400
 401
@@ -91,6 +95,9 @@
 407
 408
 409
+987
+988
+989
 1112
 1272
 %endif
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index e627f16c5..68148c1f9 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 3e0221aca..7ed03a247 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -68,10 +68,11 @@ test380 test381 test383 test384 test385 test386 test387 test388 test389 \
 test390 test391 test392 test393 test394 test395 test396 test397 test398 \
 test399 test400 test401 test402 test403 test404 test405 test406 test407 \
 test408 test409 test410 test411 test412 test413 test414 test415 test416 \
+test417 test418 test419 test420 test421 test422 \
 \
 test430 test431 test432 test433 test434 test435 test436 \
 \
-test440 test441 test442 test443 test444 test445 \
+test440 test441 test442 test443 test444 test445 test446 \
 \
 test490 test491 test492 test493 test494 test495 test496 \
 \
@@ -95,7 +96,7 @@ test643 test644 test645 test646 test647 test648 test649 test650 test651 \
 test652 test653 test654 test655 test656 test658 test659 test660 test661 \
 test662 test663 test664 test665 test666 test667 test668 test669 \
 test670 test671 test672 test673 test674 test675 test676 test677 test678 \
-test679 test680 test681 test682 test683 test684 test685 \
+test679 test680 test681 test682 test683 test684 test685 test686 \
 \
 test700 test701 test702 test703 test704 test705 test706 test707 test708 \
 test709 test710 test711 test712 test713 test714 test715 test716 test717 \
@@ -121,9 +122,10 @@ test936 test937 test938 test939 test940 test941 test942 test943 test944 \
 test945 test946 test947 test948 test949 test950 test951 test952 test953 \
 test954 test955 test956 test957 test958 test959 test960 test961 test962 \
 test963 test964 test965 test966 test967 test968 test969 test970 test971 \
-test972 test973 test974 test975 test976 test977 \
+test972 test973 test974 test975 test976 test977 test978 \
 \
-test980 test981 test982 test983 test984 test985 test986 \
+test980 test981 test982 test983 test984 test985 test986 test987 test988 \
+test989 \
 \
 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \
 test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \
@@ -159,7 +161,7 @@ test1239 test1240 test1241 test1242 test1243 test1244 test1245 test1246 \
 test1247 test1248 test1249 test1250 test1251 test1252 test1253 test1254 \
 test1255 test1256 test1257 test1258 test1259 test1260 test1261 test1262 \
 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test1270 \
-test1271 test1272 test1273 test1274 test1275 test1276 \
+test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 \
 \
 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
 test1288 test1289 test1290 test1291 test1292 test1293 test1294 test1295 \
@@ -184,7 +186,7 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
 test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
 test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
-test1464 test1465 test1466 test1467 test1468 \
+test1464 test1465 test1466 test1467 test1468 test1469 test1470 \
 \
 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
@@ -217,13 +219,14 @@ test1700 test1701 test1702 test1703 \
 \
 test1800 test1801 \
 \
-                                    test1904 test1905 test1906 test1907 \
+                           test1903 test1904 test1905 test1906 test1907 \
 test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
 test1916 test1917 test1918 test1919 \
 \
 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test1940 \
 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
-test1955 test1956 test1957 test1958 test1959 \
+test1955 test1956 test1957 test1958 test1959 test1960 \
+test1970 test1971 test1972 test1973 test1974 test1975 \
 \
 test2000 test2001 test2002 test2003 test2004 \
 \
@@ -241,9 +244,13 @@ test2100 \
 \
 test2200 test2201 test2202 test2203 test2204 test2205 \
 \
-test2300 test2301 test2302 test2303 test2304 \
+test2300 test2301 test2302 test2303 test2304 test2305 \
 \
-test2500 \
+test2400 test2401 test2402 test2403 \
+\
+test2500 test2501 test2502 test2503 \
+\
+test2600 \
 \
 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 \
 test3008 test3009 test3010 test3011 test3012 test3013 test3014 test3015 \
diff --git a/tests/data/test10 b/tests/data/test10
index 5b5534b67..5dd9356cd 100644
--- a/tests/data/test10
+++ b/tests/data/test10
@@ -49,7 +49,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 78
-Expect: 100-continue
 
 Weird
      file
diff --git a/tests/data/test1001 b/tests/data/test1001
index df42f7134..738afb27f 100644
--- a/tests/data/test1001
+++ b/tests/data/test1001
@@ -98,7 +98,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Proxy-Connection: Keep-Alive
 Content-Length: 3
-Expect: 100-continue
 
 st
 </protocol>
diff --git a/tests/data/test1002 b/tests/data/test1002
index ca58be6f4..d929ae724 100644
--- a/tests/data/test1002
+++ b/tests/data/test1002
@@ -97,7 +97,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Proxy-Connection: Keep-Alive
 Content-Length: 3
-Expect: 100-continue
 
 st
 GET http://%HOSTIP:%HTTPPORT/%TESTNUMBER.upload2 HTTP/1.1
@@ -116,7 +115,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Proxy-Connection: Keep-Alive
 Content-Length: 3
-Expect: 100-continue
 
 st
 </protocol>
diff --git a/tests/data/test1024 b/tests/data/test1024
index 5fba9d325..d8ceff10a 100644
--- a/tests/data/test1024
+++ b/tests/data/test1024
@@ -77,6 +77,9 @@ HTTP Location: following with cookies
  <command>
 http://%HOSTIP:%HTTPPORT/want/%TESTNUMBER -L -c log/jar%TESTNUMBER
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1025 b/tests/data/test1025
index 5f96e1123..ef0b33fb0 100644
--- a/tests/data/test1025
+++ b/tests/data/test1025
@@ -77,6 +77,9 @@ HTTP Location: following with command-line and server cookies
  <command>
 http://%HOSTIP:%HTTPPORT/want/%TESTNUMBER -L -c log/jar%TESTNUMBER -b forcedcookie=yes
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1030 b/tests/data/test1030
index bd4e18f1a..582497702 100644
--- a/tests/data/test1030
+++ b/tests/data/test1030
@@ -85,7 +85,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
@@ -97,7 +96,6 @@ Authorization: Digest username="testuser", realm="gimme all yer s3cr3ts", nonce=
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test1041 b/tests/data/test1041
index 5580b9589..6c3c01cbc 100644
--- a/tests/data/test1041
+++ b/tests/data/test1041
@@ -59,7 +59,6 @@ Content-Range: bytes 0-99/100
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 100
-Expect: 100-continue
 
 012345678
 012345678
diff --git a/tests/data/test1051 b/tests/data/test1051
index 5a1cf34c6..9c082067b 100644
--- a/tests/data/test1051
+++ b/tests/data/test1051
@@ -85,7 +85,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 78
-Expect: 100-continue
 
 Weird
      file
@@ -101,7 +100,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 78
-Expect: 100-continue
 
 Weird
      file
diff --git a/tests/data/test1055 b/tests/data/test1055
index f6f37531f..b27b35b81 100644
--- a/tests/data/test1055
+++ b/tests/data/test1055
@@ -60,7 +60,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 78
-Expect: 100-continue
 
 Weird
      file
diff --git a/tests/data/test1071 b/tests/data/test1071
index 6c6947227..9eee47970 100644
--- a/tests/data/test1071
+++ b/tests/data/test1071
@@ -91,7 +91,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test1074 b/tests/data/test1074
index 55a956ec9..08ff5076a 100644
--- a/tests/data/test1074
+++ b/tests/data/test1074
@@ -4,6 +4,7 @@
 HTTP
 HTTP GET
 HTTP/1.0
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1075 b/tests/data/test1075
index 2d111f284..d55468138 100644
--- a/tests/data/test1075
+++ b/tests/data/test1075
@@ -70,7 +70,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
@@ -82,7 +81,6 @@ Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M=
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test1086 b/tests/data/test1086
index f081ebddb..18b464178 100644
--- a/tests/data/test1086
+++ b/tests/data/test1086
@@ -6,6 +6,7 @@ EPSV
 RETR
 timeout
 FAILURE
+SLOWDOWN
 flaky
 </keywords>
 </info>
diff --git a/tests/data/test1104 b/tests/data/test1104
index 27c43009e..0d89bde8e 100644
--- a/tests/data/test1104
+++ b/tests/data/test1104
@@ -62,6 +62,7 @@ HTTP cookie expiry date at Jan 1 00:00:00 GMT 1970
 http://%HOSTIP:%HTTPPORT/want/%TESTNUMBER -L -x %HOSTIP:%HTTPPORT -c log/cookies%TESTNUMBER.jar
 </command>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test1105 b/tests/data/test1105
index 396933838..73a33a3c5 100644
--- a/tests/data/test1105
+++ b/tests/data/test1105
@@ -40,6 +40,9 @@ HTTP with cookie parser and header recording
 <precheck>
 perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
 </precheck>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1112 b/tests/data/test1112
index b918c7310..7eefb61f1 100644
--- a/tests/data/test1112
+++ b/tests/data/test1112
@@ -6,6 +6,7 @@ EPSV
 RETR
 timeout
 FAILURE
+SLOWDOWN
 </keywords>
 </info>
 
diff --git a/tests/data/test1116 b/tests/data/test1116
index 3543e751b..16588422f 100644
--- a/tests/data/test1116
+++ b/tests/data/test1116
@@ -4,6 +4,7 @@
 HTTP
 HTTP GET
 chunked Transfer-Encoding
+DELAY
 </keywords>
 </info>
 #
diff --git a/tests/data/test1117 b/tests/data/test1117
index 405aa861e..b2b5a3b17 100644
--- a/tests/data/test1117
+++ b/tests/data/test1117
@@ -4,6 +4,7 @@
 HTTP
 HTTP GET
 Range
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1120 b/tests/data/test1120
index c7cd27568..06d0b909d 100644
--- a/tests/data/test1120
+++ b/tests/data/test1120
@@ -5,6 +5,8 @@ FTP
 PORT
 RETR
 421
+timeout
+FAILURE
 </keywords>
 </info>
 # Server-side
diff --git a/tests/data/test1131 b/tests/data/test1131
index 8ead289c5..685e80e89 100644
--- a/tests/data/test1131
+++ b/tests/data/test1131
@@ -51,7 +51,7 @@ http
 HTTP PUT expect 100-continue with a 400
  </name>
  <command option="no-output">
--T log/file%TESTNUMBER http://%HOSTIP:%HTTPPORT/%TESTNUMBER -T log/file%TESTNUMBER http://%HOSTIP:%HTTPPORT/%TESTNUMBER0001
+-H "Expect: 100-continue" -T log/file%TESTNUMBER http://%HOSTIP:%HTTPPORT/%TESTNUMBER -T log/file%TESTNUMBER http://%HOSTIP:%HTTPPORT/%TESTNUMBER0001
 </command>
 </client>
 
@@ -79,15 +79,15 @@ PUT /%TESTNUMBER HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
-Content-Length: 100
 Expect: 100-continue
+Content-Length: 100
 
 PUT /%TESTNUMBER0001 HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
-Content-Length: 100
 Expect: 100-continue
+Content-Length: 100
 
 </protocol>
 </verify>
diff --git a/tests/data/test1151 b/tests/data/test1151
index c31382c9e..52e912ef9 100644
--- a/tests/data/test1151
+++ b/tests/data/test1151
@@ -41,6 +41,9 @@ HTTP with too long cookies
  <command>
 http://%HOSTIP:%HTTPPORT/%TESTNUMBER -c log/cookies%TESTNUMBER.txt
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1155 b/tests/data/test1155
index 65d76b6f5..011d310f5 100644
--- a/tests/data/test1155
+++ b/tests/data/test1155
@@ -30,6 +30,9 @@ HTTP cookie with parameter word as name
  <command>
 http://%HOSTIP:%HTTPPORT/%TESTNUMBER -c log/cookies%TESTNUMBER.txt
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1160 b/tests/data/test1160
index e24ce93e1..7e31aa5dc 100644
--- a/tests/data/test1160
+++ b/tests/data/test1160
@@ -31,6 +31,9 @@ HTTP with long funny format cookie
  <command>
 http://%HOSTIP:%HTTPPORT/%TESTNUMBER -c log/cookies%TESTNUMBER.txt
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1161 b/tests/data/test1161
index 89c1e657c..88ed491da 100644
--- a/tests/data/test1161
+++ b/tests/data/test1161
@@ -30,6 +30,9 @@ HTTP cookie with path set twice
  <command>
 http://%HOSTIP:%HTTPPORT/%TESTNUMBER -c log/cookies%TESTNUMBER.txt
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1208 b/tests/data/test1208
index 47ceb64d4..2de619d90 100644
--- a/tests/data/test1208
+++ b/tests/data/test1208
@@ -6,6 +6,8 @@ PORT
 RETR
 NODATACONN150
 flaky
+timeout
+FAILURE
 </keywords>
 </info>
 # Server-side
diff --git a/tests/data/test1209 b/tests/data/test1209
index 4d442d177..8a4f1f85d 100644
--- a/tests/data/test1209
+++ b/tests/data/test1209
@@ -5,6 +5,8 @@ FTP
 PORT
 RETR
 NODATACONN
+timeout
+FAILURE
 </keywords>
 </info>
 # Server-side
diff --git a/tests/data/test1211 b/tests/data/test1211
index 6d31357df..072aede02 100644
--- a/tests/data/test1211
+++ b/tests/data/test1211
@@ -5,6 +5,8 @@ FTP
 PORT
 RETR
 NODATACONN425
+timeout
+FAILURE
 </keywords>
 </info>
 # Server-side
diff --git a/tests/data/test1216 b/tests/data/test1216
index 6686c758a..0b1bad606 100644
--- a/tests/data/test1216
+++ b/tests/data/test1216
@@ -40,6 +40,7 @@ example.fake	FALSE	/c	FALSE	2139150993	moo2	indeed
 example.fake	TRUE	/c	FALSE	2139150993	moo3	indeed
 </file>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test1218 b/tests/data/test1218
index ff8023348..e176c47fa 100644
--- a/tests/data/test1218
+++ b/tests/data/test1218
@@ -33,6 +33,7 @@ HTTP cookies and domains with same prefix
 http://example.fake/c/%TESTNUMBER http://example.fake/c/%TESTNUMBER http://bexample.fake/c/%TESTNUMBER -b nonexisting -x %HOSTIP:%HTTPPORT
 </command>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test1228 b/tests/data/test1228
index 2a7faff48..d33b74289 100644
--- a/tests/data/test1228
+++ b/tests/data/test1228
@@ -32,6 +32,7 @@ HTTP cookie path match
 http://example.fake/hoge/%TESTNUMBER http://example.fake/hogege/ -b nonexisting -x %HOSTIP:%HTTPPORT
 </command>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test1238 b/tests/data/test1238
index 5fbf640e8..dbde8ee15 100644
--- a/tests/data/test1238
+++ b/tests/data/test1238
@@ -3,6 +3,9 @@
 <keywords>
 TFTP
 TFTP RRQ
+timeout
+FAILURE
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1258 b/tests/data/test1258
index a4cef156c..5a4ce0b73 100644
--- a/tests/data/test1258
+++ b/tests/data/test1258
@@ -32,6 +32,9 @@ HTTP, use cookies with localhost
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER http://%HOSTIP:%HTTPPORT/we/want?hoge=fuga -b non-existing -H "Host: localhost"
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1277 b/tests/data/test1277
new file mode 100644
index 000000000..b705569d0
--- /dev/null
+++ b/tests/data/test1277
@@ -0,0 +1,206 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+compressed
+Transfer-Encoding
+Content-Encoding
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data base64="yes">
+SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBNb24sIDI5IE5vdiAyMDA0IDIxOjU2OjUzIEdNVA0KU2Vy
+dmVyOiBBcGFjaGUvMS4zLjMxIChEZWJpYW4gR05VL0xpbnV4KSBtb2RfZ3ppcC8xLjMuMjYuMWEg
+UEhQLzQuMy45LTEgbW9kX3NzbC8yLjguMjAgT3BlblNTTC8wLjkuN2QgbW9kX3BlcmwvMS4yOQ0K
+VmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1J
+U08tODg1OS0xDQpUcmFuc2Zlci1FbmNvZGluZzogZ3ppcCwgY2h1bmtlZA0KQ29udGVudC1FbmNv
+ZGluZzogZGVmbGF0ZQ0KDQo1MjINCh+LCAAHgbBjAv8BCwX0+nja3VjbbuM2EH03kH9g/dQCtm62
+EzlwtChy2QTNNsHaBbpPBi3RNhtJFEjKuTz02zuUKImxHK93g74ESGJy5pzD4QxJk5l8ekpitCFc
+UJaedV3L6SKShiyi6eqsezO96/v+aNx3u5+CzuSXi7vz2bf7S5Rx9g8JZT+mQgIQTb9NZ5dfUHct
+ZXZq20tOxDohWFopkfYChw8kjexl0tc80XesoRXJqAuiW1pBB6HKptpNb06jwD12vYltGEpEhCWZ
+4ygigBiP/b7j9z0XOcNTxz31xhPb8BuEPFMfUeA5zrDvOn3XR4536sHPQFMqxKs4UpyQuVgzLoMw
+53EdjmFv45d5HBdwhNMIxXTRphYQHR4RoZY6Z0lSUlKCJGO1AMf8GS0ZR2FMSSr7gkYE/fX1FkmO
+U7GEilowi0bIUN4ZDKIC4XIEpVqpcFXfJY2JOOrkQnXUGOI5lfjJQjcSiTzLQF+g69nsvlf8nfbQ
+FbSPOldF++LmfNZDs8vbPy/h8/bid4Bd3dxe9orhP9/dX19+hTYM8EhiiKmU6mdMyJ5u5tAKGXug
+RBTaKM9ihiMYApZanpComXUPZViIR8Yj1YTI0jxZFPbp9PaoExIu6ZKGUFcw/UE4+JgoQ4FqPMEI
+xbQgGxl7JJxER53Fc5WkHpJr8mbGq7JYR53ZGqgIw++CpmozCUhtnWqVYAabDnnOUSfG6SrHKyKK
+GEi6oZylCQwgQEeX0FgbGypxTOXzXISMk2B04g+t0cnE3rJvgTPCQ5AMBpZ7bGAr8xYa5vMAe21s
+IAuTXtcsy2PMm7GOR2OIYQjLedvTIlQDugPLd18RXodiOMpgnNErtBEOx8W54VsjZ2LrjumZhywH
+Xc+tvNrwClMO4g9qjDGAyBci5DSTcESKYKBOh9emEgalT8P1XO3l4IIscR7LiW0aSxjUf14dYBmU
+Pdh5aFYnpa3Wiz2xW6xGbM0S8rYQLGDKSxV1eNomQ+vWAo2mXL0cLgdgraRojcjixTtcBMBaRNEa
+kReaHS4CYC2iaI1IuIY9RmK2OlyqpmjBRqKR5VlyuCCAtZSiNSIRWRwuAmAtomiNCBNPh4sAWIso
+mlEvEanz8gdqVhKqumm6scxzDmkTJNDrt+oahdmIHyjJRlTF2AhDRN0cDldRaC1TEBudhHLO+OFK
+JV5rabJZ14QFVa2gWXpiCoccpODLzcz+G53D6QEpo3mCbkvHxK4QGq++p+Sck5jUmWuZ5/r+FpxY
+rmfBBekN9xtsda86OXb8UYtYXbDaHHUv2n1x2gUs52LvmswEzlECE14zOZdr+KqGnLVMJRLnEm4y
+og6p7Ffd2qBPYJxSEqOpJCl8w68mtulsUaBKu+v+7wKvIqKKbCBbdM5iEtw9poTXuMJURWqboVY9
+YVzJOE1oiqU5O8nhhlDUBgpad1pezzve5x7s5e5zur6/l+vuHReWxv6o97rd4+E+93gv2R/v9Tp7
+3e7oO3F/J7D9kQ1aY5f3u+3yw5rI4MkEDzG4jtY6tfEZyeeMnHU5CeF1oGzqJVUvygZnbmRHDbXL
+sZOo7y3gPhmqYux07WQaj7MWdfvh9hZXUqk2FNjhzo5+1bep33Zqldh6pzWIt/PGinsbjv+/pDk/
+nbHh4J0ZU++rj58o1xuM3Hdk6gWeYh8/SwPPGZ68I0vXhCYRjj9+oobD0cB7R6LCPjz1xc/kybDo
+s77+r1DQqZvNf8f+A904jtHT7+gYCwUAAA0KMA0KDQo=
+</data>
+
+
+<datacheck>
+HTTP/1.1 200 OK
+Date: Mon, 29 Nov 2004 21:56:53 GMT
+Server: Apache/1.3.31 (Debian GNU/Linux) mod_gzip/1.3.26.1a PHP/4.3.9-1 mod_ssl/2.8.20 OpenSSL/0.9.7d mod_perl/1.29
+Vary: Accept-Encoding
+Content-Type: text/html; charset=ISO-8859-1
+Transfer-Encoding: gzip, chunked
+Content-Encoding: deflate
+
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project-listing SYSTEM "http://freshmeat.net/backend/fm-projects-0.4.dtd">
+<project-listing>
+  <project>
+    <project_id>1612</project_id>
+    <date_added>1998-08-21 04:01:29</date_added>
+    <date_updated>2004-10-18 02:22:23</date_updated>
+    <projectname_short>curl</projectname_short>
+    <projectname_full>curl and libcurl</projectname_full>
+    <desc_short>Command line tool and library for client-side URL transfers.</desc_short>
+    <desc_full>curl and libcurl is a tool for transferring files
+using URL syntax. It supports HTTP, HTTPS, FTP,
+FTPS, DICT, TELNET, LDAP, FILE, and GOPHER, as
+well as HTTP-post, HTTP-put, cookies, FTP upload,
+resumed transfers, passwords, portnumbers, SSL
+certificates, Kerberos, and proxies. It is powered
+by libcurl, the client-side URL transfer library.
+There are bindings to libcurl for over 20
+languages and environments.
+</desc_full>
+    <vitality_score>5784.57</vitality_score>
+    <vitality_percent>3.16</vitality_percent>
+    <vitality_rank>169</vitality_rank>
+    <popularity_score>6594.54</popularity_score>
+    <popularity_percent>13.81</popularity_percent>
+    <popularity_rank>105</popularity_rank>
+    <rating>8.50</rating>
+    <rating_count>21</rating_count>
+    <rating_rank>183</rating_rank>
+    <subscriptions>323</subscriptions>
+    <branch_name>Default</branch_name>
+    <url_project_page>http://freshmeat.net/projects/curl/</url_project_page>
+    <url_homepage>http://freshmeat.net/redir/curl/1612/url_homepage/</url_homepage>
+    <url_tgz>http://freshmeat.net/redir/curl/1612/url_tgz/</url_tgz>
+    <url_bz2>http://freshmeat.net/redir/curl/1612/url_bz2/</url_bz2>
+    <url_zip>http://freshmeat.net/redir/curl/1612/url_zip/</url_zip>
+    <url_changelog>http://freshmeat.net/redir/curl/1612/url_changelog/</url_changelog>
+    <url_rpm>http://freshmeat.net/redir/curl/1612/url_rpm/</url_rpm>
+    <url_deb>http://freshmeat.net/redir/curl/1612/url_deb/</url_deb>
+    <url_osx>http://freshmeat.net/redir/curl/1612/url_osx/</url_osx>
+    <url_bsdport>http://freshmeat.net/redir/curl/1612/url_bsdport/</url_bsdport>
+    <url_purchase></url_purchase>
+    <url_cvs>http://freshmeat.net/redir/curl/1612/url_cvs/</url_cvs>
+    <url_list>http://freshmeat.net/redir/curl/1612/url_list/</url_list>
+    <url_mirror>http://freshmeat.net/redir/curl/1612/url_mirror/</url_mirror>
+    <url_demo></url_demo>
+    <license>MIT/X Consortium License</license>
+    <latest_release>
+      <latest_release_version>7.12.2</latest_release_version>
+      <latest_release_id>176085</latest_release_id>
+      <latest_release_date>2004-10-18 02:22:23</latest_release_date>
+    </latest_release>
+    <screenshot_thumb></screenshot_thumb>
+    <authors>
+      <author>
+        <author_name>Daniel Stenberg</author_name>
+        <author_url>http://freshmeat.net/~bagder/</author_url>
+        <author_role>Owner</author_role>
+      </author>
+    </authors>
+    <descriminators>
+      <trove_id>12</trove_id>
+      <trove_id>226</trove_id>
+      <trove_id>3</trove_id>
+      <trove_id>2</trove_id>
+      <trove_id>188</trove_id>
+      <trove_id>216</trove_id>
+      <trove_id>200</trove_id>
+      <trove_id>220</trove_id>
+      <trove_id>164</trove_id>
+      <trove_id>90</trove_id>
+      <trove_id>89</trove_id>
+      <trove_id>809</trove_id>
+      <trove_id>150</trove_id>
+      <trove_id>224</trove_id>
+      <trove_id>900</trove_id>
+      <trove_id>839</trove_id>
+    </descriminators>
+    <dependencies>
+      <dependency type="recommended">
+        <dependency_release_id>0</dependency_release_id>
+        <dependency_branch_id>7464</dependency_branch_id>
+        <dependency_project_id>7464</dependency_project_id>
+        <dependency_project_title>OpenSSL (Default)</dependency_project_title>
+      </dependency>
+      <dependency type="optional">
+        <dependency_release_id>0</dependency_release_id>
+        <dependency_branch_id>0</dependency_branch_id>
+        <dependency_project_id>7443</dependency_project_id>
+        <dependency_project_title>OpenLDAP</dependency_project_title>
+      </dependency>
+      <dependency type="optional">
+        <dependency_release_id>0</dependency_release_id>
+        <dependency_branch_id>0</dependency_branch_id>
+        <dependency_project_id>12351</dependency_project_id>
+        <dependency_project_title>zlib</dependency_project_title>
+      </dependency>
+      <dependency type="optional">
+        <dependency_release_id>0</dependency_release_id>
+        <dependency_branch_id>0</dependency_branch_id>
+        <dependency_project_id>32047</dependency_project_id>
+        <dependency_project_title>Heimdal</dependency_project_title>
+      </dependency>
+      <dependency type="optional">
+        <dependency_release_id>0</dependency_release_id>
+        <dependency_branch_id>0</dependency_branch_id>
+        <dependency_project_id>44532</dependency_project_id>
+        <dependency_project_title>c-ares</dependency_project_title>
+      </dependency>
+    </dependencies>
+  </project>
+</project-listing>
+</datacheck>
+
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+libz
+</features>
+<server>
+http
+</server>
+ <name>
+HTTP GET with both content and transfer encoding
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --tr-encoding --compressed
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strippart>
+s/^Accept-Encoding: [a-zA-Z, ]*/Accept-Encoding: xxx/
+</strippart>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+Connection: TE
+TE: gzip
+Accept-Encoding: xxx
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1278 b/tests/data/test1278
new file mode 100644
index 000000000..ba3056908
--- /dev/null
+++ b/tests/data/test1278
@@ -0,0 +1,48 @@
+<testcase>
+<info>
+<keywords>
+--no-remote-name
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data crlf="yes" nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+verify extra --no-remote-name
+</name>
+<command option="no-output">
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --no-progress-meter -o log/out%TESTNUMBER --no-remote-name -w '%{stderr}yes\n'
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stderr mode="text">
+yes
+</stderr>
+</verify>
+</testcase>
diff --git a/tests/data/test1285 b/tests/data/test1285
index e5a38e071..0a907b60e 100644
--- a/tests/data/test1285
+++ b/tests/data/test1285
@@ -85,7 +85,6 @@ Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", u
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test1301 b/tests/data/test1301
index 175606177..08b43a8ec 100644
--- a/tests/data/test1301
+++ b/tests/data/test1301
@@ -1,7 +1,6 @@
 <testcase>
 <info>
 <keywords>
-unittest
 curl_strequal
 </keywords>
 </info>
@@ -12,6 +11,9 @@ curl_strequal
 <server>
 none
 </server>
+<tool>
+lib%TESTNUMBER
+</tool>
  <name>
 curl_strequal tests
  </name>
diff --git a/tests/data/test1331 b/tests/data/test1331
index 4ef0c14df..7683d6272 100644
--- a/tests/data/test1331
+++ b/tests/data/test1331
@@ -65,6 +65,7 @@ HTTP --proxy-anyauth and 407 with cookies
 -U myname:mypassword -x %HOSTIP:%HTTPPORT http://z.x.com/%TESTNUMBER --proxy-anyauth -c log/dump%TESTNUMBER
 </command>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test1408 b/tests/data/test1408
index d4f40f72e..adecc9bf5 100644
--- a/tests/data/test1408
+++ b/tests/data/test1408
@@ -39,6 +39,7 @@ Set-Cookie: time=2
 # Client-side
 <client>
 <features>
+cookies
 ipv6
 </features>
 <server>
diff --git a/tests/data/test1412 b/tests/data/test1412
index 20521704c..32737dca1 100644
--- a/tests/data/test1412
+++ b/tests/data/test1412
@@ -96,12 +96,6 @@ HTTP GET with --anyauth with two URLs (picking Digest)
  <command>
 http://%HOSTIP:%HTTPPORT/%TESTNUMBER -u testuser:testpass --anyauth http://%HOSTIP:%HTTPPORT/%TESTNUMBER0001
 </command>
-<file name="log/put%TESTNUMBER">
-This is data we upload with PUT
-a second line
-line three
-four is the number of lines
-</file>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1415 b/tests/data/test1415
index 79b14e6bd..7d460be23 100644
--- a/tests/data/test1415
+++ b/tests/data/test1415
@@ -47,6 +47,7 @@ TZ=GMT
 http://example.com/we/want/%TESTNUMBER -b none -c log/jar%TESTNUMBER.txt -x %HOSTIP:%HTTPPORT
 </command>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test1469 b/tests/data/test1469
new file mode 100644
index 000000000..5161c39bb
--- /dev/null
+++ b/tests/data/test1469
@@ -0,0 +1,30 @@
+<testcase>
+<info>
+<keywords>
+FTP
+URL
+FAILURE
+</keywords>
+</info>
+
+# Client-side
+<client>
+<server>
+none
+</server>
+ <name>
+Space in FTP upload URL
+ </name>
+ <command>
+"ftp://%HOSTIP:%NOLISTENPORT/%TESTNUMBER%/with space/" -T log/irrelevant-file
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# 3 == CURLE_URL_MALFORMAT
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test1470 b/tests/data/test1470
new file mode 100644
index 000000000..7807a3dce
--- /dev/null
+++ b/tests/data/test1470
@@ -0,0 +1,65 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP
+HTTP GET
+SOCKS5
+SOCKS5h
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+proxy
+unix-sockets
+!NSS
+</features>
+<server>
+https
+socks5unix
+</server>
+ <name>
+HTTPS GET with host name using SOCKS5h via unix sockets
+ </name>
+ <command>
+https://this.is.a.host.name:%HTTPSPORT/%TESTNUMBER -k --proxy socks5h://localhost%SOCKSUNIXPATH
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: this.is.a.host.name:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<socks>
+atyp 3 => this.is.a.host.name
+</socks>
+</verify>
+</testcase>
diff --git a/tests/data/test1501 b/tests/data/test1501
index 9d9263a56..68b55896d 100644
--- a/tests/data/test1501
+++ b/tests/data/test1501
@@ -5,6 +5,7 @@ FTP
 RETR
 multi
 LIST
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1513 b/tests/data/test1513
index 189d3e394..a32d2eb5c 100644
--- a/tests/data/test1513
+++ b/tests/data/test1513
@@ -2,6 +2,7 @@
 <info>
 <keywords>
 PROGRESSFUNCTION
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1517 b/tests/data/test1517
index 5150ff6ed..bc663ab63 100644
--- a/tests/data/test1517
+++ b/tests/data/test1517
@@ -9,7 +9,11 @@ early response
 </keywords>
 </info>
 #
-# This reproduces issue #657, fixed with PR #668 - on Windows
+# This test checks to make sure curl can call recv() without failing after a
+# send() fails on the same socket (#657). Most OSes should support this
+# natively but on Windows curl must be built with a workaround (#668) for the
+# test to succeed. The precheck will skip this test on Windows if curl was
+# built without the workaround (USE_RECV_BEFORE_SEND_WORKAROUND isn't defined).
 #
 # Server-side
 <reply>
@@ -39,6 +43,11 @@ http
 <tool>
 lib%TESTNUMBER
 </tool>
+# precheck is a command line to run before the test, to see if we can execute
+# the test or not
+<precheck>
+./libtest/lib%TESTNUMBER check
+</precheck>
 
  <name>
 HTTP POST, server responds before completed send
diff --git a/tests/data/test1523 b/tests/data/test1523
index a22b0765e..7cc94ba47 100644
--- a/tests/data/test1523
+++ b/tests/data/test1523
@@ -2,6 +2,7 @@
 <info>
 <keywords>
 CURLINFO_LOW_SPEED_LIMIT
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1524 b/tests/data/test1524
index 39da646f5..65831ddc5 100644
--- a/tests/data/test1524
+++ b/tests/data/test1524
@@ -61,7 +61,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 4
-Expect: 100-continue
 
 moo
 GET /blah/moo.html&testcase=/%TESTNUMBER0002 HTTP/1.1
diff --git a/tests/data/test1525 b/tests/data/test1525
index 7870bdbaa..33f71c877 100644
--- a/tests/data/test1525
+++ b/tests/data/test1525
@@ -2,7 +2,7 @@
 <info>
 <keywords>
 HTTP
-HTTP GET
+HTTP PUT
 HTTP CONNECT
 HTTP proxy
 proxytunnel
@@ -71,7 +71,6 @@ Host: the.old.moo.%TESTNUMBER:%HTTPPORT
 Accept: */*
 User-Agent: Http Agent
 Content-Length: 13
-Expect: 100-continue
 
 Hello Cloud!
 </protocol>
diff --git a/tests/data/test1526 b/tests/data/test1526
index c3e3dda4d..407612405 100644
--- a/tests/data/test1526
+++ b/tests/data/test1526
@@ -2,7 +2,7 @@
 <info>
 <keywords>
 HTTP
-HTTP GET
+HTTP PUT
 HTTP CONNECT
 HTTP proxy
 proxytunnel
@@ -73,7 +73,6 @@ Host: the.old.moo.%TESTNUMBER:%HTTPPORT
 Accept: */*
 User-Agent: Http Agent
 Content-Length: 13
-Expect: 100-continue
 
 Hello Cloud!
 </protocol>
diff --git a/tests/data/test1527 b/tests/data/test1527
index d8b6a590a..3f35cb841 100644
--- a/tests/data/test1527
+++ b/tests/data/test1527
@@ -2,7 +2,7 @@
 <info>
 <keywords>
 HTTP
-HTTP GET
+HTTP PUT
 HTTP CONNECT
 HTTP proxy
 proxytunnel
diff --git a/tests/data/test1538 b/tests/data/test1538
index ba5cf29ce..59cd1628e 100644
--- a/tests/data/test1538
+++ b/tests/data/test1538
@@ -185,7 +185,8 @@ u26: Bad query
 u27: Bad scheme
 u28: Unsupported number of slashes following scheme
 u29: Bad user
-u30: CURLUcode unknown
+u30: libcurl lacks IDN support
+u31: CURLUcode unknown
 </stdout>
 </verify>
 
diff --git a/tests/data/test154 b/tests/data/test154
index c0f76514d..0b180b90a 100644
--- a/tests/data/test154
+++ b/tests/data/test154
@@ -10,9 +10,6 @@ HTTP Digest auth
 
 # Server-side
 <reply>
-<servercmd>
-auth_required
-</servercmd>
 <data>
 HTTP/1.1 401 Authorization Required swsclose
 Server: Apache/1.3.27 (Darwin) PHP/4.1.2
@@ -88,15 +85,17 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
 PUT /%TESTNUMBER HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Authorization: Digest username="testuser", realm="gimme all yer s3cr3ts", nonce="11223344", uri="/%TESTNUMBER", response="b71551e12d1c456e47d8388ecb2edeca"
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test1540 b/tests/data/test1540
index 2dc826555..0ef5101ce 100644
--- a/tests/data/test1540
+++ b/tests/data/test1540
@@ -6,6 +6,7 @@ HTTP GET
 CURLPAUSE_RECV
 chunked Transfer-Encoding
 Trailer:
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test155 b/tests/data/test155
index 2d916c975..353edb9fa 100644
--- a/tests/data/test155
+++ b/tests/data/test155
@@ -10,9 +10,6 @@ NTLM
 
 # Server-side
 <reply>
-<servercmd>
-auth_required
-</servercmd>
 <data>
 HTTP/1.1 401 NTLM Authorization Required swsclose
 Server: Apache/1.3.27 (Darwin) PHP/4.1.2
@@ -105,8 +102,11 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
 PUT /%TESTNUMBER HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA=
@@ -120,7 +120,6 @@ Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAL
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test1555 b/tests/data/test1555
index 547ec39e4..6985630d4 100644
--- a/tests/data/test1555
+++ b/tests/data/test1555
@@ -2,6 +2,7 @@
 <info>
 <keywords>
 RECURSIVE_API_CALL
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test156 b/tests/data/test156
index 94bb3393f..35de74d24 100644
--- a/tests/data/test156
+++ b/tests/data/test156
@@ -46,7 +46,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test1560 b/tests/data/test1560
index f6722fd41..5ed0adde8 100644
--- a/tests/data/test1560
+++ b/tests/data/test1560
@@ -12,6 +12,9 @@ URLAPI
 <server>
 none
 </server>
+<setenv>
+LANG=en_US.UTF-8
+</setenv>
 <features>
 file
 https
@@ -22,7 +25,6 @@ imap
 ldap
 dict
 ftp
-ipv6
 </features>
  <name>
 URL API
@@ -34,13 +36,6 @@ lib%TESTNUMBER
 
 <verify>
 <stdout>
-we got [fe80::20c:29ff:fe9c:409b]
-we got https://[::1]/hello.html
-we got https://example.com/hello.html
-we got https://[fe80::20c:29ff:fe9c:409b%25eth0]/hello.html
-we got [fe80::20c:29ff:fe9c:409b]
-we got eth0
-we got https://[fe80::20c:29ff:fe9c:409b%25clown]/hello.html
 success
 </stdout>
 </verify>
diff --git a/tests/data/test160 b/tests/data/test160
index 778787e69..32b0c73d5 100644
--- a/tests/data/test160
+++ b/tests/data/test160
@@ -3,6 +3,7 @@
 <keywords>
 HTTP
 HTTP GET
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1662 b/tests/data/test1662
index 17f026c50..b2fbcce8b 100644
--- a/tests/data/test1662
+++ b/tests/data/test1662
@@ -1,4 +1,4 @@
-<testcase><testcase>
+<testcase>
 <info>
 <keywords>
 HTTP
diff --git a/tests/data/test1671 b/tests/data/test1671
index e45ea784d..09b415512 100644
--- a/tests/data/test1671
+++ b/tests/data/test1671
@@ -64,6 +64,8 @@ Accept: */*
 "etag":["\"21025-dc7-39462498\""],
 "accept-ranges":["bytes"],
 "set-cookie":["firstcookie=want1; path=/","2cookie=want2; path=/","cookie3=want3; path=/"],
+"funny-head":["yesyes"],
+"content-type":["text/html"],
 "content-length":["6"],
 "connection":["close"]
 }
diff --git a/tests/data/test171 b/tests/data/test171
index c4f5b6c40..dc46fe287 100644
--- a/tests/data/test171
+++ b/tests/data/test171
@@ -34,6 +34,7 @@ HTTP, get cookie with dot prefixed full domain
 -c log/jar%TESTNUMBER -x %HOSTIP:%HTTPPORT http://z.x.com/%TESTNUMBER
 </command>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test172 b/tests/data/test172
index 9dbe64c23..276856ae0 100644
--- a/tests/data/test172
+++ b/tests/data/test172
@@ -38,6 +38,9 @@ http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -b log/jar%TESTNUMBER.txt -b "tool=
 .%HOSTIP	TRUE	/	FALSE	0	partmatch	present
 %HOSTIP	FALSE	/we/want/	FALSE	2139150993	nodomain	value
 </file>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test179 b/tests/data/test179
index b5aaec2f4..61c633440 100644
--- a/tests/data/test179
+++ b/tests/data/test179
@@ -39,6 +39,7 @@ supertrooper.fake	FALSE	/b	FALSE	0		moo1	indeed
 supertrooper.fake	FALSE	/c	FALSE	2139150993	moo2	indeed
 </file>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test190 b/tests/data/test190
index 3a20ba26a..3da48cd04 100644
--- a/tests/data/test190
+++ b/tests/data/test190
@@ -2,6 +2,9 @@
 <info>
 <keywords>
 FTP
+timeout
+FAILURE
+DELAY
 </keywords>
 </info>
 
diff --git a/tests/data/test1903 b/tests/data/test1903
new file mode 100644
index 000000000..16704e893
--- /dev/null
+++ b/tests/data/test1903
@@ -0,0 +1,51 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+cookies
+CURLOPT_COOKIEFILE
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes" crlf="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Funny-head: yesyes swsclose
+Set-Cookie: foobar=name;
+Set-Cookie: secondcookie=present;
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+CURLOPT_COOKIEFILE then reset then set again
+ </name>
+<tool>
+lib%TESTNUMBER
+</tool>
+<command>
+http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER
+</command>
+<file name="log/cookies%TESTNUMBER" mode="text">
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+%HOSTIP	FALSE	/we/want/	FALSE	0	secondcookie	present
+%HOSTIP	FALSE	/we/want/	FALSE	0	foobar	name
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+</verify>
+</testcase>
diff --git a/tests/data/test1905 b/tests/data/test1905
index 4d04f8183..7a19e68b7 100644
--- a/tests/data/test1905
+++ b/tests/data/test1905
@@ -35,6 +35,9 @@ lib%TESTNUMBER
 <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test1948 b/tests/data/test1948
index 639523d99..4c50b02ac 100644
--- a/tests/data/test1948
+++ b/tests/data/test1948
@@ -58,7 +58,6 @@ PUT /%TESTNUMBER HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
 Content-Length: 22
-Expect: 100-continue
 
 This is test PUT data
 POST /1948 HTTP/1.1
diff --git a/tests/data/test1960 b/tests/data/test1960
new file mode 100644
index 000000000..101e1e152
--- /dev/null
+++ b/tests/data/test1960
@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+CURLOPT_SOCKOPTFUNCTION
+CURL_SOCKOPT_ALREADY_CONNECTED
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data crlf="yes">
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<precheck>
+lib%TESTNUMBER check
+</precheck>
+<server>
+http
+</server>
+
+<name>
+application hands over already connected socket
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://%HOSTIP:%HTTPPORT/file %HOSTIP %HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /file HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1970 b/tests/data/test1970
new file mode 100644
index 000000000..1fbe60b45
--- /dev/null
+++ b/tests/data/test1970
@@ -0,0 +1,74 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+CURLOPT_AWS_SIGV4
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+Location: /%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data2>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# this relies on the debug feature which allow to set the time
+<features>
+SSL
+debug
+crypto
+</features>
+<setenv>
+CURL_FORCEHOST=1
+</setenv>
+
+<name>
+HTTP AWS_SIGV4 for AWS S3: UPLOAD with INFILESIZE=0
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://exam.ple.com:9000/aws_sigv4/testapi/test exam.ple.com:9000:%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+^Content-Type:.*
+^Accept:.*
+</strip>
+<protocol>
+PUT /aws_sigv4/testapi/test HTTP/1.1
+Host: exam.ple.com:9000
+Authorization: AWS4-HMAC-SHA256 Credential=xxx/19700101/us-east-1/s3/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=a028756f42a859122e9609c1f90cae4b272d6b03bf60d9fd354138176dfa2260
+X-Amz-Date: 19700101T000000Z
+x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+Content-Length: 0
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1971 b/tests/data/test1971
new file mode 100644
index 000000000..c311d176f
--- /dev/null
+++ b/tests/data/test1971
@@ -0,0 +1,70 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+CURLOPT_AWS_SIGV4
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 100 Continue
+
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# this relies on the debug feature which allow to set the time
+<features>
+SSL
+debug
+crypto
+</features>
+<setenv>
+CURL_FORCEHOST=1
+</setenv>
+
+<name>
+HTTP AWS_SIGV4 for AWS S3: UPLOAD with unknown INFILESIZE
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://exam.ple.com:9000/aws_sigv4/testapi/test exam.ple.com:9000:%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+^Content-Type:.*
+^Accept:.*
+</strip>
+<protocol>
+PUT /aws_sigv4/testapi/test HTTP/1.1
+Host: exam.ple.com:9000
+Authorization: AWS4-HMAC-SHA256 Credential=xxx/19700101/us-east-1/s3/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=4a6e9b4af0542ffb83744c6852f8e1bfec14f2a67e6f6f037b39f172f79d62af
+X-Amz-Date: 19700101T000000Z
+x-amz-content-sha256: UNSIGNED-PAYLOAD
+Transfer-Encoding: chunked
+Expect: 100-continue
+
+0
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1972 b/tests/data/test1972
new file mode 100644
index 000000000..70c183737
--- /dev/null
+++ b/tests/data/test1972
@@ -0,0 +1,79 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+CURLOPT_AWS_SIGV4
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+Location: /%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data2>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# this relies on the debug feature which allow to set the time
+<features>
+SSL
+debug
+crypto
+</features>
+<setenv>
+CURL_FORCEHOST=1
+</setenv>
+
+<name>
+HTTP AWS_SIGV4 for AWS S3: MIMEPOST
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://exam.ple.com:9000/aws_sigv4/testapi/test exam.ple.com:9000:%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+^Content-Type:.*
+^Accept:.*
+</strip>
+<protocol>
+POST /aws_sigv4/testapi/test HTTP/1.1
+Host: exam.ple.com:9000
+Authorization: AWS4-HMAC-SHA256 Credential=xxx/19700101/us-east-1/s3/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=eaee0f1c5984ad5d81c8bc7805f28c7b83b35322de654b2ace18cb8cf6d5a9cb
+X-Amz-Date: 19700101T000000Z
+x-amz-content-sha256: UNSIGNED-PAYLOAD
+Content-Length: 142
+
+--------------------------3433323135333231
+Content-Disposition: attachment; name="foo"
+
+bar
+--------------------------3433323135333231--
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1973 b/tests/data/test1973
new file mode 100644
index 000000000..559fd5fc7
--- /dev/null
+++ b/tests/data/test1973
@@ -0,0 +1,75 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+CURLOPT_AWS_SIGV4
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+Location: /%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data2>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# this relies on the debug feature which allow to set the time
+<features>
+SSL
+debug
+crypto
+</features>
+<setenv>
+CURL_FORCEHOST=1
+</setenv>
+
+<name>
+HTTP AWS_SIGV4 for AWS S3: POSTFIELDS
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://exam.ple.com:9000/aws_sigv4/testapi/test exam.ple.com:9000:%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+^Content-Type:.*
+^Accept:.*
+</strip>
+<protocol>
+POST /aws_sigv4/testapi/test HTTP/1.1
+Host: exam.ple.com:9000
+Authorization: AWS4-HMAC-SHA256 Credential=xxx/19700101/us-east-1/s3/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=7eb34202214384872221b99a9c671b7517891ac6af56b0aff24ec51adf62b10a
+X-Amz-Date: 19700101T000000Z
+x-amz-content-sha256: 4b02e333ccf7cf530ddee3e10ebe54e935500b5e570e68650d63d743e8bbc045
+Content-Length: 12
+
+post fields
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1974 b/tests/data/test1974
new file mode 100644
index 000000000..9b5bb8475
--- /dev/null
+++ b/tests/data/test1974
@@ -0,0 +1,73 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+CURLOPT_AWS_SIGV4
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+Location: /%TESTNUMBER0002
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data2>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# this relies on the debug feature which allow to set the time
+<features>
+SSL
+debug
+crypto
+</features>
+<setenv>
+CURL_FORCEHOST=1
+</setenv>
+
+<name>
+HTTP AWS_SIGV4 for AWS S3: GET
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://exam.ple.com:9000/aws_sigv4/testapi/test exam.ple.com:9000:%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+^Content-Type:.*
+^Accept:.*
+</strip>
+<protocol>
+GET /aws_sigv4/testapi/test HTTP/1.1
+Host: exam.ple.com:9000
+Authorization: AWS4-HMAC-SHA256 Credential=xxx/19700101/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=e6270423932feafe9b00ca5d60c9ed566be649f9ca9676144288273945153021
+X-Amz-Date: 19700101T000000Z
+x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1975 b/tests/data/test1975
new file mode 100644
index 000000000..09256de04
--- /dev/null
+++ b/tests/data/test1975
@@ -0,0 +1,70 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+CURLOPT_AWS_SIGV4
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 100 Continue
+
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Type: text/html
+Content-Length: 0
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# this relies on the debug feature which allow to set the time
+<features>
+SSL
+debug
+crypto
+</features>
+<setenv>
+CURL_FORCEHOST=1
+</setenv>
+
+<name>
+HTTP AWS_SIGV4 for AWS S3: UPLOAD with given x-amz-content-sha256
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+http://exam.ple.com:9000/aws_sigv4/testapi/test exam.ple.com:9000:%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+^Content-Type:.*
+^Accept:.*
+</strip>
+<protocol>
+PUT /aws_sigv4/testapi/test HTTP/1.1
+Host: exam.ple.com:9000
+Authorization: AWS4-HMAC-SHA256 Credential=xxx/19700101/us-east-1/s3/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=a028756f42a859122e9609c1f90cae4b272d6b03bf60d9fd354138176dfa2260
+X-Amz-Date: 19700101T000000Z
+Transfer-Encoding: chunked
+X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+Expect: 100-continue
+
+0
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test2041 b/tests/data/test2041
index 2b6f4b37c..f007f47c4 100644
--- a/tests/data/test2041
+++ b/tests/data/test2041
@@ -35,7 +35,7 @@ https Server-localhost-sv.pem
 simple HTTPS GET with base64-sha256 public key pinning
  </name>
  <command>
---cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//d6NWnt6Q9+jU//Ak49bc7+k96pcarb3XjHYM8BMPxg0= https://localhost:%HTTPSPORT/%TESTNUMBER
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//AAUDLk4c98xcFUDvA9i/MnA9HuO03IPi15r+Cx9OXnc= https://localhost:%HTTPSPORT/%TESTNUMBER
 </command>
 # Ensure that we're running on localhost because we're checking the host name
 <precheck>
diff --git a/tests/data/test2058 b/tests/data/test2058
index c400f2630..ba4a53e84 100644
--- a/tests/data/test2058
+++ b/tests/data/test2058
@@ -98,7 +98,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Proxy-Connection: Keep-Alive
 Content-Length: 3
-Expect: 100-continue
 
 st
 </protocol>
diff --git a/tests/data/test2059 b/tests/data/test2059
index 3170c99a1..4776970d3 100644
--- a/tests/data/test2059
+++ b/tests/data/test2059
@@ -98,7 +98,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Proxy-Connection: Keep-Alive
 Content-Length: 3
-Expect: 100-continue
 
 st
 </protocol>
diff --git a/tests/data/test2060 b/tests/data/test2060
index 11dd15526..9a8057d51 100644
--- a/tests/data/test2060
+++ b/tests/data/test2060
@@ -98,7 +98,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Proxy-Connection: Keep-Alive
 Content-Length: 3
-Expect: 100-continue
 
 st
 </protocol>
diff --git a/tests/data/test208 b/tests/data/test208
index d081b5131..a6c0eea49 100644
--- a/tests/data/test208
+++ b/tests/data/test208
@@ -58,7 +58,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Proxy-Connection: Keep-Alive
 Content-Length: 78
-Expect: 100-continue
 
 Weird
      file
diff --git a/tests/data/test2087 b/tests/data/test2087
index 4b19a71fd..e0fa9ed1c 100644
--- a/tests/data/test2087
+++ b/tests/data/test2087
@@ -39,7 +39,7 @@ simple HTTPS GET with base64-sha256 public key pinning (Schannel variant)
 CURL_SSL_BACKEND=schannel
  </setenv>
  <command>
---cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//d6NWnt6Q9+jU//Ak49bc7+k96pcarb3XjHYM8BMPxg0= --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --pinnedpubkey sha256//AAUDLk4c98xcFUDvA9i/MnA9HuO03IPi15r+Cx9OXnc= --ssl-revoke-best-effort https://localhost:%HTTPSPORT/%TESTNUMBER
 </command>
 # Ensure that we're running on localhost because we're checking the host name
 <precheck>
diff --git a/tests/data/test218 b/tests/data/test218
index dc71442e8..08ee8c6d4 100644
--- a/tests/data/test218
+++ b/tests/data/test218
@@ -45,7 +45,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Transfer-Encoding: chunked
-Expect: 100-continue
 
 %if hyper
 1E
diff --git a/tests/data/test22 b/tests/data/test22
index f5593c435..92fded6df 100644
--- a/tests/data/test22
+++ b/tests/data/test22
@@ -2,7 +2,6 @@
 <info>
 <keywords>
 HTTP
-HTTP PUT
 long URL
 </keywords>
 </info>
diff --git a/tests/data/test2304 b/tests/data/test2304
index 52a390386..895518fb4 100644
--- a/tests/data/test2304
+++ b/tests/data/test2304
@@ -61,8 +61,9 @@ Sec-WebSocket-Version: 13
 Sec-WebSocket-Key: NDMyMTUzMjE2MzIxNzMyMQ==
 
 </protocol>
-<stdout mode="text">
-Connection closed
-</stdout>
+
+# This test used to check that "connection closed" was output, but
+# that is flaky since the outgoing PING just before might fail already
+# and then the test exists before the output gets to be written
 </verify>
 </testcase>
diff --git a/tests/data/test2305 b/tests/data/test2305
new file mode 100644
index 000000000..7293db36c
--- /dev/null
+++ b/tests/data/test2305
@@ -0,0 +1,59 @@
+<testcase>
+<info>
+<keywords>
+WebSockets
+</keywords>
+</info>
+
+#
+# Sends three 4097 bytes TEXT frames, as one single message
+<reply>
+<data nocheck="yes">
+HTTP/1.1 101 Switching to WebSockets
+Server: test-server/fake
+Upgrade: websocket
+Connection: Upgrade
+Something: else
+Sec-WebSocket-Accept: HkPsVga7+8LuxM4RGQ5p9tZHeYs=
+
+%hex[%01%7e%10%01]hex%%repeat[256 x helothisisdaniel]%
+%hex[%01%7e%10%01]hex%%repeat[256 x helothisisdaniel]%
+%hex[%81%7e%10%01]hex%%repeat[256 x helothisisdaniel]%
+</data>
+# allow upgrade
+<servercmd>
+upgrade
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+# require debug for the forced CURL_ENTROPY
+<features>
+debug
+ws
+</features>
+<server>
+http
+</server>
+<name>
+WebSocket curl_ws_recv() loop reading three larger frames
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+<command>
+ws://%HOSTIP:%HTTPPORT/%TESTNUMBER log/save%TESTNUMBER
+</command>
+</client>
+
+#
+<verify>
+<file name="log/save%TESTNUMBER">
+%repeat[256 x helothisisdaniel]%
+%repeat[256 x helothisisdaniel]%
+%repeat[256 x helothisisdaniel]%
+</file>
+</verify>
+</testcase>
diff --git a/tests/data/test2400 b/tests/data/test2400
new file mode 100644
index 000000000..7f28f2f48
--- /dev/null
+++ b/tests/data/test2400
@@ -0,0 +1,64 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP/2
+HTTPS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+debug
+h2c
+SSL
+</features>
+<server>
+http
+http/2
+</server>
+ <name>
+HTTP/2 GET
+ </name>
+<setenv>
+</setenv>
+ <command>
+-k --http2 "https://%HOSTIP:%HTTP2TLSPORT/%TESTNUMBER"
+</command>
+
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stdout crlf="yes">
+HTTP/2 200 
+date: Tue, 09 Nov 2010 14:49:00 GMT
+content-length: 6
+content-type: text/html
+funny-head: yesyes
+server: nghttpx
+via: 1.1 nghttpx
+
+-foo-
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test2401 b/tests/data/test2401
new file mode 100644
index 000000000..667974e86
--- /dev/null
+++ b/tests/data/test2401
@@ -0,0 +1,72 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+HTTP/2
+HTTPS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 201 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Connection: close
+Content-Length: 0
+Funny-head: yesyes
+
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+debug
+h2c
+SSL
+</features>
+<server>
+http
+http/2
+</server>
+ <name>
+HTTP/2 GET
+ </name>
+<setenv>
+</setenv>
+ <command>
+-k --http2 "https://%HOSTIP:%HTTP2TLSPORT/%TESTNUMBER" -d "moo"
+</command>
+
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stdout>
+HTTP/2 201 
+date: Tue, 09 Nov 2010 14:49:00 GMT
+content-length: 0
+funny-head: yesyes
+server: nghttpx
+via: 1.1 nghttpx
+
+</stdout>
+<protocol nonewline="yes">
+POST /2401 HTTP/1.1
+Host: %HOSTIP:%HTTP2TLSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+Content-Length: 3
+Content-Type: application/x-www-form-urlencoded
+X-Forwarded-Proto: https
+Via: 2 nghttpx
+
+moo
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test2402 b/tests/data/test2402
new file mode 100644
index 000000000..82d16733d
--- /dev/null
+++ b/tests/data/test2402
@@ -0,0 +1,109 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP/2
+multi
+verbose logs
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data1 crlf="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data1>
+<data2>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data2>
+<data3>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data3>
+<data4>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data4>
+</reply>
+
+# Client-side
+<client>
+<features>
+h2c
+SSL
+</features>
+<server>
+http
+http/2
+</server>
+<tool>
+lib%TESTNUMBER
+</tool>
+ <name>
+HTTP GET multiple over HTTP/2
+ </name>
+ <command>
+https://%HOSTIP:%HTTP2TLSPORT/path/%TESTNUMBER %HOSTIP %HTTP2TLSPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /path/%TESTNUMBER0001 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+X-Forwarded-Proto: https
+Via: 2 nghttpx
+
+GET /path/%TESTNUMBER0002 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+X-Forwarded-Proto: https
+Via: 2 nghttpx
+
+GET /path/%TESTNUMBER0003 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+X-Forwarded-Proto: https
+Via: 2 nghttpx
+
+GET /path/%TESTNUMBER0004 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+X-Forwarded-Proto: https
+Via: 2 nghttpx
+
+</protocol>
+<strip>
+^Host:.*
+</strip>
+<file name="log/stderr%TESTNUMBER" mode="text">
+* Connection #0 to host localhost left intact
+* Connection #0 to host localhost left intact
+* Connection #0 to host localhost left intact
+* Connection #0 to host localhost left intact
+</file>
+<stripfile>
+$_ = '' if (($_ !~ /left intact/) && ($_ !~ /Closing connection/))
+</stripfile>
+</verify>
+</testcase>
diff --git a/tests/data/test2403 b/tests/data/test2403
new file mode 100644
index 000000000..11aa74b59
--- /dev/null
+++ b/tests/data/test2403
@@ -0,0 +1,73 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP/2
+HTTPS
+-w
+%header
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes" crlf="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+h2c
+SSL
+headers-api
+</features>
+<server>
+http
+http/2
+</server>
+ <name>
+HTTP/2 GET
+ </name>
+<setenv>
+</setenv>
+ <command>
+-k --http2 -w '%{header_json}\n' "https://%HOSTIP:%HTTP2TLSPORT/%TESTNUMBER"
+</command>
+
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stdout crlf="yes">
+HTTP/2 200 
+date: Tue, 09 Nov 2010 14:49:00 GMT
+content-length: 6
+content-type: text/html
+funny-head: yesyes
+server: nghttpx
+via: 1.1 nghttpx
+
+-foo-
+{"date":["Tue, 09 Nov 2010 14:49:00 GMT"],
+"content-length":["6"],
+"content-type":["text/html"],
+"funny-head":["yesyes"],
+"server":["nghttpx"],
+"via":["1.1 nghttpx"]
+}
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test250 b/tests/data/test250
index 3d0a8f3a0..b1879f252 100644
--- a/tests/data/test250
+++ b/tests/data/test250
@@ -2,6 +2,7 @@
 <info>
 <keywords>
 FTP
+SLOWDOWN
 </keywords>
 </info>
 
diff --git a/tests/data/test2501 b/tests/data/test2501
new file mode 100644
index 000000000..e7013e5ee
--- /dev/null
+++ b/tests/data/test2501
@@ -0,0 +1,70 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+HTTP/3
+HTTPS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 201 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Connection: close
+Content-Length: 0
+Funny-head: yesyes
+
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+debug
+http
+http/3
+</features>
+<server>
+http
+http/3
+</server>
+ <name>
+HTTP/3 POST
+ </name>
+<setenv>
+</setenv>
+ <command>
+-k --http3 "https://%HOSTIP:%HTTP3PORT/%TESTNUMBER" -d "moo"
+</command>
+
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stdout>
+HTTP/3 201 
+date: Tue, 09 Nov 2010 14:49:00 GMT
+content-length: 0
+funny-head: yesyes
+via: 1.1 nghttpx
+
+</stdout>
+<protocol nonewline="yes">
+POST https://%HOSTIP:%HTTP3PORT/2501 HTTP/1.1
+Host: %HOSTIP:%HTTP3PORT
+User-Agent: curl/%VERSION
+Accept: */*
+Content-Length: 3
+Content-Type: application/x-www-form-urlencoded
+Via: 3 nghttpx
+
+moo
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test2502 b/tests/data/test2502
new file mode 100644
index 000000000..0e2ec09b0
--- /dev/null
+++ b/tests/data/test2502
@@ -0,0 +1,104 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP/3
+multi
+verbose logs
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data1 crlf="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data1>
+<data2>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data2>
+<data3>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data3>
+<data4>
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: server.example.com
+Content-Length: 47
+
+file contents should appear once for each file
+</data4>
+</reply>
+
+# Client-side
+<client>
+<features>
+http/3
+</features>
+<server>
+http
+http/3
+</server>
+<tool>
+lib%TESTNUMBER
+</tool>
+ <name>
+HTTP GET multiple over HTTP/3
+ </name>
+ <command>
+https://%HOSTIP:%HTTP3PORT/path/%TESTNUMBER %HOSTIP %HTTP3PORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET https://localhost:%HTTP3PORT/path/%TESTNUMBER0001 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Via: 3 nghttpx
+
+GET https://localhost:%HTTP3PORT/path/%TESTNUMBER0002 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Via: 3 nghttpx
+
+GET https://localhost:%HTTP3PORT/path/%TESTNUMBER0003 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Via: 3 nghttpx
+
+GET https://localhost:%HTTP3PORT/path/%TESTNUMBER0004 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Via: 3 nghttpx
+
+</protocol>
+<strip>
+^Host:.*
+</strip>
+<file name="log/stderr%TESTNUMBER" mode="text">
+* Connection #0 to host localhost left intact
+* Connection #0 to host localhost left intact
+* Connection #0 to host localhost left intact
+* Connection #0 to host localhost left intact
+</file>
+<stripfile>
+$_ = '' if (($_ !~ /left intact/) && ($_ !~ /Closing connection/))
+</stripfile>
+</verify>
+</testcase>
diff --git a/tests/data/test2503 b/tests/data/test2503
new file mode 100644
index 000000000..550eb8a22
--- /dev/null
+++ b/tests/data/test2503
@@ -0,0 +1,70 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP/3
+HTTPS
+-w
+%header
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes" crlf="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<features>
+http/3
+nghttpx-h3
+headers-api
+</features>
+<server>
+http
+http/3
+</server>
+ <name>
+HTTP/3 header-api
+ </name>
+<setenv>
+</setenv>
+ <command>
+-w '%{header_json}\n' --http3-only --cacert %SRCDIR/certs/EdelCurlRoot-ca.crt --resolve localhost:%HTTP3PORT:%HOSTIP https://localhost:%HTTP3PORT/%TESTNUMBER
+</command>
+
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stdout crlf="yes">
+HTTP/3 200 
+date: Tue, 09 Nov 2010 14:49:00 GMT
+content-length: 6
+content-type: text/html
+funny-head: yesyes
+via: 1.1 nghttpx
+
+-foo-
+{"date":["Tue, 09 Nov 2010 14:49:00 GMT"],
+"content-length":["6"],
+"content-type":["text/html"],
+"funny-head":["yesyes"],
+"via":["1.1 nghttpx"]
+}
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test251 b/tests/data/test251
index cc8cbfa0a..04ad01709 100644
--- a/tests/data/test251
+++ b/tests/data/test251
@@ -2,6 +2,7 @@
 <info>
 <keywords>
 FTP
+SLOWDOWN
 </keywords>
 </info>
 
diff --git a/tests/data/test2600 b/tests/data/test2600
new file mode 100644
index 000000000..dba42249b
--- /dev/null
+++ b/tests/data/test2600
@@ -0,0 +1,24 @@
+<testcase>
+<info>
+<keywords>
+unittest
+llist
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unittest
+debug
+http
+</features>
+ <name>
+llist unit tests
+ </name>
+</client>
+</testcase>
diff --git a/tests/data/test266 b/tests/data/test266
index 4f5f359d8..09cca480c 100644
--- a/tests/data/test266
+++ b/tests/data/test266
@@ -4,6 +4,7 @@
 HTTP
 HTTP GET
 chunked Transfer-Encoding
+DELAY
 </keywords>
 </info>
 #
diff --git a/tests/data/test27 b/tests/data/test27
index 414741363..fba169510 100644
--- a/tests/data/test27
+++ b/tests/data/test27
@@ -29,6 +29,9 @@ Get same cookie page several times
  <command>
 "http://%HOSTIP:%HTTPPORT/want/{%TESTNUMBER,%TESTNUMBER,%TESTNUMBER}" -b none
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test281 b/tests/data/test281
index 4210f7b8f..f92b753af 100644
--- a/tests/data/test281
+++ b/tests/data/test281
@@ -49,7 +49,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 38
-Expect: 100-continue
 
 Weird
      file
diff --git a/tests/data/test303 b/tests/data/test303
index 318cbe672..248cb0b15 100644
--- a/tests/data/test303
+++ b/tests/data/test303
@@ -4,6 +4,7 @@
 HTTPS
 HTTP GET
 timeout
+FAILURE
 </keywords>
 </info>
 
diff --git a/tests/data/test31 b/tests/data/test31
index 6dfd2d268..ad71792d4 100644
--- a/tests/data/test31
+++ b/tests/data/test31
@@ -133,6 +133,9 @@ http://test31.curl:%HTTPPORT/we/want/%TESTNUMBER -b none -c log/jar%TESTNUMBER.t
 <precheck>
 perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
 </precheck>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test327 b/tests/data/test327
index 73cedb657..0014b1fe5 100644
--- a/tests/data/test327
+++ b/tests/data/test327
@@ -45,6 +45,9 @@ HTTP with cookiejar without cookies left
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -b none -c log/cookies%TESTNUMBER http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER0002
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test329 b/tests/data/test329
index 86f7a8275..5d3d26338 100644
--- a/tests/data/test329
+++ b/tests/data/test329
@@ -52,6 +52,9 @@ TZ=GMT
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -b log/jar%TESTNUMBER.txt -b log/jar%TESTNUMBER-2.txt -H "Host: host.foo.com" http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER0002
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test33 b/tests/data/test33
index 1b9c898ef..56024842c 100644
--- a/tests/data/test33
+++ b/tests/data/test33
@@ -49,7 +49,6 @@ Content-Range: bytes 50-99/100
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 50
-Expect: 100-continue
 
 012345678
 012345678
diff --git a/tests/data/test331 b/tests/data/test331
index 8fc68984e..34d9a78a6 100644
--- a/tests/data/test331
+++ b/tests/data/test331
@@ -43,6 +43,7 @@ HTTP with cookie using host name 'moo'
 -x http://%HOSTIP:%HTTPPORT http://moo/we/want/%TESTNUMBER -b none http://moo/we/want/%TESTNUMBER0002
 </command>
 <features>
+cookies
 proxy
 </features>
 </client>
diff --git a/tests/data/test357 b/tests/data/test357
index 8ddcdc90d..4c204f60e 100644
--- a/tests/data/test357
+++ b/tests/data/test357
@@ -53,16 +53,9 @@ HTTP PUT with Expect: 100-continue and 417 response
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -T log/test%TESTNUMBER.txt
 </command>
+# 1053700 x 'x', large enough to invoke the 100-continue behaviour
 <file name="log/test%TESTNUMBER.txt">
-Weird
-     file
-         to
-   upload
-for
-   testing
-the
-   PUT
-      feature
+%repeat[1053700 x x]%
 </file>
 </client>
 
@@ -73,24 +66,16 @@ PUT /we/want/%TESTNUMBER HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
-Content-Length: 78
+Content-Length: 1053701
 Expect: 100-continue
 
 PUT /we/want/%TESTNUMBER HTTP/1.1
 Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
-Content-Length: 78
+Content-Length: 1053701
 
-Weird
-     file
-         to
-   upload
-for
-   testing
-the
-   PUT
-      feature
+%repeat[1053700 x x]%
 </protocol>
 </verify>
 </testcase>
diff --git a/tests/data/test363 b/tests/data/test363
index cd8fc435c..24179171a 100644
--- a/tests/data/test363
+++ b/tests/data/test363
@@ -55,9 +55,9 @@ CONNECT with short sends
  </name>
 <setenv>
 # make the first send cut off after this amount of data
-CURL_SMALLREQSEND=48
+CURL_SMALLREQSEND=8
 # make repeated sends small too
-CURL_SMALLSENDS=40
+CURL_SMALLSENDS=8
 </setenv>
  <command>
 http://test.%TESTNUMBER:%HTTPPORT/we/want/that/page/%TESTNUMBER -p -x %HOSTIP:%PROXYPORT -d "datatopost=ohthatsfunyesyes"
diff --git a/tests/data/test364 b/tests/data/test364
index 5afb8c96d..a5c926590 100644
--- a/tests/data/test364
+++ b/tests/data/test364
@@ -43,7 +43,6 @@ Host: %HOSTIP:%HTTPSPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 1201
-Expect: 100-continue
 
 %repeat[200 x banana]%
 </protocol>
diff --git a/tests/data/test387 b/tests/data/test387
index 015ec25f1..644fc7f36 100644
--- a/tests/data/test387
+++ b/tests/data/test387
@@ -47,7 +47,7 @@ Accept: */*
 61
 </errorcode>
 <stderr mode="text">
-curl: (61) Reject response due to 5 content encodings
+curl: (61) Reject response due to more than 5 content encodings
 </stderr>
 </verify>
 </testcase>
diff --git a/tests/data/test392 b/tests/data/test392
index 24430c131..71d4486e2 100644
--- a/tests/data/test392
+++ b/tests/data/test392
@@ -40,6 +40,9 @@ http://localhost:%HTTPPORT/%TESTNUMBER -b none http://localhost:%HTTPPORT/%TESTN
 <precheck>
 perl -e "print 'Test requires default test server host' if ( '%HOSTIP' ne '127.0.0.1' );"
 </precheck>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test417 b/tests/data/test417
new file mode 100644
index 000000000..9061f8332
--- /dev/null
+++ b/tests/data/test417
@@ -0,0 +1,83 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+%{certs}
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 7
+
+nomnom
+</data>
+</reply>
+
+# Client-side
+<client>
+<features>
+SSL
+!wolfssl
+!bearssl
+!mbedtls
+!rustls
+</features>
+<server>
+http
+https
+</server>
+<name>
+%{certs}
+</name>
+<command option="no-include">
+--insecure https://%HOSTIP:%HTTPSPORT/%TESTNUMBER -w '%{certs}'
+</command>
+</client>
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPSPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<stripfile>
+s/^(.*):(.*)[\r\n]*//
+</stripfile>
+<stdout>
+nomnom
+-----BEGIN CERTIFICATE-----
+MIIERDCCAyygAwIBAgIGDzR1UZ/TMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
+Fw0yMjEyMjMxMjIxMzlaFw0zMTAzMTExMjIxMzlaMFQxCzAJBgNVBAYTAk5OMTEw
+LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
+MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCrCrAD0Hb+Xs4V3mHV45FvfNa7yiaOeL4mNdGmWfHVPFU+CSzsoNSvDjxa
+orWweFGVYoCAcchOn1lZk0ASsqnOss0Xi58n8+PPI3gG0gYjX5sg7EJ3Zq2kXoK0
+TZRy6hNkcvzLgyzXoYv1LkzTwYiyyJgZX++Y/GKAs2fMHyP8XzjNgm4tltk1k/4p
+omllwN9Fqz+sFxgAgEq3ybq4Xym7xKwWl8xXNBDJNmVsPtiJRcilQoR8Xs0a6PE+
+VbMhD9A2E/LEL7lzQfqHqtxE1mSW5FpQ+Uqf4KLnafStWs86IOWnCeLP6BmhAK6o
+uyICNFyzz7UkTHa/renxuNOGun2TAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
+b2NhbGhvc3QwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud
+DgQWBBScl7A9s1Cx9tRx4uvLgOqTfJjMcjAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj
+5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
+AoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1Ud
+HwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290
+LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAC4rtaof6cRWIJViFG0oJv0MANZN4DXIU
+MFHik4Oh2hsvqTGut8dMcsJeMiTxlpNw1T+1hYATdTLPDvhdxKIphEMsdYEmEmqg
+y3tXwZJ4hQj6ZFDCe4MCTXkTvGFkTbhr1fGEaxJcaZCtQEfA7d3qimZ+h4UZqonT
+PAhyCKFNY2BbmxeeABKhAFLKeAGIGMftW8fk2eu9P6+SUz/+WFcN/PR7e6JP6blc
+taRSULRWWkSO2dDt3o9+rBxYdluoecmVq4Ud20wTgkqlQRsp9dOW34DRHgB9ujWU
+V4HhCCqBaxwwUDcBGg4mT2vtyVAXNyszP2j+xvAhjOeyeVXyQr0vsA==
+-----END CERTIFICATE-----
+</stdout>
+
+</verify>
+
+</testcase>
diff --git a/tests/data/test418 b/tests/data/test418
new file mode 100644
index 000000000..50e974e60
--- /dev/null
+++ b/tests/data/test418
@@ -0,0 +1,152 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+gzip
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data nocheck="yes">
+HTTP/1.1 200 OK
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+Transfer-Encoding: gzip
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+Response with multiple Transfer-Encoding headers
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -sS
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+
+# CURLE_BAD_CONTENT_ENCODING is 61
+<errorcode>
+61
+</errorcode>
+<stderr mode="text">
+curl: (61) Reject response due to more than 5 content encodings
+</stderr>
+</verify>
+</testcase>
diff --git a/tests/data/test419 b/tests/data/test419
new file mode 100644
index 000000000..35e12597f
--- /dev/null
+++ b/tests/data/test419
@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+--dump-header
+failure
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+--dump-header to file that cannot be created
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -D loggg/save-here/fails
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+23
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test420 b/tests/data/test420
new file mode 100644
index 000000000..b7fe4edda
--- /dev/null
+++ b/tests/data/test420
@@ -0,0 +1,75 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+cookies
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data crlf="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Accept-Ranges: bytes
+Content-Length: 6
+Content-Type: text/html
+Set-Cookie: mycookie=; Max-Age=-1; Expires=Thu, 01 Jan 1970 00:00:00 GMT
+Set-Cookie: mycookie3=; Path=/func_test; Max-Age=-1; Expires=Thu, 01 Jan 1970 00:00:00 GMT
+Set-Cookie: mycookie4=; Path=/func_test; Max-Age=-1; Expires=Thu, 01 Jan 1970 00:00:
+Set-Cookie: mycookie5=; Path=/func_test; Max-Age=-1; Expires=Thu, 01 Jan 1970 00:00:00 GMT
+Set-Cookie: mycookie6=; Path=/func_test; Max-Age=-1; Expires=Thu, 01 Jan 1970 00:00:00 GMT
+Set-Cookie: mycookie1=; Path=/; Max-Age=-1; Expires=Thu, 01 Jan 1970 00:00:00 GMT
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+Setting cookies set with expried dates that were loaded from jar
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/func_test/del_cookie -b log/cookie%TESTNUMBER -c log/save%TESTNUMBER
+</command>
+<file name="log/cookie%TESTNUMBER" mode="text">
+%HOSTIP	FALSE	/func_test	FALSE	1709598616	mycookie6	991
+#HttpOnly_%HOSTIP	FALSE	/func_test	FALSE	1709598616	mycookie5	990
+#HttpOnly_%HOSTIP	FALSE	/func_test	FALSE	1709598616	mycookie4	950
+#HttpOnly_%HOSTIP	FALSE	/func_test	FALSE	1709598616	mycookie3	900
+#HttpOnly_%HOSTIP	FALSE	/func_test/	FALSE	1709598616	mycookie2	5900
+#HttpOnly_%HOSTIP	FALSE	/	FALSE	1709598616	mycookie1	4900
+#HttpOnly_%HOSTIP	FALSE	/func_test/	FALSE	0	mycookie	1200
+</file>
+<features>
+cookies
+</features>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /func_test/del_cookie HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+Cookie: mycookie2=5900; mycookie=1200; mycookie3=900; mycookie4=950; mycookie5=990; mycookie6=991; mycookie1=4900
+
+</protocol>
+<file name="log/save%TESTNUMBER" mode="text">
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+#HttpOnly_127.0.0.1	FALSE	/func_test/	FALSE	1709598616	mycookie2	5900
+</file>
+</verify>
+</testcase>
diff --git a/tests/data/test421 b/tests/data/test421
new file mode 100644
index 000000000..0e4130b06
--- /dev/null
+++ b/tests/data/test421
@@ -0,0 +1,85 @@
+<testcase>
+<info>
+<keywords>
+header_json
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data crlf="yes">
+HTTP/1.1 200 OK
+server: nginx
+date: Tue, 07 Mar 2023 15:14:41 GMT
+content-type: application/json
+content-length: 6
+vary: Accept-Encoding
+access-control-allow-origin: *
+vary: Accept-Encoding
+referrer-policy: strict-origin-when-cross-origin
+access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
+access-control-max-age: 1728000
+access-control-allow-headers: Authorization, Content-Type, AuthorizationOauth, X-EARLY-ACCESS
+access-control-expose-headers: 
+vary: Accept
+etag: W/"2678f9ab2ba550d164e7cc014aefd31e"
+cache-control: max-age=0, private, must-revalidate
+x-request-id: 375b343b3d2ecf9b442c0daf00fc4a9a
+strict-transport-security: max-age=31536000; includeSubDomains
+x-content-type-options: nosniff
+x-xss-protection: 1; mode=block
+referrer-policy: strict-origin-when-cross-origin
+feature-policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+HTTP GET multiple headers and %{header_json}
+</name>
+<command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER -w '%{stderr}%{header_json}\n' -s
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<stderr mode="text">
+{"server":["nginx"],
+"date":["Tue, 07 Mar 2023 15:14:41 GMT"],
+"content-type":["application/json"],
+"content-length":["6"],
+"vary":["Accept-Encoding","Accept-Encoding","Accept"],
+"access-control-allow-origin":["*"],
+"referrer-policy":["strict-origin-when-cross-origin","strict-origin-when-cross-origin"],
+"access-control-allow-methods":["GET, POST, PUT, DELETE, OPTIONS"],
+"access-control-max-age":["1728000"],
+"access-control-allow-headers":["Authorization, Content-Type, AuthorizationOauth, X-EARLY-ACCESS"],
+"access-control-expose-headers":["\r"],
+"etag":["W/\"2678f9ab2ba550d164e7cc014aefd31e\""],
+"cache-control":["max-age=0, private, must-revalidate"],
+"x-request-id":["375b343b3d2ecf9b442c0daf00fc4a9a"],
+"strict-transport-security":["max-age=31536000; includeSubDomains"],
+"x-content-type-options":["nosniff"],
+"x-xss-protection":["1; mode=block"],
+"feature-policy":["accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'"]
+}
+</stderr>
+</verify>
+</testcase>
diff --git a/tests/data/test422 b/tests/data/test422
new file mode 100644
index 000000000..2caaa4915
--- /dev/null
+++ b/tests/data/test422
@@ -0,0 +1,44 @@
+<testcase>
+<info>
+<keywords>
+cmdline
+--next
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<name>
+use --next with missing URL before it
+</name>
+<command>
+-O -I --next http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<stderr mode="text">
+curl: missing URL before --next
+curl: option --next: is badly used here
+%if manual
+curl: try 'curl --help' or 'curl --manual' for more information
+%else
+curl: try 'curl --help' for more information
+%endif
+</stderr>
+<errorcode>
+2
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test442 b/tests/data/test442
index baab4aade..cd750edde 100644
--- a/tests/data/test442
+++ b/tests/data/test442
@@ -193,6 +193,9 @@ attack.invalid	TRUE	/	FALSE	0	name149	could-be-large-149
 attack.invalid	TRUE	/	FALSE	0	name150	could-be-large-150
 attack.invalid	TRUE	/	FALSE	0	name151	could-be-large-151
 </file>
+<features>
+cookies
+</features>
 </client>
 
 #
diff --git a/tests/data/test443 b/tests/data/test443
index f984e7397..ea413b90c 100644
--- a/tests/data/test443
+++ b/tests/data/test443
@@ -62,6 +62,9 @@ attack.invalid	TRUE	/	FALSE	0	huge-18	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 attack.invalid	TRUE	/	FALSE	0	huge-19	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-19
 attack.invalid	TRUE	/	FALSE	0	huge-20	aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-20
 </file>
+<features>
+cookies
+</features>
 </client>
 
 #
diff --git a/tests/data/test444 b/tests/data/test444
index 89d671c72..e1f87fe38 100644
--- a/tests/data/test444
+++ b/tests/data/test444
@@ -118,6 +118,9 @@ Many Set-Cookie response headers
 <command>
 http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER -c log/cookie%TESTNUMBER --resolve attack.invalid:%HTTPPORT:%HOSTIP
 </command>
+<features>
+cookies
+</features>
 </client>
 
 #
diff --git a/tests/data/test446 b/tests/data/test446
new file mode 100644
index 000000000..0e2dfdcfe
--- /dev/null
+++ b/tests/data/test446
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP proxy
+HSTS
+trailing-dot
+</keywords>
+</info>
+
+<reply>
+
+# we use this as response to a CONNECT
+<connect nocheck="yes">
+HTTP/1.1 200 OK
+
+</connect>
+<data crlf="yes">
+HTTP/1.1 200 OK
+Content-Length: 6
+Strict-Transport-Security: max-age=604800
+
+-foo-
+</data>
+<data2 crlf="yes">
+HTTP/1.1 200 OK
+Content-Length: 6
+Strict-Transport-Security: max-age=6048000
+
+-baa-
+</data2>
+</reply>
+
+<client>
+<server>
+https
+http-proxy
+</server>
+<features>
+HSTS
+proxy
+https
+debug
+</features>
+<setenv>
+CURL_HSTS_HTTP=yes
+CURL_TIME=2000000000
+</setenv>
+
+<name>
+HSTS with two URLs
+</name>
+<command>
+-x http://%HOSTIP:%PROXYPORT --hsts log/hsts%TESTNUMBER http://this.hsts.example./%TESTNUMBER http://another.example.com/%TESTNUMBER0002
+</command>
+</client>
+
+<verify>
+# we let it CONNECT to the server to confirm HSTS but deny from there
+<proxy crlf="yes">
+GET http://this.hsts.example./%TESTNUMBER HTTP/1.1
+Host: this.hsts.example.
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://another.example.com/%TESTNUMBER0002 HTTP/1.1
+Host: another.example.com
+User-Agent: curl/%VERSION
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</proxy>
+
+<file name="log/hsts%TESTNUMBER" mode="text">
+# Your HSTS cache. https://curl.se/docs/hsts.html
+# This file was generated by libcurl! Edit at your own risk.
+this.hsts.example "20330525 03:33:20"
+another.example.com "20330727 03:33:20"
+</file>
+
+</verify>
+</testcase>
diff --git a/tests/data/test46 b/tests/data/test46
index 91e24cbaf..9e30c5278 100644
--- a/tests/data/test46
+++ b/tests/data/test46
@@ -56,6 +56,9 @@ domain..tld	FALSE	/	FALSE	2139150993	mooo	indeed
 #HttpOnly_domain..tld	FALSE	/want	FALSE	2139150993	mooo2	indeed2
 domain..tld	FALSE	/want	FALSE	0	empty	
 </file>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test490 b/tests/data/test490
index 2d4cf1604..3fcd0f3d5 100644
--- a/tests/data/test490
+++ b/tests/data/test490
@@ -51,7 +51,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 10
-Expect: 100-continue
 
 surprise!
 PUT /%TESTNUMBER HTTP/1.1
@@ -59,7 +58,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 10
-Expect: 100-continue
 
 surprise!
 </protocol>
diff --git a/tests/data/test491 b/tests/data/test491
index 5f2c27d6a..a2191ffe5 100644
--- a/tests/data/test491
+++ b/tests/data/test491
@@ -51,7 +51,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 10
-Expect: 100-continue
 
 surprise!
 </protocol>
diff --git a/tests/data/test492 b/tests/data/test492
index aedaf5b8a..6c704000d 100644
--- a/tests/data/test492
+++ b/tests/data/test492
@@ -55,7 +55,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Testno: %TESTNUMBER
 Content-Length: 19
-Expect: 100-continue
 
 first %TESTNUMBER contents
 PUT /two/first%TESTNUMBER HTTP/1.1
@@ -64,7 +63,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Testno: %TESTNUMBER
 Content-Length: 19
-Expect: 100-continue
 
 first %TESTNUMBER contents
 PUT /one/second%TESTNUMBER HTTP/1.1
@@ -73,7 +71,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Testno: %TESTNUMBER
 Content-Length: 20
-Expect: 100-continue
 
 second %TESTNUMBER contents
 PUT /two/second%TESTNUMBER HTTP/1.1
@@ -82,7 +79,6 @@ User-Agent: curl/%VERSION
 Accept: */*
 Testno: %TESTNUMBER
 Content-Length: 20
-Expect: 100-continue
 
 second %TESTNUMBER contents
 </protocol>
diff --git a/tests/data/test53 b/tests/data/test53
index e3b9ec962..4034a4c66 100644
--- a/tests/data/test53
+++ b/tests/data/test53
@@ -36,6 +36,9 @@ HTTP, junk session cookies
 %HOSTIP	FALSE	/	FALSE	0		moo1	indeed
 %HOSTIP	FALSE	/	FALSE	1		moo2	indeed
 </file>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test58 b/tests/data/test58
index 75765b224..9322ecca7 100644
--- a/tests/data/test58
+++ b/tests/data/test58
@@ -41,7 +41,6 @@ Host: %HOSTIP:%HTTPPORT
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 12
-Expect: 100-continue
 
 a few bytes
 </protocol>
diff --git a/tests/data/test594 b/tests/data/test594
index 5a4645092..8f5ba95b6 100644
--- a/tests/data/test594
+++ b/tests/data/test594
@@ -12,6 +12,8 @@ STOR
 multi
 EPRT refused
 NODATACONN
+timeout
+FAILURE
 </keywords>
 </info>
 
diff --git a/tests/data/test598 b/tests/data/test598
index 5e52315eb..a000dca55 100644
--- a/tests/data/test598
+++ b/tests/data/test598
@@ -58,6 +58,9 @@ curl_easy_reset with referer and other strings set
  <command>
 http://%HOSTIP:%HTTPPORT/%TESTNUMBER
 </command>
+<features>
+cookies
+</features>
 </client>
 
 #
diff --git a/tests/data/test6 b/tests/data/test6
index d8231cbdb..6e83125cd 100644
--- a/tests/data/test6
+++ b/tests/data/test6
@@ -31,6 +31,9 @@ HTTP with simple cookie send
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/that/page/%TESTNUMBER -b "name=contents;name2=content2" -b name3=content3
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test61 b/tests/data/test61
index 6d98ba770..98c56498f 100644
--- a/tests/data/test61
+++ b/tests/data/test61
@@ -47,6 +47,9 @@ TZ=GMT
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -c log/jar%TESTNUMBER.txt -H "Host: www.host.foo.com"
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test62 b/tests/data/test62
index 92396d9f6..08fbf8e5d 100644
--- a/tests/data/test62
+++ b/tests/data/test62
@@ -42,6 +42,9 @@ http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER http://%HOSTIP:%HTTPPORT/we/want/%T
 
 .foo.com	TRUE	/moo	TRUE	0	test3	maybe
 </file>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test676 b/tests/data/test676
index a3916e526..1197ec515 100644
--- a/tests/data/test676
+++ b/tests/data/test676
@@ -61,6 +61,9 @@ verify setting CURLOPT_COOKIEFILE to NULL again
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER
 </command>
+<features>
+cookies
+</features>
 </client>
 
 #
diff --git a/tests/data/test686 b/tests/data/test686
new file mode 100644
index 000000000..0badad062
--- /dev/null
+++ b/tests/data/test686
@@ -0,0 +1,34 @@
+<testcase>
+<info>
+<keywords>
+errorcode
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+ <name>
+verify return code for missing URL after --next
+ </name>
+ <command>
+htdhdhdtp://localhost --next
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+2
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test73 b/tests/data/test73
index e211f2148..4248db525 100644
--- a/tests/data/test73
+++ b/tests/data/test73
@@ -31,6 +31,9 @@ HTTP, receive cookies when using custom Host:, domain using only two dots
  <command>
 http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -c log/jar%TESTNUMBER.txt -H "Host: host.NOT_DISCLOSED.se"
 </command>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test8 b/tests/data/test8
index fa44a5a6a..93f2a9945 100644
--- a/tests/data/test8
+++ b/tests/data/test8
@@ -81,6 +81,9 @@ Set-Cookie: cookie31=%hex[%7f-junk]hex%
 <precheck>
 perl -e 'if ("%HOSTIP" !~ /\.0\.0\.1$/) {print "Test only works for HOSTIPs ending with .0.0.1"; exit(1)}'
 </precheck>
+<features>
+cookies
+</features>
 </client>
 
 # Verify data after the test has been "shot"
diff --git a/tests/data/test853 b/tests/data/test853
index a3b968809..468e07848 100644
--- a/tests/data/test853
+++ b/tests/data/test853
@@ -4,6 +4,7 @@
 POP3
 Clear Text
 LIST
+SLOWDOWN
 </keywords>
 </info>
 
diff --git a/tests/data/test88 b/tests/data/test88
index b7c620762..842031a85 100644
--- a/tests/data/test88
+++ b/tests/data/test88
@@ -88,7 +88,6 @@ Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145"
 User-Agent: curl/%VERSION
 Accept: */*
 Content-Length: 85
-Expect: 100-continue
 
 This is data we upload with PUT
 a second line
diff --git a/tests/data/test970 b/tests/data/test970
index ee0a3e9ae..37945269a 100644
--- a/tests/data/test970
+++ b/tests/data/test970
@@ -59,7 +59,7 @@ Accept: */*
 
 </protocol>
 <stdout nonewline="yes">
-{"content_type":"text/html","errormsg":null,"exitcode":0,"filename_effective":"log/out%TESTNUMBER","ftp_entry_path":null,"http_code":200,"http_connect":0,"http_version":"1.1","local_ip":"127.0.0.1","local_port":13,"method":"GET","num_connects":1,"num_headers":9,"num_redirects":0,"proxy_ssl_verify_result":0,"redirect_url":null,"referer":null,"remote_ip":"%HOSTIP","remote_port":%HTTPPORT,"response_code":200,"scheme":"HTTP","size_download":445,"size_header":4019,"size_request":4019,"size_upload":0,"speed_download":13,"speed_upload":13,"ssl_verify_result":0,"time_appconnect":0.000013,"time_connect":0.000013,"time_namelookup":0.000013,"time_pretransfer":0.000013,"time_redirect":0.000013,"time_starttransfer":0.000013,"time_total":0.000013,"url":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","url_effective":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","urlnum":0,"curl_version":"curl-unit-test-fake-version"}
+{"certs":"","content_type":"text/html","errormsg":null,"exitcode":0,"filename_effective":"log/out%TESTNUMBER","ftp_entry_path":null,"http_code":200,"http_connect":0,"http_version":"1.1","local_ip":"127.0.0.1","local_port":13,"method":"GET","num_certs":0,"num_connects":1,"num_headers":9,"num_redirects":0,"proxy_ssl_verify_result":0,"redirect_url":null,"referer":null,"remote_ip":"%HOSTIP","remote_port":%HTTPPORT,"response_code":200,"scheme":"HTTP","size_download":445,"size_header":4019,"size_request":4019,"size_upload":0,"speed_download":13,"speed_upload":13,"ssl_verify_result":0,"time_appconnect":0.000013,"time_connect":0.000013,"time_namelookup":0.000013,"time_pretransfer":0.000013,"time_redirect":0.000013,"time_starttransfer":0.000013,"time_total":0.000013,"url":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","url_effective":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","urlnum":0,"curl_version":"curl-unit-test-fake-version"}
 </stdout>
 </verify>
 </testcase>
diff --git a/tests/data/test972 b/tests/data/test972
index 0bcf04e39..b62eb5bde 100644
--- a/tests/data/test972
+++ b/tests/data/test972
@@ -60,7 +60,7 @@ Accept: */*
 
 </protocol>
 <stdout mode="text">
-{"content_type":"text/html","errormsg":null,"exitcode":0,"filename_effective":"log/out972","ftp_entry_path":null,"http_code":200,"http_connect":0,"http_version":"1.1","local_ip":"%HOSTIP","local_port":13,"method":"GET","num_connects":1,"num_headers":9,"num_redirects":0,"proxy_ssl_verify_result":0,"redirect_url":null,"referer":null,"remote_ip":"%HOSTIP","remote_port":%HTTPPORT,"response_code":200,"scheme":"HTTP","size_download":445,"size_header":4019,"size_request":4019,"size_upload":0,"speed_download":13,"speed_upload":13,"ssl_verify_result":0,"time_appconnect":0.000013,"time_connect":0.000013,"time_namelookup":0.000013,"time_pretransfer":0.000013,"time_redirect":0.000013,"time_starttransfer":0.000013,"time_total":0.000013,"url":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","url_effective":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","urlnum":0,"curl_version":"curl-unit-test-fake-version"}
+{"certs":"","content_type":"text/html","errormsg":null,"exitcode":0,"filename_effective":"log/out972","ftp_entry_path":null,"http_code":200,"http_connect":0,"http_version":"1.1","local_ip":"%HOSTIP","local_port":13,"method":"GET","num_certs":0,"num_connects":1,"num_headers":9,"num_redirects":0,"proxy_ssl_verify_result":0,"redirect_url":null,"referer":null,"remote_ip":"%HOSTIP","remote_port":%HTTPPORT,"response_code":200,"scheme":"HTTP","size_download":445,"size_header":4019,"size_request":4019,"size_upload":0,"speed_download":13,"speed_upload":13,"ssl_verify_result":0,"time_appconnect":0.000013,"time_connect":0.000013,"time_namelookup":0.000013,"time_pretransfer":0.000013,"time_redirect":0.000013,"time_starttransfer":0.000013,"time_total":0.000013,"url":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","url_effective":"http://%HOSTIP:%HTTPPORT/%TESTNUMBER","urlnum":0,"curl_version":"curl-unit-test-fake-version"}
 </stdout>
 </verify>
 </testcase>
diff --git a/tests/data/test977 b/tests/data/test977
index cecfd13f0..65167ee0e 100644
--- a/tests/data/test977
+++ b/tests/data/test977
@@ -27,6 +27,7 @@ Set-Cookie: a=b; Domain=.me.;
 # Client-side
 <client>
 <features>
+cookies
 proxy
 </features>
 <server>
diff --git a/tests/data/test978 b/tests/data/test978
new file mode 100644
index 000000000..105fa78c5
--- /dev/null
+++ b/tests/data/test978
@@ -0,0 +1,56 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+--stderr
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data crlf="yes">
+HTTP/1.1 200 OK
+Date: Tue, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
+ETag: "21025-dc7-39462498"
+Accept-Ranges: bytes
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+Funny-head: yesyes
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+verify that --stderr works for -w's stderr as well
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/%TESTNUMBER --stderr log/redir --silent -w '%{stderr}nonsense\n'
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+<file name="log/redir" mode="text">
+nonsense
+</file>
+</verify>
+</testcase>
diff --git a/tests/data/test987 b/tests/data/test987
new file mode 100644
index 000000000..9176748e1
--- /dev/null
+++ b/tests/data/test987
@@ -0,0 +1,51 @@
+<testcase>
+<info>
+<keywords>
+SMTPS
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+smtps
+</server>
+ <name>
+SMTPS with redundant explicit SSL request
+ </name>
+<stdin>
+From: different
+To: another
+
+body
+</stdin>
+ <command>
+-k --ssl-reqd --mail-rcpt recipient@example.com --mail-from sender@example.com -T - smtps://%HOSTIP:%SMTPSPORT/%TESTNUMBER
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+EHLO %TESTNUMBER
+MAIL FROM:<sender@example.com>
+RCPT TO:<recipient@example.com>
+DATA
+QUIT
+</protocol>
+<upload>
+From: different
+To: another
+
+body
+.
+</upload>
+</verify>
+</testcase>
diff --git a/tests/data/test988 b/tests/data/test988
new file mode 100644
index 000000000..71c873c8b
--- /dev/null
+++ b/tests/data/test988
@@ -0,0 +1,48 @@
+<testcase>
+<info>
+<keywords>
+IMAPS
+FETCH
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+  yours sincerely
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+imaps
+</server>
+ <name>
+IMAPS FETCH with redundant explicit SSL request
+ </name>
+ <command>
+-k --ssl-reqd -u '"user:sec"ret{' 'imaps://%HOSTIP:%IMAPSPORT/%TESTNUMBER/;MAILINDEX=1'
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+A001 CAPABILITY
+A002 LOGIN "\"user" "sec\"ret{"
+A003 SELECT %TESTNUMBER
+A004 FETCH 1 BODY[]
+A005 LOGOUT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test989 b/tests/data/test989
new file mode 100644
index 000000000..2fee9f895
--- /dev/null
+++ b/tests/data/test989
@@ -0,0 +1,48 @@
+<testcase>
+<info>
+<keywords>
+POP3S
+RETR
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+From: me@somewhere
+To: fake@nowhere
+
+body
+
+--
+  yours sincerely
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+pop3s
+</server>
+ <name>
+POP3S RETR with redundant explicit SSL request
+ </name>
+ <command>
+-k --ssl-reqd  -u user:secret pop3s://%HOSTIP:%POP3SPORT/%TESTNUMBER
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+CAPA
+USER user
+PASS secret
+RETR %TESTNUMBER
+QUIT
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/dictserver.py b/tests/dictserver.py
index 5e38ffa07..0a08522f4 100755
--- a/tests/dictserver.py
+++ b/tests/dictserver.py
@@ -7,7 +7,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2008 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/directories.pm b/tests/directories.pm
index 641c6af24..e698b285e 100644
--- a/tests/directories.pm
+++ b/tests/directories.pm
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/disable-scan.pl b/tests/disable-scan.pl
index 5d09bff27..99f5436af 100755
--- a/tests/disable-scan.pl
+++ b/tests/disable-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/error-codes.pl b/tests/error-codes.pl
index 5d28886cf..1747c4316 100644..100755
--- a/tests/error-codes.pl
+++ b/tests/error-codes.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/extern-scan.pl b/tests/extern-scan.pl
index 0d8da705a..7597a55b5 100755
--- a/tests/extern-scan.pl
+++ b/tests/extern-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/ftp.pm b/tests/ftp.pm
index 428befddf..6edee3dae 100644
--- a/tests/ftp.pm
+++ b/tests/ftp.pm
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl
index 095e8b76e..6c46727bb 100755
--- a/tests/ftpserver.pl
+++ b/tests/ftpserver.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -2577,7 +2577,7 @@ sub PASV_ftp {
         local $SIG{ALRM} = sub { die "alarm\n" };
 
         # assume swift operations unless explicitly slow
-        alarm ($datadelay?20:10);
+        alarm ($datadelay?20:2);
 
         # Wait for 'CNCT'
         my $input;
diff --git a/tests/getpart.pm b/tests/getpart.pm
index 29d783efd..b8c7a7a27 100644
--- a/tests/getpart.pm
+++ b/tests/getpart.pm
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/httpserver.pl b/tests/http-server.pl
index 64573aa43..d4978854b 100755
--- a/tests/httpserver.pl
+++ b/tests/http-server.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/http/.gitignore b/tests/http/.gitignore
new file mode 100644
index 000000000..3732aac19
--- /dev/null
+++ b/tests/http/.gitignore
@@ -0,0 +1,6 @@
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# SPDX-License-Identifier: curl
+
+config.ini
+gen
+\ No newline at end of file
diff --git a/zuul.d/playbooks/run.yaml b/tests/http/Makefile.am
index 473f99750..6a4cc831a 100644
--- a/zuul.d/playbooks/run.yaml
+++ b/tests/http/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,15 +21,7 @@
 # SPDX-License-Identifier: curl
 #
 ###########################################################################
----
-- hosts: all
-  tasks:
-  - name: Print environment variables
-    debug:
-      var: curl_env
 
-  - name: Run tests
-    environment: "{{ curl_env }}"
-    shell: "./scripts/zuul/script.sh"
-    args:
-      chdir: "{{ zuul.project.src_dir }}"
+clean-local:
+	rm -rf *.pyc __pycache__
+	rm -rf gen
diff --git a/tests/http/README.md b/tests/http/README.md
new file mode 100644
index 000000000..69e6760e8
--- /dev/null
+++ b/tests/http/README.md
@@ -0,0 +1,128 @@
+<!--
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+
+SPDX-License-Identifier: curl
+-->
+
+# The curl HTTPD Test Suite
+
+This is an additional test suite using a combination of Apache httpd and nghttpx servers to perform various tests beyond the capabilities of the standard curl test suite.
+
+# Usage
+
+The test cases and necessary files are in `tests/httpd`. You can invoke `pytest` from there or from the top level curl checkout and it will find all tests.
+
+```
+curl> pytest
+platform darwin -- Python 3.9.15, pytest-6.2.0, py-1.10.0, pluggy-0.13.1
+rootdir: /Users/sei/projects/curl
+collected 5 items
+
+tests/httpd/test_01_basic.py .....
+```
+
+Pytest takes arguments. `-v` increases its verbosity and can be used several times. `-k <expr>` can be used to run only matching test cases. The `expr` can be something resembling a python test or just a string that needs to match test cases in their names.
+
+```
+curl> pytest -vv -k test_01_02
+```
+
+runs all test cases that have `test_01_02` in their name. This does not have to be the start of the name.
+
+Depending on your setup, some test cases may be skipped and appear as `s` in the output. If you run pytest verbose, it will also give you the reason for skipping.
+
+
+# Prerequisites
+
+You will need:
+
+1. a recent Python, the `cryptography` module and, of course, `pytest`
+2. a apache httpd development version. On Debian/Ubuntu, the package `apache2-dev` has this.
+3. a local `curl` project build
+3. optionally, a `nghttpx` with HTTP/3 enabled or h3 test cases will be skipped.
+
+### Configuration
+
+Via curl's `configure` script you may specify:
+
+  * `--with-test-nghttpx=<path-of-nghttpx>` if you have nghttpx to use somewhere outside your `$PATH`.
+  * `--with-test-httpd=<httpd-install-path>` if you have an Apache httpd installed somewhere else. On Debian/Ubuntu it will otherwise look into `/usr/bin` and `/usr/sbin` to find those.
+
+## Usage Tips
+
+Several test cases are parameterized, for example with the HTTP version to use. If you want to run a test with a particular protocol only, use a command line like:
+
+```
+curl> pytest -k "test_02_06 and h2"
+```
+
+Several test cases can be repeated, they all have the `repeat` parameter. To make this work, you have to start `pytest` in the test directory itself (for some unknown reason). Like in:
+
+```
+curl/tests/http> pytest -k "test_02_06 and h2" --repeat=100
+```
+
+which then runs this test case a hundred times. In case of flaky tests, you can make pytest stop on the first one with:
+
+```
+curl/tests/http> pytest -k "test_02_06 and h2" --repeat=100 --maxfail=1
+```
+
+which allow you to inspect output and log files for the failed run. Speaking of log files, the verbosity of pytest is also used to collect curl trace output. If you specify `-v` three times, the `curl` command is started with `--trace`:
+
+```
+curl/tests/http> pytest -vvv -k "test_02_06 and h2" --repeat=100 --maxfail=1
+```
+
+all of curl's output and trace file are found in `tests/http/gen/curl`.
+
+## Writing Tests
+
+There is a lot of [`pytest` documentation](https://docs.pytest.org/) with examples. No use in repeating that here. Assuming you are somewhat familiar with it, it is useful how *this* general test suite is setup. Especially if you want to add test cases.
+
+### Servers
+
+In `conftest.py` 3 "fixtures" are defined that are used by all test cases:
+
+1. `env`: the test environment. It is an instance of class `testenv/env.py:Env`. It holds all information about paths, availability of features (HTTP/3!), port numbers to use, domains and SSL certificates for those.
+2. `httpd`: the Apache httpd instance, configured and started, then stopped at the end of the test suite. It has sites configured for the domains from `env`. It also loads a local module `mod_curltest?` and makes it available in certain locations. (more on mod_curltest below).
+3. `nghttpx`: an instance of nghttpx that provides HTTP/3 support. `nghttpx` proxies those requests to the `httpd` server. In a direct mapping, so you may access all the resources under the same path as with HTTP/2. Only the port number used for HTTP/3 requests will be different.
+
+`pytest` manages these fixture so that they are created once and terminated before exit. This means you can `Ctrl-C` a running pytest and the server will shutdown. Only when you brutally chop its head off, might there be servers left
+behind.
+
+### Test Cases
+
+Tests making use of these fixtures have them in their parameter list. This tells pytest that a particular test needs them, so it has to create them. Since one can invoke pytest for just a single test, it is important that a test references the ones it needs.
+
+All test cases start with `test_` in their name. We use a double number scheme to group them. This makes it ease to run only specific tests and also give a short mnemonic to communicate trouble with others in the project. Otherwise you are free to name test cases as you think fitting.
+
+Tests are grouped thematically in a file with a single Python test class. This is convenient if you need a special "fixture" for several tests. "fixtures" can have "class" scope.
+
+There is a curl helper class that knows how to invoke curl and interpret its output. Among other things, it does add the local CA to the command line, so that SSL connections to the test servers are verified. Nothing prevents anyone from running curl directly, for specific uses not covered by the `CurlClient` class.
+
+### mod_curltest
+
+The module source code is found in `testenv/mod_curltest`. It is compiled using the `apxs` command, commonly provided via the `apache2-dev` package. Compilation is quick and done once at the start of a test run.
+
+The module adds 2 "handlers" to the Apache server (right now). Handler are pieces of code that receive HTTP requests and generate the response. Those handlers are:
+
+* `curltest-echo`: hooked up on the path `/curltest/echo`. This one echoes a request and copies all data from the request body to the response body. Useful for simulating upload and checking that the data arrived as intended.
+* `curltest-tweak`: hooked up on the path `/curltest/tweak`. This handler is more of a Swiss army knife. It interprets parameters from the URL query string to drive its behavior.
+  * `status=nnn`: generate a response with HTTP status code `nnn`.
+  * `chunks=n`: generate `n` chunks of data in the response body, defaults to 3.
+  * `chunk_size=nnn`: each chunk should contain `nnn` bytes of data. Maximum is 16KB right now.
+  * `chunkd_delay=duration`: wait `duration` time between writing chunks
+  * `delay=duration`: wait `duration` time to send the response headers
+  * `body_error=(timeout|reset)`: produce an error after the first chunk in the response body
+  * `id=str`: add `str` in the response header `request-id`
+
+`duration` values are integers, optionally followed by a unit. Units are:
+
+  * `d`: days (probably not useful here)
+  * `h`: hours
+  * `mi`: minutes
+  * `s`: seconds (the default)
+  * `ms`: milliseconds
+
+As you can see, `mod_curltest`'s tweak handler allow to simulate many kinds of responses. An example of its use is `test_03_01` where responses are delayed using `chunk_delay`. This gives the response a defined duration and the test uses that to reload `httpd` in the middle of the first request. A graceful reload in httpd lets ongoing requests finish, but will close the connection afterwards and tear down the serving process. The following request need then to open a new connection. This is verified by the test case.
diff --git a/zuul.d/playbooks/post.yaml b/tests/http/config.ini.in
index 52248d992..42a967906 100644
--- a/zuul.d/playbooks/post.yaml
+++ b/tests/http/config.ini.in
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 #***************************************************************************
 #                                  _   _ ____  _
 #  Project                     ___| | | |  _ \| |
@@ -5,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,15 +22,16 @@
 # SPDX-License-Identifier: curl
 #
 ###########################################################################
----
-- hosts: all
-  tasks:
-  - name: Pull down logs to executor
-    ignore_errors: True
-    synchronize:
-      src: "{{ zuul.project.src_dir }}/config.log"
-      dest: "{{ zuul.executor.log_root }}/config.log"
-      mode: pull
-      owner: false
-      group: false
-...
+#
+[global]
+
+[httpd]
+apxs = @APXS@
+httpd = @HTTPD@
+apachectl = @APACHECTL@
+
+[nghttpx]
+nghttpx = @HTTPD_NGHTTPX@
+
+[caddy]
+caddy = @CADDY@
diff --git a/tests/http/conftest.py b/tests/http/conftest.py
new file mode 100644
index 000000000..8727fc323
--- /dev/null
+++ b/tests/http/conftest.py
@@ -0,0 +1,68 @@
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import sys
+from typing import Optional
+
+import pytest
+
+sys.path.append(os.path.join(os.path.dirname(__file__), '.'))
+
+from testenv import Env, Nghttpx, Httpd
+
+
+@pytest.fixture(scope="package")
+def env(pytestconfig) -> Env:
+    env = Env(pytestconfig=pytestconfig)
+    level = logging.DEBUG if env.verbose > 0 else logging.INFO
+    logging.getLogger('').setLevel(level=level)
+    env.setup()
+    return env
+
+@pytest.fixture(scope="package", autouse=True)
+def log_global_env_facts(record_testsuite_property, env):
+    record_testsuite_property("http-port", env.http_port)
+
+
+@pytest.fixture(scope='package')
+def httpd(env) -> Httpd:
+    httpd = Httpd(env=env)
+    assert httpd.exists(), f'httpd not found: {env.httpd}'
+    httpd.clear_logs()
+    assert httpd.start()
+    yield httpd
+    httpd.stop()
+
+
+@pytest.fixture(scope='package')
+def nghttpx(env, httpd) -> Optional[Nghttpx]:
+    nghttpx = Nghttpx(env=env)
+    if env.have_h3():
+        nghttpx.clear_logs()
+        assert nghttpx.start()
+    yield nghttpx
+    nghttpx.stop()
+
diff --git a/tests/http/scorecard.py b/tests/http/scorecard.py
new file mode 100644
index 000000000..21dafe181
--- /dev/null
+++ b/tests/http/scorecard.py
@@ -0,0 +1,423 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import argparse
+import json
+import logging
+import os
+import sys
+from datetime import datetime
+from statistics import mean
+from typing import Dict, Any
+
+from testenv import Env, Httpd, Nghttpx, CurlClient, Caddy, ExecResult
+
+
+log = logging.getLogger(__name__)
+
+
+class ScoreCardException(Exception):
+    pass
+
+
+class ScoreCard:
+
+    def __init__(self):
+        self.verbose = 0
+        self.env = None
+        self.httpd = None
+        self.nghttpx = None
+        self.caddy = None
+
+    def info(self, msg):
+        if self.verbose > 0:
+            sys.stderr.write(msg)
+            sys.stderr.flush()
+
+    def handshakes(self, proto: str) -> Dict[str, Any]:
+        props = {}
+        sample_size = 10
+        self.info(f'handshaking ')
+        for authority in [
+            f'{self.env.authority_for(self.env.domain1, proto)}'
+        ]:
+            self.info('localhost')
+            c_samples = []
+            hs_samples = []
+            errors = []
+            for i in range(sample_size):
+                self.info('.')
+                curl = CurlClient(env=self.env)
+                url = f'https://{authority}/'
+                r = curl.http_download(urls=[url], alpn_proto=proto, no_save=True)
+                if r.exit_code == 0 and len(r.stats) == 1:
+                    c_samples.append(r.stats[0]['time_connect'])
+                    hs_samples.append(r.stats[0]['time_appconnect'])
+                else:
+                    errors.append(f'exit={r.exit_code}')
+            props['localhost'] = {
+                'connect': mean(c_samples),
+                'handshake': mean(hs_samples),
+                'errors': errors
+            }
+        for authority in [
+            'curl.se', 'google.com', 'cloudflare.com', 'nghttp2.org',
+        ]:
+            for ipv in ['ipv4', 'ipv6']:
+                self.info(f'{authority}-{ipv}')
+                c_samples = []
+                hs_samples = []
+                errors = []
+                for i in range(sample_size):
+                    self.info('.')
+                    curl = CurlClient(env=self.env)
+                    args = [
+                        '--http3-only' if proto == 'h3' else '--http2',
+                        f'--{ipv}', f'https://{authority}/'
+                    ]
+                    r = curl.run_direct(args=args, with_stats=True)
+                    if r.exit_code == 0 and len(r.stats) == 1:
+                        c_samples.append(r.stats[0]['time_connect'])
+                        hs_samples.append(r.stats[0]['time_appconnect'])
+                    else:
+                        errors.append(f'exit={r.exit_code}')
+                props[f'{authority}-{ipv}'] = {
+                    'connect': mean(c_samples) if len(c_samples) else -1,
+                    'handshake': mean(hs_samples) if len(hs_samples) else -1,
+                    'errors': errors
+                }
+        self.info('\n')
+        return props
+
+    def _make_docs_file(self, docs_dir: str, fname: str, fsize: int):
+        fpath = os.path.join(docs_dir, fname)
+        data1k = 1024*'x'
+        flen = 0
+        with open(fpath, 'w') as fd:
+            while flen < fsize:
+                fd.write(data1k)
+                flen += len(data1k)
+        return flen
+
+    def _check_downloads(self, r: ExecResult, count: int):
+        error = ''
+        if r.exit_code != 0:
+            error += f'exit={r.exit_code} '
+        if r.exit_code != 0 or len(r.stats) != count:
+            error += f'stats={len(r.stats)}/{count} '
+        fails = [s for s in r.stats if s['response_code'] != 200]
+        if len(fails) > 0:
+            error += f'{len(fails)} failed'
+        return error if len(error) > 0 else None
+
+    def transfer_single(self, url: str, proto: str, count: int):
+        sample_size = count
+        count = 1
+        samples = []
+        errors = []
+        self.info(f'{sample_size}x single')
+        for i in range(sample_size):
+            curl = CurlClient(env=self.env)
+            r = curl.http_download(urls=[url], alpn_proto=proto, no_save=True)
+            err = self._check_downloads(r, count)
+            if err:
+                errors.append(err)
+            else:
+                samples.append(r.stats[0]['speed_download'])
+        self.info(f'.')
+        return {
+            'count': count,
+            'samples': sample_size,
+            'speed': mean(samples) if len(samples) else -1,
+            'errors': errors
+        }
+
+    def transfer_serial(self, url: str, proto: str, count: int):
+        sample_size = 1
+        samples = []
+        errors = []
+        url = f'{url}?[0-{count - 1}]'
+        self.info(f'{sample_size}x{count} serial')
+        for i in range(sample_size):
+            curl = CurlClient(env=self.env)
+            r = curl.http_download(urls=[url], alpn_proto=proto, no_save=True)
+            self.info(f'.')
+            err = self._check_downloads(r, count)
+            if err:
+                errors.append(err)
+            else:
+                for s in r.stats:
+                    samples.append(s['speed_download'])
+        return {
+            'count': count,
+            'samples': sample_size,
+            'speed': mean(samples) if len(samples) else -1,
+            'errors': errors
+        }
+
+    def transfer_parallel(self, url: str, proto: str, count: int):
+        sample_size = 1
+        samples = []
+        errors = []
+        url = f'{url}?[0-{count - 1}]'
+        self.info(f'{sample_size}x{count} parallel')
+        for i in range(sample_size):
+            curl = CurlClient(env=self.env)
+            start = datetime.now()
+            r = curl.http_download(urls=[url], alpn_proto=proto, no_save=True,
+                                   extra_args=['--parallel'])
+            err = self._check_downloads(r, count)
+            if err:
+                errors.append(err)
+            else:
+                duration = datetime.now() - start
+                total_size = sum([s['size_download'] for s in r.stats])
+                samples.append(total_size / duration.total_seconds())
+        return {
+            'count': count,
+            'samples': sample_size,
+            'speed': mean(samples) if len(samples) else -1,
+            'errors': errors
+        }
+
+    def download_url(self, url: str, proto: str, count: int):
+        self.info(f'  {url}: ')
+        props = {
+            'single': self.transfer_single(url=url, proto=proto, count=10),
+            'serial': self.transfer_serial(url=url, proto=proto, count=count),
+            'parallel': self.transfer_parallel(url=url, proto=proto, count=count),
+        }
+        self.info(f'\n')
+        return props
+
+    def downloads(self, proto: str, test_httpd: bool = True,
+                  test_caddy: bool = True) -> Dict[str, Any]:
+        scores = {}
+        if test_httpd:
+            if proto == 'h3':
+                port = self.env.h3_port
+                via = 'nghttpx'
+                descr = f'port {port}, proxying httpd'
+            else:
+                port = self.env.https_port
+                via = 'httpd'
+                descr = f'port {port}'
+            self.info(f'{via} downloads\n')
+            self._make_docs_file(docs_dir=self.httpd.docs_dir, fname='score1.data', fsize=1024*1024)
+            url1 = f'https://{self.env.domain1}:{port}/score1.data'
+            self._make_docs_file(docs_dir=self.httpd.docs_dir, fname='score10.data', fsize=10*1024*1024)
+            url10 = f'https://{self.env.domain1}:{port}/score10.data'
+            self._make_docs_file(docs_dir=self.httpd.docs_dir, fname='score100.data', fsize=100*1024*1024)
+            url100 = f'https://{self.env.domain1}:{port}/score100.data'
+            scores[via] = {
+                'description': descr,
+                '1MB-local': self.download_url(url=url1, proto=proto, count=50),
+                '10MB-local': self.download_url(url=url10, proto=proto, count=50),
+                '100MB-local': self.download_url(url=url100, proto=proto, count=50),
+            }
+        if test_caddy and self.caddy:
+            port = self.caddy.port
+            via = 'caddy'
+            descr = f'port {port}'
+            self.info('caddy downloads\n')
+            self._make_docs_file(docs_dir=self.caddy.docs_dir, fname='score1.data', fsize=1024 * 1024)
+            url1 = f'https://{self.env.domain1}:{port}/score1.data'
+            self._make_docs_file(docs_dir=self.caddy.docs_dir, fname='score10.data', fsize=10 * 1024 * 1024)
+            url10 = f'https://{self.env.domain1}:{port}/score10.data'
+            self._make_docs_file(docs_dir=self.caddy.docs_dir, fname='score100.data', fsize=100 * 1024 * 1024)
+            url100 = f'https://{self.env.domain1}:{port}/score100.data'
+            scores[via] = {
+                'description': descr,
+                '1MB-local': self.download_url(url=url1, proto=proto, count=50),
+                '10MB-local': self.download_url(url=url10, proto=proto, count=50),
+                '100MB-local': self.download_url(url=url100, proto=proto, count=50),
+            }
+        return scores
+
+    def score_proto(self, proto: str,
+                    handshakes: bool = True,
+                    downloads: bool = True,
+                    test_httpd: bool = True,
+                    test_caddy: bool = True):
+        self.info(f"scoring {proto}\n")
+        p = {}
+        if proto == 'h3':
+            p['name'] = 'h3'
+            if not self.env.have_h3_curl():
+                raise ScoreCardException('curl does not support HTTP/3')
+            for lib in ['ngtcp2', 'quiche', 'msh3']:
+                if self.env.curl_uses_lib(lib):
+                    p['implementation'] = lib
+                    break
+        elif proto == 'h2':
+            p['name'] = 'h2'
+            if not self.env.have_h2_curl():
+                raise ScoreCardException('curl does not support HTTP/2')
+            for lib in ['nghttp2', 'hyper']:
+                if self.env.curl_uses_lib(lib):
+                    p['implementation'] = lib
+                    break
+        else:
+            raise ScoreCardException(f"unknown protocol: {proto}")
+
+        if 'implementation' not in p:
+            raise ScoreCardException(f'did not recognized {p} lib')
+        p['version'] = Env.curl_lib_version(p['implementation'])
+
+        score = {
+            'curl': self.env.curl_version(),
+            'os': self.env.curl_os(),
+            'protocol': p,
+        }
+        if handshakes:
+            score['handshakes'] = self.handshakes(proto=proto)
+        if downloads:
+            score['downloads'] = self.downloads(proto=proto,
+                                                test_httpd=test_httpd,
+                                                test_caddy=test_caddy)
+        self.info("\n")
+        return score
+
+    def fmt_ms(self, tval):
+        return f'{int(tval*1000)} ms' if tval >= 0 else '--'
+
+    def fmt_mb(self, val):
+        return f'{val/(1024*1024):0.000f} MB' if val >= 0 else '--'
+
+    def fmt_mbs(self, val):
+        return f'{val/(1024*1024):0.000f} MB/s' if val >= 0 else '--'
+
+    def print_score(self, score):
+        print(f'{score["protocol"]["name"].upper()} in curl {score["curl"]} ({score["os"]}) via '
+              f'{score["protocol"]["implementation"]}/{score["protocol"]["version"]} ')
+        if 'handshakes' in score:
+            print('Handshakes')
+            print(f'  {"Host":<25} {"Connect":>12} {"Handshake":>12}     {"Errors":<20}')
+            for key, val in score["handshakes"].items():
+                print(f'  {key:<25} {self.fmt_ms(val["connect"]):>12} '''
+                      f'{self.fmt_ms(val["handshake"]):>12}     {"/".join(val["errors"]):<20}')
+        if 'downloads' in score:
+            print('Downloads')
+            for dkey, dval in score["downloads"].items():
+                print(f'  {dkey}: {dval["description"]}')
+                for skey, sval in dval.items():
+                    if isinstance(sval, str):
+                        continue
+                    print(f'    {skey:<13} {"Samples":>10} {"Count":>10} {"Speed":>17}   {"Errors":<20}')
+                    for key, val in sval.items():
+                        print(f'      {key:<11} {val["samples"]:>10} '''
+                              f'{val["count"]:>10} {self.fmt_mbs(val["speed"]):>17}   '
+                              f'{"/".join(val["errors"]):<20}')
+
+    def main(self):
+        parser = argparse.ArgumentParser(prog='scorecard', description="""
+            Run a range of tests to give a scorecard for a HTTP protocol
+            'h3' or 'h2' implementation in curl.
+            """)
+        parser.add_argument("-v", "--verbose", action='count', default=0,
+                            help="log more output on stderr")
+        parser.add_argument("-t", "--text", action='store_true', default=False,
+                            help="print text instead of json")
+        parser.add_argument("-d", "--downloads", action='store_true', default=False,
+                            help="evaluate downloads only")
+        parser.add_argument("--httpd", action='store_true', default=False,
+                            help="evaluate httpd server only")
+        parser.add_argument("--caddy", action='store_true', default=False,
+                            help="evaluate caddy server only")
+        parser.add_argument("protocols", nargs='*', help="Name(s) of protocol to score")
+        args = parser.parse_args()
+
+        self.verbose = args.verbose
+        if args.verbose > 0:
+            console = logging.StreamHandler()
+            console.setLevel(logging.INFO)
+            console.setFormatter(logging.Formatter(logging.BASIC_FORMAT))
+            logging.getLogger('').addHandler(console)
+
+        protocols = args.protocols if len(args.protocols) else ['h2', 'h3']
+        handshakes = True
+        downloads = True
+        test_httpd = True
+        test_caddy = True
+        if args.downloads:
+            handshakes = False
+        if args.caddy:
+            test_caddy = True
+            test_httpd = False
+        if args.httpd:
+            test_caddy = False
+            test_httpd = True
+
+        rv = 0
+        self.env = Env()
+        self.env.setup()
+        self.httpd = None
+        self.nghttpx = None
+        self.caddy = None
+        try:
+            self.httpd = Httpd(env=self.env)
+            assert self.httpd.exists(), f'httpd not found: {self.env.httpd}'
+            self.httpd.clear_logs()
+            assert self.httpd.start()
+            if 'h3' in protocols:
+                self.nghttpx = Nghttpx(env=self.env)
+                self.nghttpx.clear_logs()
+                assert self.nghttpx.start()
+            if self.env.caddy:
+                self.caddy = Caddy(env=self.env)
+                self.caddy.clear_logs()
+                assert self.caddy.start()
+
+            for p in protocols:
+                score = self.score_proto(proto=p, handshakes=handshakes,
+                                         downloads=downloads,
+                                         test_caddy=test_caddy,
+                                         test_httpd=test_httpd)
+                if args.text:
+                    self.print_score(score)
+                else:
+                    print(json.JSONEncoder(indent=2).encode(score))
+
+        except ScoreCardException as ex:
+            sys.stderr.write(f"ERROR: {str(ex)}\n")
+            rv = 1
+        except KeyboardInterrupt:
+            log.warning("aborted")
+            rv = 1
+        finally:
+            if self.caddy:
+                self.caddy.stop()
+                self.caddy = None
+            if self.nghttpx:
+                self.nghttpx.stop(wait_dead=False)
+            if self.httpd:
+                self.httpd.stop()
+                self.httpd = None
+        sys.exit(rv)
+
+
+if __name__ == "__main__":
+    ScoreCard().main()
diff --git a/tests/http/test_01_basic.py b/tests/http/test_01_basic.py
new file mode 100644
index 000000000..ba513d19a
--- /dev/null
+++ b/tests/http/test_01_basic.py
@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import pytest
+
+from testenv import Env
+from testenv import CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestBasic:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, nghttpx):
+        if env.have_h3():
+            nghttpx.start_if_needed()
+
+    # simple http: GET
+    def test_01_01_http_get(self, env: Env, httpd):
+        curl = CurlClient(env=env)
+        url = f'http://{env.domain1}:{env.http_port}/data.json'
+        r = curl.http_get(url=url)
+        assert r.exit_code == 0
+        assert r.response['status'] == 200
+        assert r.json['server'] == env.domain1
+
+    # simple https: GET, any http version
+    def test_01_02_https_get(self, env: Env, httpd):
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain1}:{env.https_port}/data.json'
+        r = curl.http_get(url=url)
+        assert r.exit_code == 0
+        assert r.response['status'] == 200
+        assert r.json['server'] == env.domain1
+
+    # simple https: GET, h2 wanted and got
+    def test_01_03_h2_get(self, env: Env, httpd):
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain1}:{env.https_port}/data.json'
+        r = curl.http_get(url=url, extra_args=['--http2'])
+        assert r.exit_code == 0
+        assert r.response['status'] == 200
+        assert r.response['protocol'] == 'HTTP/2'
+        assert r.json['server'] == env.domain1
+
+    # simple https: GET, h2 unsupported, fallback to h1
+    def test_01_04_h2_unsupported(self, env: Env, httpd):
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain2}:{env.https_port}/data.json'
+        r = curl.http_get(url=url, extra_args=['--http2'])
+        assert r.exit_code == 0
+        assert r.response['status'] == 200
+        assert r.response['protocol'] == 'HTTP/1.1'
+        assert r.json['server'] == env.domain2
+
+    # simple h3: GET, want h3 and get it
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason="h3 not supported")
+    def test_01_05_h3_get(self, env: Env, httpd, nghttpx):
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain1}:{env.h3_port}/data.json'
+        r = curl.http_get(url=url, extra_args=['--http3'])
+        assert r.exit_code == 0, f'{r}'
+        assert r.response['status'] == 200
+        assert r.response['protocol'] == 'HTTP/3'
+        assert r.json['server'] == env.domain1
diff --git a/tests/http/test_02_download.py b/tests/http/test_02_download.py
new file mode 100644
index 000000000..1f2b36263
--- /dev/null
+++ b/tests/http/test_02_download.py
@@ -0,0 +1,304 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import difflib
+import filecmp
+import logging
+import os
+import pytest
+
+from testenv import Env, CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestDownload:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd, nghttpx):
+        if env.have_h3():
+            nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd):
+        env.make_data_file(indir=httpd.docs_dir, fname="data-100k", fsize=100*1024)
+        env.make_data_file(indir=httpd.docs_dir, fname="data-1m", fsize=1024*1024)
+        env.make_data_file(indir=httpd.docs_dir, fname="data-10m", fsize=10*1024*1024)
+
+    # download 1 file
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_01_download_1(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+
+    # download 2 files
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_02_download_2(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-1]'
+        r = curl.http_download(urls=[url], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=2, exp_status=200)
+
+    # download 100 files sequentially
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_03_download_100_sequential(self, env: Env,
+                                           httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-99]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=100, exp_status=200)
+        # http/1.1 sequential transfers will open 1 connection
+        assert r.total_connects == 1
+
+    # download 100 files parallel
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_04_download_100_parallel(self, env: Env,
+                                         httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        max_parallel = 6 if proto == 'http/1.1' else 50
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-99]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel', '--parallel-max', f'{max_parallel}'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=100, exp_status=200)
+        if proto == 'http/1.1':
+            # http/1.1 parallel transfers will open multiple connections
+            assert r.total_connects > 1
+        else:
+            # http2 parallel transfers will use one connection (common limit is 100)
+            assert r.total_connects == 1
+
+    # download 500 files sequential
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_05_download_500_sequential(self, env: Env,
+                                           httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-499]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=500, exp_status=200)
+        if proto == 'http/1.1':
+            # http/1.1 parallel transfers will open multiple connections
+            assert r.total_connects > 1
+        else:
+            # http2 parallel transfers will use one connection (common limit is 100)
+            assert r.total_connects == 1
+
+    # download 500 files parallel
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_02_06_download_500_parallel(self, env: Env,
+                                         httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 500
+        max_parallel = 50
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[000-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel', '--parallel-max', f'{max_parallel}'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        # http2 parallel transfers will use one connection (common limit is 100)
+        assert r.total_connects == 1
+
+    # download files parallel, check connection reuse/multiplex
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_02_07_download_reuse(self, env: Env,
+                                  httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 200
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto,
+                               with_stats=True, extra_args=[
+            '--parallel', '--parallel-max', '200'
+        ])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        # should have used 2 connections only (test servers allow 100 req/conn)
+        assert r.total_connects == 2, "h2 should use fewer connections here"
+
+    # download files parallel with http/1.1, check connection not reused
+    @pytest.mark.parametrize("proto", ['http/1.1'])
+    def test_02_07b_download_reuse(self, env: Env,
+                                   httpd, nghttpx, repeat, proto):
+        count = 20
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto,
+                               with_stats=True, extra_args=[
+            '--parallel'
+        ])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        # http/1.1 should have used count connections
+        assert r.total_connects == count, "http/1.1 should use this many connections"
+
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_08_1MB_serial(self, env: Env,
+                              httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 20
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data-1m?[0-{count-1}]'
+        curl = CurlClient(env=env)
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_09_1MB_parallel(self, env: Env,
+                              httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 20
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data-1m?[0-{count-1}]'
+        curl = CurlClient(env=env)
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_10_10MB_serial(self, env: Env,
+                              httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 20
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data-10m?[0-{count-1}]'
+        curl = CurlClient(env=env)
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_02_11_10MB_parallel(self, env: Env,
+                              httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 20
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data-10m?[0-{count-1}]'
+        curl = CurlClient(env=env)
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_02_12_head_serial_https(self, env: Env,
+                                     httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 100
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data-10m?[0-{count-1}]'
+        curl = CurlClient(env=env)
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--head'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+
+    @pytest.mark.parametrize("proto", ['h2'])
+    def test_02_13_head_serial_h2c(self, env: Env,
+                                    httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 100
+        urln = f'http://{env.domain1}:{env.http_port}/data-10m?[0-{count-1}]'
+        curl = CurlClient(env=env)
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--head', '--http2-prior-knowledge', '--fail-early'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+
+    def test_02_20_h2_small_frames(self, env: Env, httpd, repeat):
+        # Test case to reproduce content corruption as observed in
+        # https://github.com/curl/curl/issues/10525
+        # To reliably reproduce, we need an Apache httpd that supports
+        # setting smaller frame sizes. This is not released yet, we
+        # test if it works and back out if not.
+        httpd.set_extra_config(env.domain1, lines=[
+            f'H2MaxDataFrameLen 1024',
+        ])
+        assert httpd.stop()
+        if not httpd.start():
+            # no, not supported, bail out
+            httpd.set_extra_config(env.domain1, lines=None)
+            assert httpd.start()
+            pytest.skip(f'H2MaxDataFrameLen not supported')
+        # ok, make 100 downloads with 2 parallel running and they
+        # are expected to stumble into the issue when using `lib/http2.c`
+        # from curl 7.88.0
+        count = 100
+        urln = f'https://{env.authority_for(env.domain1, "h2")}/data-1m?[0-{count-1}]'
+        curl = CurlClient(env=env)
+        r = curl.http_download(urls=[urln], alpn_proto="h2", extra_args=[
+            '--parallel', '--parallel-max', '2'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        srcfile = os.path.join(httpd.docs_dir, 'data-1m')
+        for i in range(count):
+            dfile = curl.download_file(i)
+            assert os.path.exists(dfile)
+            if not filecmp.cmp(srcfile, dfile, shallow=False):
+                diff = "".join(difflib.unified_diff(a=open(srcfile).readlines(),
+                                                    b=open(dfile).readlines(),
+                                                    fromfile=srcfile,
+                                                    tofile=dfile,
+                                                    n=1))
+                assert False, f'download {dfile} differs:\n{diff}'
+        # restore httpd defaults
+        httpd.set_extra_config(env.domain1, lines=None)
+        assert httpd.stop()
+        assert httpd.start()
+
diff --git a/tests/http/test_03_goaway.py b/tests/http/test_03_goaway.py
new file mode 100644
index 000000000..6db8a6cc9
--- /dev/null
+++ b/tests/http/test_03_goaway.py
@@ -0,0 +1,147 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import time
+from datetime import timedelta
+from threading import Thread
+import pytest
+
+from testenv import Env, CurlClient, ExecResult
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestGoAway:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd, nghttpx):
+        if env.have_h3():
+            nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    # download files sequentially with delay, reload server for GOAWAY
+    def test_03_01_h2_goaway(self, env: Env, httpd, nghttpx, repeat):
+        proto = 'h2'
+        count = 3
+        self.r = None
+        def long_run():
+            curl = CurlClient(env=env)
+            #  send 10 chunks of 1024 bytes in a response body with 100ms delay in between
+            urln = f'https://{env.authority_for(env.domain1, proto)}' \
+                   f'/curltest/tweak?id=[0-{count - 1}]'\
+                   '&chunks=10&chunk_size=1024&chunk_delay=100ms'
+            self.r = curl.http_download(urls=[urln], alpn_proto=proto)
+
+        t = Thread(target=long_run)
+        t.start()
+        # each request will take a second, reload the server in the middle
+        # of the first one.
+        time.sleep(1.5)
+        assert httpd.reload()
+        t.join()
+        r: ExecResult = self.r
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        # reload will shut down the connection gracefully with GOAWAY
+        # we expect to see a second connection opened afterwards
+        assert r.total_connects == 2
+        for idx, s in enumerate(r.stats):
+            if s['num_connects'] > 0:
+                log.debug(f'request {idx} connected')
+        # this should take `count` seconds to retrieve
+        assert r.duration >= timedelta(seconds=count)
+
+    # download files sequentially with delay, reload server for GOAWAY
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason="h3 not supported")
+    def test_03_02_h3_goaway(self, env: Env, httpd, nghttpx, repeat):
+        proto = 'h3'
+        count = 3
+        self.r = None
+        def long_run():
+            curl = CurlClient(env=env)
+            #  send 10 chunks of 1024 bytes in a response body with 100ms delay in between
+            urln = f'https://{env.authority_for(env.domain1, proto)}' \
+                   f'/curltest/tweak?id=[0-{count - 1}]'\
+                   '&chunks=10&chunk_size=1024&chunk_delay=100ms'
+            self.r = curl.http_download(urls=[urln], alpn_proto=proto)
+
+        t = Thread(target=long_run)
+        t.start()
+        # each request will take a second, reload the server in the middle
+        # of the first one.
+        time.sleep(1.5)
+        assert nghttpx.reload(timeout=timedelta(seconds=2))
+        t.join()
+        r: ExecResult = self.r
+        assert r.exit_code == 0, f'{r}'
+        # reload will shut down the connection gracefully with GOAWAY
+        # we expect to see a second connection opened afterwards
+        assert r.total_connects == 2
+        for idx, s in enumerate(r.stats):
+            if s['num_connects'] > 0:
+                log.debug(f'request {idx} connected')
+        # this should take `count` seconds to retrieve
+        assert r.duration >= timedelta(seconds=count)
+        r.check_stats(count=count, exp_status=200, exp_exitcode=0)
+
+    # download files sequentially with delay, reload server for GOAWAY
+    def test_03_03_h1_goaway(self, env: Env, httpd, nghttpx, repeat):
+        proto = 'http/1.1'
+        count = 3
+        self.r = None
+        def long_run():
+            curl = CurlClient(env=env)
+            #  send 10 chunks of 1024 bytes in a response body with 100ms delay in between
+            urln = f'https://{env.authority_for(env.domain1, proto)}' \
+                   f'/curltest/tweak?id=[0-{count - 1}]'\
+                   '&chunks=10&chunk_size=1024&chunk_delay=100ms'
+            self.r = curl.http_download(urls=[urln], alpn_proto=proto)
+
+        t = Thread(target=long_run)
+        t.start()
+        # each request will take a second, reload the server in the middle
+        # of the first one.
+        time.sleep(1.5)
+        assert httpd.reload()
+        t.join()
+        r: ExecResult = self.r
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        # reload will shut down the connection gracefully with GOAWAY
+        # we expect to see a second connection opened afterwards
+        assert r.total_connects == 2
+        for idx, s in enumerate(r.stats):
+            if s['num_connects'] > 0:
+                log.debug(f'request {idx} connected')
+        # this should take `count` seconds to retrieve
+        assert r.duration >= timedelta(seconds=count)
+
+
diff --git a/tests/http/test_04_stuttered.py b/tests/http/test_04_stuttered.py
new file mode 100644
index 000000000..19d6a4253
--- /dev/null
+++ b/tests/http/test_04_stuttered.py
@@ -0,0 +1,148 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+from typing import Tuple, List, Dict
+import pytest
+
+from testenv import Env, CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestStuttered:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd, nghttpx):
+        if env.have_h3():
+            nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    # download 1 file, check that delayed response works in general
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_04_01_download_1(self, env: Env, httpd, nghttpx, repeat,
+                              proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 1
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}' \
+               f'/curltest/tweak?id=[0-{count - 1}]'\
+               '&chunks=100&chunk_size=100&chunk_delay=10ms'
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+
+    # download 50 files in 100 chunks a 100 bytes with 10ms delay between
+    # prepend 100 file requests to warm up connection processing limits
+    # (Apache2 increases # of parallel processed requests after successes)
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_04_02_100_100_10(self, env: Env,
+                                httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 50
+        warmups = 100
+        curl = CurlClient(env=env)
+        url1 = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{warmups-1}]'
+        urln = f'https://{env.authority_for(env.domain1, proto)}' \
+               f'/curltest/tweak?id=[0-{count-1}]'\
+               '&chunks=100&chunk_size=100&chunk_delay=10ms'
+        r = curl.http_download(urls=[url1, urln], alpn_proto=proto,
+                               extra_args=['--parallel'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=warmups+count, exp_status=200)
+        assert r.total_connects == 1
+        t_avg, i_min, t_min, i_max, t_max = self.stats_spread(r.stats[warmups:], 'time_total')
+        if t_max < (5 * t_min) and t_min < 2:
+            log.warning(f'avg time of transfer: {t_avg} [{i_min}={t_min}, {i_max}={t_max}]')
+
+    # download 50 files in 1000 chunks a 10 bytes with 1ms delay between
+    # prepend 100 file requests to warm up connection processing limits
+    # (Apache2 increases # of parallel processed requests after successes)
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_04_03_1000_10_1(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 50
+        warmups = 100
+        curl = CurlClient(env=env)
+        url1 = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{warmups-1}]'
+        urln = f'https://{env.authority_for(env.domain1, proto)}' \
+               f'/curltest/tweak?id=[0-{count - 1}]'\
+               '&chunks=1000&chunk_size=10&chunk_delay=100us'
+        r = curl.http_download(urls=[url1, urln], alpn_proto=proto,
+                               extra_args=['--parallel'])
+        assert r.exit_code == 0
+        r.check_stats(count=warmups+count, exp_status=200)
+        assert r.total_connects == 1
+        t_avg, i_min, t_min, i_max, t_max = self.stats_spread(r.stats[warmups:], 'time_total')
+        if t_max < (5 * t_min):
+            log.warning(f'avg time of transfer: {t_avg} [{i_min}={t_min}, {i_max}={t_max}]')
+
+    # download 50 files in 10000 chunks a 1 byte with 10us delay between
+    # prepend 100 file requests to warm up connection processing limits
+    # (Apache2 increases # of parallel processed requests after successes)
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_04_04_1000_10_1(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 50
+        warmups = 100
+        curl = CurlClient(env=env)
+        url1 = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{warmups-1}]'
+        urln = f'https://{env.authority_for(env.domain1, proto)}' \
+               f'/curltest/tweak?id=[0-{count - 1}]'\
+               '&chunks=10000&chunk_size=1&chunk_delay=50us'
+        r = curl.http_download(urls=[url1, urln], alpn_proto=proto,
+                               extra_args=['--parallel'])
+        assert r.exit_code == 0
+        r.check_stats(count=warmups+count, exp_status=200)
+        assert r.total_connects == 1
+        t_avg, i_min, t_min, i_max, t_max = self.stats_spread(r.stats[warmups:], 'time_total')
+        if t_max < (5 * t_min):
+            log.warning(f'avg time of transfer: {t_avg} [{i_min}={t_min}, {i_max}={t_max}]')
+
+    def stats_spread(self, stats: List[Dict], key: str) -> Tuple[float, int, float, int, float]:
+        stotals = 0.0
+        s_min = 100.0
+        i_min = -1
+        s_max = 0.0
+        i_max = -1
+        for idx, s in enumerate(stats):
+            val = float(s[key])
+            stotals += val
+            if val > s_max:
+                s_max = val
+                i_max = idx
+            if val < s_min:
+                s_min = val
+                i_min = idx
+        return stotals/len(stats), i_min, s_min, i_max, s_max
diff --git a/tests/http/test_05_errors.py b/tests/http/test_05_errors.py
new file mode 100644
index 000000000..3de53a4cf
--- /dev/null
+++ b/tests/http/test_05_errors.py
@@ -0,0 +1,94 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import json
+import logging
+from typing import Optional, Tuple, List, Dict
+import pytest
+
+from testenv import Env, CurlClient, ExecResult
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+@pytest.mark.skipif(condition=not Env.httpd_is_at_least('2.4.55'),
+                    reason=f"httpd version too old for this: {Env.httpd_version()}")
+class TestErrors:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd, nghttpx):
+        if env.have_h3():
+            nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    # download 1 file, check that we get CURLE_PARTIAL_FILE
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_05_01_partial_1(self, env: Env, httpd, nghttpx, repeat,
+                              proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 1
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}' \
+               f'/curltest/tweak?id=[0-{count - 1}]'\
+               '&chunks=3&chunk_size=16000&body_error=reset'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--retry', '0'
+        ])
+        assert r.exit_code != 0, f'{r}'
+        invalid_stats = []
+        for idx, s in enumerate(r.stats):
+            if 'exitcode' not in s or s['exitcode'] not in [18, 56, 92]:
+                invalid_stats.append(f'request {idx} exit with {s["exitcode"]}')
+        assert len(invalid_stats) == 0, f'failed: {invalid_stats}'
+
+    # download files, check that we get CURLE_PARTIAL_FILE for all
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_05_02_partial_20(self, env: Env, httpd, nghttpx, repeat,
+                              proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        if proto == 'h3' and env.curl_uses_lib('quiche'):
+            pytest.skip("quiche not reliable, sometimes reports success")
+        count = 20
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}' \
+               f'/curltest/tweak?id=[0-{count - 1}]'\
+               '&chunks=5&chunk_size=16000&body_error=reset'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--retry', '0', '--parallel',
+        ])
+        assert r.exit_code != 0, f'{r}'
+        assert len(r.stats) == count, f'did not get all stats: {r}'
+        invalid_stats = []
+        for idx, s in enumerate(r.stats):
+            if 'exitcode' not in s or s['exitcode'] not in [18, 56, 92, 95]:
+                invalid_stats.append(f'request {idx} exit with {s["exitcode"]}\n{s}')
+        assert len(invalid_stats) == 0, f'failed: {invalid_stats}'
diff --git a/tests/http/test_06_eyeballs.py b/tests/http/test_06_eyeballs.py
new file mode 100644
index 000000000..0222abff5
--- /dev/null
+++ b/tests/http/test_06_eyeballs.py
@@ -0,0 +1,123 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import json
+import logging
+from typing import Optional, Tuple, List, Dict
+import pytest
+
+from testenv import Env, CurlClient, ExecResult
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestEyeballs:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd, nghttpx):
+        if env.have_h3():
+            nghttpx.start_if_needed()
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    # download using only HTTP/3 on working server
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason=f"missing HTTP/3 support")
+    def test_06_01_h3_only(self, env: Env, httpd, nghttpx, repeat):
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, "h3")}/data.json'
+        r = curl.http_download(urls=[urln], extra_args=['--http3-only'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+        assert r.stats[0]['http_version'] == '3'
+
+    # download using only HTTP/3 on missing server
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason=f"missing HTTP/3 support")
+    def test_06_02_h3_only(self, env: Env, httpd, nghttpx, repeat):
+        nghttpx.stop_if_running()
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, "h3")}/data.json'
+        r = curl.http_download(urls=[urln], extra_args=['--http3-only'])
+        assert r.exit_code == 7, f'{r}'  # could not connect
+
+    # download using HTTP/3 on missing server with fallback on h2
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason=f"missing HTTP/3 support")
+    def test_06_03_h3_fallback_h2(self, env: Env, httpd, nghttpx, repeat):
+        nghttpx.stop_if_running()
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, "h3")}/data.json'
+        r = curl.http_download(urls=[urln], extra_args=['--http3'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+        assert r.stats[0]['http_version'] == '2'
+
+    # download using HTTP/3 on missing server with fallback on http/1.1
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason=f"missing HTTP/3 support")
+    def test_06_04_h3_fallback_h1(self, env: Env, httpd, nghttpx, repeat):
+        nghttpx.stop_if_running()
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain2, "h3")}/data.json'
+        r = curl.http_download(urls=[urln], extra_args=['--http3'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+        assert r.stats[0]['http_version'] == '1.1'
+
+    # make a successful https: transfer and observer the timer stats
+    def test_06_10_stats_success(self, env: Env, httpd, nghttpx, repeat):
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, "h2")}/data.json'
+        r = curl.http_download(urls=[urln])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+        assert r.stats[0]['time_connect'] > 0.0
+        assert r.stats[0]['time_appconnect'] > 0.0
+
+    # make https: to a hostname that tcp connects, but will not verify
+    def test_06_11_stats_fail_verify(self, env: Env, httpd, nghttpx, repeat):
+        curl = CurlClient(env=env)
+        urln = f'https://not-valid.com:{env.https_port}/data.json'
+        r = curl.http_download(urls=[urln], extra_args=[
+            '--resolve', f'not-valid.com:{env.https_port}:127.0.0.1'
+        ])
+        assert r.exit_code != 0, f'{r}'
+        r.check_stats(count=1, exp_status=0)
+        assert r.stats[0]['time_connect'] > 0.0    # was tcp connected
+        assert r.stats[0]['time_appconnect'] == 0  # but not SSL verified
+
+    # make https: to an invalid address
+    def test_06_12_stats_fail_tcp(self, env: Env, httpd, nghttpx, repeat):
+        curl = CurlClient(env=env)
+        urln = f'https://not-valid.com:1/data.json'
+        r = curl.http_download(urls=[urln], extra_args=[
+            '--resolve', f'not-valid.com:{1}:127.0.0.1'
+        ])
+        assert r.exit_code != 0, f'{r}'
+        r.check_stats(count=1, exp_status=0)
+        assert r.stats[0]['time_connect'] == 0     # no one should have listened
+        assert r.stats[0]['time_appconnect'] == 0  # did not happen either
+
diff --git a/tests/http/test_07_upload.py b/tests/http/test_07_upload.py
new file mode 100644
index 000000000..a4752e514
--- /dev/null
+++ b/tests/http/test_07_upload.py
@@ -0,0 +1,226 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import pytest
+
+from testenv import Env, CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestUpload:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd, nghttpx):
+        if env.have_h3():
+            nghttpx.start_if_needed()
+        env.make_data_file(indir=env.gen_dir, fname="data-100k", fsize=100*1024)
+        env.make_data_file(indir=env.gen_dir, fname="data-10m", fsize=10*1024*1024)
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    # upload small data, check that this is what was echoed
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_07_01_upload_1_small(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        data = '0123456789'
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-0]'
+        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+        respdata = open(curl.response_file(0)).readlines()
+        assert respdata == [data]
+
+    # upload large data, check that this is what was echoed
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_07_02_upload_1_large(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        fdata = os.path.join(env.gen_dir, 'data-100k')
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-0]'
+        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+        indata = open(fdata).readlines()
+        respdata = open(curl.response_file(0)).readlines()
+        assert respdata == indata
+
+    # upload data sequentially, check that they were echoed
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_07_10_upload_sequential(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        count = 50
+        data = '0123456789'
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-{count-1}]'
+        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == [data]
+
+    # upload data parallel, check that they were echoed
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_07_11_upload_parallel(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        # limit since we use a separate connection in h1
+        count = 50
+        data = '0123456789'
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-{count-1}]'
+        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto,
+                             extra_args=['--parallel'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == [data]
+
+    # upload large data sequentially, check that this is what was echoed
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_07_20_upload_seq_large(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        fdata = os.path.join(env.gen_dir, 'data-100k')
+        count = 50
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-{count-1}]'
+        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        indata = open(fdata).readlines()
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == indata
+
+    # upload very large data sequentially, check that this is what was echoed
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_07_12_upload_seq_large(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        fdata = os.path.join(env.gen_dir, 'data-10m')
+        count = 2
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-{count-1}]'
+        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        indata = open(fdata).readlines()
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == indata
+
+    # upload data parallel, check that they were echoed
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_07_20_upload_parallel(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        # limit since we use a separate connection in h1
+        count = 50
+        data = '0123456789'
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-{count-1}]'
+        r = curl.http_upload(urls=[url], data=data, alpn_proto=proto,
+                             extra_args=['--parallel'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == [data]
+
+    # upload large data parallel, check that this is what was echoed
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_07_21_upload_parallel_large(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        if proto == 'h3' and env.curl_uses_lib('quiche'):
+            pytest.skip("quiche stalls on parallel, large uploads, unless --trace is used???")
+        fdata = os.path.join(env.gen_dir, 'data-100k')
+        # limit since we use a separate connection in h1
+        count = 50
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/echo?id=[0-{count-1}]'
+        r = curl.http_upload(urls=[url], data=f'@{fdata}', alpn_proto=proto,
+                             extra_args=['--parallel'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        indata = open(fdata).readlines()
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == indata
+
+    # PUT 100k
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_07_30_put_100k(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        fdata = os.path.join(env.gen_dir, 'data-100k')
+        count = 1
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/put?id=[0-{count-1}]'
+        r = curl.http_put(urls=[url], fdata=fdata, alpn_proto=proto,
+                             extra_args=['--parallel'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        exp_data = [f'{os.path.getsize(fdata)}']
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == exp_data
+
+    # PUT 10m
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_07_31_put_10m(self, env: Env, httpd, nghttpx, repeat, proto):
+        if proto == 'h3' and not env.have_h3():
+            pytest.skip("h3 not supported")
+        fdata = os.path.join(env.gen_dir, 'data-10m')
+        count = 1
+        curl = CurlClient(env=env)
+        url = f'https://{env.authority_for(env.domain1, proto)}/curltest/put?id=[0-{count-1}]&chunk_delay=10ms'
+        r = curl.http_put(urls=[url], fdata=fdata, alpn_proto=proto,
+                             extra_args=['--parallel'])
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=count, exp_status=200)
+        exp_data = [f'{os.path.getsize(fdata)}']
+        r.check_stats(count=count, exp_status=200)
+        for i in range(count):
+            respdata = open(curl.response_file(i)).readlines()
+            assert respdata == exp_data
+
diff --git a/tests/http/test_08_caddy.py b/tests/http/test_08_caddy.py
new file mode 100644
index 000000000..683fb7a33
--- /dev/null
+++ b/tests/http/test_08_caddy.py
@@ -0,0 +1,147 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import pytest
+
+from testenv import Env, CurlClient, Caddy
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=not Env.has_caddy(), reason=f"missing caddy")
+class TestCaddy:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def caddy(self, env):
+        caddy = Caddy(env=env)
+        assert caddy.start()
+        yield caddy
+        caddy.stop()
+
+    def _make_docs_file(self, docs_dir: str, fname: str, fsize: int):
+        fpath = os.path.join(docs_dir, fname)
+        data1k = 1024*'x'
+        flen = 0
+        with open(fpath, 'w') as fd:
+            while flen < fsize:
+                fd.write(data1k)
+                flen += len(data1k)
+        return flen
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, caddy):
+        self._make_docs_file(docs_dir=caddy.docs_dir, fname='data1.data', fsize=1024*1024)
+        self._make_docs_file(docs_dir=caddy.docs_dir, fname='data10.data', fsize=10*1024*1024)
+        self._make_docs_file(docs_dir=caddy.docs_dir, fname='data100.data', fsize=100*1024*1024)
+
+    # download 1 file
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_08_01_download_1(self, env: Env, caddy: Caddy, repeat, proto):
+        if proto == 'h3' and not env.have_h3_curl():
+            pytest.skip("h3 not supported in curl")
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain1}:{caddy.port}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto=proto)
+        assert r.exit_code == 0, f'{r}'
+        r.check_stats(count=1, exp_status=200)
+
+    # download 1MB files sequentially
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_08_02_download_1mb_sequential(self, env: Env, caddy: Caddy,
+                                           repeat, proto):
+        if proto == 'h3' and not env.have_h3_curl():
+            pytest.skip("h3 not supported in curl")
+        count = 50
+        curl = CurlClient(env=env)
+        urln = f'https://{env.domain1}:{caddy.port}/data1.data?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        # sequential transfers will open 1 connection
+        assert r.total_connects == 1
+
+    # download 1MB files parallel
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_08_03_download_1mb_parallel(self, env: Env, caddy: Caddy,
+                                         repeat, proto):
+        if proto == 'h3' and not env.have_h3_curl():
+            pytest.skip("h3 not supported in curl")
+        count = 50
+        curl = CurlClient(env=env)
+        urln = f'https://{env.domain1}:{caddy.port}/data1.data?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        if proto == 'http/1.1':
+            # http/1.1 parallel transfers will open multiple connections
+            assert r.total_connects > 1
+        else:
+            assert r.total_connects == 1
+
+    # download 10MB files sequentially
+    @pytest.mark.parametrize("proto", ['h2', 'h3'])
+    def test_08_04_download_10mb_sequential(self, env: Env, caddy: Caddy,
+                                           repeat, proto):
+        if proto == 'h3' and not env.have_h3_curl():
+            pytest.skip("h3 not supported in curl")
+        if proto == 'h3' and env.curl_uses_lib('quiche'):
+            pytest.skip("quiche stalls after a certain amount of data")
+        count = 20
+        curl = CurlClient(env=env)
+        urln = f'https://{env.domain1}:{caddy.port}/data10.data?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        # sequential transfers will open 1 connection
+        assert r.total_connects == 1
+
+    # download 10MB files parallel
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2', 'h3'])
+    def test_08_05_download_1mb_parallel(self, env: Env, caddy: Caddy,
+                                         repeat, proto):
+        if proto == 'h3' and not env.have_h3_curl():
+            pytest.skip("h3 not supported in curl")
+        if proto == 'h3' and env.curl_uses_lib('quiche'):
+            pytest.skip("quiche stalls after a certain amount of data")
+        count = 50
+        curl = CurlClient(env=env)
+        urln = f'https://{env.domain1}:{caddy.port}/data10.data?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--parallel'
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        if proto == 'http/1.1':
+            # http/1.1 parallel transfers will open multiple connections
+            assert r.total_connects > 1
+        else:
+            assert r.total_connects == 1
+
diff --git a/tests/http/test_09_push.py b/tests/http/test_09_push.py
new file mode 100644
index 000000000..81a6e4fc7
--- /dev/null
+++ b/tests/http/test_09_push.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import pytest
+
+from testenv import Env, CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestPush:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd):
+        push_dir = os.path.join(httpd.docs_dir, 'push')
+        if not os.path.exists(push_dir):
+            os.makedirs(push_dir)
+        env.make_data_file(indir=push_dir, fname="data1", fsize=100*1024)
+        env.make_data_file(indir=push_dir, fname="data2", fsize=100*1024)
+        env.make_data_file(indir=push_dir, fname="data3", fsize=100*1024)
+        httpd.set_extra_config(env.domain1, [
+            f'H2EarlyHints on',
+            f'<Location /push/data1>',
+            f'  H2PushResource /push/data2',
+            f'</Location>',
+            f'<Location /push/data2>',
+            f'  H2PushResource /push/data1',
+            f'  H2PushResource /push/data3',
+            f'</Location>',
+        ])
+        # activate the new config
+        httpd.reload()
+        yield
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    # download a file that triggers a "103 Early Hints" response
+    def test_09_01_early_hints(self, env: Env, httpd, repeat):
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain1}:{env.https_port}/push/data1'
+        r = curl.http_download(urls=[url], alpn_proto='h2', with_stats=False,
+                               with_headers=True)
+        assert r.exit_code == 0, f'{r}'
+        assert len(r.responses) == 2, f'{r.responses}'
+        assert r.responses[0]['status'] == 103, f'{r.responses}'
+        assert 'link' in r.responses[0]['header'], f'{r.responses[0]}'
+        assert r.responses[0]['header']['link'] == '</push/data2>; rel=preload', f'{r.responses[0]}'
diff --git a/tests/http/test_10_proxy.py b/tests/http/test_10_proxy.py
new file mode 100644
index 000000000..3bf3cd11f
--- /dev/null
+++ b/tests/http/test_10_proxy.py
@@ -0,0 +1,141 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import pytest
+
+from testenv import Env, CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestProxy:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, httpd):
+        push_dir = os.path.join(httpd.docs_dir, 'push')
+        if not os.path.exists(push_dir):
+            os.makedirs(push_dir)
+        httpd.clear_extra_configs()
+        httpd.reload()
+
+    # download via http: proxy (no tunnel)
+    def test_10_01_proxy_http(self, env: Env, httpd, repeat):
+        curl = CurlClient(env=env)
+        url = f'http://localhost:{env.http_port}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto='http/1.1', with_stats=True,
+                               extra_args=[
+                                 '--proxy', f'http://{env.proxy_domain}:{env.proxy_port}/',
+                                 '--resolve', f'{env.proxy_domain}:{env.proxy_port}:127.0.0.1',
+                               ])
+        assert r.exit_code == 0
+        r.check_stats(count=1, exp_status=200)
+
+    # download via https: proxy (no tunnel)
+    @pytest.mark.skipif(condition=not Env.curl_has_feature('HTTPS-proxy'),
+                        reason='curl lacks HTTPS-proxy support')
+    def test_10_02_proxy_https(self, env: Env, httpd, repeat):
+        curl = CurlClient(env=env)
+        url = f'http://localhost:{env.http_port}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto='http/1.1', with_stats=True,
+                               extra_args=[
+                                 '--proxy', f'https://{env.proxy_domain}:{env.proxys_port}/',
+                                 '--resolve', f'{env.proxy_domain}:{env.proxys_port}:127.0.0.1',
+                                 '--proxy-cacert', env.ca.cert_file,
+                               ])
+        assert r.exit_code == 0
+        r.check_stats(count=1, exp_status=200)
+
+    # download http: via http: proxytunnel
+    def test_10_03_proxytunnel_http(self, env: Env, httpd, repeat):
+        curl = CurlClient(env=env)
+        url = f'http://localhost:{env.http_port}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto='http/1.1', with_stats=True,
+                               extra_args=[
+                                 '--proxytunnel',
+                                 '--proxy', f'http://{env.proxy_domain}:{env.proxy_port}/',
+                                 '--resolve', f'{env.proxy_domain}:{env.proxy_port}:127.0.0.1',
+                               ])
+        assert r.exit_code == 0
+        r.check_stats(count=1, exp_status=200)
+
+    # download http: via https: proxytunnel
+    @pytest.mark.skipif(condition=not Env.curl_has_feature('HTTPS-proxy'),
+                        reason='curl lacks HTTPS-proxy support')
+    def test_10_04_proxy_https(self, env: Env, httpd, repeat):
+        curl = CurlClient(env=env)
+        url = f'http://localhost:{env.http_port}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto='http/1.1', with_stats=True,
+                               extra_args=[
+                                 '--proxytunnel',
+                                 '--proxy', f'https://{env.proxy_domain}:{env.proxys_port}/',
+                                 '--resolve', f'{env.proxy_domain}:{env.proxys_port}:127.0.0.1',
+                                 '--proxy-cacert', env.ca.cert_file,
+                               ])
+        assert r.exit_code == 0
+        r.check_stats(count=1, exp_status=200)
+
+    # download https: with proto via http: proxytunnel
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2'])
+    def test_10_05_proxytunnel_http(self, env: Env, httpd, proto, repeat):
+        curl = CurlClient(env=env)
+        url = f'https://localhost:{env.https_port}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto=proto, with_stats=True,
+                               with_headers=True,
+                               extra_args=[
+                                 '--proxytunnel',
+                                 '--proxy', f'http://{env.proxy_domain}:{env.proxy_port}/',
+                                 '--resolve', f'{env.proxy_domain}:{env.proxy_port}:127.0.0.1',
+                               ])
+        assert r.exit_code == 0
+        r.check_stats(count=1, exp_status=200)
+        exp_proto = 'HTTP/2' if proto == 'h2' else 'HTTP/1.1'
+        assert r.response['protocol'] == exp_proto
+
+    # download https: with proto via https: proxytunnel
+    @pytest.mark.skipif(condition=not Env.curl_has_feature('HTTPS-proxy'),
+                        reason='curl lacks HTTPS-proxy support')
+    @pytest.mark.parametrize("proto", ['http/1.1', 'h2'])
+    def test_10_06_proxy_https(self, env: Env, httpd, proto, repeat):
+        curl = CurlClient(env=env)
+        url = f'https://localhost:{env.https_port}/data.json'
+        r = curl.http_download(urls=[url], alpn_proto=proto, with_stats=True,
+                               with_headers=True,
+                               extra_args=[
+                                 '--proxytunnel',
+                                 '--proxy', f'https://{env.proxy_domain}:{env.proxys_port}/',
+                                 '--resolve', f'{env.proxy_domain}:{env.proxys_port}:127.0.0.1',
+                                 '--proxy-cacert', env.ca.cert_file,
+                               ])
+        assert r.exit_code == 0
+        r.check_stats(count=1, exp_status=200)
+        exp_proto = 'HTTP/2' if proto == 'h2' else 'HTTP/1.1'
+        assert r.response['protocol'] == exp_proto
+
diff --git a/tests/http/test_11_unix.py b/tests/http/test_11_unix.py
new file mode 100644
index 000000000..e263cc752
--- /dev/null
+++ b/tests/http/test_11_unix.py
@@ -0,0 +1,130 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import socket
+from threading import Thread
+import pytest
+
+from testenv import Env, CurlClient
+
+
+log = logging.getLogger(__name__)
+
+class UDSFaker:
+
+    def __init__(self, path):
+        self._uds_path = path
+        self._done = False
+
+    @property
+    def path(self):
+        return self._uds_path
+
+    def start(self):
+        def process(self):
+            self._socket.listen(1)
+            self._process()
+
+        try:
+            os.unlink(self._uds_path)
+        except OSError:
+            if os.path.exists(self._uds_path):
+                raise
+        self._socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+        self._socket.bind(self._uds_path)
+        self._thread = Thread(target=process, daemon=True, args=[self])
+        self._thread.start()
+
+    def stop(self):
+        self._done = True
+        self._socket.close()
+
+    def _process(self):
+        while self._done is False:
+            try:
+                c, client_address = self._socket.accept()
+                try:
+                    data = c.recv(16)
+                    c.sendall("""HTTP/1.1 200 Ok
+Server: UdsFaker
+Content-Type: application/json
+Content-Length: 19
+
+{ "host": "faked" }""".encode())
+                finally:
+                    c.close()
+
+            except ConnectionAbortedError:
+                self._done = True
+
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+class TestUnix:
+
+    @pytest.fixture(scope="class")
+    def uds_faker(self, env: Env) -> UDSFaker:
+        uds_path = os.path.join(env.gen_dir, 'uds_11.sock')
+        faker = UDSFaker(path=uds_path)
+        faker.start()
+        yield faker
+        faker.stop()
+
+    # download http: via unix socket
+    def test_11_01_unix_connect_http(self, env: Env, httpd, uds_faker, repeat):
+        curl = CurlClient(env=env)
+        url = f'http://{env.domain1}:{env.http_port}/data.json'
+        r = curl.http_download(urls=[url], with_stats=True,
+                               extra_args=[
+                                 '--unix-socket', uds_faker.path,
+                               ])
+        assert r.exit_code == 0
+        r.check_stats(count=1, exp_status=200)
+
+    # download https: via unix socket
+    def test_11_02_unix_connect_http(self, env: Env, httpd, uds_faker, repeat):
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain1}:{env.https_port}/data.json'
+        r = curl.http_download(urls=[url], with_stats=True,
+                               extra_args=[
+                                 '--unix-socket', uds_faker.path,
+                               ])
+        assert r.exit_code == 35  # CONNECT_ERROR (as faker is not TLS)
+
+    # download HTTP/3 via unix socket
+    @pytest.mark.skipif(condition=not Env.have_h3(), reason='h3 not supported')
+    def test_11_03_unix_connect_quic(self, env: Env, httpd, uds_faker, repeat):
+        curl = CurlClient(env=env)
+        url = f'https://{env.domain1}:{env.https_port}/data.json'
+        r = curl.http_download(urls=[url], with_stats=True,
+                               alpn_proto='h3',
+                               extra_args=[
+                                 '--unix-socket', uds_faker.path,
+                               ])
+        assert r.exit_code == 96  # QUIC CONNECT ERROR
diff --git a/tests/http/test_12_reuse.py b/tests/http/test_12_reuse.py
new file mode 100644
index 000000000..cd43888bd
--- /dev/null
+++ b/tests/http/test_12_reuse.py
@@ -0,0 +1,84 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import difflib
+import filecmp
+import logging
+import os
+import pytest
+
+from testenv import Env, CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+@pytest.mark.skipif(condition=Env.setup_incomplete(),
+                    reason=f"missing: {Env.incomplete_reason()}")
+@pytest.mark.skipif(condition=Env.curl_uses_lib('bearssl'), reason='BearSSL too slow')
+class TestReuse:
+
+    # check if HTTP/1.1 handles 'Connection: close' correctly
+    @pytest.mark.parametrize("proto", ['http/1.1'])
+    def test_12_01_h1_conn_close(self, env: Env,
+                                 httpd, nghttpx, repeat, proto):
+        httpd.clear_extra_configs()
+        httpd.set_extra_config('base', [
+            f'MaxKeepAliveRequests 1',
+        ])
+        httpd.reload()
+        count = 100
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto)
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        # Server sends `Connection: close` on every 2nd request, requiring
+        # a new connection
+        assert r.total_connects == count/2
+
+    @pytest.mark.parametrize("proto", ['http/1.1'])
+    def test_12_02_h1_conn_timeout(self, env: Env,
+                                   httpd, nghttpx, repeat, proto):
+        httpd.clear_extra_configs()
+        httpd.set_extra_config('base', [
+            f'KeepAliveTimeout 1',
+        ])
+        httpd.reload()
+        count = 5
+        curl = CurlClient(env=env)
+        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{count-1}]'
+        r = curl.http_download(urls=[urln], alpn_proto=proto, extra_args=[
+            '--rate', '30/m',
+        ])
+        assert r.exit_code == 0
+        r.check_stats(count=count, exp_status=200)
+        # Connections time out on server before we send another request,
+        assert r.total_connects == count
+        # we do not see how often a request was retried in the stats, so
+        # we cannot check that connection reuse attempted a connection that
+        # was later detected to be "dead". We would like to
+        # assert stat['retry_count'] == 0
diff --git a/tests/http/testenv/__init__.py b/tests/http/testenv/__init__.py
new file mode 100644
index 000000000..8eb7632ae
--- /dev/null
+++ b/tests/http/testenv/__init__.py
@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+from .env import Env
+from .certs import TestCA, Credentials
+from .caddy import Caddy
+from .httpd import Httpd
+from .curl import CurlClient, ExecResult
+from .nghttpx import Nghttpx
diff --git a/tests/http/testenv/caddy.py b/tests/http/testenv/caddy.py
new file mode 100644
index 000000000..d789446f9
--- /dev/null
+++ b/tests/http/testenv/caddy.py
@@ -0,0 +1,169 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import subprocess
+import time
+from datetime import timedelta, datetime
+from json import JSONEncoder
+
+from .curl import CurlClient
+from .env import Env
+
+
+log = logging.getLogger(__name__)
+
+
+class Caddy:
+
+    def __init__(self, env: Env):
+        self.env = env
+        self._caddy = os.environ['CADDY'] if 'CADDY' in os.environ else env.caddy
+        self._caddy_dir = os.path.join(env.gen_dir, 'caddy')
+        self._docs_dir = os.path.join(self._caddy_dir, 'docs')
+        self._conf_file = os.path.join(self._caddy_dir, 'Caddyfile')
+        self._error_log = os.path.join(self._caddy_dir, 'caddy.log')
+        self._tmp_dir = os.path.join(self._caddy_dir, 'tmp')
+        self._process = None
+        self._rmf(self._error_log)
+
+    @property
+    def docs_dir(self):
+        return self._docs_dir
+
+    @property
+    def port(self) -> str:
+        return self.env.caddy_https_port
+
+    def clear_logs(self):
+        self._rmf(self._error_log)
+
+    def is_running(self):
+        if self._process:
+            self._process.poll()
+            return self._process.returncode is None
+        return False
+
+    def start_if_needed(self):
+        if not self.is_running():
+            return self.start()
+        return True
+
+    def start(self, wait_live=True):
+        self._mkpath(self._tmp_dir)
+        if self._process:
+            self.stop()
+        self._write_config()
+        args = [
+            self._caddy, 'run'
+        ]
+        caddyerr = open(self._error_log, 'a')
+        self._process = subprocess.Popen(args=args, cwd=self._caddy_dir, stderr=caddyerr)
+        if self._process.returncode is not None:
+            return False
+        return not wait_live or self.wait_live(timeout=timedelta(seconds=5))
+
+    def stop_if_running(self):
+        if self.is_running():
+            return self.stop()
+        return True
+
+    def stop(self, wait_dead=True):
+        self._mkpath(self._tmp_dir)
+        if self._process:
+            self._process.terminate()
+            self._process.wait(timeout=2)
+            self._process = None
+            return not wait_dead or self.wait_dead(timeout=timedelta(seconds=5))
+        return True
+
+    def restart(self):
+        self.stop()
+        return self.start()
+
+    def wait_dead(self, timeout: timedelta):
+        curl = CurlClient(env=self.env, run_dir=self._tmp_dir)
+        try_until = datetime.now() + timeout
+        while datetime.now() < try_until:
+            check_url = f'https://{self.env.domain1}:{self.port}/'
+            r = curl.http_get(url=check_url)
+            if r.exit_code != 0:
+                return True
+            log.debug(f'waiting for caddy to stop responding: {r}')
+            time.sleep(.1)
+        log.debug(f"Server still responding after {timeout}")
+        return False
+
+    def wait_live(self, timeout: timedelta):
+        curl = CurlClient(env=self.env, run_dir=self._tmp_dir)
+        try_until = datetime.now() + timeout
+        while datetime.now() < try_until:
+            check_url = f'https://{self.env.domain1}:{self.port}/'
+            r = curl.http_get(url=check_url)
+            if r.exit_code == 0:
+                return True
+            log.error(f'curl: {r}')
+            log.debug(f'waiting for caddy to become responsive: {r}')
+            time.sleep(.1)
+        log.error(f"Server still not responding after {timeout}")
+        return False
+
+    def _rmf(self, path):
+        if os.path.exists(path):
+            return os.remove(path)
+
+    def _mkpath(self, path):
+        if not os.path.exists(path):
+            return os.makedirs(path)
+
+    def _write_config(self):
+        domain1 = self.env.domain1
+        creds1 = self.env.get_credentials(domain1)
+        self._mkpath(self._docs_dir)
+        self._mkpath(self._tmp_dir)
+        with open(os.path.join(self._docs_dir, 'data.json'), 'w') as fd:
+            data = {
+                'server': f'{domain1}',
+            }
+            fd.write(JSONEncoder().encode(data))
+        with open(self._conf_file, 'w') as fd:
+            conf = [   # base server config
+                f'{{',
+                f'  http_port {self.env.caddy_http_port}',
+                f'  https_port {self.env.caddy_https_port}',
+                f'  servers :{self.env.caddy_https_port} {{',
+                f'    protocols h3 h2 h1',
+                f'  }}',
+                f'}}',
+                f'{domain1}:{self.env.caddy_https_port} {{',
+                f'  file_server * {{',
+                f'    root {self._docs_dir}',
+                f'  }}',
+                f'  tls {creds1.cert_file} {creds1.pkey_file}',
+                f'}}',
+            ]
+            fd.write("\n".join(conf))
diff --git a/tests/http/testenv/certs.py b/tests/http/testenv/certs.py
new file mode 100644
index 000000000..f575a7412
--- /dev/null
+++ b/tests/http/testenv/certs.py
@@ -0,0 +1,528 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import os
+import re
+from datetime import timedelta, datetime
+from typing import List, Any, Optional
+
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import ec, rsa
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey
+from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption, load_pem_private_key
+from cryptography.x509 import ExtendedKeyUsageOID, NameOID
+
+
+EC_SUPPORTED = {}
+EC_SUPPORTED.update([(curve.name.upper(), curve) for curve in [
+    ec.SECP192R1,
+    ec.SECP224R1,
+    ec.SECP256R1,
+    ec.SECP384R1,
+]])
+
+
+def _private_key(key_type):
+    if isinstance(key_type, str):
+        key_type = key_type.upper()
+        m = re.match(r'^(RSA)?(\d+)$', key_type)
+        if m:
+            key_type = int(m.group(2))
+
+    if isinstance(key_type, int):
+        return rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=key_type,
+            backend=default_backend()
+        )
+    if not isinstance(key_type, ec.EllipticCurve) and key_type in EC_SUPPORTED:
+        key_type = EC_SUPPORTED[key_type]
+    return ec.generate_private_key(
+        curve=key_type,
+        backend=default_backend()
+    )
+
+
+class CertificateSpec:
+
+    def __init__(self, name: Optional[str] = None,
+                 domains: Optional[List[str]] = None,
+                 email: Optional[str] = None,
+                 key_type: Optional[str] = None,
+                 single_file: bool = False,
+                 valid_from: timedelta = timedelta(days=-1),
+                 valid_to: timedelta = timedelta(days=89),
+                 client: bool = False,
+                 sub_specs: Optional[List['CertificateSpec']] = None):
+        self._name = name
+        self.domains = domains
+        self.client = client
+        self.email = email
+        self.key_type = key_type
+        self.single_file = single_file
+        self.valid_from = valid_from
+        self.valid_to = valid_to
+        self.sub_specs = sub_specs
+
+    @property
+    def name(self) -> Optional[str]:
+        if self._name:
+            return self._name
+        elif self.domains:
+            return self.domains[0]
+        return None
+
+    @property
+    def type(self) -> Optional[str]:
+        if self.domains and len(self.domains):
+            return "server"
+        elif self.client:
+            return "client"
+        elif self.name:
+            return "ca"
+        return None
+
+
+class Credentials:
+
+    def __init__(self,
+                 name: str,
+                 cert: Any,
+                 pkey: Any,
+                 issuer: Optional['Credentials'] = None):
+        self._name = name
+        self._cert = cert
+        self._pkey = pkey
+        self._issuer = issuer
+        self._cert_file = None
+        self._pkey_file = None
+        self._store = None
+
+    @property
+    def name(self) -> str:
+        return self._name
+
+    @property
+    def subject(self) -> x509.Name:
+        return self._cert.subject
+
+    @property
+    def key_type(self):
+        if isinstance(self._pkey, RSAPrivateKey):
+            return f"rsa{self._pkey.key_size}"
+        elif isinstance(self._pkey, EllipticCurvePrivateKey):
+            return f"{self._pkey.curve.name}"
+        else:
+            raise Exception(f"unknown key type: {self._pkey}")
+
+    @property
+    def private_key(self) -> Any:
+        return self._pkey
+
+    @property
+    def certificate(self) -> Any:
+        return self._cert
+
+    @property
+    def cert_pem(self) -> bytes:
+        return self._cert.public_bytes(Encoding.PEM)
+
+    @property
+    def pkey_pem(self) -> bytes:
+        return self._pkey.private_bytes(
+            Encoding.PEM,
+            PrivateFormat.TraditionalOpenSSL if self.key_type.startswith('rsa') else PrivateFormat.PKCS8,
+            NoEncryption())
+
+    @property
+    def issuer(self) -> Optional['Credentials']:
+        return self._issuer
+
+    def set_store(self, store: 'CertStore'):
+        self._store = store
+
+    def set_files(self, cert_file: str, pkey_file: Optional[str] = None,
+                  combined_file: Optional[str] = None):
+        self._cert_file = cert_file
+        self._pkey_file = pkey_file
+        self._combined_file = combined_file
+
+    @property
+    def cert_file(self) -> str:
+        return self._cert_file
+
+    @property
+    def pkey_file(self) -> Optional[str]:
+        return self._pkey_file
+
+    @property
+    def combined_file(self) -> Optional[str]:
+        return self._combined_file
+
+    def get_first(self, name) -> Optional['Credentials']:
+        creds = self._store.get_credentials_for_name(name) if self._store else []
+        return creds[0] if len(creds) else None
+
+    def get_credentials_for_name(self, name) -> List['Credentials']:
+        return self._store.get_credentials_for_name(name) if self._store else []
+
+    def issue_certs(self, specs: List[CertificateSpec],
+                    chain: Optional[List['Credentials']] = None) -> List['Credentials']:
+        return [self.issue_cert(spec=spec, chain=chain) for spec in specs]
+
+    def issue_cert(self, spec: CertificateSpec,
+                   chain: Optional[List['Credentials']] = None) -> 'Credentials':
+        key_type = spec.key_type if spec.key_type else self.key_type
+        creds = None
+        if self._store:
+            creds = self._store.load_credentials(
+                name=spec.name, key_type=key_type, single_file=spec.single_file, issuer=self)
+        if creds is None:
+            creds = TestCA.create_credentials(spec=spec, issuer=self, key_type=key_type,
+                                              valid_from=spec.valid_from, valid_to=spec.valid_to)
+            if self._store:
+                self._store.save(creds, single_file=spec.single_file)
+                if spec.type == "ca":
+                    self._store.save_chain(creds, "ca", with_root=True)
+
+        if spec.sub_specs:
+            if self._store:
+                sub_store = CertStore(fpath=os.path.join(self._store.path, creds.name))
+                creds.set_store(sub_store)
+            subchain = chain.copy() if chain else []
+            subchain.append(self)
+            creds.issue_certs(spec.sub_specs, chain=subchain)
+        return creds
+
+
+class CertStore:
+
+    def __init__(self, fpath: str):
+        self._store_dir = fpath
+        if not os.path.exists(self._store_dir):
+            os.makedirs(self._store_dir)
+        self._creds_by_name = {}
+
+    @property
+    def path(self) -> str:
+        return self._store_dir
+
+    def save(self, creds: Credentials, name: Optional[str] = None,
+             chain: Optional[List[Credentials]] = None,
+             single_file: bool = False) -> None:
+        name = name if name is not None else creds.name
+        cert_file = self.get_cert_file(name=name, key_type=creds.key_type)
+        pkey_file = self.get_pkey_file(name=name, key_type=creds.key_type)
+        comb_file = self.get_combined_file(name=name, key_type=creds.key_type)
+        if single_file:
+            pkey_file = None
+        with open(cert_file, "wb") as fd:
+            fd.write(creds.cert_pem)
+            if chain:
+                for c in chain:
+                    fd.write(c.cert_pem)
+            if pkey_file is None:
+                fd.write(creds.pkey_pem)
+        if pkey_file is not None:
+            with open(pkey_file, "wb") as fd:
+                fd.write(creds.pkey_pem)
+        with open(comb_file, "wb") as fd:
+            fd.write(creds.cert_pem)
+            if chain:
+                for c in chain:
+                    fd.write(c.cert_pem)
+            fd.write(creds.pkey_pem)
+        creds.set_files(cert_file, pkey_file, comb_file)
+        self._add_credentials(name, creds)
+
+    def save_chain(self, creds: Credentials, infix: str, with_root=False):
+        name = creds.name
+        chain = [creds]
+        while creds.issuer is not None:
+            creds = creds.issuer
+            chain.append(creds)
+        if not with_root and len(chain) > 1:
+            chain = chain[:-1]
+        chain_file = os.path.join(self._store_dir, f'{name}-{infix}.pem')
+        with open(chain_file, "wb") as fd:
+            for c in chain:
+                fd.write(c.cert_pem)
+
+    def _add_credentials(self, name: str, creds: Credentials):
+        if name not in self._creds_by_name:
+            self._creds_by_name[name] = []
+        self._creds_by_name[name].append(creds)
+
+    def get_credentials_for_name(self, name) -> List[Credentials]:
+        return self._creds_by_name[name] if name in self._creds_by_name else []
+
+    def get_cert_file(self, name: str, key_type=None) -> str:
+        key_infix = ".{0}".format(key_type) if key_type is not None else ""
+        return os.path.join(self._store_dir, f'{name}{key_infix}.cert.pem')
+
+    def get_pkey_file(self, name: str, key_type=None) -> str:
+        key_infix = ".{0}".format(key_type) if key_type is not None else ""
+        return os.path.join(self._store_dir, f'{name}{key_infix}.pkey.pem')
+
+    def get_combined_file(self, name: str, key_type=None) -> str:
+        return os.path.join(self._store_dir, f'{name}.pem')
+
+    def load_pem_cert(self, fpath: str) -> x509.Certificate:
+        with open(fpath) as fd:
+            return x509.load_pem_x509_certificate("".join(fd.readlines()).encode())
+
+    def load_pem_pkey(self, fpath: str):
+        with open(fpath) as fd:
+            return load_pem_private_key("".join(fd.readlines()).encode(), password=None)
+
+    def load_credentials(self, name: str, key_type=None,
+                         single_file: bool = False,
+                         issuer: Optional[Credentials] = None):
+        cert_file = self.get_cert_file(name=name, key_type=key_type)
+        pkey_file = cert_file if single_file else self.get_pkey_file(name=name, key_type=key_type)
+        comb_file = self.get_combined_file(name=name, key_type=key_type)
+        if os.path.isfile(cert_file) and os.path.isfile(pkey_file):
+            cert = self.load_pem_cert(cert_file)
+            pkey = self.load_pem_pkey(pkey_file)
+            creds = Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
+            creds.set_store(self)
+            creds.set_files(cert_file, pkey_file, comb_file)
+            self._add_credentials(name, creds)
+            return creds
+        return None
+
+
+class TestCA:
+
+    @classmethod
+    def create_root(cls, name: str, store_dir: str, key_type: str = "rsa2048") -> Credentials:
+        store = CertStore(fpath=store_dir)
+        creds = store.load_credentials(name="ca", key_type=key_type, issuer=None)
+        if creds is None:
+            creds = TestCA._make_ca_credentials(name=name, key_type=key_type)
+            store.save(creds, name="ca")
+            creds.set_store(store)
+        return creds
+
+    @staticmethod
+    def create_credentials(spec: CertificateSpec, issuer: Credentials, key_type: Any,
+                           valid_from: timedelta = timedelta(days=-1),
+                           valid_to: timedelta = timedelta(days=89),
+                           ) -> Credentials:
+        """Create a certificate signed by this CA for the given domains.
+        :returns: the certificate and private key PEM file paths
+        """
+        if spec.domains and len(spec.domains):
+            creds = TestCA._make_server_credentials(name=spec.name, domains=spec.domains,
+                                                    issuer=issuer, valid_from=valid_from,
+                                                    valid_to=valid_to, key_type=key_type)
+        elif spec.client:
+            creds = TestCA._make_client_credentials(name=spec.name, issuer=issuer,
+                                                    email=spec.email, valid_from=valid_from,
+                                                    valid_to=valid_to, key_type=key_type)
+        elif spec.name:
+            creds = TestCA._make_ca_credentials(name=spec.name, issuer=issuer,
+                                                valid_from=valid_from, valid_to=valid_to,
+                                                key_type=key_type)
+        else:
+            raise Exception(f"unrecognized certificate specification: {spec}")
+        return creds
+
+    @staticmethod
+    def _make_x509_name(org_name: str = None, common_name: str = None, parent: x509.Name = None) -> x509.Name:
+        name_pieces = []
+        if org_name:
+            oid = NameOID.ORGANIZATIONAL_UNIT_NAME if parent else NameOID.ORGANIZATION_NAME
+            name_pieces.append(x509.NameAttribute(oid, org_name))
+        elif common_name:
+            name_pieces.append(x509.NameAttribute(NameOID.COMMON_NAME, common_name))
+        if parent:
+            name_pieces.extend([rdn for rdn in parent])
+        return x509.Name(name_pieces)
+
+    @staticmethod
+    def _make_csr(
+            subject: x509.Name,
+            pkey: Any,
+            issuer_subject: Optional[Credentials],
+            valid_from_delta: timedelta = None,
+            valid_until_delta: timedelta = None
+    ):
+        pubkey = pkey.public_key()
+        issuer_subject = issuer_subject if issuer_subject is not None else subject
+
+        valid_from = datetime.now()
+        if valid_until_delta is not None:
+            valid_from += valid_from_delta
+        valid_until = datetime.now()
+        if valid_until_delta is not None:
+            valid_until += valid_until_delta
+
+        return (
+            x509.CertificateBuilder()
+            .subject_name(subject)
+            .issuer_name(issuer_subject)
+            .public_key(pubkey)
+            .not_valid_before(valid_from)
+            .not_valid_after(valid_until)
+            .serial_number(x509.random_serial_number())
+            .add_extension(
+                x509.SubjectKeyIdentifier.from_public_key(pubkey),
+                critical=False,
+            )
+        )
+
+    @staticmethod
+    def _add_ca_usages(csr: Any) -> Any:
+        return csr.add_extension(
+            x509.BasicConstraints(ca=True, path_length=9),
+            critical=True,
+        ).add_extension(
+            x509.KeyUsage(
+                digital_signature=True,
+                content_commitment=False,
+                key_encipherment=False,
+                data_encipherment=False,
+                key_agreement=False,
+                key_cert_sign=True,
+                crl_sign=True,
+                encipher_only=False,
+                decipher_only=False),
+            critical=True
+        ).add_extension(
+            x509.ExtendedKeyUsage([
+                ExtendedKeyUsageOID.CLIENT_AUTH,
+                ExtendedKeyUsageOID.SERVER_AUTH,
+                ExtendedKeyUsageOID.CODE_SIGNING,
+            ]),
+            critical=True
+        )
+
+    @staticmethod
+    def _add_leaf_usages(csr: Any, domains: List[str], issuer: Credentials) -> Any:
+        return csr.add_extension(
+            x509.BasicConstraints(ca=False, path_length=None),
+            critical=True,
+        ).add_extension(
+            x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+                issuer.certificate.extensions.get_extension_for_class(
+                    x509.SubjectKeyIdentifier).value),
+            critical=False
+        ).add_extension(
+            x509.SubjectAlternativeName([x509.DNSName(domain) for domain in domains]),
+            critical=True,
+        ).add_extension(
+            x509.ExtendedKeyUsage([
+                ExtendedKeyUsageOID.SERVER_AUTH,
+            ]),
+            critical=False
+        )
+
+    @staticmethod
+    def _add_client_usages(csr: Any, issuer: Credentials, rfc82name: str = None) -> Any:
+        cert = csr.add_extension(
+            x509.BasicConstraints(ca=False, path_length=None),
+            critical=True,
+        ).add_extension(
+            x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+                issuer.certificate.extensions.get_extension_for_class(
+                    x509.SubjectKeyIdentifier).value),
+            critical=False
+        )
+        if rfc82name:
+            cert.add_extension(
+                x509.SubjectAlternativeName([x509.RFC822Name(rfc82name)]),
+                critical=True,
+            )
+        cert.add_extension(
+            x509.ExtendedKeyUsage([
+                ExtendedKeyUsageOID.CLIENT_AUTH,
+            ]),
+            critical=True
+        )
+        return cert
+
+    @staticmethod
+    def _make_ca_credentials(name, key_type: Any,
+                             issuer: Credentials = None,
+                             valid_from: timedelta = timedelta(days=-1),
+                             valid_to: timedelta = timedelta(days=89),
+                             ) -> Credentials:
+        pkey = _private_key(key_type=key_type)
+        if issuer is not None:
+            issuer_subject = issuer.certificate.subject
+            issuer_key = issuer.private_key
+        else:
+            issuer_subject = None
+            issuer_key = pkey
+        subject = TestCA._make_x509_name(org_name=name, parent=issuer.subject if issuer else None)
+        csr = TestCA._make_csr(subject=subject,
+                               issuer_subject=issuer_subject, pkey=pkey,
+                               valid_from_delta=valid_from, valid_until_delta=valid_to)
+        csr = TestCA._add_ca_usages(csr)
+        cert = csr.sign(private_key=issuer_key,
+                        algorithm=hashes.SHA256(),
+                        backend=default_backend())
+        return Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
+
+    @staticmethod
+    def _make_server_credentials(name: str, domains: List[str], issuer: Credentials,
+                                 key_type: Any,
+                                 valid_from: timedelta = timedelta(days=-1),
+                                 valid_to: timedelta = timedelta(days=89),
+                                 ) -> Credentials:
+        name = name
+        pkey = _private_key(key_type=key_type)
+        subject = TestCA._make_x509_name(common_name=name, parent=issuer.subject)
+        csr = TestCA._make_csr(subject=subject,
+                               issuer_subject=issuer.certificate.subject, pkey=pkey,
+                               valid_from_delta=valid_from, valid_until_delta=valid_to)
+        csr = TestCA._add_leaf_usages(csr, domains=domains, issuer=issuer)
+        cert = csr.sign(private_key=issuer.private_key,
+                        algorithm=hashes.SHA256(),
+                        backend=default_backend())
+        return Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
+
+    @staticmethod
+    def _make_client_credentials(name: str,
+                                 issuer: Credentials, email: Optional[str],
+                                 key_type: Any,
+                                 valid_from: timedelta = timedelta(days=-1),
+                                 valid_to: timedelta = timedelta(days=89),
+                                 ) -> Credentials:
+        pkey = _private_key(key_type=key_type)
+        subject = TestCA._make_x509_name(common_name=name, parent=issuer.subject)
+        csr = TestCA._make_csr(subject=subject,
+                               issuer_subject=issuer.certificate.subject, pkey=pkey,
+                               valid_from_delta=valid_from, valid_until_delta=valid_to)
+        csr = TestCA._add_client_usages(csr, issuer=issuer, rfc82name=email)
+        cert = csr.sign(private_key=issuer.private_key,
+                        algorithm=hashes.SHA256(),
+                        backend=default_backend())
+        return Credentials(name=name, cert=cert, pkey=pkey, issuer=issuer)
diff --git a/tests/http/testenv/curl.py b/tests/http/testenv/curl.py
new file mode 100644
index 000000000..ec832eca0
--- /dev/null
+++ b/tests/http/testenv/curl.py
@@ -0,0 +1,448 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import json
+import logging
+import os
+import re
+import shutil
+import subprocess
+from datetime import timedelta, datetime
+from typing import List, Optional, Dict
+from urllib.parse import urlparse
+
+from .env import Env
+
+
+log = logging.getLogger(__name__)
+
+
+class ExecResult:
+
+    def __init__(self, args: List[str], exit_code: int,
+                 stdout: List[str], stderr: List[str],
+                 duration: Optional[timedelta] = None,
+                 with_stats: bool = False):
+        self._args = args
+        self._exit_code = exit_code
+        self._stdout = stdout
+        self._stderr = stderr
+        self._duration = duration if duration is not None else timedelta()
+        self._response = None
+        self._responses = []
+        self._results = {}
+        self._assets = []
+        self._stats = []
+        self._json_out = None
+        self._with_stats = with_stats
+        if with_stats:
+            self._parse_stats()
+        else:
+            # noinspection PyBroadException
+            try:
+                out = ''.join(self._stdout)
+                self._json_out = json.loads(out)
+            except:
+                pass
+
+    def __repr__(self):
+        return f"ExecResult[code={self.exit_code}, args={self._args}, stdout={self._stdout}, stderr={self._stderr}]"
+
+    def _parse_stats(self):
+        self._stats = []
+        for l in self._stdout:
+            try:
+                self._stats.append(json.loads(l))
+            except:
+                log.error(f'not a JSON stat: {l}')
+                log.error(f'stdout is: {"".join(self._stdout)}')
+                break
+
+    @property
+    def exit_code(self) -> int:
+        return self._exit_code
+
+    @property
+    def args(self) -> List[str]:
+        return self._args
+
+    @property
+    def outraw(self) -> bytes:
+        return ''.join(self._stdout).encode()
+
+    @property
+    def stdout(self) -> str:
+        return ''.join(self._stdout)
+
+    @property
+    def json(self) -> Optional[Dict]:
+        """Output as JSON dictionary or None if not parseable."""
+        return self._json_out
+
+    @property
+    def stderr(self) -> str:
+        return ''.join(self._stderr)
+
+    @property
+    def duration(self) -> timedelta:
+        return self._duration
+
+    @property
+    def response(self) -> Optional[Dict]:
+        return self._response
+
+    @property
+    def responses(self) -> List[Dict]:
+        return self._responses
+
+    @property
+    def results(self) -> Dict:
+        return self._results
+
+    @property
+    def assets(self) -> List:
+        return self._assets
+
+    @property
+    def with_stats(self) -> bool:
+        return self._with_stats
+
+    @property
+    def stats(self) -> List:
+        return self._stats
+
+    @property
+    def total_connects(self) -> Optional[int]:
+        if len(self.stats):
+            n = 0
+            for stat in self.stats:
+                n += stat['num_connects']
+            return n
+        return None
+
+    def add_response(self, resp: Dict):
+        self._response = resp
+        self._responses.append(resp)
+
+    def add_results(self, results: Dict):
+        self._results.update(results)
+        if 'response' in results:
+            self.add_response(results['response'])
+
+    def add_assets(self, assets: List):
+        self._assets.extend(assets)
+
+    def check_responses(self, count: int, exp_status: Optional[int] = None,
+                        exp_exitcode: Optional[int] = None):
+        assert len(self.responses) == count, \
+            f'response count: expected {count}, got {len(self.responses)}'
+        if exp_status is not None:
+            for idx, x in enumerate(self.responses):
+                assert x['status'] == exp_status, \
+                    f'response #{idx} unexpectedstatus: {x["status"]}'
+        if exp_exitcode is not None:
+            for idx, x in enumerate(self.responses):
+                if 'exitcode' in x:
+                    assert x['exitcode'] == 0, f'response #{idx} exitcode: {x["exitcode"]}'
+        if self.with_stats:
+            assert len(self.stats) == count, f'{self}'
+
+    def check_stats(self, count: int, exp_status: Optional[int] = None,
+                        exp_exitcode: Optional[int] = None):
+        assert len(self.stats) == count, \
+            f'stats count: expected {count}, got {len(self.stats)}'
+        if exp_status is not None:
+            for idx, x in enumerate(self.stats):
+                assert 'http_code' in x, \
+                    f'status #{idx} reports no http_code'
+                assert x['http_code'] == exp_status, \
+                    f'status #{idx} unexpected http_code: {x["http_code"]}'
+        if exp_exitcode is not None:
+            for idx, x in enumerate(self.stats):
+                if 'exitcode' in x:
+                    assert x['exitcode'] == 0, f'status #{idx} exitcode: {x["exitcode"]}'
+
+
+class CurlClient:
+
+    ALPN_ARG = {
+        'http/0.9': '--http0.9',
+        'http/1.0': '--http1.0',
+        'http/1.1': '--http1.1',
+        'h2': '--http2',
+        'h2c': '--http2',
+        'h3': '--http3-only',
+    }
+
+    def __init__(self, env: Env, run_dir: Optional[str] = None):
+        self.env = env
+        self._curl = os.environ['CURL'] if 'CURL' in os.environ else env.curl
+        self._run_dir = run_dir if run_dir else os.path.join(env.gen_dir, 'curl')
+        self._stdoutfile = f'{self._run_dir}/curl.stdout'
+        self._stderrfile = f'{self._run_dir}/curl.stderr'
+        self._headerfile = f'{self._run_dir}/curl.headers'
+        self._tracefile = f'{self._run_dir}/curl.trace'
+        self._log_path = f'{self._run_dir}/curl.log'
+        self._rmrf(self._run_dir)
+        self._mkpath(self._run_dir)
+
+    @property
+    def run_dir(self) -> str:
+        return self._run_dir
+
+    def download_file(self, i: int) -> str:
+        return os.path.join(self.run_dir, f'download_{i}.data')
+
+    def _rmf(self, path):
+        if os.path.exists(path):
+            return os.remove(path)
+
+    def _rmrf(self, path):
+        if os.path.exists(path):
+            return shutil.rmtree(path)
+
+    def _mkpath(self, path):
+        if not os.path.exists(path):
+            return os.makedirs(path)
+
+    def http_get(self, url: str, extra_args: Optional[List[str]] = None):
+        return self._raw(url, options=extra_args, with_stats=False)
+
+    def http_download(self, urls: List[str],
+                      alpn_proto: Optional[str] = None,
+                      with_stats: bool = True,
+                      with_headers: bool = False,
+                      no_save: bool = False,
+                      extra_args: List[str] = None):
+        if extra_args is None:
+            extra_args = []
+        if no_save:
+            extra_args.extend([
+                '-o', '/dev/null',
+            ])
+        else:
+            extra_args.extend([
+                '-o', 'download_#1.data',
+            ])
+        # remove any existing ones
+        for i in range(100):
+            self._rmf(self.download_file(i))
+        if with_stats:
+            extra_args.extend([
+                '-w', '%{json}\\n'
+            ])
+        return self._raw(urls, alpn_proto=alpn_proto, options=extra_args,
+                         with_stats=with_stats,
+                         with_headers=with_headers)
+
+    def http_upload(self, urls: List[str], data: str,
+                    alpn_proto: Optional[str] = None,
+                    with_stats: bool = True,
+                    with_headers: bool = False,
+                    extra_args: Optional[List[str]] = None):
+        if extra_args is None:
+            extra_args = []
+        extra_args.extend([
+            '--data-binary', data, '-o', 'download_#1.data',
+        ])
+        if with_stats:
+            extra_args.extend([
+                '-w', '%{json}\\n'
+            ])
+        return self._raw(urls, alpn_proto=alpn_proto, options=extra_args,
+                         with_stats=with_stats,
+                         with_headers=with_headers)
+
+    def http_put(self, urls: List[str], data=None, fdata=None,
+                 alpn_proto: Optional[str] = None,
+                 with_stats: bool = True,
+                 with_headers: bool = False,
+                 extra_args: Optional[List[str]] = None):
+        if extra_args is None:
+            extra_args = []
+        if fdata is not None:
+            extra_args.extend(['-T', fdata])
+        elif data is not None:
+            extra_args.extend(['-T', '-'])
+        extra_args.extend([
+            '-o', 'download_#1.data',
+        ])
+        if with_stats:
+            extra_args.extend([
+                '-w', '%{json}\\n'
+            ])
+        return self._raw(urls, intext=data,
+                         alpn_proto=alpn_proto, options=extra_args,
+                         with_stats=with_stats,
+                         with_headers=with_headers)
+
+    def response_file(self, idx: int):
+        return os.path.join(self._run_dir, f'download_{idx}.data')
+
+    def run_direct(self, args, with_stats: bool = False):
+        my_args = [self._curl]
+        if with_stats:
+            my_args.extend([
+                '-w', '%{json}\\n'
+            ])
+        my_args.extend([
+            '-o', 'download.data',
+        ])
+        my_args.extend(args)
+        return self._run(args=my_args, with_stats=with_stats)
+
+    def _run(self, args, intext='', with_stats: bool = False):
+        self._rmf(self._stdoutfile)
+        self._rmf(self._stderrfile)
+        self._rmf(self._headerfile)
+        self._rmf(self._tracefile)
+        start = datetime.now()
+        with open(self._stdoutfile, 'w') as cout:
+            with open(self._stderrfile, 'w') as cerr:
+                p = subprocess.run(args, stderr=cerr, stdout=cout,
+                                   cwd=self._run_dir, shell=False,
+                                   input=intext.encode() if intext else None)
+        coutput = open(self._stdoutfile).readlines()
+        cerrput = open(self._stderrfile).readlines()
+        return ExecResult(args=args, exit_code=p.returncode,
+                          stdout=coutput, stderr=cerrput,
+                          duration=datetime.now() - start,
+                          with_stats=with_stats)
+
+    def _raw(self, urls, intext='', timeout=10, options=None, insecure=False,
+             alpn_proto: Optional[str] = None,
+             force_resolve=True,
+             with_stats=False,
+             with_headers=True):
+        args = self._complete_args(
+            urls=urls, timeout=timeout, options=options, insecure=insecure,
+            alpn_proto=alpn_proto, force_resolve=force_resolve,
+            with_headers=with_headers)
+        r = self._run(args, intext=intext, with_stats=with_stats)
+        if r.exit_code == 0 and with_headers:
+            self._parse_headerfile(self._headerfile, r=r)
+            if r.json:
+                r.response["json"] = r.json
+        return r
+
+    def _complete_args(self, urls, timeout=None, options=None,
+                       insecure=False, force_resolve=True,
+                       alpn_proto: Optional[str] = None,
+                       with_headers: bool = True):
+        if not isinstance(urls, list):
+            urls = [urls]
+
+        args = [self._curl, "-s", "--path-as-is"]
+        if with_headers:
+            args.extend(["-D", self._headerfile])
+        if self.env.verbose > 1:
+            args.extend(['--trace', self._tracefile])
+        if self.env.verbose > 2:
+            args.extend(['--trace', self._tracefile, '--trace-time'])
+
+        for url in urls:
+            u = urlparse(urls[0])
+            if alpn_proto is not None:
+                if alpn_proto not in self.ALPN_ARG:
+                    raise Exception(f'unknown ALPN protocol: "{alpn_proto}"')
+                args.append(self.ALPN_ARG[alpn_proto])
+
+            if u.scheme == 'http':
+                pass
+            elif insecure:
+                args.append('--insecure')
+            elif options and "--cacert" in options:
+                pass
+            elif u.hostname:
+                args.extend(["--cacert", self.env.ca.cert_file])
+
+            if force_resolve and u.hostname and u.hostname != 'localhost' \
+                    and not re.match(r'^(\d+|\[|:).*', u.hostname):
+                port = u.port if u.port else 443
+                args.extend(["--resolve", f"{u.hostname}:{port}:127.0.0.1"])
+            if timeout is not None and int(timeout) > 0:
+                args.extend(["--connect-timeout", str(int(timeout))])
+            if options:
+                args.extend(options)
+            args.append(url)
+        return args
+
+    def _parse_headerfile(self, headerfile: str, r: ExecResult = None) -> ExecResult:
+        lines = open(headerfile).readlines()
+        if r is None:
+            r = ExecResult(args=[], exit_code=0, stdout=[], stderr=[])
+
+        response = None
+
+        def fin_response(resp):
+            if resp:
+                r.add_response(resp)
+
+        expected = ['status']
+        for line in lines:
+            line = line.strip()
+            if re.match(r'^$', line):
+                if 'trailer' in expected:
+                    # end of trailers
+                    fin_response(response)
+                    response = None
+                    expected = ['status']
+                elif 'header' in expected:
+                    # end of header, another status or trailers might follow
+                    expected = ['status', 'trailer']
+                else:
+                    assert False, f"unexpected line: '{line}'"
+                continue
+            if 'status' in expected:
+                # log.debug("reading 1st response line: %s", line)
+                m = re.match(r'^(\S+) (\d+)( .*)?$', line)
+                if m:
+                    fin_response(response)
+                    response = {
+                        "protocol": m.group(1),
+                        "status": int(m.group(2)),
+                        "description": m.group(3),
+                        "header": {},
+                        "trailer": {},
+                        "body": r.outraw
+                    }
+                    expected = ['header']
+                    continue
+            if 'trailer' in expected:
+                m = re.match(r'^([^:]+):\s*(.*)$', line)
+                if m:
+                    response['trailer'][m.group(1).lower()] = m.group(2)
+                    continue
+            if 'header' in expected:
+                m = re.match(r'^([^:]+):\s*(.*)$', line)
+                if m:
+                    response['header'][m.group(1).lower()] = m.group(2)
+                    continue
+            assert False, f"unexpected line: '{line}, expected: {expected}'"
+
+        fin_response(response)
+        return r
+
diff --git a/tests/http/testenv/env.py b/tests/http/testenv/env.py
new file mode 100644
index 000000000..bf08104d3
--- /dev/null
+++ b/tests/http/testenv/env.py
@@ -0,0 +1,404 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import re
+import socket
+import subprocess
+import sys
+from configparser import ConfigParser, ExtendedInterpolation
+from typing import Optional
+
+from .certs import CertificateSpec, TestCA, Credentials
+from .ports import alloc_ports
+
+
+log = logging.getLogger(__name__)
+
+
+def init_config_from(conf_path):
+    if os.path.isfile(conf_path):
+        config = ConfigParser(interpolation=ExtendedInterpolation())
+        config.read(conf_path)
+        return config
+    return None
+
+
+TESTS_HTTPD_PATH = os.path.dirname(os.path.dirname(__file__))
+DEF_CONFIG = init_config_from(os.path.join(TESTS_HTTPD_PATH, 'config.ini'))
+
+TOP_PATH = os.path.dirname(os.path.dirname(TESTS_HTTPD_PATH))
+CURL = os.path.join(TOP_PATH, 'src/curl')
+
+
+class EnvConfig:
+
+    def __init__(self):
+        self.tests_dir = TESTS_HTTPD_PATH
+        self.gen_dir = os.path.join(self.tests_dir, 'gen')
+        self.config = DEF_CONFIG
+        # check cur and its features
+        self.curl = CURL
+        self.curl_props = {
+            'version': None,
+            'os': None,
+            'features': [],
+            'protocols': [],
+            'libs': [],
+            'lib_versions': [],
+        }
+        self.curl_protos = []
+        p = subprocess.run(args=[self.curl, '-V'],
+                           capture_output=True, text=True)
+        if p.returncode != 0:
+            assert False, f'{self.curl} -V failed with exit code: {p.returncode}'
+        for l in p.stdout.splitlines(keepends=False):
+            if l.startswith('curl '):
+                m = re.match(r'^curl (?P<version>\S+) (?P<os>\S+) (?P<libs>.*)$', l)
+                if m:
+                    self.curl_props['version'] = m.group('version')
+                    self.curl_props['os'] = m.group('os')
+                    self.curl_props['lib_versions'] = [
+                        lib.lower() for lib in m.group('libs').split(' ')
+                    ]
+                    self.curl_props['libs'] = [
+                        re.sub(r'/.*', '', lib) for lib in self.curl_props['lib_versions']
+                    ]
+            if l.startswith('Features: '):
+                self.curl_props['features'] = [
+                    feat.lower() for feat in l[10:].split(' ')
+                ]
+            if l.startswith('Protocols: '):
+                self.curl_props['protocols'] = [
+                    prot.lower() for prot in l[11:].split(' ')
+                ]
+
+        self.ports = alloc_ports(port_specs={
+            'http': socket.SOCK_STREAM,
+            'https': socket.SOCK_STREAM,
+            'proxy': socket.SOCK_STREAM,
+            'proxys': socket.SOCK_STREAM,
+            'caddy': socket.SOCK_STREAM,
+            'caddys': socket.SOCK_STREAM,
+        })
+        self.httpd = self.config['httpd']['httpd']
+        self.apachectl = self.config['httpd']['apachectl']
+        self.apxs = self.config['httpd']['apxs']
+        if len(self.apxs) == 0:
+            self.apxs = None
+        self._httpd_version = None
+
+        self.examples_pem = {
+            'key': 'xxx',
+            'cert': 'xxx',
+        }
+        self.htdocs_dir = os.path.join(self.gen_dir, 'htdocs')
+        self.tld = 'http.curl.se'
+        self.domain1 = f"one.{self.tld}"
+        self.domain2 = f"two.{self.tld}"
+        self.proxy_domain = f"proxy.{self.tld}"
+        self.cert_specs = [
+            CertificateSpec(domains=[self.domain1, 'localhost'], key_type='rsa2048'),
+            CertificateSpec(domains=[self.domain2], key_type='rsa2048'),
+            CertificateSpec(domains=[self.proxy_domain], key_type='rsa2048'),
+            CertificateSpec(name="clientsX", sub_specs=[
+               CertificateSpec(name="user1", client=True),
+            ]),
+        ]
+
+        self.nghttpx = self.config['nghttpx']['nghttpx']
+        if len(self.nghttpx.strip()) == 0:
+            self.nghttpx = None
+        self._nghttpx_version = None
+        self.nghttpx_with_h3 = False
+        if self.nghttpx is not None:
+            p = subprocess.run(args=[self.nghttpx, '-v'],
+                               capture_output=True, text=True)
+            if p.returncode != 0:
+                # not a working nghttpx
+                self.nghttpx = None
+            else:
+                self._nghttpx_version = re.sub(r'^nghttpx\s*', '', p.stdout.strip())
+                self.nghttpx_with_h3 = re.match(r'.* nghttp3/.*', p.stdout.strip()) is not None
+                log.debug(f'nghttpx -v: {p.stdout}')
+
+        self.caddy = self.config['caddy']['caddy']
+        self._caddy_version = None
+        if len(self.caddy.strip()) == 0:
+            self.caddy = None
+        if self.caddy is not None:
+            try:
+                p = subprocess.run(args=[self.caddy, 'version'],
+                                   capture_output=True, text=True)
+                if p.returncode != 0:
+                    # not a working caddy
+                    self.caddy = None
+                self._caddy_version = re.sub(r' .*', '', p.stdout.strip())
+            except:
+                self.caddy = None
+
+    @property
+    def httpd_version(self):
+        if self._httpd_version is None and self.apxs is not None:
+            p = subprocess.run(args=[self.apxs, '-q', 'HTTPD_VERSION'],
+                               capture_output=True, text=True)
+            if p.returncode != 0:
+                raise Exception(f'{self.apxs} failed to query HTTPD_VERSION: {p}')
+            self._httpd_version = p.stdout.strip()
+        return self._httpd_version
+
+    def _versiontuple(self, v):
+        v = re.sub(r'(\d+\.\d+(\.\d+)?)(-\S+)?', r'\1', v)
+        return tuple(map(int, v.split('.')))
+
+    def httpd_is_at_least(self, minv):
+        hv = self._versiontuple(self.httpd_version)
+        return hv >= self._versiontuple(minv)
+
+    def is_complete(self) -> bool:
+        return os.path.isfile(self.httpd) and \
+               os.path.isfile(self.apachectl) and \
+               self.apxs is not None and \
+               os.path.isfile(self.apxs)
+
+    def get_incomplete_reason(self) -> Optional[str]:
+        if not os.path.isfile(self.httpd):
+            return f'httpd ({self.httpd}) not found'
+        if not os.path.isfile(self.apachectl):
+            return f'apachectl ({self.apachectl}) not found'
+        if self.apxs is None:
+            return f"apxs (provided by apache2-dev) not found"
+        if not os.path.isfile(self.apxs):
+            return f"apxs ({self.apxs}) not found"
+        return None
+
+    @property
+    def nghttpx_version(self):
+        return self._nghttpx_version
+
+    @property
+    def caddy_version(self):
+        return self._caddy_version
+
+
+class Env:
+
+    CONFIG = EnvConfig()
+
+    @staticmethod
+    def setup_incomplete() -> bool:
+        return not Env.CONFIG.is_complete()
+
+    @staticmethod
+    def incomplete_reason() -> Optional[str]:
+        return Env.CONFIG.get_incomplete_reason()
+
+    @staticmethod
+    def have_h3_server() -> bool:
+        return Env.CONFIG.nghttpx_with_h3
+
+    @staticmethod
+    def have_h2_curl() -> bool:
+        return 'http2' in Env.CONFIG.curl_props['features']
+
+    @staticmethod
+    def have_h3_curl() -> bool:
+        return 'http3' in Env.CONFIG.curl_props['features']
+
+    @staticmethod
+    def curl_uses_lib(libname: str) -> bool:
+        return libname.lower() in Env.CONFIG.curl_props['libs']
+
+    @staticmethod
+    def curl_has_feature(feature: str) -> bool:
+        return feature.lower() in Env.CONFIG.curl_props['features']
+
+    @staticmethod
+    def curl_lib_version(libname: str) -> str:
+        prefix = f'{libname.lower()}/'
+        for lversion in Env.CONFIG.curl_props['lib_versions']:
+            if lversion.startswith(prefix):
+                return lversion[len(prefix):]
+        return 'unknown'
+
+    @staticmethod
+    def curl_os() -> str:
+        return Env.CONFIG.curl_props['os']
+
+    @staticmethod
+    def curl_version() -> str:
+        return Env.CONFIG.curl_props['version']
+
+    @staticmethod
+    def have_h3() -> bool:
+        return Env.have_h3_curl() and Env.have_h3_server()
+
+    @staticmethod
+    def httpd_version() -> str:
+        return Env.CONFIG.httpd_version
+
+    @staticmethod
+    def nghttpx_version() -> str:
+        return Env.CONFIG.nghttpx_version
+
+    @staticmethod
+    def caddy_version() -> str:
+        return Env.CONFIG.caddy_version
+
+    @staticmethod
+    def httpd_is_at_least(minv) -> bool:
+        return Env.CONFIG.httpd_is_at_least(minv)
+
+    @staticmethod
+    def has_caddy() -> bool:
+        return Env.CONFIG.caddy is not None
+
+    def __init__(self, pytestconfig=None):
+        self._verbose = pytestconfig.option.verbose \
+            if pytestconfig is not None else 0
+        self._ca = None
+
+    def issue_certs(self):
+        if self._ca is None:
+            ca_dir = os.path.join(self.CONFIG.gen_dir, 'ca')
+            self._ca = TestCA.create_root(name=self.CONFIG.tld,
+                                          store_dir=ca_dir,
+                                          key_type="rsa2048")
+        self._ca.issue_certs(self.CONFIG.cert_specs)
+
+    def setup(self):
+        os.makedirs(self.gen_dir, exist_ok=True)
+        os.makedirs(self.htdocs_dir, exist_ok=True)
+        self.issue_certs()
+
+    def get_credentials(self, domain) -> Optional[Credentials]:
+        creds = self.ca.get_credentials_for_name(domain)
+        if len(creds) > 0:
+            return creds[0]
+        return None
+
+    @property
+    def verbose(self) -> int:
+        return self._verbose
+
+    @property
+    def gen_dir(self) -> str:
+        return self.CONFIG.gen_dir
+
+    @property
+    def ca(self):
+        return self._ca
+
+    @property
+    def htdocs_dir(self) -> str:
+        return self.CONFIG.htdocs_dir
+
+    @property
+    def domain1(self) -> str:
+        return self.CONFIG.domain1
+
+    @property
+    def domain2(self) -> str:
+        return self.CONFIG.domain2
+
+    @property
+    def proxy_domain(self) -> str:
+        return self.CONFIG.proxy_domain
+
+    @property
+    def http_port(self) -> int:
+        return self.CONFIG.ports['http']
+
+    @property
+    def https_port(self) -> int:
+        return self.CONFIG.ports['https']
+
+    @property
+    def h3_port(self) -> int:
+        return self.https_port
+
+    @property
+    def proxy_port(self) -> str:
+        return self.CONFIG.ports['proxy']
+
+    @property
+    def proxys_port(self) -> str:
+        return self.CONFIG.ports['proxys']
+
+    @property
+    def caddy(self) -> str:
+        return self.CONFIG.caddy
+
+    @property
+    def caddy_https_port(self) -> int:
+        return self.CONFIG.ports['caddys']
+
+    @property
+    def caddy_http_port(self) -> int:
+        return self.CONFIG.ports['caddy']
+
+    @property
+    def curl(self) -> str:
+        return self.CONFIG.curl
+
+    @property
+    def httpd(self) -> str:
+        return self.CONFIG.httpd
+
+    @property
+    def apachectl(self) -> str:
+        return self.CONFIG.apachectl
+
+    @property
+    def apxs(self) -> str:
+        return self.CONFIG.apxs
+
+    @property
+    def nghttpx(self) -> Optional[str]:
+        return self.CONFIG.nghttpx
+
+    def authority_for(self, domain: str, alpn_proto: Optional[str] = None):
+        if alpn_proto is None or \
+                alpn_proto in ['h2', 'http/1.1', 'http/1.0', 'http/0.9']:
+            return f'{domain}:{self.https_port}'
+        if alpn_proto in ['h3']:
+            return f'{domain}:{self.h3_port}'
+        return f'{domain}:{self.http_port}'
+
+    def make_data_file(self, indir: str, fname: str, fsize: int) -> str:
+        fpath = os.path.join(indir, fname)
+        s10 = "0123456789"
+        s = (101 * s10) + s10[0:3]
+        with open(fpath, 'w') as fd:
+            for i in range(int(fsize / 1024)):
+                fd.write(f"{i:09d}-{s}\n")
+            remain = int(fsize % 1024)
+            if remain != 0:
+                i = int(fsize / 1024) + 1
+                s = f"{i:09d}-{s}\n"
+                fd.write(s[0:remain])
+        return fpath
diff --git a/tests/http/testenv/httpd.py b/tests/http/testenv/httpd.py
new file mode 100644
index 000000000..4c7874581
--- /dev/null
+++ b/tests/http/testenv/httpd.py
@@ -0,0 +1,354 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import inspect
+import logging
+import os
+import subprocess
+from datetime import timedelta, datetime
+from json import JSONEncoder
+import time
+from typing import List, Union, Optional
+
+from .curl import CurlClient, ExecResult
+from .env import Env
+
+
+log = logging.getLogger(__name__)
+
+
+class Httpd:
+
+    MODULES = [
+        'log_config', 'logio', 'unixd', 'version', 'watchdog',
+        'authn_core', 'authz_user', 'authz_core', 'authz_host',
+        'env', 'filter', 'headers', 'mime',
+        'rewrite', 'http2', 'ssl', 'proxy', 'proxy_http', 'proxy_connect',
+        'mpm_event',
+    ]
+    COMMON_MODULES_DIRS = [
+        '/usr/lib/apache2/modules',  # debian
+        '/usr/libexec/apache2/',     # macos
+    ]
+
+    MOD_CURLTEST = None
+
+    def __init__(self, env: Env):
+        self.env = env
+        self._cmd = env.apachectl
+        self._apache_dir = os.path.join(env.gen_dir, 'apache')
+        self._run_dir = os.path.join(self._apache_dir, 'run')
+        self._lock_dir = os.path.join(self._apache_dir, 'locks')
+        self._docs_dir = os.path.join(self._apache_dir, 'docs')
+        self._conf_dir = os.path.join(self._apache_dir, 'conf')
+        self._conf_file = os.path.join(self._conf_dir, 'test.conf')
+        self._logs_dir = os.path.join(self._apache_dir, 'logs')
+        self._error_log = os.path.join(self._logs_dir, 'error_log')
+        self._tmp_dir = os.path.join(self._apache_dir, 'tmp')
+        self._mods_dir = None
+        self._extra_configs = {}
+        assert env.apxs
+        p = subprocess.run(args=[env.apxs, '-q', 'libexecdir'],
+                           capture_output=True, text=True)
+        if p.returncode != 0:
+            raise Exception(f'{env.apxs} failed to query libexecdir: {p}')
+        self._mods_dir = p.stdout.strip()
+        if self._mods_dir is None:
+            raise Exception(f'apache modules dir cannot be found')
+        if not os.path.exists(self._mods_dir):
+            raise Exception(f'apache modules dir does not exist: {self._mods_dir}')
+        self._process = None
+        self._rmf(self._error_log)
+        self._init_curltest()
+
+    @property
+    def docs_dir(self):
+        return self._docs_dir
+
+    def clear_logs(self):
+        self._rmf(self._error_log)
+
+    def exists(self):
+        return os.path.exists(self._cmd)
+
+    def set_extra_config(self, domain: str, lines: Optional[Union[str, List[str]]]):
+        if lines is None:
+            self._extra_configs.pop(domain, None)
+        else:
+            self._extra_configs[domain] = lines
+
+    def clear_extra_configs(self):
+        self._extra_configs = {}
+
+    def _run(self, args, intext=''):
+        env = {}
+        for key, val in os.environ.items():
+            env[key] = val
+        env['APACHE_RUN_DIR'] = self._run_dir
+        env['APACHE_RUN_USER'] = os.environ['USER']
+        env['APACHE_LOCK_DIR'] = self._lock_dir
+        env['APACHE_CONFDIR'] = self._apache_dir
+        p = subprocess.run(args, stderr=subprocess.PIPE, stdout=subprocess.PIPE,
+                           cwd=self.env.gen_dir,
+                           input=intext.encode() if intext else None,
+                           env=env)
+        start = datetime.now()
+        return ExecResult(args=args, exit_code=p.returncode,
+                          stdout=p.stdout.decode().splitlines(),
+                          stderr=p.stderr.decode().splitlines(),
+                          duration=datetime.now() - start)
+
+    def _apachectl(self, cmd: str):
+        args = [self.env.apachectl,
+                "-d", self._apache_dir,
+                "-f", self._conf_file,
+                "-k", cmd]
+        return self._run(args=args)
+
+    def start(self):
+        if self._process:
+            self.stop()
+        self._write_config()
+        with open(self._error_log, 'a') as fd:
+            fd.write('start of server\n')
+        with open(os.path.join(self._apache_dir, 'xxx'), 'a') as fd:
+            fd.write('start of server\n')
+        r = self._apachectl('start')
+        if r.exit_code != 0:
+            log.error(f'failed to start httpd: {r}')
+            return False
+        return self.wait_live(timeout=timedelta(seconds=5))
+
+    def stop(self):
+        r = self._apachectl('stop')
+        if r.exit_code == 0:
+            return self.wait_dead(timeout=timedelta(seconds=5))
+        return r.exit_code == 0
+
+    def restart(self):
+        self.stop()
+        return self.start()
+
+    def reload(self):
+        self._write_config()
+        r = self._apachectl("graceful")
+        if r.exit_code != 0:
+            log.error(f'failed to reload httpd: {r}')
+        return self.wait_live(timeout=timedelta(seconds=5))
+
+    def wait_dead(self, timeout: timedelta):
+        curl = CurlClient(env=self.env, run_dir=self._tmp_dir)
+        try_until = datetime.now() + timeout
+        while datetime.now() < try_until:
+            r = curl.http_get(url=f'http://{self.env.domain1}:{self.env.http_port}/')
+            if r.exit_code != 0:
+                return True
+            time.sleep(.1)
+        log.debug(f"Server still responding after {timeout}")
+        return False
+
+    def wait_live(self, timeout: timedelta):
+        curl = CurlClient(env=self.env, run_dir=self._tmp_dir)
+        try_until = datetime.now() + timeout
+        while datetime.now() < try_until:
+            r = curl.http_get(url=f'http://{self.env.domain1}:{self.env.http_port}/')
+            if r.exit_code == 0:
+                return True
+            time.sleep(.1)
+        log.debug(f"Server still not responding after {timeout}")
+        return False
+
+    def _rmf(self, path):
+        if os.path.exists(path):
+            return os.remove(path)
+
+    def _mkpath(self, path):
+        if not os.path.exists(path):
+            return os.makedirs(path)
+
+    def _write_config(self):
+        domain1 = self.env.domain1
+        creds1 = self.env.get_credentials(domain1)
+        domain2 = self.env.domain2
+        creds2 = self.env.get_credentials(domain2)
+        proxy_domain = self.env.proxy_domain
+        proxy_creds = self.env.get_credentials(proxy_domain)
+        self._mkpath(self._conf_dir)
+        self._mkpath(self._logs_dir)
+        self._mkpath(self._tmp_dir)
+        self._mkpath(os.path.join(self._docs_dir, 'two'))
+        with open(os.path.join(self._docs_dir, 'data.json'), 'w') as fd:
+            data = {
+                'server': f'{domain1}',
+            }
+            fd.write(JSONEncoder().encode(data))
+        with open(os.path.join(self._docs_dir, 'two/data.json'), 'w') as fd:
+            data = {
+                'server': f'{domain2}',
+            }
+            fd.write(JSONEncoder().encode(data))
+        with open(self._conf_file, 'w') as fd:
+            for m in self.MODULES:
+                if os.path.exists(os.path.join(self._mods_dir, f'mod_{m}.so')):
+                    fd.write(f'LoadModule {m}_module   "{self._mods_dir}/mod_{m}.so"\n')
+            if Httpd.MOD_CURLTEST is not None:
+                fd.write(f'LoadModule curltest_module   \"{Httpd.MOD_CURLTEST}\"\n')
+            conf = [   # base server config
+                f'ServerRoot "{self._apache_dir}"',
+                f'DefaultRuntimeDir logs',
+                f'PidFile httpd.pid',
+                f'ErrorLog {self._error_log}',
+                f'LogLevel {self._get_log_level()}',
+                f'LogLevel http:trace4',
+                f'LogLevel proxy:trace4',
+                f'LogLevel proxy_http:trace4',
+                f'H2MinWorkers 16',
+                f'H2MaxWorkers 128',
+                f'H2Direct on',
+                f'Listen {self.env.http_port}',
+                f'Listen {self.env.https_port}',
+                f'Listen {self.env.proxy_port}',
+                f'Listen {self.env.proxys_port}',
+                f'TypesConfig "{self._conf_dir}/mime.types',
+            ]
+            if 'base' in self._extra_configs:
+                conf.extend(self._extra_configs['base'])
+            conf.extend([  # plain http host for domain1
+                f'<VirtualHost *:{self.env.http_port}>',
+                f'    ServerName {domain1}',
+                f'    ServerAlias localhost',
+                f'    DocumentRoot "{self._docs_dir}"',
+                f'    Protocols h2c http/1.1',
+            ])
+            conf.extend(self._curltest_conf())
+            conf.extend([
+                f'</VirtualHost>',
+                f'',
+            ])
+            conf.extend([  # https host for domain1, h1 + h2
+                f'<VirtualHost *:{self.env.https_port}>',
+                f'    ServerName {domain1}',
+                f'    Protocols h2 http/1.1',
+                f'    SSLEngine on',
+                f'    SSLCertificateFile {creds1.cert_file}',
+                f'    SSLCertificateKeyFile {creds1.pkey_file}',
+                f'    DocumentRoot "{self._docs_dir}"',
+            ])
+            conf.extend(self._curltest_conf())
+            if domain1 in self._extra_configs:
+                conf.extend(self._extra_configs[domain1])
+            conf.extend([
+                f'</VirtualHost>',
+                f'',
+            ])
+            conf.extend([  # https host for domain2, no h2
+                f'<VirtualHost *:{self.env.https_port}>',
+                f'    ServerName {domain2}',
+                f'    Protocols http/1.1',
+                f'    SSLEngine on',
+                f'    SSLCertificateFile {creds2.cert_file}',
+                f'    SSLCertificateKeyFile {creds2.pkey_file}',
+                f'    DocumentRoot "{self._docs_dir}/two"',
+            ])
+            conf.extend(self._curltest_conf())
+            if domain2 in self._extra_configs:
+                conf.extend(self._extra_configs[domain2])
+            conf.extend([
+                f'</VirtualHost>',
+                f'',
+            ])
+            conf.extend([  # http forward proxy
+                f'<VirtualHost *:{self.env.proxy_port}>',
+                f'    ServerName {proxy_domain}',
+                f'    Protocols h2c, http/1.1',
+                f'    ProxyRequests On',
+                f'    ProxyVia On',
+                f'    AllowCONNECT {self.env.http_port} {self.env.https_port}',
+                f'    <Proxy "*">',
+                f'      Require ip 127.0.0.1',
+                f'    </Proxy>',
+                f'</VirtualHost>',
+            ])
+            conf.extend([  # https forward proxy
+                f'<VirtualHost *:{self.env.proxys_port}>',
+                f'    ServerName {proxy_domain}',
+                f'    Protocols h2, http/1.1',
+                f'    SSLEngine on',
+                f'    SSLCertificateFile {proxy_creds.cert_file}',
+                f'    SSLCertificateKeyFile {proxy_creds.pkey_file}',
+                f'    ProxyRequests On',
+                f'    ProxyVia On',
+                f'    AllowCONNECT {self.env.http_port} {self.env.https_port}',
+                f'    <Proxy "*">',
+                f'      Require ip 127.0.0.1',
+                f'    </Proxy>',
+                f'</VirtualHost>',
+            ])
+            fd.write("\n".join(conf))
+        with open(os.path.join(self._conf_dir, 'mime.types'), 'w') as fd:
+            fd.write("\n".join([
+                'text/html             html',
+                'application/json      json',
+                ''
+            ]))
+
+    def _get_log_level(self):
+        #if self.env.verbose > 3:
+        #    return 'trace2'
+        #if self.env.verbose > 2:
+        #    return 'trace1'
+        #if self.env.verbose > 1:
+        #    return 'debug'
+        return 'info'
+
+    def _curltest_conf(self) -> List[str]:
+        if Httpd.MOD_CURLTEST is not None:
+            return [
+                f'    <Location /curltest/echo>',
+                f'      SetHandler curltest-echo',
+                f'    </Location>',
+                f'    <Location /curltest/put>',
+                f'      SetHandler curltest-put',
+                f'    </Location>',
+                f'    <Location /curltest/tweak>',
+                f'      SetHandler curltest-tweak',
+                f'    </Location>',
+            ]
+        return []
+
+    def _init_curltest(self):
+        if Httpd.MOD_CURLTEST is not None:
+            return
+        local_dir = os.path.dirname(inspect.getfile(Httpd))
+        p = subprocess.run([self.env.apxs, '-c', 'mod_curltest.c'],
+                           capture_output=True,
+                           cwd=os.path.join(local_dir, 'mod_curltest'))
+        rv = p.returncode
+        if rv != 0:
+            log.error(f"compiling mod_curltest failed: {p.stderr}")
+            raise Exception(f"compiling mod_curltest failed: {p.stderr}")
+        Httpd.MOD_CURLTEST = os.path.join(
+            local_dir, 'mod_curltest/.libs/mod_curltest.so')
diff --git a/tests/http/testenv/mod_curltest/.gitignore b/tests/http/testenv/mod_curltest/.gitignore
new file mode 100644
index 000000000..06186631a
--- /dev/null
+++ b/tests/http/testenv/mod_curltest/.gitignore
@@ -0,0 +1,5 @@
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# SPDX-License-Identifier: curl
+
+*.slo
+\ No newline at end of file
diff --git a/tests/http/testenv/mod_curltest/mod_curltest.c b/tests/http/testenv/mod_curltest/mod_curltest.c
new file mode 100644
index 000000000..498f9e536
--- /dev/null
+++ b/tests/http/testenv/mod_curltest/mod_curltest.c
@@ -0,0 +1,514 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include <apr_optional.h>
+#include <apr_optional_hooks.h>
+#include <apr_strings.h>
+#include <apr_cstr.h>
+#include <apr_time.h>
+#include <apr_want.h>
+
+#include <httpd.h>
+#include <http_protocol.h>
+#include <http_request.h>
+#include <http_log.h>
+
+static void curltest_hooks(apr_pool_t *pool);
+static int curltest_echo_handler(request_rec *r);
+static int curltest_put_handler(request_rec *r);
+static int curltest_tweak_handler(request_rec *r);
+
+AP_DECLARE_MODULE(curltest) = {
+  STANDARD20_MODULE_STUFF,
+  NULL, /* func to create per dir config */
+  NULL,  /* func to merge per dir config */
+  NULL, /* func to create per server config */
+  NULL,  /* func to merge per server config */
+  NULL,              /* command handlers */
+  curltest_hooks,
+#if defined(AP_MODULE_FLAG_NONE)
+  AP_MODULE_FLAG_ALWAYS_MERGE
+#endif
+};
+
+static int curltest_post_config(apr_pool_t *p, apr_pool_t *plog,
+                                apr_pool_t *ptemp, server_rec *s)
+{
+  void *data = NULL;
+  const char *key = "mod_curltest_init_counter";
+
+  (void)plog;(void)ptemp;
+
+  apr_pool_userdata_get(&data, key, s->process->pool);
+  if(!data) {
+    /* dry run */
+    apr_pool_userdata_set((const void *)1, key,
+                          apr_pool_cleanup_null, s->process->pool);
+    return APR_SUCCESS;
+  }
+
+  /* mess with the overall server here */
+
+  return APR_SUCCESS;
+}
+
+static void curltest_hooks(apr_pool_t *pool)
+{
+  ap_log_perror(APLOG_MARK, APLOG_TRACE1, 0, pool, "installing hooks");
+
+  /* Run once after configuration is set, but before mpm children initialize.
+   */
+  ap_hook_post_config(curltest_post_config, NULL, NULL, APR_HOOK_MIDDLE);
+
+  /* curl test handlers */
+  ap_hook_handler(curltest_echo_handler, NULL, NULL, APR_HOOK_MIDDLE);
+  ap_hook_handler(curltest_put_handler, NULL, NULL, APR_HOOK_MIDDLE);
+  ap_hook_handler(curltest_tweak_handler, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+#define SECS_PER_HOUR      (60*60)
+#define SECS_PER_DAY       (24*SECS_PER_HOUR)
+
+static apr_status_t duration_parse(apr_interval_time_t *ptimeout, const char *value,
+                                   const char *def_unit)
+{
+  char *endp;
+  apr_int64_t n;
+
+  n = apr_strtoi64(value, &endp, 10);
+  if(errno) {
+    return errno;
+  }
+  if(!endp || !*endp) {
+    if (!def_unit) def_unit = "s";
+  }
+  else if(endp == value) {
+    return APR_EINVAL;
+  }
+  else {
+    def_unit = endp;
+  }
+
+  switch(*def_unit) {
+  case 'D':
+  case 'd':
+    *ptimeout = apr_time_from_sec(n * SECS_PER_DAY);
+    break;
+  case 's':
+  case 'S':
+    *ptimeout = (apr_interval_time_t) apr_time_from_sec(n);
+    break;
+  case 'h':
+  case 'H':
+    /* Time is in hours */
+    *ptimeout = (apr_interval_time_t) apr_time_from_sec(n * SECS_PER_HOUR);
+    break;
+  case 'm':
+  case 'M':
+    switch(*(++def_unit)) {
+    /* Time is in milliseconds */
+    case 's':
+    case 'S':
+      *ptimeout = (apr_interval_time_t) n * 1000;
+      break;
+    /* Time is in minutes */
+    case 'i':
+    case 'I':
+      *ptimeout = (apr_interval_time_t) apr_time_from_sec(n * 60);
+      break;
+    default:
+      return APR_EGENERAL;
+    }
+    break;
+  case 'u':
+  case 'U':
+    switch(*(++def_unit)) {
+    /* Time is in microseconds */
+    case 's':
+    case 'S':
+      *ptimeout = (apr_interval_time_t) n;
+      break;
+    default:
+      return APR_EGENERAL;
+    }
+    break;
+  default:
+    return APR_EGENERAL;
+  }
+  return APR_SUCCESS;
+}
+
+static int status_from_str(const char *s, apr_status_t *pstatus)
+{
+  if(!strcmp("timeout", s)) {
+    *pstatus = APR_TIMEUP;
+    return 1;
+  }
+  else if(!strcmp("reset", s)) {
+    *pstatus = APR_ECONNRESET;
+    return 1;
+  }
+  return 0;
+}
+
+static int curltest_echo_handler(request_rec *r)
+{
+  conn_rec *c = r->connection;
+  apr_bucket_brigade *bb;
+  apr_bucket *b;
+  apr_status_t rv;
+  char buffer[8192];
+  const char *ct;
+  long l;
+
+  if(strcmp(r->handler, "curltest-echo")) {
+    return DECLINED;
+  }
+  if(r->method_number != M_GET && r->method_number != M_POST) {
+    return DECLINED;
+  }
+
+  ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "echo_handler: processing");
+  r->status = 200;
+  r->clength = -1;
+  r->chunked = 1;
+  apr_table_unset(r->headers_out, "Content-Length");
+  /* Discourage content-encodings */
+  apr_table_unset(r->headers_out, "Content-Encoding");
+  apr_table_setn(r->subprocess_env, "no-brotli", "1");
+  apr_table_setn(r->subprocess_env, "no-gzip", "1");
+
+  ct = apr_table_get(r->headers_in, "content-type");
+  ap_set_content_type(r, ct? ct : "application/octet-stream");
+
+  bb = apr_brigade_create(r->pool, c->bucket_alloc);
+  /* copy any request body into the response */
+  if((rv = ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK))) goto cleanup;
+  if(ap_should_client_block(r)) {
+    while(0 < (l = ap_get_client_block(r, &buffer[0], sizeof(buffer)))) {
+      ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
+                    "echo_handler: copying %ld bytes from request body", l);
+      rv = apr_brigade_write(bb, NULL, NULL, buffer, l);
+      if (APR_SUCCESS != rv) goto cleanup;
+      rv = ap_pass_brigade(r->output_filters, bb);
+      if (APR_SUCCESS != rv) goto cleanup;
+      ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
+                    "echo_handler: passed %ld bytes from request body", l);
+    }
+  }
+  /* we are done */
+  b = apr_bucket_eos_create(c->bucket_alloc);
+  APR_BRIGADE_INSERT_TAIL(bb, b);
+  ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "echo_handler: request read");
+
+  if(r->trailers_in && !apr_is_empty_table(r->trailers_in)) {
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
+                  "echo_handler: seeing incoming trailers");
+    apr_table_setn(r->trailers_out, "h2test-trailers-in",
+                   apr_itoa(r->pool, 1));
+  }
+
+  rv = ap_pass_brigade(r->output_filters, bb);
+
+cleanup:
+  if(rv == APR_SUCCESS ||
+     r->status != HTTP_OK ||
+     c->aborted) {
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r, "echo_handler: done");
+    return OK;
+  }
+  else {
+    /* no way to know what type of error occurred */
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r, "echo_handler failed");
+    return AP_FILTER_ERROR;
+  }
+  return DECLINED;
+}
+
+static int curltest_tweak_handler(request_rec *r)
+{
+  conn_rec *c = r->connection;
+  apr_bucket_brigade *bb;
+  apr_bucket *b;
+  apr_status_t rv;
+  char buffer[16*1024];
+  int i, chunks = 3, error_bucket = 1;
+  size_t chunk_size = sizeof(buffer);
+  const char *request_id = "none";
+  apr_time_t delay = 0, chunk_delay = 0;
+  apr_array_header_t *args = NULL;
+  int http_status = 200;
+  apr_status_t error = APR_SUCCESS, body_error = APR_SUCCESS;
+
+  if(strcmp(r->handler, "curltest-tweak")) {
+    return DECLINED;
+  }
+  if(r->method_number != M_GET && r->method_number != M_POST) {
+    return DECLINED;
+  }
+
+  if(r->args) {
+    args = apr_cstr_split(r->args, "&", 1, r->pool);
+    for(i = 0; i < args->nelts; ++i) {
+      char *s, *val, *arg = APR_ARRAY_IDX(args, i, char*);
+      s = strchr(arg, '=');
+      if(s) {
+        *s = '\0';
+        val = s + 1;
+        if(!strcmp("status", arg)) {
+          http_status = (int)apr_atoi64(val);
+          if(http_status > 0) {
+            continue;
+          }
+        }
+        else if(!strcmp("chunks", arg)) {
+          chunks = (int)apr_atoi64(val);
+          if(chunks >= 0) {
+            continue;
+          }
+        }
+        else if(!strcmp("chunk_size", arg)) {
+          chunk_size = (int)apr_atoi64(val);
+          if(chunk_size >= 0) {
+            if(chunk_size > sizeof(buffer)) {
+              ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                            "chunk_size %zu too large", chunk_size);
+              ap_die(HTTP_BAD_REQUEST, r);
+              return OK;
+            }
+            continue;
+          }
+        }
+        else if(!strcmp("id", arg)) {
+          /* just an id for repeated requests with curl's url globbing */
+          request_id = val;
+          continue;
+        }
+        else if(!strcmp("error", arg)) {
+          if(status_from_str(val, &error)) {
+            continue;
+          }
+        }
+        else if(!strcmp("error_bucket", arg)) {
+          error_bucket = (int)apr_atoi64(val);
+          if(error_bucket >= 0) {
+            continue;
+          }
+        }
+        else if(!strcmp("body_error", arg)) {
+          if(status_from_str(val, &body_error)) {
+            continue;
+          }
+        }
+        else if(!strcmp("delay", arg)) {
+          rv = duration_parse(&delay, val, "s");
+          if(APR_SUCCESS == rv) {
+            continue;
+          }
+        }
+        else if(!strcmp("chunk_delay", arg)) {
+          rv = duration_parse(&chunk_delay, val, "s");
+          if(APR_SUCCESS == rv) {
+            continue;
+          }
+        }
+      }
+      ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "query parameter not "
+                    "understood: '%s' in %s",
+                    arg, r->args);
+      ap_die(HTTP_BAD_REQUEST, r);
+      return OK;
+    }
+  }
+
+  ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "error_handler: processing "
+                "request, %s", r->args? r->args : "(no args)");
+  r->status = http_status;
+  r->clength = -1;
+  r->chunked = 1;
+  apr_table_setn(r->headers_out, "request-id", request_id);
+  apr_table_unset(r->headers_out, "Content-Length");
+  /* Discourage content-encodings */
+  apr_table_unset(r->headers_out, "Content-Encoding");
+  apr_table_setn(r->subprocess_env, "no-brotli", "1");
+  apr_table_setn(r->subprocess_env, "no-gzip", "1");
+
+  ap_set_content_type(r, "application/octet-stream");
+  bb = apr_brigade_create(r->pool, c->bucket_alloc);
+
+  if(delay) {
+    apr_sleep(delay);
+  }
+  if(error != APR_SUCCESS) {
+    return ap_map_http_request_error(error, HTTP_BAD_REQUEST);
+  }
+  /* flush response */
+  b = apr_bucket_flush_create(c->bucket_alloc);
+  APR_BRIGADE_INSERT_TAIL(bb, b);
+  rv = ap_pass_brigade(r->output_filters, bb);
+  if (APR_SUCCESS != rv) goto cleanup;
+
+  memset(buffer, 'X', sizeof(buffer));
+  for(i = 0; i < chunks; ++i) {
+    if(chunk_delay) {
+      apr_sleep(chunk_delay);
+    }
+    rv = apr_brigade_write(bb, NULL, NULL, buffer, chunk_size);
+    if(APR_SUCCESS != rv) goto cleanup;
+    rv = ap_pass_brigade(r->output_filters, bb);
+    if(APR_SUCCESS != rv) goto cleanup;
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
+                  "error_handler: passed %lu bytes as response body",
+                  (unsigned long)chunk_size);
+    if(body_error != APR_SUCCESS) {
+      rv = body_error;
+      goto cleanup;
+    }
+  }
+  /* we are done */
+  b = apr_bucket_eos_create(c->bucket_alloc);
+  APR_BRIGADE_INSERT_TAIL(bb, b);
+  rv = ap_pass_brigade(r->output_filters, bb);
+  apr_brigade_cleanup(bb);
+  ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r,
+                "error_handler: response passed");
+
+cleanup:
+  ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r,
+                "error_handler: request cleanup, r->status=%d, aborted=%d",
+                r->status, c->aborted);
+  if(rv == APR_SUCCESS) {
+    return OK;
+  }
+  if(error_bucket && 0) {
+    http_status = ap_map_http_request_error(rv, HTTP_BAD_REQUEST);
+    b = ap_bucket_error_create(http_status, NULL, r->pool, c->bucket_alloc);
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r,
+                  "error_handler: passing error bucket, status=%d",
+                  http_status);
+    APR_BRIGADE_INSERT_TAIL(bb, b);
+    ap_pass_brigade(r->output_filters, bb);
+  }
+  return AP_FILTER_ERROR;
+}
+
+static int curltest_put_handler(request_rec *r)
+{
+  conn_rec *c = r->connection;
+  apr_bucket_brigade *bb;
+  apr_bucket *b;
+  apr_status_t rv;
+  char buffer[16*1024];
+  const char *ct;
+  apr_off_t rbody_len = 0;
+  const char *request_id = "none";
+  apr_time_t chunk_delay = 0;
+  apr_array_header_t *args = NULL;
+  long l;
+  int i;
+
+  if(strcmp(r->handler, "curltest-put")) {
+    return DECLINED;
+  }
+  if(r->method_number != M_PUT) {
+    return DECLINED;
+  }
+
+  if(r->args) {
+    args = apr_cstr_split(r->args, "&", 1, r->pool);
+    for(i = 0; i < args->nelts; ++i) {
+      char *s, *val, *arg = APR_ARRAY_IDX(args, i, char*);
+      s = strchr(arg, '=');
+      if(s) {
+        *s = '\0';
+        val = s + 1;
+        if(!strcmp("id", arg)) {
+          /* just an id for repeated requests with curl's url globbing */
+          request_id = val;
+          continue;
+        }
+        else if(!strcmp("chunk_delay", arg)) {
+          rv = duration_parse(&chunk_delay, val, "s");
+          if(APR_SUCCESS == rv) {
+            continue;
+          }
+        }
+      }
+      ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "query parameter not "
+                    "understood: '%s' in %s",
+                    arg, r->args);
+      ap_die(HTTP_BAD_REQUEST, r);
+      return OK;
+    }
+  }
+
+  ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "put_handler: processing");
+  r->status = 200;
+  r->clength = -1;
+  r->chunked = 1;
+  apr_table_unset(r->headers_out, "Content-Length");
+  /* Discourage content-encodings */
+  apr_table_unset(r->headers_out, "Content-Encoding");
+  apr_table_setn(r->subprocess_env, "no-brotli", "1");
+  apr_table_setn(r->subprocess_env, "no-gzip", "1");
+
+  ct = apr_table_get(r->headers_in, "content-type");
+  ap_set_content_type(r, ct? ct : "text/plain");
+
+  bb = apr_brigade_create(r->pool, c->bucket_alloc);
+  /* copy any request body into the response */
+  if((rv = ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK))) goto cleanup;
+  if(ap_should_client_block(r)) {
+    while(0 < (l = ap_get_client_block(r, &buffer[0], sizeof(buffer)))) {
+      ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
+                    "put_handler: read %ld bytes from request body", l);
+      if(chunk_delay) {
+        apr_sleep(chunk_delay);
+      }
+      rbody_len += l;
+    }
+  }
+  /* we are done */
+  rv = apr_brigade_printf(bb, NULL, NULL, "%"APR_OFF_T_FMT, rbody_len);
+  if(APR_SUCCESS != rv) goto cleanup;
+  b = apr_bucket_eos_create(c->bucket_alloc);
+  APR_BRIGADE_INSERT_TAIL(bb, b);
+  ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "put_handler: request read");
+
+  rv = ap_pass_brigade(r->output_filters, bb);
+
+cleanup:
+  if(rv == APR_SUCCESS
+     || r->status != HTTP_OK
+     || c->aborted) {
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r, "put_handler: done");
+    return OK;
+  }
+  else {
+    /* no way to know what type of error occurred */
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE1, rv, r, "put_handler failed");
+    return AP_FILTER_ERROR;
+  }
+  return DECLINED;
+}
+
diff --git a/tests/http/testenv/nghttpx.py b/tests/http/testenv/nghttpx.py
new file mode 100644
index 000000000..1a26aa84f
--- /dev/null
+++ b/tests/http/testenv/nghttpx.py
@@ -0,0 +1,186 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import os
+import signal
+import subprocess
+import time
+from typing import Optional
+from datetime import datetime, timedelta
+
+from .env import Env
+from .curl import CurlClient
+
+
+log = logging.getLogger(__name__)
+
+
+class Nghttpx:
+
+    def __init__(self, env: Env):
+        self.env = env
+        self._cmd = env.nghttpx
+        self._run_dir = os.path.join(env.gen_dir, 'nghttpx')
+        self._pid_file = os.path.join(self._run_dir, 'nghttpx.pid')
+        self._conf_file = os.path.join(self._run_dir, 'nghttpx.conf')
+        self._error_log = os.path.join(self._run_dir, 'nghttpx.log')
+        self._stderr = os.path.join(self._run_dir, 'nghttpx.stderr')
+        self._tmp_dir = os.path.join(self._run_dir, 'tmp')
+        self._process = None
+        self._process: Optional[subprocess.Popen] = None
+        self._rmf(self._pid_file)
+        self._rmf(self._error_log)
+        self._mkpath(self._run_dir)
+        self._write_config()
+
+    def exists(self):
+        return os.path.exists(self._cmd)
+
+    def clear_logs(self):
+        self._rmf(self._error_log)
+        self._rmf(self._stderr)
+
+    def is_running(self):
+        if self._process:
+            self._process.poll()
+            return self._process.returncode is None
+        return False
+
+    def start_if_needed(self):
+        if not self.is_running():
+            return self.start()
+        return True
+
+    def start(self, wait_live=True):
+        self._mkpath(self._tmp_dir)
+        if self._process:
+            self.stop()
+        args = [
+            self._cmd,
+            f'--frontend=*,{self.env.h3_port};quic',
+            f'--backend=127.0.0.1,{self.env.https_port};{self.env.domain1};sni={self.env.domain1};proto=h2;tls',
+            f'--backend=127.0.0.1,{self.env.http_port}',
+            f'--log-level=INFO',
+            f'--pid-file={self._pid_file}',
+            f'--errorlog-file={self._error_log}',
+            f'--conf={self._conf_file}',
+            f'--cacert={self.env.ca.cert_file}',
+            self.env.get_credentials(self.env.domain1).pkey_file,
+            self.env.get_credentials(self.env.domain1).cert_file,
+        ]
+        ngerr = open(self._stderr, 'a')
+        self._process = subprocess.Popen(args=args, stderr=ngerr)
+        if self._process.returncode is not None:
+            return False
+        return not wait_live or self.wait_live(timeout=timedelta(seconds=5))
+
+    def stop_if_running(self):
+        if self.is_running():
+            return self.stop()
+        return True
+
+    def stop(self, wait_dead=True):
+        self._mkpath(self._tmp_dir)
+        if self._process:
+            self._process.terminate()
+            self._process.wait(timeout=2)
+            self._process = None
+            return not wait_dead or self.wait_dead(timeout=timedelta(seconds=5))
+        return True
+
+    def restart(self):
+        self.stop()
+        return self.start()
+
+    def reload(self, timeout: timedelta):
+        if self._process:
+            running = self._process
+            self._process = None
+            os.kill(running.pid, signal.SIGQUIT)
+            end_wait = datetime.now() + timeout
+            if not self.start(wait_live=False):
+                self._process = running
+                return False
+            while datetime.now() < end_wait:
+                try:
+                    log.debug(f'waiting for nghttpx({running.pid}) to exit.')
+                    running.wait(2)
+                    log.debug(f'nghttpx({running.pid}) terminated -> {running.returncode}')
+                    break
+                except subprocess.TimeoutExpired:
+                    log.warning(f'nghttpx({running.pid}), not shut down yet.')
+                    os.kill(running.pid, signal.SIGQUIT)
+            if datetime.now() >= end_wait:
+                log.error(f'nghttpx({running.pid}), terminate forcefully.')
+                os.kill(running.pid, signal.SIGKILL)
+                running.terminate()
+                running.wait(1)
+            return self.wait_live(timeout=timedelta(seconds=5))
+        return False
+
+    def wait_dead(self, timeout: timedelta):
+        curl = CurlClient(env=self.env, run_dir=self._tmp_dir)
+        try_until = datetime.now() + timeout
+        while datetime.now() < try_until:
+            check_url = f'https://{self.env.domain1}:{self.env.h3_port}/'
+            r = curl.http_get(url=check_url, extra_args=['--http3-only'])
+            if r.exit_code != 0:
+                return True
+            log.debug(f'waiting for nghttpx to stop responding: {r}')
+            time.sleep(.1)
+        log.debug(f"Server still responding after {timeout}")
+        return False
+
+    def wait_live(self, timeout: timedelta):
+        curl = CurlClient(env=self.env, run_dir=self._tmp_dir)
+        try_until = datetime.now() + timeout
+        while datetime.now() < try_until:
+            check_url = f'https://{self.env.domain1}:{self.env.h3_port}/'
+            r = curl.http_get(url=check_url, extra_args=[
+                '--http3-only', '--trace', 'curl.trace', '--trace-time'
+            ])
+            if r.exit_code == 0:
+                return True
+            log.debug(f'waiting for nghttpx to become responsive: {r}')
+            time.sleep(.1)
+        log.error(f"Server still not responding after {timeout}")
+        return False
+
+    def _rmf(self, path):
+        if os.path.exists(path):
+            return os.remove(path)
+
+    def _mkpath(self, path):
+        if not os.path.exists(path):
+            return os.makedirs(path)
+
+    def _write_config(self):
+        with open(self._conf_file, 'w') as fd:
+            fd.write(f'# nghttpx test config'),
+            fd.write("\n".join([
+                '# do we need something here?'
+            ]))
diff --git a/tests/http/testenv/ports.py b/tests/http/testenv/ports.py
new file mode 100644
index 000000000..b7e8d97f1
--- /dev/null
+++ b/tests/http/testenv/ports.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+# SPDX-License-Identifier: curl
+#
+###########################################################################
+#
+import logging
+import socket
+from typing import Dict
+
+log = logging.getLogger(__name__)
+
+
+def alloc_ports(port_specs: Dict[str, int]) -> Dict[str, int]:
+    ports = {}
+    socks = []
+    for name, ptype in port_specs.items():
+        try:
+            s = socket.socket(type=ptype)
+            s.bind(('', 0))
+            ports[name] = s.getsockname()[1]
+            socks.append(s)
+        except Exception as e:
+            raise e
+    for s in socks:
+        s.close()
+    return ports
+
+
diff --git a/tests/http2-server.pl b/tests/http2-server.pl
index a1afc3e02..bbfaf4775 100755
--- a/tests/http2-server.pl
+++ b/tests/http2-server.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -25,13 +25,18 @@
 
 # This script invokes nghttpx properly to have it serve HTTP/2 for us.
 # nghttpx runs as a proxy in front of our "actual" HTTP/1 server.
+use Cwd;
+use Cwd 'abs_path';
+use File::Basename;
 
 my $pidfile = "log/nghttpx.pid";
 my $logfile = "log/http2.log";
 my $nghttpx = "nghttpx";
 my $listenport = 9015;
+my $listenport2 = 9016;
 my $connect = "127.0.0.1,8990";
 my $conf = "nghttpx.conf";
+my $cert = "Server-localhost-sv";
 
 #***************************************************************************
 # Process command line options
@@ -58,6 +63,12 @@ while(@ARGV) {
             shift @ARGV;
         }
     }
+    elsif($ARGV[0] eq '--port2') {
+        if($ARGV[1]) {
+            $listenport2 = $ARGV[1];
+            shift @ARGV;
+        }
+    }
     elsif($ARGV[0] eq '--connect') {
         if($ARGV[1]) {
             $connect = $ARGV[1];
@@ -83,11 +94,19 @@ while(@ARGV) {
     shift @ARGV;
 }
 
+my $srcdir = dirname(__FILE__);
+$certfile = "$srcdir/certs/$cert.pem";
+$keyfile = "$srcdir/certs/$cert.key";
+$certfile = abs_path($certfile);
+$keyfile = abs_path($keyfile);
+
 my $cmdline="$nghttpx --backend=$connect ".
     "--frontend=\"*,$listenport;no-tls\" ".
+    "--frontend=\"*,$listenport2\" ".
     "--log-level=INFO ".
     "--pid-file=$pidfile ".
     "--conf=$conf ".
-    "--errorlog-file=$logfile";
+    "--errorlog-file=$logfile ".
+    "$keyfile $certfile";
 print "RUN: $cmdline\n" if($verbose);
 system("$cmdline 2>/dev/null");
diff --git a/tests/http3-server.pl b/tests/http3-server.pl
index 67c854ff8..0c562fba3 100644..100755
--- a/tests/http3-server.pl
+++ b/tests/http3-server.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -28,6 +28,7 @@
 
 use Cwd;
 use Cwd 'abs_path';
+use File::Basename;
 
 my $pidfile = "log/nghttpx.pid";
 my $logfile = "log/http3.log";
@@ -93,8 +94,7 @@ while(@ARGV) {
     shift @ARGV;
 }
 
-my $path   = getcwd();
-my $srcdir = $path;
+my $srcdir = dirname(__FILE__);
 $certfile = "$srcdir/certs/$cert.pem";
 $keyfile = "$srcdir/certs/$cert.key";
 $certfile = abs_path($certfile);
diff --git a/tests/keywords.pl b/tests/keywords.pl
index 88d521e90..e928eabb3 100755
--- a/tests/keywords.pl
+++ b/tests/keywords.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/.gitignore b/tests/libtest/.gitignore
index 1e3e9ff5f..3e36c15b8 100644
--- a/tests/libtest/.gitignore
+++ b/tests/libtest/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/tests/libtest/CMakeLists.txt b/tests/libtest/CMakeLists.txt
index e547c6a64..412e5e9a7 100644
--- a/tests/libtest/CMakeLists.txt
+++ b/tests/libtest/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/Makefile.am b/tests/libtest/Makefile.am
index 4a22f5282..9ee6916b5 100644
--- a/tests/libtest/Makefile.am
+++ b/tests/libtest/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 4bab9e0bd..c8eb4149c 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -65,11 +65,15 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
  \
  lib1662 \
  \
-         lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
+ lib1903 lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
          lib1915 lib1916 lib1917 lib1918 lib1919 \
  lib1933 lib1934 lib1935 lib1936 lib1937 lib1938 lib1939 lib1940 \
  lib1945 lib1946 lib1947 lib1948 lib1955 lib1956 lib1957 lib1958 lib1959 \
- lib2301 lib2302 lib2304 \
+ lib1960 \
+ lib1970 lib1971 lib1972 lib1973 lib1974 lib1975 \
+ lib2301 lib2302 lib2304 lib2305 \
+ lib2402 \
+ lib2502 \
  lib3010 lib3025 lib3026 lib3027 \
  lib3100 lib3101
 
@@ -82,99 +86,70 @@ chkdecimalpoint_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB \
 chkhostname_SOURCES = chkhostname.c ../../lib/curl_gethostname.c
 chkhostname_LDADD = @CURL_NETWORK_LIBS@
 chkhostname_DEPENDENCIES =
-chkhostname_CPPFLAGS = $(AM_CPPFLAGS)
 
 libntlmconnect_SOURCES = libntlmconnect.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 libntlmconnect_LDADD = $(TESTUTIL_LIBS)
-libntlmconnect_CPPFLAGS = $(AM_CPPFLAGS)
 
 libauthretry_SOURCES = libauthretry.c $(SUPPORTFILES)
-libauthretry_CPPFLAGS = $(AM_CPPFLAGS)
 
 libprereq_SOURCES = libprereq.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 libprereq_LDADD = $(TESTUTIL_LIBS)
-libprereq_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib500_SOURCES = lib500.c $(SUPPORTFILES) $(TESTUTIL) $(TSTTRACE) $(MULTIBYTE)
 lib500_LDADD = $(TESTUTIL_LIBS)
-lib500_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib501_SOURCES = lib501.c $(SUPPORTFILES)
-lib501_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib502_SOURCES = lib502.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib502_LDADD = $(TESTUTIL_LIBS)
-lib502_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib503_SOURCES = lib503.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib503_LDADD = $(TESTUTIL_LIBS)
-lib503_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib504_SOURCES = lib504.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib504_LDADD = $(TESTUTIL_LIBS)
-lib504_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib505_SOURCES = lib505.c $(SUPPORTFILES) $(MULTIBYTE)
-lib505_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib506_SOURCES = lib506.c $(SUPPORTFILES)
-lib506_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib507_SOURCES = lib507.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib507_LDADD = $(TESTUTIL_LIBS)
-lib507_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib508_SOURCES = lib508.c $(SUPPORTFILES)
-lib508_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib509_SOURCES = lib509.c $(SUPPORTFILES)
-lib509_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib510_SOURCES = lib510.c $(SUPPORTFILES)
-lib510_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib511_SOURCES = lib511.c $(SUPPORTFILES)
-lib511_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib512_SOURCES = lib512.c $(SUPPORTFILES)
-lib512_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib513_SOURCES = lib513.c $(SUPPORTFILES)
-lib513_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib514_SOURCES = lib514.c $(SUPPORTFILES)
-lib514_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib515_SOURCES = lib515.c $(SUPPORTFILES)
-lib515_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib516_SOURCES = lib516.c $(SUPPORTFILES)
-lib516_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib517_SOURCES = lib517.c $(SUPPORTFILES)
-lib517_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib518_SOURCES = lib518.c $(SUPPORTFILES) $(WARNLESS) $(MULTIBYTE)
-lib518_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib519_SOURCES = lib519.c $(SUPPORTFILES)
-lib519_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib520_SOURCES = lib520.c $(SUPPORTFILES)
-lib520_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib521_SOURCES = lib521.c $(SUPPORTFILES)
-lib521_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib523_SOURCES = lib523.c $(SUPPORTFILES)
-lib523_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib524_SOURCES = lib524.c $(SUPPORTFILES)
-lib524_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib525_SOURCES = lib525.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) $(MULTIBYTE)
 lib525_LDADD = $(TESTUTIL_LIBS)
-lib525_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib526_SOURCES = lib526.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib526_LDADD = $(TESTUTIL_LIBS)
@@ -190,7 +165,6 @@ lib529_CPPFLAGS = $(AM_CPPFLAGS) -DLIB529
 
 lib530_SOURCES = lib530.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib530_LDADD = $(TESTUTIL_LIBS)
-lib530_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib532_SOURCES = lib526.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib532_LDADD = $(TESTUTIL_LIBS)
@@ -198,128 +172,92 @@ lib532_CPPFLAGS = $(AM_CPPFLAGS) -DLIB532
 
 lib533_SOURCES = lib533.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib533_LDADD = $(TESTUTIL_LIBS)
-lib533_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib537_SOURCES = lib537.c $(SUPPORTFILES) $(WARNLESS) $(MULTIBYTE)
-lib537_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib539_SOURCES = lib539.c $(SUPPORTFILES)
-lib539_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib540_SOURCES = lib540.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib540_LDADD = $(TESTUTIL_LIBS)
-lib540_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib541_SOURCES = lib541.c $(SUPPORTFILES) $(MULTIBYTE)
-lib541_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib542_SOURCES = lib542.c $(SUPPORTFILES)
-lib542_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib543_SOURCES = lib543.c $(SUPPORTFILES)
-lib543_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib544_SOURCES = lib544.c $(SUPPORTFILES)
-lib544_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib545_SOURCES = lib544.c $(SUPPORTFILES)
 lib545_CPPFLAGS = $(AM_CPPFLAGS) -DLIB545
 
 lib547_SOURCES = lib547.c $(SUPPORTFILES)
-lib547_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib548_SOURCES = lib547.c $(SUPPORTFILES)
 lib548_CPPFLAGS = $(AM_CPPFLAGS) -DLIB548
 
 lib549_SOURCES = lib549.c $(SUPPORTFILES)
-lib549_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib552_SOURCES = lib552.c $(SUPPORTFILES) $(WARNLESS)
-lib552_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib553_SOURCES = lib553.c $(SUPPORTFILES)
-lib553_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib554_SOURCES = lib554.c $(SUPPORTFILES)
-lib554_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib555_SOURCES = lib555.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib555_LDADD = $(TESTUTIL_LIBS)
-lib555_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib556_SOURCES = lib556.c $(SUPPORTFILES) $(WARNLESS)
-lib556_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib557_SOURCES = lib557.c $(SUPPORTFILES)
-lib557_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib558_SOURCES = lib558.c $(SUPPORTFILES)
-lib558_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib559_SOURCES = lib559.c $(SUPPORTFILES)
-lib559_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib560_SOURCES = lib560.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib560_LDADD = $(TESTUTIL_LIBS)
-lib560_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib562_SOURCES = lib562.c $(SUPPORTFILES)
-lib562_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib564_SOURCES = lib564.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib564_LDADD = $(TESTUTIL_LIBS)
-lib564_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib565_SOURCES = lib510.c $(SUPPORTFILES)
 lib565_CPPFLAGS = $(AM_CPPFLAGS) -DLIB565
 
 lib566_SOURCES = lib566.c $(SUPPORTFILES) $(MULTIBYTE)
-lib566_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib567_SOURCES = lib567.c $(SUPPORTFILES)
-lib567_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib568_SOURCES = lib568.c $(SUPPORTFILES) $(MULTIBYTE)
-lib568_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib569_SOURCES = lib569.c $(SUPPORTFILES) $(MULTIBYTE)
-lib569_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib570_SOURCES = lib570.c $(SUPPORTFILES)
-lib570_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib571_SOURCES = lib571.c $(SUPPORTFILES) $(WARNLESS) $(MULTIBYTE)
-lib571_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib572_SOURCES = lib572.c $(SUPPORTFILES) $(MULTIBYTE)
-lib572_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib573_SOURCES = lib573.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) $(TSTTRACE)
 lib573_LDADD = $(TESTUTIL_LIBS)
-lib573_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib574_SOURCES = lib574.c $(SUPPORTFILES)
-lib574_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib575_SOURCES = lib575.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib575_LDADD = $(TESTUTIL_LIBS)
-lib575_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib576_SOURCES = lib576.c $(SUPPORTFILES)
-lib576_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib578_SOURCES = lib578.c $(SUPPORTFILES) $(MULTIBYTE)
-lib578_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib579_SOURCES = lib579.c $(SUPPORTFILES) $(MULTIBYTE)
-lib579_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib582_SOURCES = lib582.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) $(MULTIBYTE)
 lib582_LDADD = $(TESTUTIL_LIBS)
-lib582_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib583_SOURCES = lib583.c $(SUPPORTFILES)
-lib583_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib584_SOURCES = lib589.c $(SUPPORTFILES)
 lib584_CPPFLAGS = $(AM_CPPFLAGS) -DLIB584
@@ -329,76 +267,56 @@ lib585_LDADD = $(TESTUTIL_LIBS)
 lib585_CPPFLAGS = $(AM_CPPFLAGS) -DLIB585
 
 lib586_SOURCES = lib586.c $(SUPPORTFILES)
-lib586_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib587_SOURCES = lib554.c $(SUPPORTFILES)
 lib587_CPPFLAGS = $(AM_CPPFLAGS) -DLIB587
 
 lib589_SOURCES = lib589.c $(SUPPORTFILES)
-lib589_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib590_SOURCES = lib590.c $(SUPPORTFILES)
-lib590_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib591_SOURCES = lib591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) $(MULTIBYTE)
 lib591_LDADD = $(TESTUTIL_LIBS)
-lib591_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib597_SOURCES = lib597.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib597_LDADD = $(TESTUTIL_LIBS)
-lib597_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib598_SOURCES = lib598.c $(SUPPORTFILES)
-lib598_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib599_SOURCES = lib599.c $(SUPPORTFILES) $(MULTIBYTE)
-lib599_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib643_SOURCES = lib643.c $(SUPPORTFILES)
-lib643_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib645_SOURCES = lib643.c $(SUPPORTFILES)
 lib645_CPPFLAGS = $(AM_CPPFLAGS) -DLIB645
 
 lib650_SOURCES = lib650.c $(SUPPORTFILES)
-lib650_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib651_SOURCES = lib651.c $(SUPPORTFILES)
-lib651_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib652_SOURCES = lib652.c $(SUPPORTFILES)
-lib652_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib653_SOURCES = lib653.c $(SUPPORTFILES)
-lib653_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib654_SOURCES = lib654.c $(SUPPORTFILES)
-lib654_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib655_SOURCES = lib655.c $(SUPPORTFILES)
-lib655_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib658_SOURCES = lib658.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib658_LDADD = $(TESTUTIL_LIBS)
-lib658_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib659_SOURCES = lib659.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib659_LDADD = $(TESTUTIL_LIBS)
-lib659_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib661_SOURCES = lib661.c $(SUPPORTFILES)
-lib661_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib666_SOURCES = lib666.c $(SUPPORTFILES)
-lib666_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib667_SOURCES = lib667.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib667_LDADD = $(TESTUTIL_LIBS)
-lib667_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib668_SOURCES = lib668.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib668_LDADD = $(TESTUTIL_LIBS)
-lib668_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib670_SOURCES = lib670.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib670_LDADD = $(TESTUTIL_LIBS)
@@ -414,35 +332,27 @@ lib672_CPPFLAGS = $(AM_CPPFLAGS) -DLIB672
 
 lib673_SOURCES = lib670.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib673_LDADD = $(TESTUTIL_LIBS)
-lib673_CPPFLAGS = $(AM_CPPFLAGS) -DLIB673
 
 lib674_SOURCES = lib674.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib674_LDADD = $(TESTUTIL_LIBS)
-lib674_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib676_SOURCES = lib676.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib676_LDADD = $(TESTUTIL_LIBS)
-lib676_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib677_SOURCES = lib677.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) $(MULTIBYTE)
 lib677_LDADD = $(TESTUTIL_LIBS)
-lib677_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib678_SOURCES = lib678.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) $(MULTIBYTE)
 lib678_LDADD = $(TESTUTIL_LIBS)
-lib678_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1301_SOURCES = lib1301.c $(SUPPORTFILES) $(TESTUTIL)
 lib1301_LDADD = $(TESTUTIL_LIBS)
-lib1301_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1500_SOURCES = lib1500.c $(SUPPORTFILES) $(TESTUTIL)
 lib1500_LDADD = $(TESTUTIL_LIBS)
-lib1500_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1501_SOURCES = lib1501.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1501_LDADD = $(TESTUTIL_LIBS)
-lib1501_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1502_SOURCES = lib1502.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1502_LDADD = $(TESTUTIL_LIBS)
@@ -462,122 +372,92 @@ lib1505_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1505
 
 lib1506_SOURCES = lib1506.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1506_LDADD = $(TESTUTIL_LIBS)
-lib1506_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1506
 
 lib1156_SOURCES = lib1156.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1156_LDADD = $(TESTUTIL_LIBS)
-lib1156_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1156
 
 lib1507_SOURCES = lib1507.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1507_LDADD = $(TESTUTIL_LIBS)
-lib1507_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1507
 
 lib1508_SOURCES = lib1508.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1508_LDADD = $(TESTUTIL_LIBS)
-lib1508_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1508
 
 lib1509_SOURCES = lib1509.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1509_LDADD = $(TESTUTIL_LIBS)
-lib1509_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1509
 
 lib1510_SOURCES = lib1510.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1510_LDADD = $(TESTUTIL_LIBS)
-lib1510_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1510
 
 lib1511_SOURCES = lib1511.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1511_LDADD = $(TESTUTIL_LIBS)
-lib1511_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1511
 
 lib1512_SOURCES = lib1512.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1512_LDADD = $(TESTUTIL_LIBS)
-lib1512_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1512
 
 lib1513_SOURCES = lib1513.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1513_LDADD = $(TESTUTIL_LIBS)
-lib1513_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1513
 
 lib1514_SOURCES = lib1514.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1514_LDADD = $(TESTUTIL_LIBS)
-lib1514_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1514
 
 lib1515_SOURCES = lib1515.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1515_LDADD = $(TESTUTIL_LIBS)
-lib1515_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1515
 
 lib1517_SOURCES = lib1517.c $(SUPPORTFILES)
-lib1517_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1517
 
 lib1518_SOURCES = lib1518.c $(SUPPORTFILES)
-lib1518_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1520_SOURCES = lib1520.c $(SUPPORTFILES)
-lib1520_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1520
 
 nodist_lib1521_SOURCES = lib1521.c $(SUPPORTFILES)
 lib1521_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)
 
 lib1522_SOURCES = lib1522.c $(SUPPORTFILES) $(TESTUTIL) $(TSTTRACE)
 lib1522_LDADD = $(TESTUTIL_LIBS)
-lib1522_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1523_SOURCES = lib1523.c $(SUPPORTFILES)
-lib1523_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1525_SOURCES = lib1525.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1525_LDADD = $(TESTUTIL_LIBS)
-lib1525_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1525
 
 lib1526_SOURCES = lib1526.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1526_LDADD = $(TESTUTIL_LIBS)
-lib1526_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1526
 
 lib1527_SOURCES = lib1527.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1527_LDADD = $(TESTUTIL_LIBS)
-lib1527_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1527
 
 lib1528_SOURCES = lib1528.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1528_LDADD = $(TESTUTIL_LIBS)
-lib1528_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1528
 
 lib1529_SOURCES = lib1529.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1529_LDADD = $(TESTUTIL_LIBS)
-lib1529_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1529
 
 lib1530_SOURCES = lib1530.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1530_LDADD = $(TESTUTIL_LIBS)
-lib1530_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1530
 
 lib1531_SOURCES = lib1531.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1531_LDADD = $(TESTUTIL_LIBS)
-lib1531_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1531
 
 lib1532_SOURCES = lib1532.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1532_LDADD = $(TESTUTIL_LIBS)
-lib1532_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1532
 
 lib1533_SOURCES = lib1533.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1533_LDADD = $(TESTUTIL_LIBS)
-lib1533_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1533
 
 lib1534_SOURCES = lib1534.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1534_LDADD = $(TESTUTIL_LIBS)
-lib1534_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1534
 
 lib1535_SOURCES = lib1535.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1535_LDADD = $(TESTUTIL_LIBS)
-lib1535_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1535
 
 lib1536_SOURCES = lib1536.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1536_LDADD = $(TESTUTIL_LIBS)
-lib1536_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1536
 
 lib1537_SOURCES = lib1537.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1537_LDADD = $(TESTUTIL_LIBS)
-lib1537_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1538_SOURCES = lib1538.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1538_LDADD = $(TESTUTIL_LIBS)
-lib1538_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1539_SOURCES = lib1514.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1539_LDADD = $(TESTUTIL_LIBS)
@@ -585,43 +465,33 @@ lib1539_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1539
 
 lib1540_SOURCES = lib1540.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1540_LDADD = $(TESTUTIL_LIBS)
-lib1540_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1542_SOURCES = lib1542.c $(SUPPORTFILES) $(TESTUTIL) $(TSTTRACE) $(WARNLESS)
 lib1542_LDADD = $(TESTUTIL_LIBS)
-lib1542_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1543_SOURCES = lib1518.c $(SUPPORTFILES)
 lib1543_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1543
 
 lib1550_SOURCES = lib1550.c $(SUPPORTFILES)
-lib1550_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1517
 
 lib1551_SOURCES = lib1551.c $(SUPPORTFILES)
-lib1551_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1552_SOURCES = lib1552.c $(SUPPORTFILES) $(TESTUTIL)
 lib1552_LDADD = $(TESTUTIL_LIBS)
-lib1552_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1553_SOURCES = lib1553.c $(SUPPORTFILES) $(TESTUTIL)
 lib1553_LDADD = $(TESTUTIL_LIBS)
-lib1553_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1554_SOURCES = lib1554.c $(SUPPORTFILES)
-lib1554_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1555_SOURCES = lib1555.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1555_LDADD = $(TESTUTIL_LIBS)
-lib1555_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1555
 
 lib1556_SOURCES = lib1556.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1556_LDADD = $(TESTUTIL_LIBS)
-lib1556_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1556
 
 lib1557_SOURCES = lib1557.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1557_LDADD = $(TESTUTIL_LIBS)
-lib1557_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1557
 
 lib1558_SOURCES = lib1558.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1558_LDADD = $(TESTUTIL_LIBS)
@@ -634,28 +504,21 @@ lib1560_LDADD = $(TESTUTIL_LIBS)
 
 lib1564_SOURCES = lib1564.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1564_LDADD = $(TESTUTIL_LIBS)
-lib1564_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1565_SOURCES = lib1565.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1565_LDADD = $(TESTUTIL_LIBS)
-lib1565_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1567_SOURCES = lib1567.c $(SUPPORTFILES)
-lib1567_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1568_SOURCES = lib1568.c $(SUPPORTFILES)
-lib1568_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1569_SOURCES = lib1569.c $(SUPPORTFILES)
-lib1569_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1591_SOURCES = lib1591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1591_LDADD = $(TESTUTIL_LIBS)
-lib1591_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1591
 
 lib1592_SOURCES = lib1592.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1592_LDADD = $(TESTUTIL_LIBS)
-lib1592_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1592
 
 lib1593_SOURCES = lib1593.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1593_LDADD = $(TESTUTIL_LIBS)
@@ -673,89 +536,71 @@ lib1597_LDADD = $(TESTUTIL_LIBS)
 lib1662_SOURCES = lib1662.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1662_LDADD = $(TESTUTIL_LIBS)
 
+lib1903_SOURCES = lib1903.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1903_LDADD = $(TESTUTIL_LIBS)
+
 lib1905_SOURCES = lib1905.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1905_LDADD = $(TESTUTIL_LIBS)
-lib1905_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1906_SOURCES = lib1906.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1906_LDADD = $(TESTUTIL_LIBS)
-lib1906_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1907_SOURCES = lib1907.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1907_LDADD = $(TESTUTIL_LIBS)
-lib1907_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1908_SOURCES = lib1908.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1908_LDADD = $(TESTUTIL_LIBS)
-lib1908_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1910_SOURCES = lib1910.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1910_LDADD = $(TESTUTIL_LIBS)
-lib1910_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1911_SOURCES = lib1911.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1911_LDADD = $(TESTUTIL_LIBS)
-lib1911_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1912_SOURCES = lib1912.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1912_LDADD = $(TESTUTIL_LIBS)
-lib1912_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1913_SOURCES = lib1913.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1913_LDADD = $(TESTUTIL_LIBS)
-lib1913_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1915_SOURCES = lib1915.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1915_LDADD = $(TESTUTIL_LIBS)
-lib1915_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1916_SOURCES = lib1916.c $(SUPPORTFILES) $(WARNLESS)
-lib1916_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1917_SOURCES = lib1916.c $(SUPPORTFILES) $(WARNLESS)
 lib1917_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1917
 
 lib1918_SOURCES = lib1918.c $(SUPPORTFILES) $(WARNLESS)
-lib1918_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1919_SOURCES = lib1919.c $(SUPPORTFILES) $(WARNLESS)
-lib1919_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1933_SOURCES = lib1933.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1933_LDADD = $(TESTUTIL_LIBS)
-lib1933_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1934_SOURCES = lib1934.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1934_LDADD = $(TESTUTIL_LIBS)
-lib1934_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1935_SOURCES = lib1935.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1935_LDADD = $(TESTUTIL_LIBS)
-lib1935_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1936_SOURCES = lib1936.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1936_LDADD = $(TESTUTIL_LIBS)
-lib1936_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1937_SOURCES = lib1937.c $(SUPPORTFILES)
 lib1937_LDADD = $(TESTUTIL_LIBS)
-lib1937_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1938_SOURCES = lib1938.c $(SUPPORTFILES)
 lib1938_LDADD = $(TESTUTIL_LIBS)
-lib1938_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1939_SOURCES = lib1939.c $(SUPPORTFILES)
 lib1939_LDADD = $(TESTUTIL_LIBS)
-lib1939_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1940_SOURCES = lib1940.c $(SUPPORTFILES)
 lib1940_LDADD = $(TESTUTIL_LIBS)
-lib1940_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1945_SOURCES = lib1945.c $(SUPPORTFILES)
 lib1945_LDADD = $(TESTUTIL_LIBS)
-lib1945_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1946_SOURCES = lib1940.c $(SUPPORTFILES)
 lib1946_LDADD = $(TESTUTIL_LIBS)
@@ -763,31 +608,45 @@ lib1946_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1946
 
 lib1947_SOURCES = lib1947.c $(SUPPORTFILES)
 lib1947_LDADD = $(TESTUTIL_LIBS)
-lib1947_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1948_SOURCES = lib1948.c $(SUPPORTFILES)
 lib1948_LDADD = $(TESTUTIL_LIBS)
-lib1948_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1955_SOURCES = lib1955.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1955_LDADD = $(TESTUTIL_LIBS)
-lib1955_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1956_SOURCES = lib1956.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1956_LDADD = $(TESTUTIL_LIBS)
-lib1956_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1957_SOURCES = lib1957.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1957_LDADD = $(TESTUTIL_LIBS)
-lib1957_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1958_SOURCES = lib1958.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1958_LDADD = $(TESTUTIL_LIBS)
-lib1958_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib1959_SOURCES = lib1959.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1959_LDADD = $(TESTUTIL_LIBS)
-lib1959_CPPFLAGS = $(AM_CPPFLAGS)
+
+lib1960_SOURCES = lib1960.c $(SUPPORTFILES)
+lib1960_LDADD = $(TESTUTIL_LIBS)
+
+lib1970_SOURCES = lib1970.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1970_LDADD = $(TESTUTIL_LIBS)
+
+lib1971_SOURCES = lib1971.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1971_LDADD = $(TESTUTIL_LIBS)
+
+lib1972_SOURCES = lib1972.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1972_LDADD = $(TESTUTIL_LIBS)
+
+lib1973_SOURCES = lib1973.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1973_LDADD = $(TESTUTIL_LIBS)
+
+lib1974_SOURCES = lib1974.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1974_LDADD = $(TESTUTIL_LIBS)
+
+lib1975_SOURCES = lib1975.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1975_LDADD = $(TESTUTIL_LIBS)
 
 lib2301_SOURCES = lib2301.c $(SUPPORTFILES)
 lib2301_LDADD = $(TESTUTIL_LIBS)
@@ -798,21 +657,26 @@ lib2302_LDADD = $(TESTUTIL_LIBS)
 lib2304_SOURCES = lib2304.c $(SUPPORTFILES)
 lib2304_LDADD = $(TESTUTIL_LIBS)
 
+lib2305_SOURCES = lib2305.c $(SUPPORTFILES) $(TESTUTIL) $(TSTTRACE) $(MULTIBYTE)
+lib2305_LDADD = $(TESTUTIL_LIBS)
+
+lib2402_SOURCES = lib2402.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib2402_LDADD = $(TESTUTIL_LIBS)
+
+lib2502_SOURCES = lib2502.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib2502_LDADD = $(TESTUTIL_LIBS)
+
 lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib3010_LDADD = $(TESTUTIL_LIBS)
-lib3010_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib3025_SOURCES = lib3025.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib3025_LDADD = $(TESTUTIL_LIBS)
-lib3025_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib3026_SOURCES = lib3026.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib3026_LDADD = $(TESTUTIL_LIBS)
-lib3026_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib3027_SOURCES = lib3027.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib3027_LDADD = $(TESTUTIL_LIBS)
-lib3027_CPPFLAGS = $(AM_CPPFLAGS)
 
 lib3100_SOURCES = lib3100.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib3100_LDADD = $(TESTUTIL_LIBS)
diff --git a/tests/libtest/chkdecimalpoint.c b/tests/libtest/chkdecimalpoint.c
index 0ff0b7d6d..5e201fa02 100644
--- a/tests/libtest/chkdecimalpoint.c
+++ b/tests/libtest/chkdecimalpoint.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/chkhostname.c b/tests/libtest/chkhostname.c
index 04716f93b..e49da133c 100644
--- a/tests/libtest/chkhostname.c
+++ b/tests/libtest/chkhostname.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/first.c b/tests/libtest/first.c
index 5edb49bd2..932d5bb65 100644
--- a/tests/libtest/first.c
+++ b/tests/libtest/first.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -85,9 +85,7 @@ char **test_argv;
 
 struct timeval tv_test_start; /* for test timing */
 
-#ifdef UNITTESTS
 int unitfail; /* for unittests */
-#endif
 
 #ifdef CURLDEBUG
 static void memory_tracking_init(void)
diff --git a/tests/libtest/lib1156.c b/tests/libtest/lib1156.c
index aa2bf1e81..bdc95d852 100644
--- a/tests/libtest/lib1156.c
+++ b/tests/libtest/lib1156.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1301.c b/tests/libtest/lib1301.c
index d98134c39..f63b94ccd 100644
--- a/tests/libtest/lib1301.c
+++ b/tests/libtest/lib1301.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1500.c b/tests/libtest/lib1500.c
index 9e009a3e7..3f237a031 100644
--- a/tests/libtest/lib1500.c
+++ b/tests/libtest/lib1500.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1501.c b/tests/libtest/lib1501.c
index 1deb2fdef..a4816c777 100644
--- a/tests/libtest/lib1501.c
+++ b/tests/libtest/lib1501.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1502.c b/tests/libtest/lib1502.c
index 2b5ba9e2e..2e2415b72 100644
--- a/tests/libtest/lib1502.c
+++ b/tests/libtest/lib1502.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1506.c b/tests/libtest/lib1506.c
index 1acb7bc62..a1a72b2a1 100644
--- a/tests/libtest/lib1506.c
+++ b/tests/libtest/lib1506.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Linus Nielsen Feltzing <linus@haxx.se>
+ * Copyright (C) Linus Nielsen Feltzing <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1507.c b/tests/libtest/lib1507.c
index 0783486c6..d23e0b184 100644
--- a/tests/libtest/lib1507.c
+++ b/tests/libtest/lib1507.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1508.c b/tests/libtest/lib1508.c
index 732e10d2b..981039137 100644
--- a/tests/libtest/lib1508.c
+++ b/tests/libtest/lib1508.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Linus Nielsen Feltzing <linus@haxx.se>
+ * Copyright (C) Linus Nielsen Feltzing <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1509.c b/tests/libtest/lib1509.c
index e64f3a37a..2277e6cee 100644
--- a/tests/libtest/lib1509.c
+++ b/tests/libtest/lib1509.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1510.c b/tests/libtest/lib1510.c
index 130400a78..7b0e12ce9 100644
--- a/tests/libtest/lib1510.c
+++ b/tests/libtest/lib1510.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Linus Nielsen Feltzing <linus@haxx.se>
+ * Copyright (C) Linus Nielsen Feltzing <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1511.c b/tests/libtest/lib1511.c
index 26d308438..d093a5bd2 100644
--- a/tests/libtest/lib1511.c
+++ b/tests/libtest/lib1511.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1512.c b/tests/libtest/lib1512.c
index 4aed9f84e..2ca0fe620 100644
--- a/tests/libtest/lib1512.c
+++ b/tests/libtest/lib1512.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Linus Nielsen Feltzing <linus@haxx.se>
+ * Copyright (C) Linus Nielsen Feltzing <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1513.c b/tests/libtest/lib1513.c
index 43b783061..19c23c06e 100644
--- a/tests/libtest/lib1513.c
+++ b/tests/libtest/lib1513.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1514.c b/tests/libtest/lib1514.c
index a2350030e..6582b5977 100644
--- a/tests/libtest/lib1514.c
+++ b/tests/libtest/lib1514.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1515.c b/tests/libtest/lib1515.c
index 6690af4c0..d210ed3be 100644
--- a/tests/libtest/lib1515.c
+++ b/tests/libtest/lib1515.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -37,10 +37,6 @@
 
 #define DNS_TIMEOUT 1
 
-#if defined(WIN32) || defined(_WIN32)
-#define sleep(sec) Sleep ((sec)*1000)
-#endif
-
 static int debug_callback(CURL *curl, curl_infotype info, char *msg,
                           size_t len, void *ptr)
 {
diff --git a/tests/libtest/lib1517.c b/tests/libtest/lib1517.c
index 85e027a93..f39616594 100644
--- a/tests/libtest/lib1517.c
+++ b/tests/libtest/lib1517.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -60,6 +60,16 @@ int test(char *URL)
 
   struct WriteThis pooh;
 
+  if(!strcmp(URL, "check")) {
+#if (defined(WIN32) || defined(__CYGWIN__)) && \
+    !defined(USE_RECV_BEFORE_SEND_WORKAROUND)
+    printf("test requires recv-before-send workaround on Windows\n");
+    return 1; /* skip since test will fail on Windows without workaround */
+#else
+    return 0; /* sure, run this! */
+#endif
+  }
+
   pooh.readptr = data;
   pooh.sizeleft = strlen(data);
 
diff --git a/tests/libtest/lib1518.c b/tests/libtest/lib1518.c
index 42a6db730..9805a2206 100644
--- a/tests/libtest/lib1518.c
+++ b/tests/libtest/lib1518.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1520.c b/tests/libtest/lib1520.c
index 248620b23..5b6c3dcfb 100644
--- a/tests/libtest/lib1520.c
+++ b/tests/libtest/lib1520.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) Steve Holme, <steve_holme@hotmail.com>.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1522.c b/tests/libtest/lib1522.c
index fa4c0c8e6..c19aa636f 100644
--- a/tests/libtest/lib1522.c
+++ b/tests/libtest/lib1522.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1523.c b/tests/libtest/lib1523.c
index d63a58fe9..3da471f0e 100644
--- a/tests/libtest/lib1523.c
+++ b/tests/libtest/lib1523.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1525.c b/tests/libtest/lib1525.c
index 0fedf2576..591eb413f 100644
--- a/tests/libtest/lib1525.c
+++ b/tests/libtest/lib1525.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 1998, Vijay Panghal, <vpanghal@maginatics.com>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Vijay Panghal, <vpanghal@maginatics.com>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1526.c b/tests/libtest/lib1526.c
index 69325fe8d..c11e536eb 100644
--- a/tests/libtest/lib1526.c
+++ b/tests/libtest/lib1526.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Vijay Panghal, <vpanghal@maginatics.com>, et al.
+ * Copyright (C) Vijay Panghal, <vpanghal@maginatics.com>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1527.c b/tests/libtest/lib1527.c
index f3918a22a..e59870585 100644
--- a/tests/libtest/lib1527.c
+++ b/tests/libtest/lib1527.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Vijay Panghal, <vpanghal@maginatics.com>, et al.
+ * Copyright (C) Vijay Panghal, <vpanghal@maginatics.com>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1528.c b/tests/libtest/lib1528.c
index c85257466..ae2360414 100644
--- a/tests/libtest/lib1528.c
+++ b/tests/libtest/lib1528.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1529.c b/tests/libtest/lib1529.c
index b2fa29a16..5b0f990fd 100644
--- a/tests/libtest/lib1529.c
+++ b/tests/libtest/lib1529.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1530.c b/tests/libtest/lib1530.c
index 39b2042c5..e45949294 100644
--- a/tests/libtest/lib1530.c
+++ b/tests/libtest/lib1530.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1531.c b/tests/libtest/lib1531.c
index c5cc54857..703400178 100644
--- a/tests/libtest/lib1531.c
+++ b/tests/libtest/lib1531.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1532.c b/tests/libtest/lib1532.c
index 01ce4b445..a3ac70929 100644
--- a/tests/libtest/lib1532.c
+++ b/tests/libtest/lib1532.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1533.c b/tests/libtest/lib1533.c
index b36f3a208..555fb962b 100644
--- a/tests/libtest/lib1533.c
+++ b/tests/libtest/lib1533.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1534.c b/tests/libtest/lib1534.c
index 7fc731dc9..620e38338 100644
--- a/tests/libtest/lib1534.c
+++ b/tests/libtest/lib1534.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1535.c b/tests/libtest/lib1535.c
index 91d82d47c..6edf88731 100644
--- a/tests/libtest/lib1535.c
+++ b/tests/libtest/lib1535.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1536.c b/tests/libtest/lib1536.c
index 018c6cff4..9ba7ec18e 100644
--- a/tests/libtest/lib1536.c
+++ b/tests/libtest/lib1536.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1537.c b/tests/libtest/lib1537.c
index 30f7be243..21252fb79 100644
--- a/tests/libtest/lib1537.c
+++ b/tests/libtest/lib1537.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1538.c b/tests/libtest/lib1538.c
index 494a4e956..cd9e3f65c 100644
--- a/tests/libtest/lib1538.c
+++ b/tests/libtest/lib1538.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1540.c b/tests/libtest/lib1540.c
index 0f74931db..8ea82a263 100644
--- a/tests/libtest/lib1540.c
+++ b/tests/libtest/lib1540.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1541.c b/tests/libtest/lib1541.c
index 01343aa78..714628868 100644
--- a/tests/libtest/lib1541.c
+++ b/tests/libtest/lib1541.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1542.c b/tests/libtest/lib1542.c
index 5f268463c..2570ea3cf 100644
--- a/tests/libtest/lib1542.c
+++ b/tests/libtest/lib1542.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -36,10 +36,6 @@
 #include "warnless.h"
 #include "memdebug.h"
 
-#if defined(WIN32) || defined(_WIN32)
-#define sleep(sec) Sleep ((sec)*1000)
-#endif
-
 int test(char *URL)
 {
   CURL *easy = NULL;
diff --git a/tests/libtest/lib1550.c b/tests/libtest/lib1550.c
index c35e293cd..4c34be865 100644
--- a/tests/libtest/lib1550.c
+++ b/tests/libtest/lib1550.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1551.c b/tests/libtest/lib1551.c
index aabb92a96..f693cb1fd 100644
--- a/tests/libtest/lib1551.c
+++ b/tests/libtest/lib1551.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1552.c b/tests/libtest/lib1552.c
index acab9cde1..c48d640d6 100644
--- a/tests/libtest/lib1552.c
+++ b/tests/libtest/lib1552.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1553.c b/tests/libtest/lib1553.c
index 01003c5ed..8bf15684b 100644
--- a/tests/libtest/lib1553.c
+++ b/tests/libtest/lib1553.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1554.c b/tests/libtest/lib1554.c
index 021cdc9c8..b0e94b8fb 100644
--- a/tests/libtest/lib1554.c
+++ b/tests/libtest/lib1554.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1555.c b/tests/libtest/lib1555.c
index 49c77b474..1ff6f28d5 100644
--- a/tests/libtest/lib1555.c
+++ b/tests/libtest/lib1555.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1556.c b/tests/libtest/lib1556.c
index b59a0db60..6f8a21439 100644
--- a/tests/libtest/lib1556.c
+++ b/tests/libtest/lib1556.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1557.c b/tests/libtest/lib1557.c
index 6828d7866..2fa34ada3 100644
--- a/tests/libtest/lib1557.c
+++ b/tests/libtest/lib1557.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1558.c b/tests/libtest/lib1558.c
index 3c2bf2687..d64b59801 100644
--- a/tests/libtest/lib1558.c
+++ b/tests/libtest/lib1558.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1559.c b/tests/libtest/lib1559.c
index c941ac252..402fee3d0 100644
--- a/tests/libtest/lib1559.c
+++ b/tests/libtest/lib1559.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c
index 570e5082d..81f8f740c 100644
--- a/tests/libtest/lib1560.c
+++ b/tests/libtest/lib1560.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -31,6 +31,9 @@
  */
 
 #include "test.h"
+#if defined(USE_LIBIDN2) || defined(USE_WIN32_IDN)
+#define USE_IDN
+#endif
 
 #include "testutil.h"
 #include "warnless.h"
@@ -138,6 +141,20 @@ struct clearurlcase {
 };
 
 static const struct testcase get_parts_list[] ={
+  {"https://test%test", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://example.com%252f%40@example.net",
+   "https | example.com%2f@ | [12] | [13] | example.net | [15] | / "
+   "| [16] | [17]",
+   0, CURLU_URLDECODE, CURLUE_OK },
+#ifdef USE_IDN
+  {"https://räksmörgås.se",
+   "https | [11] | [12] | [13] | xn--rksmrgs-5wao1o.se | "
+   "[15] | / | [16] | [17]", 0, CURLU_PUNYCODE, CURLUE_OK},
+#else
+  {"https://räksmörgås.se",
+   "https | [11] | [12] | [13] | [30] | [15] | / | [16] | [17]",
+   0, CURLU_PUNYCODE, CURLUE_OK},
+#endif
   /* https://ℂᵤⓇℒ。𝐒🄴 */
   {"https://"
    "%e2%84%82%e1%b5%a4%e2%93%87%e2%84%92%e3%80%82%f0%9d%90%92%f0%9f%84%b4",
@@ -454,6 +471,28 @@ static const struct testcase get_parts_list[] ={
 };
 
 static const struct urltestcase get_url_list[] = {
+  {"https://[fe80::0000:20c:29ff:fe9c:409b]:80/moo",
+   "https://[fe80::20c:29ff:fe9c:409b]:80/moo",
+   0, 0, CURLUE_OK},
+  {"https://[fe80::020c:29ff:fe9c:409b]:80/moo",
+   "https://[fe80::20c:29ff:fe9c:409b]:80/moo",
+   0, 0, CURLUE_OK},
+  {"https://[fe80:0000:0000:0000:020c:29ff:fe9c:409b]:80/moo",
+   "https://[fe80::20c:29ff:fe9c:409b]:80/moo",
+   0, 0, CURLUE_OK},
+  {"https://[fe80:0:0:0:409b::]:80/moo",
+   "https://[fe80::409b:0:0:0]:80/moo",
+   0, 0, CURLUE_OK},
+  {"https://[::%25fakeit];80/moo",
+   "",
+   0, 0, CURLUE_BAD_PORT_NUMBER},
+  {"https://[fe80::20c:29ff:fe9c:409b]-80/moo",
+   "",
+   0, 0, CURLUE_BAD_PORT_NUMBER},
+#ifdef USE_IDN
+  {"https://räksmörgås.se/path?q#frag",
+   "https://xn--rksmrgs-5wao1o.se/path?q#frag", 0, CURLU_PUNYCODE, CURLUE_OK},
+#endif
   /* unsupported schemes with no guessing enabled */
   {"data:text/html;charset=utf-8;base64,PCFET0NUWVBFIEhUTUw+PG1ldGEgY",
    "", 0, 0, CURLUE_UNSUPPORTED_SCHEME},
@@ -471,13 +510,10 @@ static const struct urltestcase get_url_list[] = {
   {"http://example.com%3a127.0.0.1/", "", 0, 0, CURLUE_BAD_HOSTNAME},
   {"http://example.com%09127.0.0.1/", "", 0, 0, CURLUE_BAD_HOSTNAME},
   {"http://example.com%2F127.0.0.1/", "", 0, 0, CURLUE_BAD_HOSTNAME},
-  {"https://%this", "https://%25this/", 0, 0, CURLUE_OK},
-  {"https://h%c", "https://h%25c/", 0, 0, CURLUE_OK},
-  {"https://%%%%%%", "https://%25%25%25%25%25%25/", 0, 0, CURLUE_OK},
   {"https://%41", "https://A/", 0, 0, CURLUE_OK},
   {"https://%20", "", 0, 0, CURLUE_BAD_HOSTNAME},
   {"https://%41%0d", "", 0, 0, CURLUE_BAD_HOSTNAME},
-  {"https://%25", "https://%25/", 0, 0, CURLUE_OK},
+  {"https://%25", "", 0, 0, CURLUE_BAD_HOSTNAME},
   {"https://_%c0_", "https://_\xC0_/", 0, 0, CURLUE_OK},
   {"https://_%c0_", "https://_%C0_/", 0, CURLU_URLENCODE, CURLUE_OK},
 
@@ -642,11 +678,14 @@ static const struct urltestcase get_url_list[] = {
   {NULL, NULL, 0, 0, CURLUE_OK}
 };
 
-static int checkurl(const char *url, const char *out)
+static int checkurl(const char *org, const char *url, const char *out)
 {
   if(strcmp(out, url)) {
-    fprintf(stderr, "Wanted: %s\nGot   : %s\n",
-            out, url);
+    fprintf(stderr,
+            "Org:    %s\n"
+            "Wanted: %s\n"
+            "Got   : %s\n",
+            org, out, url);
     return 1;
   }
   return 0;
@@ -951,7 +990,7 @@ static int set_url(void)
           error++;
         }
         else {
-          if(checkurl(url, set_url_list[i].out)) {
+          if(checkurl(set_url_list[i].in, url, set_url_list[i].out)) {
             error++;
           }
         }
@@ -1004,7 +1043,7 @@ static int set_parts(void)
                   __FILE__, __LINE__, (int)rc, curl_url_strerror(rc));
           error++;
         }
-        else if(checkurl(url, set_parts_list[i].out)) {
+        else if(checkurl(set_parts_list[i].in, url, set_parts_list[i].out)) {
           error++;
         }
       }
@@ -1044,7 +1083,7 @@ static int get_url(void)
         error++;
       }
       else {
-        if(checkurl(url, get_url_list[i].out)) {
+        if(checkurl(get_url_list[i].in, url, get_url_list[i].out)) {
           error++;
         }
       }
@@ -1147,7 +1186,7 @@ static int append(void)
         error++;
       }
       else {
-        if(checkurl(url, append_list[i].out)) {
+        if(checkurl(append_list[i].in, url, append_list[i].out)) {
           error++;
         }
         curl_free(url);
@@ -1180,7 +1219,6 @@ static int scopeid(void)
     error++;
   }
   else {
-    printf("we got %s\n", url);
     curl_free(url);
   }
 
@@ -1198,7 +1236,6 @@ static int scopeid(void)
     error++;
   }
   else {
-    printf("we got %s\n", url);
     curl_free(url);
   }
 
@@ -1216,7 +1253,6 @@ static int scopeid(void)
     error++;
   }
   else {
-    printf("we got %s\n", url);
     curl_free(url);
   }
 
@@ -1235,7 +1271,6 @@ static int scopeid(void)
     error++;
   }
   else {
-    printf("we got %s\n", url);
     curl_free(url);
   }
 
@@ -1246,7 +1281,6 @@ static int scopeid(void)
     error++;
   }
   else {
-    printf("we got %s\n", url);
     curl_free(url);
   }
 
@@ -1257,7 +1291,6 @@ static int scopeid(void)
     error++;
   }
   else {
-    printf("we got %s\n", url);
     curl_free(url);
   }
 
@@ -1275,7 +1308,6 @@ static int scopeid(void)
     error++;
   }
   else {
-    printf("we got %s\n", url);
     curl_free(url);
   }
 
@@ -1383,10 +1415,74 @@ static int clear_url(void)
   return error;
 }
 
+static char total[128000];
+static char bigpart[120000];
+
+/*
+ * verify ridiculous URL part sizes
+ */
+static int huge(void)
+{
+  const char *url = "%s://%s:%s@%s/%s?%s#%s";
+  const char *smallpart = "c";
+  int i;
+  CURLU *urlp = curl_url();
+  CURLUcode rc;
+  CURLUPart part[]= {
+    CURLUPART_SCHEME,
+    CURLUPART_USER,
+    CURLUPART_PASSWORD,
+    CURLUPART_HOST,
+    CURLUPART_PATH,
+    CURLUPART_QUERY,
+    CURLUPART_FRAGMENT
+  };
+  int error = 0;
+  if(!urlp)
+    return 1;
+  bigpart[0] = '/'; /* for the path */
+  memset(&bigpart[1], 'a', sizeof(bigpart) - 2);
+  bigpart[sizeof(bigpart) - 1] = 0;
+
+  for(i = 0; i <  7; i++) {
+    char *partp;
+    msnprintf(total, sizeof(total),
+              url,
+              (i == 0)? &bigpart[1] : smallpart,
+              (i == 1)? &bigpart[1] : smallpart,
+              (i == 2)? &bigpart[1] : smallpart,
+              (i == 3)? &bigpart[1] : smallpart,
+              (i == 4)? &bigpart[1] : smallpart,
+              (i == 5)? &bigpart[1] : smallpart,
+              (i == 6)? &bigpart[1] : smallpart);
+    rc = curl_url_set(urlp, CURLUPART_URL, total, CURLU_NON_SUPPORT_SCHEME);
+    if((!i && (rc != CURLUE_BAD_SCHEME)) ||
+       (i && rc)) {
+      printf("URL %u: failed to parse\n", i);
+      error++;
+    }
+
+    /* only extract if the parse worked */
+    if(!rc) {
+      curl_url_get(urlp, part[i], &partp, 0);
+      if(!partp || strcmp(partp, &bigpart[1 - (i == 4)])) {
+        printf("URL %u part %u: failure\n", i, part[i]);
+        error++;
+      }
+      curl_free(partp);
+    }
+  }
+  curl_url_cleanup(urlp);
+  return error;
+}
+
 int test(char *URL)
 {
   (void)URL; /* not used */
 
+  if(huge())
+    return 9;
+
   if(get_nothing())
     return 7;
 
diff --git a/tests/libtest/lib1564.c b/tests/libtest/lib1564.c
index d03ffa97d..b10d03441 100644
--- a/tests/libtest/lib1564.c
+++ b/tests/libtest/lib1564.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1565.c b/tests/libtest/lib1565.c
index f21ec0929..900395147 100644
--- a/tests/libtest/lib1565.c
+++ b/tests/libtest/lib1565.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1567.c b/tests/libtest/lib1567.c
index ecf5c9e43..82f2f014a 100644
--- a/tests/libtest/lib1567.c
+++ b/tests/libtest/lib1567.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1568.c b/tests/libtest/lib1568.c
index 42204b0fd..78e7e6b8a 100644
--- a/tests/libtest/lib1568.c
+++ b/tests/libtest/lib1568.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1569.c b/tests/libtest/lib1569.c
index b7da426eb..941bcc26d 100644
--- a/tests/libtest/lib1569.c
+++ b/tests/libtest/lib1569.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1591.c b/tests/libtest/lib1591.c
index 7bb1a9605..5701e10a9 100644
--- a/tests/libtest/lib1591.c
+++ b/tests/libtest/lib1591.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1592.c b/tests/libtest/lib1592.c
index 3e839412d..77b637d3d 100644
--- a/tests/libtest/lib1592.c
+++ b/tests/libtest/lib1592.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1593.c b/tests/libtest/lib1593.c
index 01a7e2e56..b0a91b9fd 100644
--- a/tests/libtest/lib1593.c
+++ b/tests/libtest/lib1593.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1594.c b/tests/libtest/lib1594.c
index 9411f05c1..5346c662a 100644
--- a/tests/libtest/lib1594.c
+++ b/tests/libtest/lib1594.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1597.c b/tests/libtest/lib1597.c
index cf2effaa1..48b9c7c5a 100644
--- a/tests/libtest/lib1597.c
+++ b/tests/libtest/lib1597.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1662.c b/tests/libtest/lib1662.c
index c6ddc836c..b7f8cacd3 100644
--- a/tests/libtest/lib1662.c
+++ b/tests/libtest/lib1662.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1900.c b/tests/libtest/lib1900.c
index 37058ad75..df07d9668 100644
--- a/tests/libtest/lib1900.c
+++ b/tests/libtest/lib1900.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) Linus Nielsen Feltzing, <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1903.c b/tests/libtest/lib1903.c
new file mode 100644
index 000000000..701cd7f0d
--- /dev/null
+++ b/tests/libtest/lib1903.c
@@ -0,0 +1,55 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "testutil.h"
+#include "timediff.h"
+#include "warnless.h"
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURL *ch = NULL;
+  curl_global_init(CURL_GLOBAL_ALL);
+
+  ch = curl_easy_init();
+  if(!ch)
+    goto cleanup;
+
+  curl_easy_setopt(ch, CURLOPT_URL, URL);
+  curl_easy_setopt(ch, CURLOPT_COOKIEFILE, "log/cookies1903");
+  curl_easy_perform(ch);
+
+  curl_easy_reset(ch);
+
+  curl_easy_setopt(ch, CURLOPT_URL, URL);
+  curl_easy_setopt(ch, CURLOPT_COOKIEFILE, "log/cookies1903");
+  curl_easy_perform(ch);
+
+  cleanup:
+  curl_easy_cleanup(ch);
+  curl_global_cleanup();
+
+  return 0;
+}
diff --git a/tests/libtest/lib1905.c b/tests/libtest/lib1905.c
index 162dea268..455814f76 100644
--- a/tests/libtest/lib1905.c
+++ b/tests/libtest/lib1905.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1906.c b/tests/libtest/lib1906.c
index 3e237e2d4..c0d485f69 100644
--- a/tests/libtest/lib1906.c
+++ b/tests/libtest/lib1906.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1907.c b/tests/libtest/lib1907.c
index f0d035a95..d0876dc58 100644
--- a/tests/libtest/lib1907.c
+++ b/tests/libtest/lib1907.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1908.c b/tests/libtest/lib1908.c
index 17d0e3f6a..1ef979c21 100644
--- a/tests/libtest/lib1908.c
+++ b/tests/libtest/lib1908.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) Linus Nielsen Feltzing, <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1910.c b/tests/libtest/lib1910.c
index 8bb319d96..fed1ca22b 100644
--- a/tests/libtest/lib1910.c
+++ b/tests/libtest/lib1910.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2013 - 2022, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) Linus Nielsen Feltzing, <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1911.c b/tests/libtest/lib1911.c
index 861d441d0..b7c50fc5e 100644
--- a/tests/libtest/lib1911.c
+++ b/tests/libtest/lib1911.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1912.c b/tests/libtest/lib1912.c
index 78abc92d1..13f25bc99 100644
--- a/tests/libtest/lib1912.c
+++ b/tests/libtest/lib1912.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1913.c b/tests/libtest/lib1913.c
index 3662f9835..a28386368 100644
--- a/tests/libtest/lib1913.c
+++ b/tests/libtest/lib1913.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1915.c b/tests/libtest/lib1915.c
index 5e5aace13..1776b261f 100644
--- a/tests/libtest/lib1915.c
+++ b/tests/libtest/lib1915.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1916.c b/tests/libtest/lib1916.c
index 7a251bf12..b97263c2e 100644
--- a/tests/libtest/lib1916.c
+++ b/tests/libtest/lib1916.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1918.c b/tests/libtest/lib1918.c
index 209eef58f..34c360889 100644
--- a/tests/libtest/lib1918.c
+++ b/tests/libtest/lib1918.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1919.c b/tests/libtest/lib1919.c
index fce4cb03b..39ba1d96c 100644
--- a/tests/libtest/lib1919.c
+++ b/tests/libtest/lib1919.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1933.c b/tests/libtest/lib1933.c
index 39459d001..cc3af078f 100644
--- a/tests/libtest/lib1933.c
+++ b/tests/libtest/lib1933.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1934.c b/tests/libtest/lib1934.c
index 917f6e681..36fc8f703 100644
--- a/tests/libtest/lib1934.c
+++ b/tests/libtest/lib1934.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1935.c b/tests/libtest/lib1935.c
index 459ead393..ee52d4415 100644
--- a/tests/libtest/lib1935.c
+++ b/tests/libtest/lib1935.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1936.c b/tests/libtest/lib1936.c
index e522e3817..b86eee7bd 100644
--- a/tests/libtest/lib1936.c
+++ b/tests/libtest/lib1936.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1937.c b/tests/libtest/lib1937.c
index 14b968743..74249666e 100644
--- a/tests/libtest/lib1937.c
+++ b/tests/libtest/lib1937.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1938.c b/tests/libtest/lib1938.c
index 79dc6cc0e..4b5218bdb 100644
--- a/tests/libtest/lib1938.c
+++ b/tests/libtest/lib1938.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1939.c b/tests/libtest/lib1939.c
index 1c88f68a8..4adc87669 100644
--- a/tests/libtest/lib1939.c
+++ b/tests/libtest/lib1939.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1940.c b/tests/libtest/lib1940.c
index c2c91b541..5e90f6a36 100644
--- a/tests/libtest/lib1940.c
+++ b/tests/libtest/lib1940.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1945.c b/tests/libtest/lib1945.c
index fad99bae4..1b658b091 100644
--- a/tests/libtest/lib1945.c
+++ b/tests/libtest/lib1945.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1947.c b/tests/libtest/lib1947.c
index f7bd91fb3..b9b40079e 100644
--- a/tests/libtest/lib1947.c
+++ b/tests/libtest/lib1947.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1948.c b/tests/libtest/lib1948.c
index 7c891a2ca..4ee565e29 100644
--- a/tests/libtest/lib1948.c
+++ b/tests/libtest/lib1948.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1955.c b/tests/libtest/lib1955.c
index 053c3e1ae..d92582bd5 100644
--- a/tests/libtest/lib1955.c
+++ b/tests/libtest/lib1955.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1956.c b/tests/libtest/lib1956.c
index 319fb5f7d..105418dc8 100644
--- a/tests/libtest/lib1956.c
+++ b/tests/libtest/lib1956.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1957.c b/tests/libtest/lib1957.c
index 34dca23ff..8397d9d24 100644
--- a/tests/libtest/lib1957.c
+++ b/tests/libtest/lib1957.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1958.c b/tests/libtest/lib1958.c
index aecc68b7a..66b8d5dfd 100644
--- a/tests/libtest/lib1958.c
+++ b/tests/libtest/lib1958.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1959.c b/tests/libtest/lib1959.c
index ee2584636..5eee4f012 100644
--- a/tests/libtest/lib1959.c
+++ b/tests/libtest/lib1959.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib1960.c b/tests/libtest/lib1960.c
new file mode 100644
index 000000000..fc2f4b0af
--- /dev/null
+++ b/tests/libtest/lib1960.c
@@ -0,0 +1,155 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#ifdef HAVE_INET_PTON
+
+#ifdef WIN32
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <windows.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include "memdebug.h"
+
+/* to prevent libcurl from closing our socket */
+static int closesocket_cb(void *clientp, curl_socket_t item)
+{
+  (void)clientp;
+  (void)item;
+  return 0;
+}
+
+/* provide our own socket */
+static curl_socket_t socket_cb(void *clientp,
+                               curlsocktype purpose,
+                               struct curl_sockaddr *address)
+{
+  int s = *(int *)clientp;
+  (void)purpose;
+  (void)address;
+  return (curl_socket_t)s;
+}
+
+/* tell libcurl the socket is connected */
+static int sockopt_cb(void *clientp,
+                      curl_socket_t curlfd,
+                      curlsocktype purpose)
+{
+  (void)clientp;
+  (void)curlfd;
+  (void)purpose;
+  return CURL_SOCKOPT_ALREADY_CONNECTED;
+}
+
+/* Expected args: URL IP PORT */
+int test(char *URL)
+{
+  CURL *curl = NULL;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  int status;
+  curl_socket_t client_fd = CURL_SOCKET_BAD;
+  struct sockaddr_in serv_addr;
+  unsigned short port;
+
+  if(!strcmp("check", URL))
+    return 0; /* no output makes it not skipped */
+
+  port = (unsigned short)atoi(libtest_arg3);
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  /*
+   * This code connects to the TCP port "manually" so that we then can hand
+   * over this socket as "already connected" to libcurl and make sure that
+   * this works.
+   */
+  client_fd = socket(AF_INET, SOCK_STREAM, 0);
+  if(client_fd == CURL_SOCKET_BAD) {
+    fprintf(stderr, "socket creation error\n");
+    goto test_cleanup;
+  }
+
+  serv_addr.sin_family = AF_INET;
+  serv_addr.sin_port = htons(port);
+
+  if(inet_pton(AF_INET, libtest_arg2, &serv_addr.sin_addr) <= 0) {
+    fprintf(stderr, "inet_pton failed\n");
+    goto test_cleanup;
+  }
+
+  status = connect(client_fd, (struct sockaddr*)&serv_addr, sizeof(serv_addr));
+  if(status < 0) {
+    fprintf(stderr, "connection failed\n");
+    goto test_cleanup;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    goto test_cleanup;
+  }
+
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, socket_cb);
+  test_setopt(curl, CURLOPT_OPENSOCKETDATA, &client_fd);
+  test_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_cb);
+  test_setopt(curl, CURLOPT_SOCKOPTDATA, NULL);
+  test_setopt(curl, CURLOPT_CLOSESOCKETFUNCTION, closesocket_cb);
+  test_setopt(curl, CURLOPT_CLOSESOCKETDATA, NULL);
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_HEADER, 1L);
+  test_setopt(curl, CURLOPT_URL, URL);
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+  if(client_fd != CURL_SOCKET_BAD)
+    sclose(client_fd);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}
+#else
+int test(char *URL)
+{
+  (void)URL;
+  printf("lacks inet_pton\n");
+  return 0;
+}
+#endif
diff --git a/tests/libtest/lib1970.c b/tests/libtest/lib1970.c
new file mode 100644
index 000000000..ff86fdd2c
--- /dev/null
+++ b/tests/libtest/lib1970.c
@@ -0,0 +1,73 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *list = NULL;
+  struct curl_slist *connect_to = NULL;
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_UPLOAD, 1L);
+  test_setopt(curl, CURLOPT_INFILESIZE, 0L);
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "aws:amz:us-east-1:s3");
+  test_setopt(curl, CURLOPT_USERPWD, "xxx");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  list = curl_slist_append(list, "Content-Type: application/json");
+  if(!list)
+    goto test_cleanup;
+  test_setopt(curl, CURLOPT_HTTPHEADER, list);
+  if(libtest_arg2) {
+    connect_to = curl_slist_append(connect_to, libtest_arg2);
+  }
+  test_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(connect_to);
+  curl_slist_free_all(list);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib1971.c b/tests/libtest/lib1971.c
new file mode 100644
index 000000000..173fc2f12
--- /dev/null
+++ b/tests/libtest/lib1971.c
@@ -0,0 +1,83 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "memdebug.h"
+
+static size_t read_callback(char *buffer, size_t size, size_t nitems,
+                            void *userdata)
+{
+  (void)buffer; /* unused */
+  (void)size; /* unused */
+  (void)nitems; /* unused */
+  (void)userdata; /* unused */
+  return 0;
+}
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *list = NULL;
+  struct curl_slist *connect_to = NULL;
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_UPLOAD, 1L);
+  test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "aws:amz:us-east-1:s3");
+  test_setopt(curl, CURLOPT_USERPWD, "xxx");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  list = curl_slist_append(list, "Content-Type: application/json");
+  if(!list)
+    goto test_cleanup;
+  test_setopt(curl, CURLOPT_HTTPHEADER, list);
+  if(libtest_arg2) {
+    connect_to = curl_slist_append(connect_to, libtest_arg2);
+  }
+  test_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(connect_to);
+  curl_slist_free_all(list);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib1972.c b/tests/libtest/lib1972.c
new file mode 100644
index 000000000..c21e8da93
--- /dev/null
+++ b/tests/libtest/lib1972.c
@@ -0,0 +1,84 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURL *curl;
+  curl_mime *mime = NULL;
+  curl_mimepart *part = NULL;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *list = NULL;
+  struct curl_slist *connect_to = NULL;
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  mime = curl_mime_init(curl);
+  if(!mime)
+    goto test_cleanup;
+  part = curl_mime_addpart(mime);
+  if(!part)
+    goto test_cleanup;
+  curl_mime_name(part, "foo");
+  curl_mime_data(part, "bar", CURL_ZERO_TERMINATED);
+
+  test_setopt(curl, CURLOPT_MIMEPOST, mime);
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "aws:amz:us-east-1:s3");
+  test_setopt(curl, CURLOPT_USERPWD, "xxx");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  list = curl_slist_append(list, "Content-Type: application/json");
+  if(!list)
+    goto test_cleanup;
+  test_setopt(curl, CURLOPT_HTTPHEADER, list);
+  if(libtest_arg2) {
+    connect_to = curl_slist_append(connect_to, libtest_arg2);
+  }
+  test_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(connect_to);
+  curl_slist_free_all(list);
+  curl_easy_cleanup(curl);
+  curl_mime_free(mime);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib1973.c b/tests/libtest/lib1973.c
new file mode 100644
index 000000000..d95744fcb
--- /dev/null
+++ b/tests/libtest/lib1973.c
@@ -0,0 +1,72 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *list = NULL;
+  struct curl_slist *connect_to = NULL;
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_POSTFIELDS, "post fields\n");
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "aws:amz:us-east-1:s3");
+  test_setopt(curl, CURLOPT_USERPWD, "xxx");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  list = curl_slist_append(list, "Content-Type: application/json");
+  if(!list)
+    goto test_cleanup;
+  test_setopt(curl, CURLOPT_HTTPHEADER, list);
+  if(libtest_arg2) {
+    connect_to = curl_slist_append(connect_to, libtest_arg2);
+  }
+  test_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(connect_to);
+  curl_slist_free_all(list);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib1974.c b/tests/libtest/lib1974.c
new file mode 100644
index 000000000..948d44df9
--- /dev/null
+++ b/tests/libtest/lib1974.c
@@ -0,0 +1,65 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *connect_to = NULL;
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "aws:amz:us-east-1:s3");
+  test_setopt(curl, CURLOPT_USERPWD, "xxx");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  if(libtest_arg2) {
+    connect_to = curl_slist_append(connect_to, libtest_arg2);
+  }
+  test_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(connect_to);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib1975.c b/tests/libtest/lib1975.c
new file mode 100644
index 000000000..bca0c763f
--- /dev/null
+++ b/tests/libtest/lib1975.c
@@ -0,0 +1,85 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "memdebug.h"
+
+static size_t read_callback(char *buffer, size_t size, size_t nitems,
+                            void *userdata)
+{
+  (void)buffer; /* unused */
+  (void)size; /* unused */
+  (void)nitems; /* unused */
+  (void)userdata; /* unused */
+  return 0;
+}
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = TEST_ERR_MAJOR_BAD;
+  struct curl_slist *list = NULL;
+  struct curl_slist *connect_to = NULL;
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  curl = curl_easy_init();
+  if(!curl) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_UPLOAD, 1L);
+  test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+  test_setopt(curl, CURLOPT_AWS_SIGV4, "aws:amz:us-east-1:s3");
+  test_setopt(curl, CURLOPT_USERPWD, "xxx");
+  test_setopt(curl, CURLOPT_HEADER, 0L);
+  test_setopt(curl, CURLOPT_URL, URL);
+  list = curl_slist_append(list, "Content-Type: application/json");
+  if(!list)
+    goto test_cleanup;
+  curl_slist_append(list, "X-Amz-Content-Sha256: "
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
+  test_setopt(curl, CURLOPT_HTTPHEADER, list);
+  if(libtest_arg2) {
+    connect_to = curl_slist_append(connect_to, libtest_arg2);
+  }
+  test_setopt(curl, CURLOPT_CONNECT_TO, connect_to);
+
+  res = curl_easy_perform(curl);
+
+test_cleanup:
+
+  curl_slist_free_all(connect_to);
+  curl_slist_free_all(list);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib2301.c b/tests/libtest/lib2301.c
index 90f240e86..17afb5f53 100644
--- a/tests/libtest/lib2301.c
+++ b/tests/libtest/lib2301.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib2302.c b/tests/libtest/lib2302.c
index a61e7b20e..815de536f 100644
--- a/tests/libtest/lib2302.c
+++ b/tests/libtest/lib2302.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib2304.c b/tests/libtest/lib2304.c
index 4b90b1e9e..83027029b 100644
--- a/tests/libtest/lib2304.c
+++ b/tests/libtest/lib2304.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib2305.c b/tests/libtest/lib2305.c
new file mode 100644
index 000000000..ebf9bcdbb
--- /dev/null
+++ b/tests/libtest/lib2305.c
@@ -0,0 +1,109 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "test.h"
+#include "testtrace.h"
+
+#ifdef USE_WEBSOCKETS
+
+/* just close the connection */
+static void websocket_close(CURL *curl)
+{
+  size_t sent;
+  CURLcode result =
+    curl_ws_send(curl, "", 0, &sent, 0, CURLWS_CLOSE);
+  fprintf(stderr,
+          "ws: curl_ws_send returned %u, sent %u\n", (int)result, (int)sent);
+}
+
+static void websocket(CURL *curl)
+{
+  char buffer[256];
+  struct curl_ws_frame *meta;
+  size_t nread;
+  size_t i = 0;
+  FILE *save = fopen(libtest_arg2, FOPEN_WRITETEXT);
+  if(!save)
+    return;
+
+  /* Three 4097-bytes frames are expected, 12291 bytes */
+  while(i < 12291) {
+    CURLcode result =
+      curl_ws_recv(curl, buffer, sizeof(buffer), &nread, &meta);
+    if(result) {
+      if(result == CURLE_AGAIN)
+        /* crude busy-loop */
+        continue;
+      printf("curl_ws_recv returned %d\n", (int)result);
+      return;
+    }
+    printf("%u: nread %u Age %u Flags %x "
+           "Offset %" CURL_FORMAT_CURL_OFF_T " "
+           "Bytesleft %" CURL_FORMAT_CURL_OFF_T "\n",
+           (int)i,
+           nread, meta->age, meta->flags, meta->offset, meta->bytesleft);
+    i += meta->len;
+    fwrite(buffer, 1, nread, save);
+  }
+  fclose(save);
+
+  websocket_close(curl);
+}
+
+extern struct libtest_trace_cfg libtest_debug_config;
+
+int test(char *URL)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  global_init(CURL_GLOBAL_ALL);
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_URL, URL);
+
+    /* use the callback style */
+    curl_easy_setopt(curl, CURLOPT_USERAGENT, "websocket/2304");
+    libtest_debug_config.nohex = 1;
+    libtest_debug_config.tracetime = 1;
+    curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &libtest_debug_config);
+    curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, libtest_debug_cb);
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+    curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 2L); /* websocket style */
+    res = curl_easy_perform(curl);
+    fprintf(stderr, "curl_easy_perform() returned %u\n", (int)res);
+    if(res == CURLE_OK)
+      websocket(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+  curl_global_cleanup();
+  return (int)res;
+}
+
+#else
+NO_SUPPORT_BUILT_IN
+#endif
diff --git a/tests/libtest/lib2402.c b/tests/libtest/lib2402.c
new file mode 100644
index 000000000..ab20f92c0
--- /dev/null
+++ b/tests/libtest/lib2402.c
@@ -0,0 +1,142 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Linus Nielsen Feltzing <linus@haxx.se>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "testutil.h"
+#include "warnless.h"
+#include "memdebug.h"
+
+#define TEST_HANG_TIMEOUT 60 * 1000
+
+#define NUM_HANDLES 4
+
+int test(char *URL)
+{
+  int res = 0;
+  CURL *curl[NUM_HANDLES] = {0};
+  int running;
+  CURLM *m = NULL;
+  int i;
+  char target_url[256];
+  char dnsentry[256];
+  struct curl_slist *slist = NULL;
+  char *port = libtest_arg3;
+  char *address = libtest_arg2;
+
+  (void)URL;
+
+  msnprintf(dnsentry, sizeof(dnsentry), "localhost:%s:%s",
+            port, address);
+  printf("%s\n", dnsentry);
+  slist = curl_slist_append(slist, dnsentry);
+  if(!slist) {
+    fprintf(stderr, "curl_slist_append() failed\n");
+    goto test_cleanup;
+  }
+
+  start_test_timing();
+
+  global_init(CURL_GLOBAL_ALL);
+
+  multi_init(m);
+
+  multi_setopt(m, CURLMOPT_MAXCONNECTS, 1L);
+
+  /* get NUM_HANDLES easy handles */
+  for(i = 0; i < NUM_HANDLES; i++) {
+    /* get an easy handle */
+    easy_init(curl[i]);
+    /* specify target */
+    msnprintf(target_url, sizeof(target_url),
+              "https://localhost:%s/path/2402%04i",
+              port, i + 1);
+    target_url[sizeof(target_url) - 1] = '\0';
+    easy_setopt(curl[i], CURLOPT_URL, target_url);
+    /* go http2 */
+    easy_setopt(curl[i], CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
+    /* no peer verify */
+    easy_setopt(curl[i], CURLOPT_SSL_VERIFYPEER, 0L);
+    easy_setopt(curl[i], CURLOPT_SSL_VERIFYHOST, 0L);
+    /* wait for first connection established to see if we can share it */
+    easy_setopt(curl[i], CURLOPT_PIPEWAIT, 1L);
+    /* go verbose */
+    easy_setopt(curl[i], CURLOPT_VERBOSE, 1L);
+    /* include headers */
+    easy_setopt(curl[i], CURLOPT_HEADER, 1L);
+
+    easy_setopt(curl[i], CURLOPT_RESOLVE, slist);
+  }
+
+  fprintf(stderr, "Start at URL 0\n");
+
+  for(i = 0; i < NUM_HANDLES; i++) {
+    /* add handle to multi */
+    multi_add_handle(m, curl[i]);
+
+    for(;;) {
+      struct timeval interval;
+      fd_set rd, wr, exc;
+      int maxfd = -99;
+
+      interval.tv_sec = 1;
+      interval.tv_usec = 0;
+
+      multi_perform(m, &running);
+
+      abort_on_test_timeout();
+
+      if(!running)
+        break; /* done */
+
+      FD_ZERO(&rd);
+      FD_ZERO(&wr);
+      FD_ZERO(&exc);
+
+      multi_fdset(m, &rd, &wr, &exc, &maxfd);
+
+      /* At this point, maxfd is guaranteed to be greater or equal than -1. */
+
+      select_test(maxfd + 1, &rd, &wr, &exc, &interval);
+
+      abort_on_test_timeout();
+    }
+    wait_ms(1); /* to ensure different end times */
+  }
+
+test_cleanup:
+
+  /* proper cleanup sequence - type PB */
+
+  for(i = 0; i < NUM_HANDLES; i++) {
+    curl_multi_remove_handle(m, curl[i]);
+    curl_easy_cleanup(curl[i]);
+  }
+
+  curl_slist_free_all(slist);
+
+  curl_multi_cleanup(m);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib2502.c b/tests/libtest/lib2502.c
new file mode 100644
index 000000000..e5a7061b0
--- /dev/null
+++ b/tests/libtest/lib2502.c
@@ -0,0 +1,141 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Linus Nielsen Feltzing <linus@haxx.se>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "testutil.h"
+#include "warnless.h"
+#include "memdebug.h"
+
+#define TEST_HANG_TIMEOUT 60 * 1000
+
+#define NUM_HANDLES 4
+
+int test(char *URL)
+{
+  int res = 0;
+  CURL *curl[NUM_HANDLES] = {0};
+  int running;
+  CURLM *m = NULL;
+  int i;
+  char target_url[256];
+  char dnsentry[256];
+  struct curl_slist *slist = NULL;
+  char *port = libtest_arg3;
+  char *address = libtest_arg2;
+
+  (void)URL;
+
+  msnprintf(dnsentry, sizeof(dnsentry), "localhost:%s:%s",
+            port, address);
+  printf("%s\n", dnsentry);
+  slist = curl_slist_append(slist, dnsentry);
+  if(!slist) {
+    fprintf(stderr, "curl_slist_append() failed\n");
+    goto test_cleanup;
+  }
+
+  start_test_timing();
+
+  global_init(CURL_GLOBAL_ALL);
+
+  multi_init(m);
+
+  multi_setopt(m, CURLMOPT_MAXCONNECTS, 1L);
+
+  /* get NUM_HANDLES easy handles */
+  for(i = 0; i < NUM_HANDLES; i++) {
+    /* get an easy handle */
+    easy_init(curl[i]);
+    /* specify target */
+    msnprintf(target_url, sizeof(target_url),
+              "https://localhost:%s/path/2502%04i",
+              port, i + 1);
+    target_url[sizeof(target_url) - 1] = '\0';
+    easy_setopt(curl[i], CURLOPT_URL, target_url);
+    /* go http2 */
+    easy_setopt(curl[i], CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_3ONLY);
+    easy_setopt(curl[i], CURLOPT_CONNECTTIMEOUT_MS, (long)5000);
+    easy_setopt(curl[i], CURLOPT_CAINFO, "./certs/EdelCurlRoot-ca.cacert");
+    /* wait for first connection established to see if we can share it */
+    easy_setopt(curl[i], CURLOPT_PIPEWAIT, 1L);
+    /* go verbose */
+    easy_setopt(curl[i], CURLOPT_VERBOSE, 1L);
+    /* include headers */
+    easy_setopt(curl[i], CURLOPT_HEADER, 1L);
+
+    easy_setopt(curl[i], CURLOPT_RESOLVE, slist);
+  }
+
+  fprintf(stderr, "Start at URL 0\n");
+
+  for(i = 0; i < NUM_HANDLES; i++) {
+    /* add handle to multi */
+    multi_add_handle(m, curl[i]);
+
+    for(;;) {
+      struct timeval interval;
+      fd_set rd, wr, exc;
+      int maxfd = -99;
+
+      interval.tv_sec = 1;
+      interval.tv_usec = 0;
+
+      multi_perform(m, &running);
+
+      abort_on_test_timeout();
+
+      if(!running)
+        break; /* done */
+
+      FD_ZERO(&rd);
+      FD_ZERO(&wr);
+      FD_ZERO(&exc);
+
+      multi_fdset(m, &rd, &wr, &exc, &maxfd);
+
+      /* At this point, maxfd is guaranteed to be greater or equal than -1. */
+
+      select_test(maxfd + 1, &rd, &wr, &exc, &interval);
+
+      abort_on_test_timeout();
+    }
+    wait_ms(1); /* to ensure different end times */
+  }
+
+test_cleanup:
+
+  /* proper cleanup sequence - type PB */
+
+  for(i = 0; i < NUM_HANDLES; i++) {
+    curl_multi_remove_handle(m, curl[i]);
+    curl_easy_cleanup(curl[i]);
+  }
+
+  curl_slist_free_all(slist);
+
+  curl_multi_cleanup(m);
+  curl_global_cleanup();
+
+  return res;
+}
diff --git a/tests/libtest/lib3010.c b/tests/libtest/lib3010.c
index aa5ef2a25..17c90cc30 100644
--- a/tests/libtest/lib3010.c
+++ b/tests/libtest/lib3010.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Nicolas Sterchele, <nicolas@sterchelen.net>
+ * Copyright (C) Nicolas Sterchele, <nicolas@sterchelen.net>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib3025.c b/tests/libtest/lib3025.c
index 0e1b3df60..f3e3f9208 100644
--- a/tests/libtest/lib3025.c
+++ b/tests/libtest/lib3025.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c
index 41389eb7a..24f776815 100644
--- a/tests/libtest/lib3026.c
+++ b/tests/libtest/lib3026.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib3027.c b/tests/libtest/lib3027.c
index 2b1d8dc44..6808f29fd 100644
--- a/tests/libtest/lib3027.c
+++ b/tests/libtest/lib3027.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib3100.c b/tests/libtest/lib3100.c
index 21cb4714b..a508d5c7a 100644
--- a/tests/libtest/lib3100.c
+++ b/tests/libtest/lib3100.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib3101.c b/tests/libtest/lib3101.c
index 1f022bd81..dbcf3a6c7 100644
--- a/tests/libtest/lib3101.c
+++ b/tests/libtest/lib3101.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib500.c b/tests/libtest/lib500.c
index 37cd4b24a..f99b244b4 100644
--- a/tests/libtest/lib500.c
+++ b/tests/libtest/lib500.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib501.c b/tests/libtest/lib501.c
index 544be2b81..7ef850110 100644
--- a/tests/libtest/lib501.c
+++ b/tests/libtest/lib501.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib502.c b/tests/libtest/lib502.c
index 4509d1a01..91f96e6f5 100644
--- a/tests/libtest/lib502.c
+++ b/tests/libtest/lib502.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib503.c b/tests/libtest/lib503.c
index 86dce97cc..15b09476e 100644
--- a/tests/libtest/lib503.c
+++ b/tests/libtest/lib503.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib504.c b/tests/libtest/lib504.c
index a4bfe3589..cbe1d5773 100644
--- a/tests/libtest/lib504.c
+++ b/tests/libtest/lib504.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib505.c b/tests/libtest/lib505.c
index afa8950ed..6c67ed901 100644
--- a/tests/libtest/lib505.c
+++ b/tests/libtest/lib505.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib506.c b/tests/libtest/lib506.c
index 97be2f2d8..8862c46ce 100644
--- a/tests/libtest/lib506.c
+++ b/tests/libtest/lib506.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib507.c b/tests/libtest/lib507.c
index c57a612b0..be6dd7eee 100644
--- a/tests/libtest/lib507.c
+++ b/tests/libtest/lib507.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib508.c b/tests/libtest/lib508.c
index f16e2d7a4..b793731b3 100644
--- a/tests/libtest/lib508.c
+++ b/tests/libtest/lib508.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib509.c b/tests/libtest/lib509.c
index 63fb12fbc..cb510ef21 100644
--- a/tests/libtest/lib509.c
+++ b/tests/libtest/lib509.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib510.c b/tests/libtest/lib510.c
index 068cdd7a8..87a85a557 100644
--- a/tests/libtest/lib510.c
+++ b/tests/libtest/lib510.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib511.c b/tests/libtest/lib511.c
index 1262a6b2e..c53224801 100644
--- a/tests/libtest/lib511.c
+++ b/tests/libtest/lib511.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib512.c b/tests/libtest/lib512.c
index 309d0ac59..706acb2e1 100644
--- a/tests/libtest/lib512.c
+++ b/tests/libtest/lib512.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib513.c b/tests/libtest/lib513.c
index f757bac6d..b381098fb 100644
--- a/tests/libtest/lib513.c
+++ b/tests/libtest/lib513.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib514.c b/tests/libtest/lib514.c
index 138bd69df..0f31c8c4c 100644
--- a/tests/libtest/lib514.c
+++ b/tests/libtest/lib514.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib515.c b/tests/libtest/lib515.c
index 661bf6f0f..3c744fb95 100644
--- a/tests/libtest/lib515.c
+++ b/tests/libtest/lib515.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib516.c b/tests/libtest/lib516.c
index 0ebd858bb..59abb091a 100644
--- a/tests/libtest/lib516.c
+++ b/tests/libtest/lib516.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
index 3726efdfd..7c65a659c 100644
--- a/tests/libtest/lib517.c
+++ b/tests/libtest/lib517.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -34,6 +34,10 @@ static const struct dcheck dates[] = {
   {"Sun, 06 Nov 1994 08:49:37 GMT", 784111777 },
   {"Sunday, 06-Nov-94 08:49:37 GMT", 784111777 },
   {"Sun Nov  6 08:49:37 1994", 784111777 },
+  {"Sun Nov  6 8:49:37 1994", 784111777 },
+  {"Sun Nov  6 8:9:37 1994", 784109377 },
+  {"Sun Nov  6 008:09:37 1994", -1 },
+  {"Nov      Sun      6 8:9:7 1994", 784109347 },
   {"06 Nov 1994 08:49:37 GMT", 784111777 },
   {"06-Nov-94 08:49:37 GMT", 784111777 },
   {"Nov  6 08:49:37 1994", 784111777 },
@@ -116,6 +120,9 @@ static const struct dcheck dates[] = {
   {"20111323 12:34:56", -1 },
   {"20110623 12:34:79", -1 },
   {"Wed, 31 Dec 2008 23:59:60 GMT", 1230768000 },
+  {"Wed, 31 Dec 2008 23:59:61 GMT", -1 },
+  {"Wed, 31 Dec 2008 24:00:00 GMT", -1 },
+  {"Wed, 31 Dec 2008 23:60:59 GMT", -1 },
   {"20110623 12:3", 1308830580 },
   {"20110623 1:3", 1308790980 },
   {"20110623 1:30", 1308792600 },
diff --git a/tests/libtest/lib518.c b/tests/libtest/lib518.c
index 22f727a5a..87b6f2d88 100644
--- a/tests/libtest/lib518.c
+++ b/tests/libtest/lib518.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib519.c b/tests/libtest/lib519.c
index fecaa9844..a4abba080 100644
--- a/tests/libtest/lib519.c
+++ b/tests/libtest/lib519.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib520.c b/tests/libtest/lib520.c
index ef7c59442..7e5d0abd7 100644
--- a/tests/libtest/lib520.c
+++ b/tests/libtest/lib520.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib521.c b/tests/libtest/lib521.c
index 8385da6d8..e3611685b 100644
--- a/tests/libtest/lib521.c
+++ b/tests/libtest/lib521.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib523.c b/tests/libtest/lib523.c
index 04285bbee..86128e6c0 100644
--- a/tests/libtest/lib523.c
+++ b/tests/libtest/lib523.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib524.c b/tests/libtest/lib524.c
index af1d5cc70..6b8cc207d 100644
--- a/tests/libtest/lib524.c
+++ b/tests/libtest/lib524.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib525.c b/tests/libtest/lib525.c
index 51ed6581c..3f8abeef1 100644
--- a/tests/libtest/lib525.c
+++ b/tests/libtest/lib525.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib526.c b/tests/libtest/lib526.c
index 0153d984f..d6b365a19 100644
--- a/tests/libtest/lib526.c
+++ b/tests/libtest/lib526.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib530.c b/tests/libtest/lib530.c
index 22577275c..8025c40c2 100644
--- a/tests/libtest/lib530.c
+++ b/tests/libtest/lib530.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib533.c b/tests/libtest/lib533.c
index ddc96f762..ff476343f 100644
--- a/tests/libtest/lib533.c
+++ b/tests/libtest/lib533.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib537.c b/tests/libtest/lib537.c
index dbced98dc..3782282b8 100644
--- a/tests/libtest/lib537.c
+++ b/tests/libtest/lib537.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib539.c b/tests/libtest/lib539.c
index 9450963dc..0e8aada4b 100644
--- a/tests/libtest/lib539.c
+++ b/tests/libtest/lib539.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib540.c b/tests/libtest/lib540.c
index d8b7a0d84..88007c4f1 100644
--- a/tests/libtest/lib540.c
+++ b/tests/libtest/lib540.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib541.c b/tests/libtest/lib541.c
index 20d11e2dd..fdddae2c7 100644
--- a/tests/libtest/lib541.c
+++ b/tests/libtest/lib541.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib542.c b/tests/libtest/lib542.c
index d762b13c2..27429fd6c 100644
--- a/tests/libtest/lib542.c
+++ b/tests/libtest/lib542.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib543.c b/tests/libtest/lib543.c
index cea6dc9a5..2bec2f1a6 100644
--- a/tests/libtest/lib543.c
+++ b/tests/libtest/lib543.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib544.c b/tests/libtest/lib544.c
index 42710e1b9..192bfb2e7 100644
--- a/tests/libtest/lib544.c
+++ b/tests/libtest/lib544.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib547.c b/tests/libtest/lib547.c
index 1fc0a14dc..dbe657e9d 100644
--- a/tests/libtest/lib547.c
+++ b/tests/libtest/lib547.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib549.c b/tests/libtest/lib549.c
index d4861d885..8e91d9356 100644
--- a/tests/libtest/lib549.c
+++ b/tests/libtest/lib549.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib552.c b/tests/libtest/lib552.c
index 4e7669c4b..8b70231b7 100644
--- a/tests/libtest/lib552.c
+++ b/tests/libtest/lib552.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib553.c b/tests/libtest/lib553.c
index 0ab0e3e50..f282c8950 100644
--- a/tests/libtest/lib553.c
+++ b/tests/libtest/lib553.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib554.c b/tests/libtest/lib554.c
index 64d30648a..1d049815c 100644
--- a/tests/libtest/lib554.c
+++ b/tests/libtest/lib554.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib555.c b/tests/libtest/lib555.c
index d00330123..6e3e30b13 100644
--- a/tests/libtest/lib555.c
+++ b/tests/libtest/lib555.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib556.c b/tests/libtest/lib556.c
index 34d678e58..ead6529ea 100644
--- a/tests/libtest/lib556.c
+++ b/tests/libtest/lib556.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib557.c b/tests/libtest/lib557.c
index c51f25d47..409550aba 100644
--- a/tests/libtest/lib557.c
+++ b/tests/libtest/lib557.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1008,118 +1008,6 @@ static int test_curl_off_t_formatting(void)
   int num_cofft_tests = 0;
   int failed = 0;
 
-#if (SIZEOF_CURL_OFF_T == 2)
-
-  i = 1; co_test[i].num = MPRNT_OFF_T_C(0x7FFF); co_test[i].expected = "32767";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7FFE); co_test[i].expected = "32766";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7FFD); co_test[i].expected = "32765";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7F00); co_test[i].expected = "32512";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x07F0); co_test[i].expected = "2032";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x007F); co_test[i].expected = "127";
-
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7000); co_test[i].expected = "28672";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0700); co_test[i].expected = "1792";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0070); co_test[i].expected = "112";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0007); co_test[i].expected = "7";
-
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x5000); co_test[i].expected = "20480";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0500); co_test[i].expected = "1280";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0050); co_test[i].expected = "80";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0005); co_test[i].expected = "5";
-
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0001); co_test[i].expected = "1";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0000); co_test[i].expected = "0";
-
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7FFF) -MPRNT_OFF_T_C(1); co_test[i].expected = "-32768";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7FFE) -MPRNT_OFF_T_C(1); co_test[i].expected = "-32767";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7FFD) -MPRNT_OFF_T_C(1); co_test[i].expected = "-32766";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7F00) -MPRNT_OFF_T_C(1); co_test[i].expected = "-32513";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x07F0) -MPRNT_OFF_T_C(1); co_test[i].expected = "-2033";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x007F) -MPRNT_OFF_T_C(1); co_test[i].expected = "-128";
-
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-28673";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x0700) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1793";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x0070) -MPRNT_OFF_T_C(1); co_test[i].expected = "-113";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x0007) -MPRNT_OFF_T_C(1); co_test[i].expected = "-8";
-
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x5000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-20481";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x0500) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1281";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x0050) -MPRNT_OFF_T_C(1); co_test[i].expected = "-81";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x0005) -MPRNT_OFF_T_C(1); co_test[i].expected = "-6";
-
-  i++; co_test[i].num =  MPRNT_OFF_T_C(0x0000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1";
-
-  num_cofft_tests = i;
-
-#elif (SIZEOF_CURL_OFF_T == 4)
-
-  i = 1; co_test[i].num = MPRNT_OFF_T_C(0x7FFFFFFF); co_test[i].expected = "2147483647";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7FFFFFFE); co_test[i].expected = "2147483646";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7FFFFFFD); co_test[i].expected = "2147483645";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7FFF0000); co_test[i].expected = "2147418112";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00007FFF); co_test[i].expected = "32767";
-
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x7F000000); co_test[i].expected = "2130706432";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x007F0000); co_test[i].expected = "8323072";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00007F00); co_test[i].expected = "32512";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x0000007F); co_test[i].expected = "127";
-
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x70000000); co_test[i].expected = "1879048192";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x07000000); co_test[i].expected = "117440512";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00700000); co_test[i].expected = "7340032";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00070000); co_test[i].expected = "458752";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00007000); co_test[i].expected = "28672";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000700); co_test[i].expected = "1792";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000070); co_test[i].expected = "112";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000007); co_test[i].expected = "7";
-
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x50000000); co_test[i].expected = "1342177280";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x05000000); co_test[i].expected = "83886080";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00500000); co_test[i].expected = "5242880";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00050000); co_test[i].expected = "327680";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00005000); co_test[i].expected = "20480";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000500); co_test[i].expected = "1280";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000050); co_test[i].expected = "80";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000005); co_test[i].expected = "5";
-
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000001); co_test[i].expected = "1";
-  i++; co_test[i].num = MPRNT_OFF_T_C(0x00000000); co_test[i].expected = "0";
-
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7FFFFFFF) -MPRNT_OFF_T_C(1); co_test[i].expected = "-2147483648";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7FFFFFFE) -MPRNT_OFF_T_C(1); co_test[i].expected = "-2147483647";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7FFFFFFD) -MPRNT_OFF_T_C(1); co_test[i].expected = "-2147483646";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7FFF0000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-2147418113";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00007FFF) -MPRNT_OFF_T_C(1); co_test[i].expected = "-32768";
-
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x7F000000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-2130706433";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x007F0000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-8323073";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00007F00) -MPRNT_OFF_T_C(1); co_test[i].expected = "-32513";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x0000007F) -MPRNT_OFF_T_C(1); co_test[i].expected = "-128";
-
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x70000000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1879048193";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x07000000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-117440513";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00700000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-7340033";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00070000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-458753";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00007000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-28673";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00000700) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1793";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00000070) -MPRNT_OFF_T_C(1); co_test[i].expected = "-113";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00000007) -MPRNT_OFF_T_C(1); co_test[i].expected = "-8";
-
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x50000000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1342177281";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x05000000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-83886081";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00500000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-5242881";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00050000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-327681";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00005000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-20481";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00000500) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1281";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00000050) -MPRNT_OFF_T_C(1); co_test[i].expected = "-81";
-  i++; co_test[i].num = -MPRNT_OFF_T_C(0x00000005) -MPRNT_OFF_T_C(1); co_test[i].expected = "-6";
-
-  i++; co_test[i].num =  MPRNT_OFF_T_C(0x00000000) -MPRNT_OFF_T_C(1); co_test[i].expected = "-1";
-
-  num_cofft_tests = i;
-
-#elif (SIZEOF_CURL_OFF_T == 8)
-
   i = 1; co_test[i].num = MPRNT_OFF_T_C(0x7FFFFFFFFFFFFFFF); co_test[i].expected = "9223372036854775807";
   i++; co_test[i].num = MPRNT_OFF_T_C(0x7FFFFFFFFFFFFFFE); co_test[i].expected = "9223372036854775806";
   i++; co_test[i].num = MPRNT_OFF_T_C(0x7FFFFFFFFFFFFFFD); co_test[i].expected = "9223372036854775805";
@@ -1201,8 +1089,6 @@ static int test_curl_off_t_formatting(void)
 
   num_cofft_tests = i;
 
-#endif
-
   for(i = 1; i <= num_cofft_tests; i++) {
 
     for(j = 0; j<BUFSZ; j++)
diff --git a/tests/libtest/lib558.c b/tests/libtest/lib558.c
index 30792c99d..1f42aa3b7 100644
--- a/tests/libtest/lib558.c
+++ b/tests/libtest/lib558.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib559.c b/tests/libtest/lib559.c
index 89dbc2d26..8b06fb451 100644
--- a/tests/libtest/lib559.c
+++ b/tests/libtest/lib559.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib560.c b/tests/libtest/lib560.c
index c74cff41c..d643b7e76 100644
--- a/tests/libtest/lib560.c
+++ b/tests/libtest/lib560.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib562.c b/tests/libtest/lib562.c
index d99010820..8b9807e37 100644
--- a/tests/libtest/lib562.c
+++ b/tests/libtest/lib562.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib564.c b/tests/libtest/lib564.c
index 9516a2575..6c785feac 100644
--- a/tests/libtest/lib564.c
+++ b/tests/libtest/lib564.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib566.c b/tests/libtest/lib566.c
index 7bf1420a7..7d695ad5e 100644
--- a/tests/libtest/lib566.c
+++ b/tests/libtest/lib566.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib567.c b/tests/libtest/lib567.c
index de03f5ef2..00937e71d 100644
--- a/tests/libtest/lib567.c
+++ b/tests/libtest/lib567.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib568.c b/tests/libtest/lib568.c
index 271738b0c..2d747ef39 100644
--- a/tests/libtest/lib568.c
+++ b/tests/libtest/lib568.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib569.c b/tests/libtest/lib569.c
index 7daea8470..a66d07bc2 100644
--- a/tests/libtest/lib569.c
+++ b/tests/libtest/lib569.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib570.c b/tests/libtest/lib570.c
index ccd152b8d..b41524416 100644
--- a/tests/libtest/lib570.c
+++ b/tests/libtest/lib570.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib571.c b/tests/libtest/lib571.c
index 8027c90d5..77aa8acc5 100644
--- a/tests/libtest/lib571.c
+++ b/tests/libtest/lib571.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib572.c b/tests/libtest/lib572.c
index 0cc56eed4..aa723de89 100644
--- a/tests/libtest/lib572.c
+++ b/tests/libtest/lib572.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib573.c b/tests/libtest/lib573.c
index 02b0aa74c..af140e2db 100644
--- a/tests/libtest/lib573.c
+++ b/tests/libtest/lib573.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib574.c b/tests/libtest/lib574.c
index dbe5c9458..8bb8704b9 100644
--- a/tests/libtest/lib574.c
+++ b/tests/libtest/lib574.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib575.c b/tests/libtest/lib575.c
index 1c0475075..1de6e3284 100644
--- a/tests/libtest/lib575.c
+++ b/tests/libtest/lib575.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib576.c b/tests/libtest/lib576.c
index 34677b1c5..f6839e7f8 100644
--- a/tests/libtest/lib576.c
+++ b/tests/libtest/lib576.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib578.c b/tests/libtest/lib578.c
index 196ae110b..7c6af9945 100644
--- a/tests/libtest/lib578.c
+++ b/tests/libtest/lib578.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib579.c b/tests/libtest/lib579.c
index c6c6cea78..5f962179a 100644
--- a/tests/libtest/lib579.c
+++ b/tests/libtest/lib579.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib582.c b/tests/libtest/lib582.c
index 3af6e73ae..34d7431a2 100644
--- a/tests/libtest/lib582.c
+++ b/tests/libtest/lib582.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib583.c b/tests/libtest/lib583.c
index 65a2fc48c..cd7ff85da 100644
--- a/tests/libtest/lib583.c
+++ b/tests/libtest/lib583.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib586.c b/tests/libtest/lib586.c
index 753f4ef9e..90d180070 100644
--- a/tests/libtest/lib586.c
+++ b/tests/libtest/lib586.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib589.c b/tests/libtest/lib589.c
index 017b7dfd7..5fe56dbba 100644
--- a/tests/libtest/lib589.c
+++ b/tests/libtest/lib589.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib590.c b/tests/libtest/lib590.c
index 1a885406d..32271bc46 100644
--- a/tests/libtest/lib590.c
+++ b/tests/libtest/lib590.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib591.c b/tests/libtest/lib591.c
index 93e30be75..94fd65605 100644
--- a/tests/libtest/lib591.c
+++ b/tests/libtest/lib591.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib597.c b/tests/libtest/lib597.c
index 4dcf2639d..4f4082126 100644
--- a/tests/libtest/lib597.c
+++ b/tests/libtest/lib597.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib598.c b/tests/libtest/lib598.c
index e75cad06c..62b365514 100644
--- a/tests/libtest/lib598.c
+++ b/tests/libtest/lib598.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib599.c b/tests/libtest/lib599.c
index a3229a668..6002e0fb0 100644
--- a/tests/libtest/lib599.c
+++ b/tests/libtest/lib599.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib643.c b/tests/libtest/lib643.c
index 5326d6d4b..efd508f8d 100644
--- a/tests/libtest/lib643.c
+++ b/tests/libtest/lib643.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -35,23 +35,6 @@ struct WriteThis {
 
 static size_t read_callback(char *ptr, size_t size, size_t nmemb, void *userp)
 {
-#ifdef LIB644
-  static int count = 0;
-  (void)ptr;
-  (void)size;
-  (void)nmemb;
-  (void)userp;
-  switch(count++) {
-  case 0: /* Return a single byte. */
-    *ptr = '\n';
-    return 1;
-  case 1: /* Request abort. */
-    return CURL_READFUNC_ABORT;
-  }
-  printf("Wrongly called >2 times\n");
-  exit(1); /* trigger major failure */
-#else
-
   struct WriteThis *pooh = (struct WriteThis *)userp;
   int eof = !*pooh->readptr;
 
@@ -71,7 +54,6 @@ static size_t read_callback(char *ptr, size_t size, size_t nmemb, void *userp)
   }
 
   return 0;                         /* no more data left to deliver */
-#endif
 }
 
 static int once(char *URL, bool oldstyle)
diff --git a/tests/libtest/lib650.c b/tests/libtest/lib650.c
index b5cbf4d00..853029f1f 100644
--- a/tests/libtest/lib650.c
+++ b/tests/libtest/lib650.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib651.c b/tests/libtest/lib651.c
index ddd2f3b46..2e45ccc21 100644
--- a/tests/libtest/lib651.c
+++ b/tests/libtest/lib651.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib652.c b/tests/libtest/lib652.c
index ff5cb3fbf..7a100b731 100644
--- a/tests/libtest/lib652.c
+++ b/tests/libtest/lib652.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib653.c b/tests/libtest/lib653.c
index 46348ae38..8a6fff341 100644
--- a/tests/libtest/lib653.c
+++ b/tests/libtest/lib653.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib654.c b/tests/libtest/lib654.c
index 0d99dd66f..449e220e8 100644
--- a/tests/libtest/lib654.c
+++ b/tests/libtest/lib654.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib655.c b/tests/libtest/lib655.c
index 7f4053bd1..83525e57d 100644
--- a/tests/libtest/lib655.c
+++ b/tests/libtest/lib655.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib658.c b/tests/libtest/lib658.c
index d6b9935dd..5be239f67 100644
--- a/tests/libtest/lib658.c
+++ b/tests/libtest/lib658.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib659.c b/tests/libtest/lib659.c
index 0b6dddff1..97efbec65 100644
--- a/tests/libtest/lib659.c
+++ b/tests/libtest/lib659.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib661.c b/tests/libtest/lib661.c
index f12a98068..d51608c8c 100644
--- a/tests/libtest/lib661.c
+++ b/tests/libtest/lib661.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib666.c b/tests/libtest/lib666.c
index 29ddb50a4..62590702e 100644
--- a/tests/libtest/lib666.c
+++ b/tests/libtest/lib666.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib667.c b/tests/libtest/lib667.c
index d8c14da9e..076361add 100644
--- a/tests/libtest/lib667.c
+++ b/tests/libtest/lib667.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib668.c b/tests/libtest/lib668.c
index e58f49de9..26c585885 100644
--- a/tests/libtest/lib668.c
+++ b/tests/libtest/lib668.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib670.c b/tests/libtest/lib670.c
index 8e992f894..9af40731c 100644
--- a/tests/libtest/lib670.c
+++ b/tests/libtest/lib670.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,14 +22,14 @@
  *
  ***************************************************************************/
 
-#include <time.h>
-
 #if !defined(LIB670) && !defined(LIB671)
 #define CURL_DISABLE_DEPRECATION  /* Using and testing the form api */
 #endif
 
 #include "test.h"
 
+#include <time.h>
+
 #include "memdebug.h"
 
 #define PAUSE_TIME      2
diff --git a/tests/libtest/lib674.c b/tests/libtest/lib674.c
index 454d5c023..1a01d9c18 100644
--- a/tests/libtest/lib674.c
+++ b/tests/libtest/lib674.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib676.c b/tests/libtest/lib676.c
index aac034a05..2051795f0 100644
--- a/tests/libtest/lib676.c
+++ b/tests/libtest/lib676.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib677.c b/tests/libtest/lib677.c
index 4102677c5..12a0c1877 100644
--- a/tests/libtest/lib677.c
+++ b/tests/libtest/lib677.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/lib678.c b/tests/libtest/lib678.c
index 23c7f4d4d..8da39111d 100644
--- a/tests/libtest/lib678.c
+++ b/tests/libtest/lib678.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/libauthretry.c b/tests/libtest/libauthretry.c
index 3de5b3f1d..a71fe20ed 100644
--- a/tests/libtest/libauthretry.c
+++ b/tests/libtest/libauthretry.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/libntlmconnect.c b/tests/libtest/libntlmconnect.c
index ec1a13ae6..9f1c1315f 100644
--- a/tests/libtest/libntlmconnect.c
+++ b/tests/libtest/libntlmconnect.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/libprereq.c b/tests/libtest/libprereq.c
index 3aa475c5e..92369d838 100644
--- a/tests/libtest/libprereq.c
+++ b/tests/libtest/libprereq.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2021 - 2022, Max Dymond, <max.dymond@microsoft.com>
+ * Copyright (C) Max Dymond, <max.dymond@microsoft.com>
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/mk-lib1521.pl b/tests/libtest/mk-lib1521.pl
index e8a5994d1..e1418a013 100755
--- a/tests/libtest/mk-lib1521.pl
+++ b/tests/libtest/mk-lib1521.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2017 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -42,7 +42,7 @@ print <<HEADER
  *                            | (__| |_| |  _ <| |___
  *                             \\___|\\___/|_| \\_\\_____|
  *
- * Copyright (C) 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/notexists.pl b/tests/libtest/notexists.pl
index e4c13b748..2bc9bb5a3 100755
--- a/tests/libtest/notexists.pl
+++ b/tests/libtest/notexists.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/sethostname.c b/tests/libtest/sethostname.c
index 3ab1241a9..9dcad976c 100644
--- a/tests/libtest/sethostname.c
+++ b/tests/libtest/sethostname.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/sethostname.h b/tests/libtest/sethostname.h
index a0bbc14d5..1ffcba110 100644
--- a/tests/libtest/sethostname.h
+++ b/tests/libtest/sethostname.h
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/stub_gssapi.c b/tests/libtest/stub_gssapi.c
index 1e9c80081..c6c614bc0 100644
--- a/tests/libtest/stub_gssapi.c
+++ b/tests/libtest/stub_gssapi.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2017 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/stub_gssapi.h b/tests/libtest/stub_gssapi.h
index ad30553fb..d29c69e8a 100644
--- a/tests/libtest/stub_gssapi.h
+++ b/tests/libtest/stub_gssapi.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2017 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/test.h b/tests/libtest/test.h
index badad1d10..cb2d47ac7 100644
--- a/tests/libtest/test.h
+++ b/tests/libtest/test.h
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -42,6 +42,10 @@
 
 #include "curl_printf.h"
 
+#ifdef WIN32
+#define sleep(sec) Sleep ((sec)*1000)
+#endif
+
 #define test_setopt(A,B,C)                                      \
   if((res = curl_easy_setopt((A), (B), (C))) != CURLE_OK)       \
     goto test_cleanup
@@ -69,9 +73,7 @@ extern int test(char *URL); /* the actual test function provided by each
 
 extern char *hexdump(const unsigned char *buffer, size_t len);
 
-#ifdef UNITTESTS
 extern int unitfail;
-#endif
 
 /*
 ** TEST_ERR_* values must be greater than CURL_LAST CURLcode in order
diff --git a/tests/libtest/test1013.pl b/tests/libtest/test1013.pl
index 37f798fb6..aec7fb902 100755
--- a/tests/libtest/test1013.pl
+++ b/tests/libtest/test1013.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/test1022.pl b/tests/libtest/test1022.pl
index 7339bb4ed..583b8f856 100755
--- a/tests/libtest/test1022.pl
+++ b/tests/libtest/test1022.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/test307.pl b/tests/libtest/test307.pl
index 688d93446..862f0e972 100755
--- a/tests/libtest/test307.pl
+++ b/tests/libtest/test307.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/test610.pl b/tests/libtest/test610.pl
index 86c95b890..0ef933068 100755
--- a/tests/libtest/test610.pl
+++ b/tests/libtest/test610.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/test613.pl b/tests/libtest/test613.pl
index 8d97ed9f7..3ad7805af 100755
--- a/tests/libtest/test613.pl
+++ b/tests/libtest/test613.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/libtest/testtrace.c b/tests/libtest/testtrace.c
index 6f0ae4ade..f78a9b943 100644
--- a/tests/libtest/testtrace.c
+++ b/tests/libtest/testtrace.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/testtrace.h b/tests/libtest/testtrace.h
index b0773dc8d..35f27b096 100644
--- a/tests/libtest/testtrace.h
+++ b/tests/libtest/testtrace.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/testutil.c b/tests/libtest/testutil.c
index 0d77aa227..1a1e689e7 100644
--- a/tests/libtest/testutil.c
+++ b/tests/libtest/testutil.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/libtest/testutil.h b/tests/libtest/testutil.h
index 106cd8675..36b944834 100644
--- a/tests/libtest/testutil.h
+++ b/tests/libtest/testutil.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/manpage-scan.pl b/tests/manpage-scan.pl
index 040d5177e..6855c2681 100755
--- a/tests/manpage-scan.pl
+++ b/tests/manpage-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/manpage-syntax.pl b/tests/manpage-syntax.pl
index a83223d94..cfc267238 100644..100755
--- a/tests/manpage-syntax.pl
+++ b/tests/manpage-syntax.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/markdown-uppercase.pl b/tests/markdown-uppercase.pl
index fe298d473..7cf777498 100644..100755
--- a/tests/markdown-uppercase.pl
+++ b/tests/markdown-uppercase.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/mem-include-scan.pl b/tests/mem-include-scan.pl
index 52b8155dc..e1c038e1b 100755
--- a/tests/mem-include-scan.pl
+++ b/tests/mem-include-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/memanalyze.pl b/tests/memanalyze.pl
index ee344f733..6b2676749 100755
--- a/tests/memanalyze.pl
+++ b/tests/memanalyze.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/negtelnetserver.py b/tests/negtelnetserver.py
index afb9e3342..8c04bdc10 100755
--- a/tests/negtelnetserver.py
+++ b/tests/negtelnetserver.py
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2017 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -29,7 +29,9 @@ from __future__ import (absolute_import, division, print_function,
 import argparse
 import logging
 import os
+import socket
 import sys
+import time
 
 from util import ClosingFileHandler
 
@@ -90,7 +92,7 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
             neg.send_wont("NAWS")
 
             # Get the data passed through the negotiator
-            data = neg.recv(1024)
+            data = neg.recv(4*1024)
             log.debug("Incoming data: %r", data)
 
             if VERIFIED_REQ.encode('utf-8') in data:
@@ -109,6 +111,12 @@ class NegotiatingTelnetHandler(socketserver.BaseRequestHandler):
                 log.debug("Sending %r", response_data)
                 self.request.sendall(response_data)
 
+            # put some effort into making a clean socket shutdown
+            # that does not give the client ECONNRESET
+            self.request.settimeout(0.1)
+            self.request.recv(4*1024)
+            self.request.shutdown(socket.SHUT_RDWR)
+
         except IOError:
             log.exception("IOError hit during request")
 
diff --git a/tests/nghttpx.conf b/tests/nghttpx.conf
index 605872d73..71aa7bc7c 100644
--- a/tests/nghttpx.conf
+++ b/tests/nghttpx.conf
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/nroff-scan.pl b/tests/nroff-scan.pl
index c310256a0..702275092 100755
--- a/tests/nroff-scan.pl
+++ b/tests/nroff-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/option-check.pl b/tests/option-check.pl
index 191b2447b..431a409ed 100755
--- a/tests/option-check.pl
+++ b/tests/option-check.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/options-scan.pl b/tests/options-scan.pl
index de8412307..16de59c25 100644..100755
--- a/tests/options-scan.pl
+++ b/tests/options-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/pathhelp.pm b/tests/pathhelp.pm
index 2c6594705..b7b312151 100644
--- a/tests/pathhelp.pm
+++ b/tests/pathhelp.pm
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2016 - 2022, Evgeny Grin (Karlson2k), <k2k@narod.ru>.
+# Copyright (C) Evgeny Grin (Karlson2k), <k2k@narod.ru>.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/rtspserver.pl b/tests/rtspserver.pl
index 40b1bc779..376d67ea9 100755
--- a/tests/rtspserver.pl
+++ b/tests/rtspserver.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/runtests.1 b/tests/runtests.1
index ea9f7a7b8..0094a8ace 100644
--- a/tests/runtests.1
+++ b/tests/runtests.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -57,6 +57,10 @@ Prefix a keyword with a tilde (~) to still run it, but ignore the results.
 .IP "-a"
 Continue running the rest of the test cases even if one test fails. By
 default, the test script stops as soon as an error is detected.
+.IP "-ac <curl>"
+Provide a path to a curl binary to talk to APIs (currently only CI test APIs).
+.IP "-am"
+Display test results in automake style output (PASS/FAIL: [number] [name]).
 .IP "-c <curl>"
 Provide a path to a custom curl binary to run the tests with. Default is the
 curl executable in the build tree.
@@ -81,6 +85,8 @@ Run the given test(s) with gdb. This is best used on a single test case and
 curl built --disable-shared. This then fires up gdb with command line set to
 run the specified test case. Simply (set a break-point and) type 'run' to
 start.
+.IP "-gw"
+Run the given test(s) with gdb as a windowed application.
 .IP "-h"
 Displays a help text about this program's command line options.
 .IP "-k"
@@ -133,7 +139,7 @@ extended the test sequence.
 .IP "-s"
 Shorter output. Speaks less than default.
 .IP "--seed=[num]"
-When using \fI--shallow\fP or \fI-R\rP that random certain aspects of the
+When using \fI--shallow\fP or \fI-R\fP that randomize certain aspects of the
 behavior, this option can set the initial seed. If not set, the random seed
 will be set based on the currently set local year and month and the first line
 of the "curl -V" output.
@@ -176,4 +182,4 @@ documented earlier.
 .SH "WRITING TESTS"
 The simplest way to write test cases is to start with a similar existing test,
 save it with a new number and then adjust it to fit. There's an attempt to
-document the test case file format in the tests/FILEFORMAT.
+document the test case file format in the tests/FILEFORMAT.md.
diff --git a/tests/runtests.pl b/tests/runtests.pl
index c6a739eca..de394bd3e 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -75,7 +75,8 @@ BEGIN {
 }
 
 use strict;
-use warnings;
+# Promote all warnings to fatal
+use warnings FATAL => 'all';
 use Cwd;
 use Digest::MD5 qw(md5);
 use MIME::Base64;
@@ -129,41 +130,7 @@ my $HOST6IP="[::1]";      # address on which the test server listens
 my $CLIENTIP="127.0.0.1"; # address which curl uses for incoming connections
 my $CLIENT6IP="[::1]";    # address which curl uses for incoming connections
 
-my $noport="[not running]";
-
-my $NOLISTENPORT=47;     # port number we use for a local non-listening service
-my $MQTTPORT=$noport;    # MQTT server port
-my $HTTPPORT=$noport;    # HTTP server port
-my $HTTP6PORT=$noport;   # HTTP IPv6 server port
-my $HTTPSPORT=$noport;   # HTTPS (stunnel) server port
-my $HTTPSPROXYPORT = $noport; # HTTPS-proxy (stunnel) port
-my $FTPPORT=$noport;     # FTP server port
-my $FTPSPORT=$noport;    # FTPS (stunnel) server port
-my $FTP6PORT=$noport;    # FTP IPv6 server port
-my $TFTPPORT=$noport;    # TFTP
-my $TFTP6PORT=$noport;   # TFTP
-my $SSHPORT=$noport;     # SCP/SFTP
-my $SOCKSPORT=$noport;   # SOCKS4/5 port
-my $POP3PORT=$noport;    # POP3
-my $POP36PORT=$noport;   # POP3 IPv6 server port
-my $IMAPPORT=$noport;    # IMAP
-my $IMAP6PORT=$noport;   # IMAP IPv6 server port
-my $SMTPPORT=$noport;    # SMTP
-my $SMTP6PORT=$noport;   # SMTP IPv6 server port
-my $RTSPPORT=$noport;    # RTSP
-my $RTSP6PORT=$noport;   # RTSP IPv6 server port
-my $GOPHERPORT=$noport;  # Gopher
-my $GOPHERSPORT=$noport; # Gophers
-my $GOPHER6PORT=$noport; # Gopher IPv6 server port
-my $HTTPTLSPORT=$noport; # HTTP TLS (non-stunnel) server port
-my $HTTPTLS6PORT=$noport; # HTTP TLS (non-stunnel) IPv6 server port
-my $HTTPPROXYPORT=$noport; # HTTP proxy port, when using CONNECT
-my $HTTP2PORT=$noport;   # HTTP/2 server port
-my $HTTP3PORT=$noport;   # HTTP/3 server port
-my $DICTPORT=$noport;    # DICT server port
-my $SMBPORT=$noport;     # SMB server port
-my $SMBSPORT=$noport;    # SMBS server port
-my $TELNETPORT=$noport;  # TELNET server port with negotiation
+my %PORT = (nolisten => 47); # port we use for a local non-listening service
 my $HTTPUNIXPATH;        # HTTP server Unix domain socket path
 my $SOCKSUNIXPATH;       # socks server Unix domain socket path
 
@@ -829,6 +796,14 @@ sub torture {
 }
 
 #######################################################################
+# Return the port to use for the given protocol.
+#
+sub protoport {
+    my ($proto) = @_;
+    return $PORT{$proto} || "[not running]";
+}
+
+#######################################################################
 # Stop a test server along with pids which aren't in the %run hash yet.
 # This also stops all servers which are relative to the given one.
 #
@@ -864,7 +839,7 @@ sub stopserver {
         # given a ssh server, also kill socks piggybacking one
         push @killservers, "socks${2}";
     }
-    if($server eq "http") {
+    if($server eq "http" or $server eq "https") {
         # since the http2+3 server is a proxy that needs to know about the
         # dynamic http port it too needs to get restarted when the http server
         # is killed
@@ -1464,6 +1439,9 @@ my %protofunc = ('http' => \&verifyhttp,
                  'imap' => \&verifyftp,
                  'smtp' => \&verifyftp,
                  'ftps' => \&verifyftp,
+                 'pop3s' => \&verifyftp,
+                 'imaps' => \&verifyftp,
+                 'smtps' => \&verifyftp,
                  'tftp' => \&verifyftp,
                  'ssh' => \&verifyssh,
                  'socks' => \&verifysocks,
@@ -1541,7 +1519,7 @@ sub runhttp2server {
 
     # don't retry if the server doesn't work
     if ($doesntrun{$pidfile}) {
-        return (0, 0, 0);
+        return (0, 0, 0, 0);
     }
 
     my $pid = processexists($pidfile);
@@ -1556,14 +1534,16 @@ sub runhttp2server {
 
     $flags .= "--nghttpx \"$ENV{'NGHTTPX'}\" ";
     $flags .= "--pidfile \"$pidfile\" --logfile \"$logfile\" ";
-    $flags .= "--connect $HOSTIP:$HTTPPORT ";
+    $flags .= "--connect $HOSTIP:" . protoport("http") . " ";
     $flags .= $verbose_flag if($debugprotocol);
 
     my ($http2pid, $pid2);
     my $port = 23113;
+    my $port2 = 23114;
     for(1 .. 10) {
         $port += int(rand(900));
-        my $aflags = "--port $port $flags";
+        $port2 += int(rand(900));
+        my $aflags = "--port $port --port2 $port2 $flags";
 
         my $cmd = "$exe $aflags";
         ($http2pid, $pid2) = startnew($cmd, $pidfile, 15, 0);
@@ -1578,14 +1558,16 @@ sub runhttp2server {
         $doesntrun{$pidfile} = 0;
 
         if($verbose) {
-            logmsg "RUN: $srvrname server PID $http2pid port $port\n";
+            logmsg "RUN: $srvrname server PID $http2pid ".
+                   "http-port $port https-port $port2 ".
+                   "backend $HOSTIP:" . protoport("http") . "\n";
         }
         last;
     }
 
     logmsg "RUN: failed to start the $srvrname server\n" if(!$http2pid);
 
-    return ($http2pid, $pid2, $port);
+    return ($http2pid, $pid2, $port, $port2);
 }
 
 #######################################################################
@@ -1625,7 +1607,7 @@ sub runhttp3server {
 
     $flags .= "--nghttpx \"$ENV{'NGHTTPX'}\" ";
     $flags .= "--pidfile \"$pidfile\" --logfile \"$logfile\" ";
-    $flags .= "--connect $HOSTIP:$HTTPPORT ";
+    $flags .= "--connect $HOSTIP:" . protoport("http") . " ";
     $flags .= "--cert \"$cert\" " if($cert);
     $flags .= $verbose_flag if($debugprotocol);
 
@@ -1671,7 +1653,7 @@ sub runhttpserver {
     my $pidfile;
     my $logfile;
     my $flags = "";
-    my $exe = "$perl $srcdir/httpserver.pl";
+    my $exe = "$perl $srcdir/http-server.pl";
     my $verbose_flag = "--verbose ";
 
     if($alt eq "ipv6") {
@@ -1734,7 +1716,7 @@ sub runhttpserver {
     }
 
     # where is it?
-    my $port;
+    my $port = 0;
     if(!$port_or_path) {
         $port = $port_or_path = pidfromfile($portfile);
     }
@@ -1752,7 +1734,7 @@ sub runhttpserver {
     $pid2 = $pid3;
 
     if($verbose) {
-        logmsg "RUN: $srvrname server is on PID $httppid port $port\n";
+        logmsg "RUN: $srvrname server is on PID $httppid port $port_or_path\n";
     }
 
     return ($httppid, $pid2, $port);
@@ -1809,14 +1791,14 @@ sub runhttpsserver {
     $flags .= "--certfile \"$certfile\" " if($certfile ne 'stunnel.pem');
     $flags .= "--stunnel \"$stunnel\" --srcdir \"$srcdir\" ";
     if($proto eq "gophers") {
-        $flags .= "--connect $GOPHERPORT";
+        $flags .= "--connect " . protoport("gopher");
     }
     elsif(!$proxy) {
-        $flags .= "--connect $HTTPPORT";
+        $flags .= "--connect " . protoport("http");
     }
     else {
         # for HTTPS-proxy we connect to the HTTP proxy
-        $flags .= "--connect $HTTPPROXYPORT";
+        $flags .= "--connect " . protoport("httpproxy");
     }
 
     my $pid2;
@@ -1995,38 +1977,8 @@ sub runpingpongserver {
     logmsg "RUN: $srvrname server is PID $ftppid port $port\n" if($verbose);
 
     # Assign the correct port variable!
-    if($proto eq "ftp") {
-        if($ipvnum == 6) {
-            # if IPv6, use a different setup
-            $FTP6PORT = $port;
-        }
-        else {
-            $FTPPORT = $port;
-        }
-    }
-    elsif($proto eq "pop3") {
-        if($ipvnum == 6) {
-            $POP36PORT = $port;
-        }
-        else {
-            $POP3PORT = $port;
-        }
-    }
-    elsif($proto eq "imap") {
-        if($ipvnum == 6) {
-            $IMAP6PORT  = $port;
-        }
-        else {
-            $IMAPPORT = $port;
-        }
-    }
-    elsif($proto eq "smtp") {
-        if($ipvnum == 6) {
-            $SMTP6PORT = $port;
-        }
-        else {
-            $SMTPPORT = $port;
-        }
+    if($proto =~ /^(?:ftp|imap|pop3|smtp)$/) {
+        $PORT{$proto . ($ipvnum == 6? '6': '')} = $port;
     }
     else {
         print STDERR "Unsupported protocol $proto!!\n";
@@ -2037,11 +1989,10 @@ sub runpingpongserver {
 }
 
 #######################################################################
-# start the ftps server (or rather, tunnel)
+# start the ftps/imaps/pop3s/smtps server (or rather, tunnel)
 #
-sub runftpsserver {
-    my ($verbose, $ipv6, $certfile) = @_;
-    my $proto = 'ftps';
+sub runsecureserver {
+    my ($verbose, $ipv6, $certfile, $proto, $clearport) = @_;
     my $ip = ($ipv6 && ($ipv6 =~ /6$/)) ? "$HOST6IP" : "$HOSTIP";
     my $ipvnum = ($ipv6 && ($ipv6 =~ /6$/)) ? 6 : 4;
     my $idnum = 1;
@@ -2082,23 +2033,25 @@ sub runftpsserver {
     $flags .= "--ipv$ipvnum --proto $proto ";
     $flags .= "--certfile \"$certfile\" " if($certfile ne 'stunnel.pem');
     $flags .= "--stunnel \"$stunnel\" --srcdir \"$srcdir\" ";
-    $flags .= "--connect $FTPPORT";
+    $flags .= "--connect $clearport";
 
-    my $ftpspid;
+    my $protospid;
     my $pid2;
-    my $port = 26713;
+    my $port = 26713 + ord $proto;
+    my %usedports = reverse %PORT;
     for (1 .. 10) {
         $port += int(rand(700));
+        next if exists $usedports{$port};
         my $options = "$flags --accept $port";
         my $cmd = "$perl $srcdir/secureserver.pl $options";
-        ($ftpspid, $pid2) = startnew($cmd, $pidfile, 15, 0);
+        ($protospid, $pid2) = startnew($cmd, $pidfile, 15, 0);
 
-        if($ftpspid <= 0 || !pidexists($ftpspid)) {
+        if($protospid <= 0 || !pidexists($protospid)) {
             # it is NOT alive
             stopserver($server, "$pid2");
             displaylogs($testnumcheck);
             $doesntrun{$pidfile} = 1;
-            $ftpspid = $pid2 = 0;
+            $protospid = $pid2 = 0;
             next;
         }
 
@@ -2106,14 +2059,14 @@ sub runftpsserver {
         $runcert{$server} = $certfile;
 
         if($verbose) {
-            logmsg "RUN: $srvrname server is PID $ftpspid port $port\n";
+            logmsg "RUN: $srvrname server is PID $protospid port $port\n";
         }
         last;
     }
 
-    logmsg "RUN: failed to start the $srvrname server\n" if(!$ftpspid);
+    logmsg "RUN: failed to start the $srvrname server\n" if(!$protospid);
 
-    return ($ftpspid, $pid2, $port);
+    return ($protospid, $pid2, $port);
 }
 
 #######################################################################
@@ -2429,8 +2382,8 @@ sub runsshserver {
 sub runmqttserver {
     my ($id, $verbose, $ipv6) = @_;
     my $ip=$HOSTIP;
-    my $port = $MQTTPORT;
     my $proto = 'mqtt';
+    my $port = protoport($proto);
     my $ipvnum = 4;
     my $idnum = ($id && ($id =~ /^(\d+)$/) && ($id > 1)) ? $id : 1;
     my $server;
@@ -2475,10 +2428,11 @@ sub runmqttserver {
         return (0,0);
     }
 
-    $MQTTPORT = pidfromfile($portfile);
+    my $mqttport = pidfromfile($portfile);
+    $PORT{"mqtt"} = $mqttport;
 
     if($verbose) {
-        logmsg "RUN: $srvrname server is now running PID $pid2 on PORT $MQTTPORT\n";
+        logmsg "RUN: $srvrname server is now running PID $pid2 on PORT $mqttport\n";
     }
 
     return ($pid2, $sockspid);
@@ -2806,23 +2760,10 @@ sub responsive_pingpong_server {
     my $ip = ($ipv6 && ($ipv6 =~ /6$/)) ? "$HOST6IP" : "$HOSTIP";
     my $ipvnum = ($ipv6 && ($ipv6 =~ /6$/)) ? 6 : 4;
     my $idnum = ($id && ($id =~ /^(\d+)$/) && ($id > 1)) ? $id : 1;
+    my $protoip = $proto . ($ipvnum == 6? '6': '');
 
-    if($proto eq "ftp") {
-        $port = $FTPPORT;
-
-        if($ipvnum==6) {
-            # if IPv6, use a different setup
-            $port = $FTP6PORT;
-        }
-    }
-    elsif($proto eq "pop3") {
-        $port = ($ipvnum==6) ? $POP36PORT : $POP3PORT;
-    }
-    elsif($proto eq "imap") {
-        $port = ($ipvnum==6) ? $IMAP6PORT : $IMAPPORT;
-    }
-    elsif($proto eq "smtp") {
-        $port = ($ipvnum==6) ? $SMTP6PORT : $SMTPPORT;
+    if($proto =~ /^(?:ftp|imap|pop3|smtp)$/) {
+        $port = protoport($protoip);
     }
     else {
         print STDERR "Unsupported protocol $proto!!\n";
@@ -2838,16 +2779,16 @@ sub responsive_pingpong_server {
 #
 sub responsive_rtsp_server {
     my ($verbose, $ipv6) = @_;
-    my $port = $RTSPPORT;
-    my $ip = $HOSTIP;
     my $proto = 'rtsp';
+    my $port = protoport($proto);
+    my $ip = $HOSTIP;
     my $ipvnum = 4;
     my $idnum = 1;
 
     if($ipv6) {
         # if IPv6, use a different setup
         $ipvnum = 6;
-        $port = $RTSP6PORT;
+        $port = protoport('rtsp6');
         $ip = $HOST6IP;
     }
 
@@ -2860,16 +2801,16 @@ sub responsive_rtsp_server {
 #
 sub responsive_tftp_server {
     my ($id, $verbose, $ipv6) = @_;
-    my $port = $TFTPPORT;
-    my $ip = $HOSTIP;
     my $proto = 'tftp';
+    my $port = protoport($proto);
+    my $ip = $HOSTIP;
     my $ipvnum = 4;
     my $idnum = ($id && ($id =~ /^(\d+)$/) && ($id > 1)) ? $id : 1;
 
     if($ipv6) {
         # if IPv6, use a different setup
         $ipvnum = 6;
-        $port = $TFTP6PORT;
+        $port = protoport('tftp6');
         $ip = $HOST6IP;
     }
 
@@ -2883,12 +2824,17 @@ sub responsive_tftp_server {
 #
 sub responsive_httptls_server {
     my ($verbose, $ipv6) = @_;
-    my $proto = "httptls";
-    my $port = ($ipv6 && ($ipv6 =~ /6$/)) ? $HTTPTLS6PORT : $HTTPTLSPORT;
-    my $ip = ($ipv6 && ($ipv6 =~ /6$/)) ? "$HOST6IP" : "$HOSTIP";
     my $ipvnum = ($ipv6 && ($ipv6 =~ /6$/)) ? 6 : 4;
+    my $proto = "httptls";
+    my $port = protoport($proto);
+    my $ip = "$HOSTIP";
     my $idnum = 1;
 
+    if ($ipvnum == 6) {
+        $port = protoport("httptls6");
+        $ip = "$HOST6IP";
+    }
+
     return &responsiveserver($proto, $ipvnum, $idnum, $ip, $port);
 }
 
@@ -3010,6 +2956,7 @@ sub setupfeatures {
     $feature{"manual"} = $has_manual;
     $feature{"MinGW"} = $has_mingw;
     $feature{"MultiSSL"} = $has_multissl;
+    $feature{"mbedtls"} = $has_mbedtls;
     $feature{"NSS"} = $has_nss;
     $feature{"NTLM"} = $has_ntlm;
     $feature{"NTLM_WB"} = $has_ntlm_wb;
@@ -3121,45 +3068,45 @@ sub checksystem {
                 $has_win32 = 1;
                 $has_mingw = 1 if ($curl =~ /-pc-mingw32/);
             }
-           if ($libcurl =~ /(winssl|schannel)/i) {
+           if ($libcurl =~ /\s(winssl|schannel)\b/i) {
                $has_schannel=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /openssl/i) {
+           elsif ($libcurl =~ /\sopenssl\b/i) {
                $has_openssl=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /gnutls/i) {
+           elsif ($libcurl =~ /\sgnutls\b/i) {
                $has_gnutls=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /rustls-ffi/i) {
+           elsif ($libcurl =~ /\srustls-ffi\b/i) {
                $has_rustls=1;
            }
-           elsif ($libcurl =~ /nss/i) {
+           elsif ($libcurl =~ /\snss\b/i) {
                $has_nss=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /wolfssl/i) {
+           elsif ($libcurl =~ /\swolfssl\b/i) {
                $has_wolfssl=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /bearssl/i) {
+           elsif ($libcurl =~ /\sbearssl\b/i) {
                $has_bearssl=1;
            }
-           elsif ($libcurl =~ /securetransport/i) {
+           elsif ($libcurl =~ /\ssecuretransport\b/i) {
                $has_sectransp=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /BoringSSL/i) {
+           elsif ($libcurl =~ /\sBoringSSL\b/i) {
                $has_boringssl=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /libressl/i) {
+           elsif ($libcurl =~ /\slibressl\b/i) {
                $has_libressl=1;
                $has_sslpinning=1;
            }
-           elsif ($libcurl =~ /mbedTLS/i) {
+           elsif ($libcurl =~ /\smbedTLS\b/i) {
                $has_mbedtls=1;
                $has_sslpinning=1;
            }
@@ -3489,45 +3436,37 @@ sub checksystem {
 #
 sub subVariables {
     my ($thing, $testnum, $prefix) = @_;
+    my $port;
 
     if(!$prefix) {
         $prefix = "%";
     }
 
     # test server ports
-    $$thing =~ s/${prefix}FTP6PORT/$FTP6PORT/g;
-    $$thing =~ s/${prefix}FTPSPORT/$FTPSPORT/g;
-    $$thing =~ s/${prefix}FTPPORT/$FTPPORT/g;
-    $$thing =~ s/${prefix}GOPHER6PORT/$GOPHER6PORT/g;
-    $$thing =~ s/${prefix}GOPHERPORT/$GOPHERPORT/g;
-    $$thing =~ s/${prefix}GOPHERSPORT/$GOPHERSPORT/g;
-    $$thing =~ s/${prefix}HTTPTLS6PORT/$HTTPTLS6PORT/g;
-    $$thing =~ s/${prefix}HTTPTLSPORT/$HTTPTLSPORT/g;
-    $$thing =~ s/${prefix}HTTP6PORT/$HTTP6PORT/g;
-    $$thing =~ s/${prefix}HTTPSPORT/$HTTPSPORT/g;
-    $$thing =~ s/${prefix}HTTPSPROXYPORT/$HTTPSPROXYPORT/g;
-    $$thing =~ s/${prefix}HTTP2PORT/$HTTP2PORT/g;
-    $$thing =~ s/${prefix}HTTP3PORT/$HTTP3PORT/g;
-    $$thing =~ s/${prefix}HTTPPORT/$HTTPPORT/g;
-    $$thing =~ s/${prefix}PROXYPORT/$HTTPPROXYPORT/g;
-    $$thing =~ s/${prefix}MQTTPORT/$MQTTPORT/g;
-    $$thing =~ s/${prefix}IMAP6PORT/$IMAP6PORT/g;
-    $$thing =~ s/${prefix}IMAPPORT/$IMAPPORT/g;
-    $$thing =~ s/${prefix}POP36PORT/$POP36PORT/g;
-    $$thing =~ s/${prefix}POP3PORT/$POP3PORT/g;
-    $$thing =~ s/${prefix}RTSP6PORT/$RTSP6PORT/g;
-    $$thing =~ s/${prefix}RTSPPORT/$RTSPPORT/g;
-    $$thing =~ s/${prefix}SMTP6PORT/$SMTP6PORT/g;
-    $$thing =~ s/${prefix}SMTPPORT/$SMTPPORT/g;
-    $$thing =~ s/${prefix}SOCKSPORT/$SOCKSPORT/g;
-    $$thing =~ s/${prefix}SSHPORT/$SSHPORT/g;
-    $$thing =~ s/${prefix}TFTP6PORT/$TFTP6PORT/g;
-    $$thing =~ s/${prefix}TFTPPORT/$TFTPPORT/g;
-    $$thing =~ s/${prefix}DICTPORT/$DICTPORT/g;
-    $$thing =~ s/${prefix}SMBPORT/$SMBPORT/g;
-    $$thing =~ s/${prefix}SMBSPORT/$SMBSPORT/g;
-    $$thing =~ s/${prefix}TELNETPORT/$TELNETPORT/g;
-    $$thing =~ s/${prefix}NOLISTENPORT/$NOLISTENPORT/g;
+    foreach my $proto ('DICT',
+                       'FTP', 'FTP6', 'FTPS',
+                       'GOPHER', 'GOPHER6', 'GOPHERS',
+                       'HTTP', 'HTTP6', 'HTTPS',
+                       'HTTPSPROXY', 'HTTPTLS', 'HTTPTLS6',
+                       'HTTP2', 'HTTP2TLS',
+                       'HTTP3',
+                       'IMAP', 'IMAP6', 'IMAPS',
+                       'MQTT',
+                       'NOLISTEN',
+                       'POP3', 'POP36', 'POP3S',
+                       'RTSP', 'RTSP6',
+                       'SMB', 'SMBS',
+                       'SMTP', 'SMTP6', 'SMTPS',
+                       'SOCKS',
+                       'SSH',
+                       'TELNET',
+                       'TFTP', 'TFTP6') {
+        $port = protoport(lc $proto);
+        $$thing =~ s/${prefix}(?:$proto)PORT/$port/g;
+    }
+    # Special case: for PROXYPORT substitution, use httpproxy.
+    $port = protoport('httpproxy');
+    $$thing =~ s/${prefix}PROXYPORT/$port/g;
 
     # server Unix domain socket paths
     $$thing =~ s/${prefix}HTTPUNIXPATH/$HTTPUNIXPATH/g;
@@ -4744,6 +4683,11 @@ sub singletest {
             }
         }
 
+        if($hash{'crlf'} ||
+           ($has_hyper && ($keywords{"HTTP"} || $keywords{"HTTPS"}))) {
+            map subNewlines(0, \$_), @protstrip;
+        }
+
         $res = compare($testnum, $testname, "proxy", \@out, \@protstrip);
         if($res) {
             return $errorreturncode;
@@ -5074,13 +5018,14 @@ sub startservers {
         }
         elsif($what eq "gopher") {
             if($torture && $run{'gopher'} &&
-               !responsive_http_server("gopher", $verbose, 0, $GOPHERPORT)) {
+               !responsive_http_server("gopher", $verbose, 0,
+                                       protoport("gopher"))) {
                 if(stopserver('gopher')) {
                     return "failed stopping unresponsive GOPHER server";
                 }
             }
             if(!$run{'gopher'}) {
-                ($pid, $pid2, $GOPHERPORT) =
+                ($pid, $pid2, $PORT{'gopher'}) =
                     runhttpserver("gopher", $verbose, 0);
                 if($pid <= 0) {
                     return "failed starting GOPHER server";
@@ -5093,13 +5038,13 @@ sub startservers {
         elsif($what eq "gopher-ipv6") {
             if($torture && $run{'gopher-ipv6'} &&
                !responsive_http_server("gopher", $verbose, "ipv6",
-                                       $GOPHER6PORT)) {
+                                       protoport("gopher"))) {
                 if(stopserver('gopher-ipv6')) {
                     return "failed stopping unresponsive GOPHER-IPv6 server";
                 }
             }
             if(!$run{'gopher-ipv6'}) {
-                ($pid, $pid2, $GOPHER6PORT) =
+                ($pid, $pid2, $PORT{"gopher6"}) =
                     runhttpserver("gopher", $verbose, "ipv6");
                 if($pid <= 0) {
                     return "failed starting GOPHER-IPv6 server";
@@ -5111,7 +5056,7 @@ sub startservers {
         }
         elsif($what eq "http/3") {
             if(!$run{'http/3'}) {
-                ($pid, $pid2, $HTTP3PORT) = runhttp3server($verbose);
+                ($pid, $pid2, $PORT{"http3"}) = runhttp3server($verbose);
                 if($pid <= 0) {
                     return "failed starting HTTP/3 server";
                 }
@@ -5122,7 +5067,8 @@ sub startservers {
         }
         elsif($what eq "http/2") {
             if(!$run{'http/2'}) {
-                ($pid, $pid2, $HTTP2PORT) = runhttp2server($verbose);
+                ($pid, $pid2, $PORT{"http2"}, $PORT{"http2tls"}) =
+                    runhttp2server($verbose);
                 if($pid <= 0) {
                     return "failed starting HTTP/2 server";
                 }
@@ -5133,13 +5079,13 @@ sub startservers {
         }
         elsif($what eq "http") {
             if($torture && $run{'http'} &&
-               !responsive_http_server("http", $verbose, 0, $HTTPPORT)) {
+               !responsive_http_server("http", $verbose, 0, protoport('http'))) {
                 if(stopserver('http')) {
                     return "failed stopping unresponsive HTTP server";
                 }
             }
             if(!$run{'http'}) {
-                ($pid, $pid2, $HTTPPORT) =
+                ($pid, $pid2, $PORT{'http'}) =
                     runhttpserver("http", $verbose, 0);
                 if($pid <= 0) {
                     return "failed starting HTTP server";
@@ -5152,13 +5098,13 @@ sub startservers {
         elsif($what eq "http-proxy") {
             if($torture && $run{'http-proxy'} &&
                !responsive_http_server("http", $verbose, "proxy",
-                                       $HTTPPROXYPORT)) {
+                                       protoport("httpproxy"))) {
                 if(stopserver('http-proxy')) {
                     return "failed stopping unresponsive HTTP-proxy server";
                 }
             }
             if(!$run{'http-proxy'}) {
-                ($pid, $pid2, $HTTPPROXYPORT) =
+                ($pid, $pid2, $PORT{"httpproxy"}) =
                     runhttpserver("http", $verbose, "proxy");
                 if($pid <= 0) {
                     return "failed starting HTTP-proxy server";
@@ -5170,13 +5116,14 @@ sub startservers {
         }
         elsif($what eq "http-ipv6") {
             if($torture && $run{'http-ipv6'} &&
-               !responsive_http_server("http", $verbose, "ipv6", $HTTP6PORT)) {
+               !responsive_http_server("http", $verbose, "ipv6",
+                                       protoport("http6"))) {
                 if(stopserver('http-ipv6')) {
                     return "failed stopping unresponsive HTTP-IPv6 server";
                 }
             }
             if(!$run{'http-ipv6'}) {
-                ($pid, $pid2, $HTTP6PORT) =
+                ($pid, $pid2, $PORT{"http6"}) =
                     runhttpserver("http", $verbose, "ipv6");
                 if($pid <= 0) {
                     return "failed starting HTTP-IPv6 server";
@@ -5194,7 +5141,7 @@ sub startservers {
                 }
             }
             if(!$run{'rtsp'}) {
-                ($pid, $pid2, $RTSPPORT) = runrtspserver($verbose);
+                ($pid, $pid2, $PORT{'rtsp'}) = runrtspserver($verbose);
                 if($pid <= 0) {
                     return "failed starting RTSP server";
                 }
@@ -5210,7 +5157,7 @@ sub startservers {
                 }
             }
             if(!$run{'rtsp-ipv6'}) {
-                ($pid, $pid2, $RTSP6PORT) = runrtspserver($verbose, "ipv6");
+                ($pid, $pid2, $PORT{'rtsp6'}) = runrtspserver($verbose, "ipv6");
                 if($pid <= 0) {
                     return "failed starting RTSP-IPv6 server";
                 }
@@ -5219,40 +5166,42 @@ sub startservers {
                 $run{'rtsp-ipv6'}="$pid $pid2";
             }
         }
-        elsif($what eq "ftps") {
+        elsif($what =~ /^(ftp|imap|pop3|smtp)s$/) {
+            my $cproto = $1;
             if(!$stunnel) {
                 # we can't run ftps tests without stunnel
                 return "no stunnel";
             }
-            if($runcert{'ftps'} && ($runcert{'ftps'} ne $certfile)) {
+            if($runcert{$what} && ($runcert{$what} ne $certfile)) {
                 # stop server when running and using a different cert
-                if(stopserver('ftps')) {
-                    return "failed stopping FTPS server with different cert";
+                if(stopserver($what)) {
+                    return "failed stopping $what server with different cert";
                 }
             }
-            if($torture && $run{'ftp'} &&
-               !responsive_pingpong_server("ftp", "", $verbose)) {
-                if(stopserver('ftp')) {
-                    return "failed stopping unresponsive FTP server";
+            if($torture && $run{$cproto} &&
+               !responsive_pingpong_server($cproto, "", $verbose)) {
+                if(stopserver($cproto)) {
+                    return "failed stopping unresponsive $cproto server";
                 }
             }
-            if(!$run{'ftp'}) {
-                ($pid, $pid2) = runpingpongserver("ftp", "", $verbose);
+            if(!$run{$cproto}) {
+                ($pid, $pid2) = runpingpongserver($cproto, "", $verbose);
                 if($pid <= 0) {
-                    return "failed starting FTP server";
+                    return "failed starting $cproto server";
                 }
-                printf ("* pid ftp => %d %d\n", $pid, $pid2) if($verbose);
-                $run{'ftp'}="$pid $pid2";
+                printf ("* pid $cproto => %d %d\n", $pid, $pid2) if($verbose);
+                $run{$cproto}="$pid $pid2";
             }
-            if(!$run{'ftps'}) {
-                ($pid, $pid2, $FTPSPORT) =
-                    runftpsserver($verbose, "", $certfile);
+            if(!$run{$what}) {
+                ($pid, $pid2, $PORT{$what}) =
+                    runsecureserver($verbose, "", $certfile, $what,
+                                    protoport($cproto));
                 if($pid <= 0) {
-                    return "failed starting FTPS server (stunnel)";
+                    return "failed starting $what server (stunnel)";
                 }
-                logmsg sprintf("* pid ftps => %d %d\n", $pid, $pid2)
+                logmsg sprintf("* pid $what => %d %d\n", $pid, $pid2)
                     if($verbose);
-                $run{'ftps'}="$pid $pid2";
+                $run{$what}="$pid $pid2";
             }
         }
         elsif($what eq "file") {
@@ -5270,13 +5219,14 @@ sub startservers {
                 }
             }
             if($torture && $run{'http'} &&
-               !responsive_http_server("http", $verbose, 0, $HTTPPORT)) {
+               !responsive_http_server("http", $verbose, 0,
+                                       protoport('http'))) {
                 if(stopserver('http')) {
                     return "failed stopping unresponsive HTTP server";
                 }
             }
             if(!$run{'http'}) {
-                ($pid, $pid2, $HTTPPORT) =
+                ($pid, $pid2, $PORT{'http'}) =
                     runhttpserver("http", $verbose, 0);
                 if($pid <= 0) {
                     return "failed starting HTTP server";
@@ -5285,7 +5235,7 @@ sub startservers {
                 $run{'http'}="$pid $pid2";
             }
             if(!$run{'https'}) {
-                ($pid, $pid2, $HTTPSPORT) =
+                ($pid, $pid2, $PORT{'https'}) =
                     runhttpsserver($verbose, "https", "", $certfile);
                 if($pid <= 0) {
                     return "failed starting HTTPS server (stunnel)";
@@ -5307,30 +5257,35 @@ sub startservers {
                 }
             }
             if($torture && $run{'gopher'} &&
-               !responsive_http_server("gopher", $verbose, 0, $GOPHERPORT)) {
+               !responsive_http_server("gopher", $verbose, 0,
+                                       protoport('gopher'))) {
                 if(stopserver('gopher')) {
                     return "failed stopping unresponsive GOPHER server";
                 }
             }
             if(!$run{'gopher'}) {
-                ($pid, $pid2, $GOPHERPORT) =
+                my $port;
+                ($pid, $pid2, $port) =
                     runhttpserver("gopher", $verbose, 0);
+                $PORT{'gopher'} = $port;
                 if($pid <= 0) {
                     return "failed starting GOPHER server";
                 }
                 printf ("* pid gopher => %d %d\n", $pid, $pid2) if($verbose);
-                print "GOPHERPORT => $GOPHERPORT\n" if($verbose);
+                print "GOPHERPORT => $port\n" if($verbose);
                 $run{'gopher'}="$pid $pid2";
             }
             if(!$run{'gophers'}) {
-                ($pid, $pid2, $GOPHERSPORT) =
+                my $port;
+                ($pid, $pid2, $port) =
                     runhttpsserver($verbose, "gophers", "", $certfile);
+                $PORT{'gophers'} = $port;
                 if($pid <= 0) {
                     return "failed starting GOPHERS server (stunnel)";
                 }
                 logmsg sprintf("* pid gophers => %d %d\n", $pid, $pid2)
                     if($verbose);
-                print "GOPHERSPORT => $GOPHERSPORT\n" if($verbose);
+                print "GOPHERSPORT => $port\n" if($verbose);
                 $run{'gophers'}="$pid $pid2";
             }
         }
@@ -5355,7 +5310,7 @@ sub startservers {
             }
 
             if(!$run{'https-proxy'}) {
-                ($pid, $pid2, $HTTPSPROXYPORT) =
+                ($pid, $pid2, $PORT{"httpsproxy"}) =
                     runhttpsserver($verbose, "https", "proxy", $certfile);
                 if($pid <= 0) {
                     return "failed starting HTTPS-proxy (stunnel)";
@@ -5368,7 +5323,7 @@ sub startservers {
         elsif($what eq "httptls") {
             if(!$httptlssrv) {
                 # for now, we can't run http TLS-EXT tests without gnutls-serv
-                return "no gnutls-serv";
+                return "no gnutls-serv (with SRP support)";
             }
             if($torture && $run{'httptls'} &&
                !responsive_httptls_server($verbose, "IPv4")) {
@@ -5377,7 +5332,7 @@ sub startservers {
                 }
             }
             if(!$run{'httptls'}) {
-                ($pid, $pid2, $HTTPTLSPORT) =
+                ($pid, $pid2, $PORT{'httptls'}) =
                     runhttptlsserver($verbose, "IPv4");
                 if($pid <= 0) {
                     return "failed starting HTTPTLS server (gnutls-serv)";
@@ -5399,7 +5354,7 @@ sub startservers {
                 }
             }
             if(!$run{'httptls-ipv6'}) {
-                ($pid, $pid2, $HTTPTLS6PORT) =
+                ($pid, $pid2, $PORT{"httptls6"}) =
                     runhttptlsserver($verbose, "ipv6");
                 if($pid <= 0) {
                     return "failed starting HTTPTLS-IPv6 server (gnutls-serv)";
@@ -5417,7 +5372,7 @@ sub startservers {
                 }
             }
             if(!$run{'tftp'}) {
-                ($pid, $pid2, $TFTPPORT) =
+                ($pid, $pid2, $PORT{'tftp'}) =
                     runtftpserver("", $verbose);
                 if($pid <= 0) {
                     return "failed starting TFTP server";
@@ -5434,7 +5389,7 @@ sub startservers {
                 }
             }
             if(!$run{'tftp-ipv6'}) {
-                ($pid, $pid2, $TFTP6PORT) =
+                ($pid, $pid2, $PORT{'tftp6'}) =
                     runtftpserver("", $verbose, "ipv6");
                 if($pid <= 0) {
                     return "failed starting TFTP-IPv6 server";
@@ -5445,7 +5400,7 @@ sub startservers {
         }
         elsif($what eq "sftp" || $what eq "scp") {
             if(!$run{'ssh'}) {
-                ($pid, $pid2, $SSHPORT) = runsshserver("", $verbose);
+                ($pid, $pid2, $PORT{'ssh'}) = runsshserver("", $verbose);
                 if($pid <= 0) {
                     return "failed starting SSH server";
                 }
@@ -5455,7 +5410,7 @@ sub startservers {
         }
         elsif($what eq "socks4" || $what eq "socks5" ) {
             if(!$run{'socks'}) {
-                ($pid, $pid2, $SOCKSPORT) = runsocksserver("", $verbose);
+                ($pid, $pid2, $PORT{"socks"}) = runsocksserver("", $verbose);
                 if($pid <= 0) {
                     return "failed starting socks server";
                 }
@@ -5504,7 +5459,7 @@ sub startservers {
         }
         elsif($what eq "dict") {
             if(!$run{'dict'}) {
-                ($pid, $pid2, $DICTPORT) = rundictserver($verbose, "");
+                ($pid, $pid2, $PORT{"dict"}) = rundictserver($verbose, "");
                 if($pid <= 0) {
                     return "failed starting DICT server";
                 }
@@ -5515,7 +5470,7 @@ sub startservers {
         }
         elsif($what eq "smb") {
             if(!$run{'smb'}) {
-                ($pid, $pid2, $SMBPORT) = runsmbserver($verbose, "");
+                ($pid, $pid2, $PORT{"smb"}) = runsmbserver($verbose, "");
                 if($pid <= 0) {
                     return "failed starting SMB server";
                 }
@@ -5526,7 +5481,7 @@ sub startservers {
         }
         elsif($what eq "telnet") {
             if(!$run{'telnet'}) {
-                ($pid, $pid2, $TELNETPORT) =
+                ($pid, $pid2, $PORT{"telnet"}) =
                     runnegtelnetserver($verbose, "");
                 if($pid <= 0) {
                     return "failed starting neg TELNET server";
@@ -5943,6 +5898,7 @@ Usage: runtests.pl [options] [test selection(s)]
   -L path  require an additional perl library file to replace certain functions
   -l       list all test case names/descriptions
   -n       no valgrind
+  --no-debuginfod disable the valgrind debuginfod functionality
   -o variable=value set internal variable to the specified value
   -P proxy use the specified proxy
   -p       print log file contents when a test fails
diff --git a/tests/secureserver.pl b/tests/secureserver.pl
index 3d2ab1531..665e0d019 100755
--- a/tests/secureserver.pl
+++ b/tests/secureserver.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/server/.gitignore b/tests/server/.gitignore
index 77c5e93f5..fee192546 100644
--- a/tests/server/.gitignore
+++ b/tests/server/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/tests/server/CMakeLists.txt b/tests/server/CMakeLists.txt
index bad6edf4d..d92f60fee 100644
--- a/tests/server/CMakeLists.txt
+++ b/tests/server/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2009 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/server/Makefile.am b/tests/server/Makefile.am
index 45ccf231d..b08942263 100644
--- a/tests/server/Makefile.am
+++ b/tests/server/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/server/Makefile.inc b/tests/server/Makefile.inc
index 0c7671214..efd2fa05e 100644
--- a/tests/server/Makefile.inc
+++ b/tests/server/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2009 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/server/base64.pl b/tests/server/base64.pl
index b0252551e..885e6f419 100755
--- a/tests/server/base64.pl
+++ b/tests/server/base64.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2004 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/server/disabled.c b/tests/server/disabled.c
index 8a4a17ce5..7ce290388 100644
--- a/tests/server/disabled.c
+++ b/tests/server/disabled.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/fake_ntlm.c b/tests/server/fake_ntlm.c
index 976096a9c..a2d079608 100644
--- a/tests/server/fake_ntlm.c
+++ b/tests/server/fake_ntlm.c
@@ -5,8 +5,8 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2010, Mandy Wu, <mandy.wu@intel.com>
- * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Mandy Wu, <mandy.wu@intel.com>
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/getpart.c b/tests/server/getpart.c
index fb54bfe8b..f7c6fd23f 100644
--- a/tests/server/getpart.c
+++ b/tests/server/getpart.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/getpart.h b/tests/server/getpart.h
index bb71c2d2d..e9323d4c9 100644
--- a/tests/server/getpart.h
+++ b/tests/server/getpart.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/mqttd.c b/tests/server/mqttd.c
index 028c7658d..3f990b935 100644
--- a/tests/server/mqttd.c
+++ b/tests/server/mqttd.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/resolve.c b/tests/server/resolve.c
index 492ffdeef..37432e4c8 100644
--- a/tests/server/resolve.c
+++ b/tests/server/resolve.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c
index 365b29476..8bf98ebdc 100644
--- a/tests/server/rtspd.c
+++ b/tests/server/rtspd.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/server_setup.h b/tests/server/server_setup.h
index 8c642e5d8..8bdcc913b 100644
--- a/tests/server/server_setup.h
+++ b/tests/server/server_setup.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/server_sockaddr.h b/tests/server/server_sockaddr.h
index 024cf70dd..c48c7c7c3 100644
--- a/tests/server/server_sockaddr.h
+++ b/tests/server/server_sockaddr.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c
index 39cca069f..c70724210 100644
--- a/tests/server/sockfilt.c
+++ b/tests/server/sockfilt.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/socksd.c b/tests/server/socksd.c
index d49efcf80..21245a3f9 100644
--- a/tests/server/socksd.c
+++ b/tests/server/socksd.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/sws.c b/tests/server/sws.c
index e4ef0ae4a..e5bb431e0 100644
--- a/tests/server/sws.c
+++ b/tests/server/sws.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -872,7 +872,7 @@ static int get_request(curl_socket_t sock, struct httprequest *req)
 
   if(req->upgrade_request) {
     /* upgraded connection, work it differently until end of connection */
-    logmsg("Upgraded connection, this is a no longer HTTP/1");
+    logmsg("Upgraded connection, this is no longer HTTP/1");
     send_doc(sock, req);
 
     /* dump the request received so far to the external file */
@@ -881,34 +881,39 @@ static int get_request(curl_socket_t sock, struct httprequest *req)
     req->offset = 0;
 
     /* read websocket traffic */
-    if(req->open)
+    if(req->open) {
+      logmsg("wait for websocket traffic");
       do {
+        got = sread(sock, reqbuf + req->offset, REQBUFSIZ - req->offset);
+        if(got > 0) {
+          req->offset += got;
+          logmsg("Got %zu bytes from client", got);
+        }
 
-      got = sread(sock, reqbuf + req->offset, REQBUFSIZ - req->offset);
-      if(got > 0)
-        req->offset += got;
-
-      if((got == -1) && ((EAGAIN == errno) || (EWOULDBLOCK == errno))) {
-        int rc;
-        fd_set input;
-        fd_set output;
-        struct timeval timeout = {1, 0}; /* 1000 ms */
-
-        logmsg("Got EAGAIN from sread");
-        FD_ZERO(&input);
-        FD_ZERO(&output);
-        got = 0;
-        FD_SET(sock, &input);
-        do {
-          logmsg("Wait until readable");
-          rc = select((int)sock + 1, &input, &output, NULL, &timeout);
-        } while(rc < 0 && errno == EINTR && !got_exit_signal);
-        logmsg("readable %d", rc);
-        if(rc)
-          got = 1;
-      }
-    } while(got > 0);
-
+        if((got == -1) && ((EAGAIN == errno) || (EWOULDBLOCK == errno))) {
+          int rc;
+          fd_set input;
+          fd_set output;
+          struct timeval timeout = {1, 0}; /* 1000 ms */
+
+          logmsg("Got EAGAIN from sread");
+          FD_ZERO(&input);
+          FD_ZERO(&output);
+          got = 0;
+          FD_SET(sock, &input);
+          do {
+            logmsg("Wait until readable");
+            rc = select((int)sock + 1, &input, &output, NULL, &timeout);
+          } while(rc < 0 && errno == EINTR && !got_exit_signal);
+          logmsg("readable %d", rc);
+          if(rc)
+            got = 1;
+        }
+      } while(got > 0);
+    }
+    else {
+      logmsg("NO wait for websocket traffic");
+    }
     if(req->offset) {
       logmsg("log the websocket traffic");
       /* dump the incoming websocket traffic to the external file */
diff --git a/tests/server/testpart.c b/tests/server/testpart.c
index f54c71281..489b218a0 100644
--- a/tests/server/testpart.c
+++ b/tests/server/testpart.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/tftp.h b/tests/server/tftp.h
index 1ccd21967..70e219721 100644
--- a/tests/server/tftp.h
+++ b/tests/server/tftp.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c
index c97c5a71f..75aad482d 100644
--- a/tests/server/tftpd.c
+++ b/tests/server/tftpd.c
@@ -15,7 +15,7 @@
  */
 
 /*
- * Copyright (C) 2005 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  * Copyright (c) 1983, Regents of the University of California.
  * All rights reserved.
  *
diff --git a/tests/server/util.c b/tests/server/util.c
index 8238691b3..6429a8006 100644
--- a/tests/server/util.c
+++ b/tests/server/util.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/server/util.h b/tests/server/util.h
index 76ca37140..d5554684b 100644
--- a/tests/server/util.h
+++ b/tests/server/util.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/serverhelp.pm b/tests/serverhelp.pm
index 84673b97c..b5b34564d 100644
--- a/tests/serverhelp.pm
+++ b/tests/serverhelp.pm
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/smbserver.py b/tests/smbserver.py
index 62f2d7a0f..5a73d0b12 100755
--- a/tests/smbserver.py
+++ b/tests/smbserver.py
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2017 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm
index 2d419c184..e2e1e5eb9 100644
--- a/tests/sshhelp.pm
+++ b/tests/sshhelp.pm
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -408,7 +408,18 @@ sub find_sshkeygen {
 # Find httptlssrv (gnutls-serv) and return canonical filename
 #
 sub find_httptlssrv {
-    return find_exe_file_hpath($httptlssrvexe);
+    my $p = find_exe_file_hpath($httptlssrvexe);
+    if($p) {
+        my @o = `"$p" -l`;
+        my $found;
+        for(@o) {
+            if(/Key exchange: SRP/) {
+                $found = 1;
+                last;
+            }
+        }
+        return $p if($found);
+    }
 }
 
 
diff --git a/tests/sshserver.pl b/tests/sshserver.pl
index 1b7b37208..e64890dae 100644..100755
--- a/tests/sshserver.pl
+++ b/tests/sshserver.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/stunnel.pem b/tests/stunnel.pem
index 3ec7702e9..b7dd1e879 100644
--- a/tests/stunnel.pem
+++ b/tests/stunnel.pem
@@ -36,45 +36,46 @@ commonName_value              = localhost
 # The key
 # the certificate
 # some dhparam
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAqq4P3SCjaw0TbAC4A3lYpiC3Fa9UlRuXqYkUDoMydCv8kdjG
-5O3lrFVFtUWOHR9Irs6sCvPS5I8JxZtX/Kk7cpT85Q/pU01G2YGXqc9z1SuKclCA
-VRQpw7GJUZquxE51t9/NTVuLxq6VCbMysdELMgSdVDJKS6vuDhoR1Odn2DYxYnav
-w2TwjC0sYIHGZqgxOuuizuzWZf6AsuhuOx5QZbGRnAoFBo6JTEbC32i9Hs8KzQSZ
-qgFm7HQb9RUTTc/nzSqOYdZMeRfNnlXuSAU1qVUWGnULElGN1VWJUDaTr7VaChZm
-1oComXjrCRxfJqqh2yrTnsfyovBpr251gaDu8wIDAQABAoIBAQCdg9n8Fxz5tK2R
-5O/ttNVNK7ALgS2sFjTXLzylUAsGD3oeF1Mm/y4Q5vlYG4LV+YMYYH+B9BdS+3bn
-OT/wWzYTvs/NjeulBxI1tVWET4H03yP777Mf0WXhxjyWZQyY+lfFg/NySuQqTgAZ
-XZmRZPzSAlQ32dmbEGa3+PMv6wd5Drei9dW8zXHg0Hhxu1ZQffwAuqMaH7JRf7Vz
-947E59YrTVOSz7V8q9B0Jw/y3ozdVF4XsYuTZu6hcFRGu7hyBblp8JXhbpRpk1+0
-8iYas3Wh5qXbe7IMmRuyHKQilweCnOvLwsd6zkyPmf/RfElbVwMfy9YQZ9r5t3cG
-8JLTmexhAoGBAOB7xb6kzBgRVKC1IMos18l9sj/4x14Iu9QSoOUyPiC+tnXaSV2a
-6Wx/5e0x3de3fv4CpcIPrO243CAvzAY8dKfUN0L0DLH0RTWtu7G8yAe8rTGDN3Vk
-xg1bfNaaciOyq1MKf5o5VBNdf8wqz4tOMuWc0hB69+7NJl65icWZSmk5AoGBAMKk
-hRr+q1bokENma9RDAZQG2CvELfetgvs8i40UQk/KUTsg9xOJvf7sohoYUEqxFTOR
-5lmM01wwdRuHLwg333sP1zLwR1KlxUWp+hOVxY3utAiCNMQKkMZGoTtx/S4c3fJX
-ETyNgXnXRGe7S6feqaubEmYn2/zRtQMEsUC2+TWLAoGAOeFwEUHopeQCEBXjyH1b
-fkZ8qWX58dMKqxnKho432rWR0j1gYVRKD4HCxS/wZWiYw+Hm32yvR/Q8PchVMN5x
-rbxYK1lF1LSJC9gp5yAn62bIuVV9/TTopBUM0UCtYWr2Jck1MYzKktuu0fPP47lc
-Ajw3JayvNNGMrSvlzB9EQnECgYEAsDO/S3DAKyzdbCaL9tux0g9gIj62XkD1Efr9
-Wfm9Df5ZCu4MveMz3FLbbEQWa4djagvqO6cAr7QuT31RVl8+MGlmpvZdmrP2odn+
-STyMWrB8yjcVDWODK/tEekv2pof7ZCbts6NmUqZNhppHIvCvKGp5fYEX5Qbylojo
-7Wy2rYECgYBlgx30rVT0S+fqAxje6EU1u2L/vx7Bb+VwxVwz66jXgOp3WJRex29z
-te8vPrByqaWDRB5cT2aRMQESc8HjUr7GC6DRpBV09g+alJnjuwKwl+gY9zg6cb0l
-jcKnwIobQdxoptlCppDgyzaa0YobJw4Bp6n2o0IRt6Tfl2Gh+BvpXw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrCrAD0Hb+Xs4V
+3mHV45FvfNa7yiaOeL4mNdGmWfHVPFU+CSzsoNSvDjxaorWweFGVYoCAcchOn1lZ
+k0ASsqnOss0Xi58n8+PPI3gG0gYjX5sg7EJ3Zq2kXoK0TZRy6hNkcvzLgyzXoYv1
+LkzTwYiyyJgZX++Y/GKAs2fMHyP8XzjNgm4tltk1k/4pomllwN9Fqz+sFxgAgEq3
+ybq4Xym7xKwWl8xXNBDJNmVsPtiJRcilQoR8Xs0a6PE+VbMhD9A2E/LEL7lzQfqH
+qtxE1mSW5FpQ+Uqf4KLnafStWs86IOWnCeLP6BmhAK6ouyICNFyzz7UkTHa/renx
+uNOGun2TAgMBAAECggEAH0BsKb5Ax7h90jwYRzL141d9isFkaxq/r46c2FbN24bT
+EmstxKycP8ILoAnjxbMuQOvHC/D+RvNRqY7Aocn4Qdakp50wvuWOpc3Ww/RC/9qb
+pxfUCyn9Jy/HlPcp3RdM5MknzG2S13Fid7F2gyh0+CmztMs1JZBT1S0ylXbJJfbY
+1pdlHcf9oEbYo36vGd9rtJHAFzsFfwua0idl76XYuOnR3bpOkHl1B5cJ8jpOliPv
+VTmzn0cIgAmk7IByHHqGQ0u30PFiElI9kEbkKWoxAM1hq1pFU58jQhvp0ZkjVENL
+bSFB2B4DbyosxPlbUgvJCN4B7nclqzYqBdrrk6/ZLQKBgQC1lDrPSGIGXLwvkZYS
+xc0wtaCC7u6m7zV8rzh5HGcEoVvtmya/VyoZR8KGIpSor8COIkZqFtan6C77C3MH
+wClbu2Kn3FkGb76D5U2Xwl38zepzjn8Z5qXc3bZfccrsDY1gXPicgsmcKUY9xV5/
+T0RjESDKB+xxkJpCjia6klm2NQKBgQDxJNuqB6frDYKaj7mW/rvyHqkeT94J6eDY
+BcMZVKeHRNWcBMOvJDChVmpsCjJPOWHhHOlAE755NxWn8wpgyiUcac3BiysMgvTT
+pyH8UVWaP/DWYOfpuhtcLPkIjKnPijOvshpyWBxfXNIejiovoT6E3IXKOxr5g5yq
+U/9a5+I9pwKBgDyJG4YpkoyedBrDxa2ihkL7+nRMZgH/c+yKmiA+aNXxWa2AcU2P
+KLje5KpFcxw948s/AAy0aoH19Vu6uHHYDbHIah6eZouvy2s7kj/LC/yRRd2anyMq
+cxeMTxXI4ScLaZu7wyKis8Y9OG61k0iMS7dfaXgRZjGCTPttWtoOmpwVAoGAd2k+
+EXuLDl15UBpd18S6wxGlw2nfVN9oxPBNhUyjTNusP38oe6EbJ7mIJ4oBEbQjoPrV
+EjL0vkelxK4YdIeFSwWlqvLEVYS/wdNgg/auwhxpoW8JSHctNz7Z7v7g0/Hm2FkE
+uZyiKCLptdHGWCGruNUOt27/U5F10e6YY6ayJL8CgYEAoE/ddHIlrKFzcZ0cu47R
+ky4D4x32ceC2au4eGPLMDItPjceXe8I6zgB5P8/U5U3PRw5oWabpAf5lAcRwa12c
+23xgy9O5QNlyps/rAdnVjwxqGwEd5E2LrZ2+JDflPRGunx2VO5v9CxXvsxu9F3Rj
+tREtebHe2H7u5jNsIQArnRI=
+-----END PRIVATE KEY-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16693795668433 (0xf2ed3c2c1d1)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 16717980999635 (0xf3475519fd3)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
             commonName                = Northern Nowhere Trust Anchor
         Validity
-            Not Before: Nov 25 12:32:46 2022 GMT
-            Not After : Feb 11 12:32:46 2031 GMT
+            Not Before: Dec 23 12:21:39 2022 GMT
+            Not After : Mar 11 12:21:39 2031 GMT
         Subject:
             countryName               = NN
             organizationName          = Edel Curl Arctic Illudium Research Cloud
@@ -83,24 +84,24 @@ Certificate:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:aa:ae:0f:dd:20:a3:6b:0d:13:6c:00:b8:03:79:
-                    58:a6:20:b7:15:af:54:95:1b:97:a9:89:14:0e:83:
-                    32:74:2b:fc:91:d8:c6:e4:ed:e5:ac:55:45:b5:45:
-                    8e:1d:1f:48:ae:ce:ac:0a:f3:d2:e4:8f:09:c5:9b:
-                    57:fc:a9:3b:72:94:fc:e5:0f:e9:53:4d:46:d9:81:
-                    97:a9:cf:73:d5:2b:8a:72:50:80:55:14:29:c3:b1:
-                    89:51:9a:ae:c4:4e:75:b7:df:cd:4d:5b:8b:c6:ae:
-                    95:09:b3:32:b1:d1:0b:32:04:9d:54:32:4a:4b:ab:
-                    ee:0e:1a:11:d4:e7:67:d8:36:31:62:76:af:c3:64:
-                    f0:8c:2d:2c:60:81:c6:66:a8:31:3a:eb:a2:ce:ec:
-                    d6:65:fe:80:b2:e8:6e:3b:1e:50:65:b1:91:9c:0a:
-                    05:06:8e:89:4c:46:c2:df:68:bd:1e:cf:0a:cd:04:
-                    99:aa:01:66:ec:74:1b:f5:15:13:4d:cf:e7:cd:2a:
-                    8e:61:d6:4c:79:17:cd:9e:55:ee:48:05:35:a9:55:
-                    16:1a:75:0b:12:51:8d:d5:55:89:50:36:93:af:b5:
-                    5a:0a:16:66:d6:80:a8:99:78:eb:09:1c:5f:26:aa:
-                    a1:db:2a:d3:9e:c7:f2:a2:f0:69:af:6e:75:81:a0:
-                    ee:f3
+                    00:ab:0a:b0:03:d0:76:fe:5e:ce:15:de:61:d5:e3:
+                    91:6f:7c:d6:bb:ca:26:8e:78:be:26:35:d1:a6:59:
+                    f1:d5:3c:55:3e:09:2c:ec:a0:d4:af:0e:3c:5a:a2:
+                    b5:b0:78:51:95:62:80:80:71:c8:4e:9f:59:59:93:
+                    40:12:b2:a9:ce:b2:cd:17:8b:9f:27:f3:e3:cf:23:
+                    78:06:d2:06:23:5f:9b:20:ec:42:77:66:ad:a4:5e:
+                    82:b4:4d:94:72:ea:13:64:72:fc:cb:83:2c:d7:a1:
+                    8b:f5:2e:4c:d3:c1:88:b2:c8:98:19:5f:ef:98:fc:
+                    62:80:b3:67:cc:1f:23:fc:5f:38:cd:82:6e:2d:96:
+                    d9:35:93:fe:29:a2:69:65:c0:df:45:ab:3f:ac:17:
+                    18:00:80:4a:b7:c9:ba:b8:5f:29:bb:c4:ac:16:97:
+                    cc:57:34:10:c9:36:65:6c:3e:d8:89:45:c8:a5:42:
+                    84:7c:5e:cd:1a:e8:f1:3e:55:b3:21:0f:d0:36:13:
+                    f2:c4:2f:b9:73:41:fa:87:aa:dc:44:d6:64:96:e4:
+                    5a:50:f9:4a:9f:e0:a2:e7:69:f4:ad:5a:cf:3a:20:
+                    e5:a7:09:e2:cf:e8:19:a1:00:ae:a8:bb:22:02:34:
+                    5c:b3:cf:b5:24:4c:76:bf:ad:e9:f1:b8:d3:86:ba:
+                    7d:93
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Alternative Name: 
@@ -110,58 +111,55 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication
             X509v3 Subject Key Identifier: 
-                7A:9A:8C:C7:59:5D:12:8D:51:2F:B1:06:58:1B:0A:B4:9F:31:8D:7F
+                9C:97:B0:3D:B3:50:B1:F6:D4:71:E2:EB:CB:80:EA:93:7C:98:CC:72
             X509v3 Authority Key Identifier: 
-                keyid:52:40:EE:E1:4F:95:58:29:CA:84:67:8C:0F:8C:CC:FE:8F:A9:FA:A8
-
+                87:CB:B1:33:2E:C1:67:7E:71:E3:E5:2B:4C:4D:A4:B3:6E:D2:5B:A9
             X509v3 Basic Constraints: 
                 CA:FALSE
             Authority Information Access: 
                 CA Issuers - URI:http://test.curl.se/ca/EdelCurlRoot.cer
-
             X509v3 CRL Distribution Points: 
-
                 Full Name:
                   URI:http://test.curl.se/ca/EdelCurlRoot.crl
-
     Signature Algorithm: sha256WithRSAEncryption
-         84:61:d9:d9:fb:1e:7e:e7:70:fb:1f:2f:e7:53:14:d5:0b:af:
-         0b:7d:30:83:a2:50:5d:7d:80:52:03:25:a4:7e:fb:6a:27:2d:
-         c7:2e:db:56:21:c9:90:13:aa:84:d8:0c:ec:fc:76:43:3a:35:
-         e6:e9:fe:99:36:eb:ce:5c:43:ea:5b:93:ac:e1:97:00:5f:05:
-         e8:a4:69:5b:a9:6a:9a:44:52:f2:75:2c:d7:0d:b1:4b:01:bf:
-         b4:18:e3:d6:65:90:06:8e:1d:bc:40:89:75:83:ea:d6:c3:1b:
-         57:d8:fa:e9:42:bc:83:1e:e9:27:e7:01:30:46:a8:be:dd:e2:
-         1e:96:05:56:a5:03:76:f8:40:a1:8b:1b:5d:3b:45:37:2f:8e:
-         d9:b0:d9:ab:5d:b4:9c:fa:7c:ad:db:10:ff:55:40:01:1c:49:
-         1c:af:20:cb:9d:5d:74:d9:83:8e:ae:54:3e:57:ce:77:de:1b:
-         83:f6:6d:3f:6d:ef:b1:bd:11:aa:10:f5:15:bf:a2:ba:c5:63:
-         6c:22:86:d6:78:72:75:7c:68:fb:4a:1c:1f:da:90:53:b3:44:
-         dd:db:95:c2:dc:dc:45:9b:78:a8:73:8a:74:a7:91:8f:6d:c7:
-         72:a0:00:3b:3f:ea:e6:c9:14:f0:a1:c5:1a:bb:8f:65:d8:75:
-         da:3d:4d:cc
+    Signature Value:
+        0b:8a:ed:6a:87:fa:71:15:88:25:58:85:1b:4a:09:bf:43:00:
+        35:93:78:0d:72:14:30:51:e2:93:83:a1:da:1b:2f:a9:31:ae:
+        b7:c7:4c:72:c2:5e:32:24:f1:96:93:70:d5:3f:b5:85:80:13:
+        75:32:cf:0e:f8:5d:c4:a2:29:84:43:2c:75:81:26:12:6a:a0:
+        cb:7b:57:c1:92:78:85:08:fa:64:50:c2:7b:83:02:4d:79:13:
+        bc:61:64:4d:b8:6b:d5:f1:84:6b:12:5c:69:90:ad:40:47:c0:
+        ed:dd:ea:8a:66:7e:87:85:19:aa:89:d3:3c:08:72:08:a1:4d:
+        63:60:5b:9b:17:9e:00:12:a1:00:52:ca:78:01:88:18:c7:ed:
+        5b:c7:e4:d9:eb:bd:3f:af:92:53:3f:fe:58:57:0d:fc:f4:7b:
+        7b:a2:4f:e9:b9:5c:b5:a4:52:50:b4:56:5a:44:8e:d9:d0:ed:
+        de:8f:7e:ac:1c:58:76:5b:a8:79:c9:95:ab:85:1d:db:4c:13:
+        82:4a:a5:41:1b:29:f5:d3:96:df:80:d1:1e:00:7d:ba:35:94:
+        57:81:e1:08:2a:81:6b:1c:30:50:37:01:1a:0e:26:4f:6b:ed:
+        c9:50:17:37:2b:33:3f:68:fe:c6:f0:21:8c:e7:b2:79:55:f2:
+        42:bd:2f:b0
 -----BEGIN CERTIFICATE-----
-MIIERDCCAyygAwIBAgIGDy7TwsHRMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
+MIIERDCCAyygAwIBAgIGDzR1UZ/TMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYT
 Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
 IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
-Fw0yMjExMjUxMjMyNDZaFw0zMTAyMTExMjMyNDZaMFQxCzAJBgNVBAYTAk5OMTEw
+Fw0yMjEyMjMxMjIxMzlaFw0zMTAzMTExMjIxMzlaMFQxCzAJBgNVBAYTAk5OMTEw
 LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
 MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCqrg/dIKNrDRNsALgDeVimILcVr1SVG5epiRQOgzJ0K/yR2Mbk7eWsVUW1
-RY4dH0iuzqwK89LkjwnFm1f8qTtylPzlD+lTTUbZgZepz3PVK4pyUIBVFCnDsYlR
-mq7ETnW3381NW4vGrpUJszKx0QsyBJ1UMkpLq+4OGhHU52fYNjFidq/DZPCMLSxg
-gcZmqDE666LO7NZl/oCy6G47HlBlsZGcCgUGjolMRsLfaL0ezwrNBJmqAWbsdBv1
-FRNNz+fNKo5h1kx5F82eVe5IBTWpVRYadQsSUY3VVYlQNpOvtVoKFmbWgKiZeOsJ
-HF8mqqHbKtOex/Ki8GmvbnWBoO7zAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
+AoIBAQCrCrAD0Hb+Xs4V3mHV45FvfNa7yiaOeL4mNdGmWfHVPFU+CSzsoNSvDjxa
+orWweFGVYoCAcchOn1lZk0ASsqnOss0Xi58n8+PPI3gG0gYjX5sg7EJ3Zq2kXoK0
+TZRy6hNkcvzLgyzXoYv1LkzTwYiyyJgZX++Y/GKAs2fMHyP8XzjNgm4tltk1k/4p
+omllwN9Fqz+sFxgAgEq3ybq4Xym7xKwWl8xXNBDJNmVsPtiJRcilQoR8Xs0a6PE+
+VbMhD9A2E/LEL7lzQfqHqtxE1mSW5FpQ+Uqf4KLnafStWs86IOWnCeLP6BmhAK6o
+uyICNFyzz7UkTHa/renxuNOGun2TAgMBAAGjggEGMIIBAjAUBgNVHREEDTALggls
 b2NhbGhvc3QwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud
-DgQWBBR6mozHWV0SjVEvsQZYGwq0nzGNfzAfBgNVHSMEGDAWgBRSQO7hT5VYKcqE
-Z4wPjMz+j6n6qDAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
+DgQWBBScl7A9s1Cx9tRx4uvLgOqTfJjMcjAfBgNVHSMEGDAWgBSHy7EzLsFnfnHj
+5StMTaSzbtJbqTAJBgNVHRMEAjAAMEMGCCsGAQUFBwEBBDcwNTAzBggrBgEFBQcw
 AoYnaHR0cDovL3Rlc3QuY3VybC5zZS9jYS9FZGVsQ3VybFJvb3QuY2VyMDgGA1Ud
 HwQxMC8wLaAroCmGJ2h0dHA6Ly90ZXN0LmN1cmwuc2UvY2EvRWRlbEN1cmxSb290
-LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAhGHZ2fsefudw+x8v51MU1QuvC30wg6JQ
-XX2AUgMlpH77aictxy7bViHJkBOqhNgM7Px2Qzo15un+mTbrzlxD6luTrOGXAF8F
-6KRpW6lqmkRS8nUs1w2xSwG/tBjj1mWQBo4dvECJdYPq1sMbV9j66UK8gx7pJ+cB
-MEaovt3iHpYFVqUDdvhAoYsbXTtFNy+O2bDZq120nPp8rdsQ/1VAARxJHK8gy51d
-dNmDjq5UPlfOd94bg/ZtP23vsb0RqhD1Fb+iusVjbCKG1nhydXxo+0ocH9qQU7NE
-3duVwtzcRZt4qHOKdKeRj23HcqAAOz/q5skU8KHFGruPZdh12j1NzA==
+LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAC4rtaof6cRWIJViFG0oJv0MANZN4DXIU
+MFHik4Oh2hsvqTGut8dMcsJeMiTxlpNw1T+1hYATdTLPDvhdxKIphEMsdYEmEmqg
+y3tXwZJ4hQj6ZFDCe4MCTXkTvGFkTbhr1fGEaxJcaZCtQEfA7d3qimZ+h4UZqonT
+PAhyCKFNY2BbmxeeABKhAFLKeAGIGMftW8fk2eu9P6+SUz/+WFcN/PR7e6JP6blc
+taRSULRWWkSO2dDt3o9+rBxYdluoecmVq4Ud20wTgkqlQRsp9dOW34DRHgB9ujWU
+V4HhCCqBaxwwUDcBGg4mT2vtyVAXNyszP2j+xvAhjOeyeVXyQr0vsA==
 -----END CERTIFICATE-----
diff --git a/tests/symbol-scan.pl b/tests/symbol-scan.pl
index 8efa30791..bc08ad98f 100755
--- a/tests/symbol-scan.pl
+++ b/tests/symbol-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/testcurl.1 b/tests/testcurl.1
index ed4b5b5b5..202e484d4 100644
--- a/tests/testcurl.1
+++ b/tests/testcurl.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
diff --git a/tests/testcurl.pl b/tests/testcurl.pl
index acf2c6b06..aa05e6020 100755
--- a/tests/testcurl.pl
+++ b/tests/testcurl.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/tftpserver.pl b/tests/tftpserver.pl
index 9db734330..23750b2dd 100755
--- a/tests/tftpserver.pl
+++ b/tests/tftpserver.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/unit/.gitignore b/tests/unit/.gitignore
index caf5a4d05..8f0bb90bd 100644
--- a/tests/unit/.gitignore
+++ b/tests/unit/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/tests/unit/CMakeLists.txt b/tests/unit/CMakeLists.txt
index 8798165c8..fe630422c 100644
--- a/tests/unit/CMakeLists.txt
+++ b/tests/unit/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -22,36 +22,9 @@
 #
 ###########################################################################
 
-# TODO build a special libcurlu library for unittests.
-return()
-
-set(UT_SRC
-  unit1300.c
-  unit1301.c
-  unit1302.c
-  unit1303.c
-  unit1304.c
-  unit1305.c
-  unit1307.c
-  unit1308.c
-  unit1309.c
-  unit1330.c
-# Broken link on Linux
-#  unit1394.c
-  unit1395.c
-  unit1396.c
-  unit1397.c
-  unit1398.c
-  unit1600.c
-  unit1601.c
-  unit1603.c
-# Broken link on Linux
-#  unit1604.c
-  unit1620.c
-  unit1655.c
-  )
+transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake")
+include(${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake)
 
-set(UT_COMMON_FILES ../libtest/first.c ../libtest/test.h curlcheck.h)
 include_directories(
   ${CURL_SOURCE_DIR}/lib          # To be able to reach "curl_setup_once.h"
   ${CURL_SOURCE_DIR}/tests/libtest
@@ -60,12 +33,18 @@ include_directories(
   ${CURL_BINARY_DIR}/include      # To be able to reach "curl/curl.h"
 )
 
-foreach(_testfile ${UT_SRC})
-
-  get_filename_component(_testname ${_testfile} NAME_WE)
-  add_executable(${_testname} EXCLUDE_FROM_ALL ${_testfile} ${UT_COMMON_FILES})
-  #add_dependencies(testdeps ${_testname})
-  target_link_libraries(${_testname} libcurl ${CURL_LIBS})
-  set_target_properties(${_testname}
-      PROPERTIES COMPILE_DEFINITIONS "UNITTESTS")
-endforeach()
+# TODO build a special libcurlu library for unittests.
+# Until that happens, only build the unit tests when creating a static libcurl
+# or else they will fail to link. Some of the tests require the special libcurlu
+# build, so filter those out until we get libcurlu.
+list(FILTER UNITPROGS EXCLUDE REGEX
+  "unit1394|unit1395|unit1604|unit1608|unit1621|unit1650|unit1653|unit1655|unit1660|unit2600")
+if(NOT BUILD_SHARED_LIBS)
+  foreach(_testfile ${UNITPROGS})
+    add_executable(${_testfile} EXCLUDE_FROM_ALL ${_testfile}.c ${UNITFILES})
+    add_dependencies(testdeps ${_testfile})
+    target_link_libraries(${_testfile} libcurl ${CURL_LIBS})
+    set_target_properties(${_testfile}
+        PROPERTIES COMPILE_DEFINITIONS "UNITTESTS")
+  endforeach()
+endif()
diff --git a/tests/unit/Makefile.am b/tests/unit/Makefile.am
index a0d7a9495..4f64ff596 100644
--- a/tests/unit/Makefile.am
+++ b/tests/unit/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -51,9 +51,6 @@ LDADD = $(top_builddir)/src/libcurltool.la   \
 
 AM_CPPFLAGS += -DCURL_STATICLIB -DUNITTESTS
 
-# Makefile.inc provides neat definitions
-include Makefile.inc
-
 CHECKSRC = $(CS_$(V))
 CS_0 = @echo "  RUN     " $@;
 CS_1 =
@@ -62,8 +59,99 @@ CS_ = $(CS_0)
 checksrc:
 	$(CHECKSRC)@PERL@ $(top_srcdir)/scripts/checksrc.pl $(srcdir)/*.[ch]
 
+# Makefile.inc provides neat definitions
+include Makefile.inc
+
 if BUILD_UNITTESTS
 noinst_PROGRAMS = $(UNITPROGS)
 else
 noinst_PROGRAMS =
 endif
+
+unit1300_SOURCES = unit1300.c $(UNITFILES)
+
+unit1302_SOURCES = unit1302.c $(UNITFILES)
+
+unit1303_SOURCES = unit1303.c $(UNITFILES)
+
+unit1304_SOURCES = unit1304.c $(UNITFILES)
+
+unit1305_SOURCES = unit1305.c $(UNITFILES)
+
+unit1307_SOURCES = unit1307.c $(UNITFILES)
+
+unit1308_SOURCES = unit1308.c $(UNITFILES)
+
+unit1309_SOURCES = unit1309.c $(UNITFILES)
+
+unit1323_SOURCES = unit1323.c $(UNITFILES)
+
+unit1330_SOURCES = unit1330.c $(UNITFILES)
+
+unit1394_SOURCES = unit1394.c $(UNITFILES)
+unit1394_LDADD = $(top_builddir)/lib/libcurl.la @LIBCURL_LIBS@
+unit1394_LDFLAGS = $(top_builddir)/src/libcurltool.la
+unit1394_LIBS =
+
+unit1395_SOURCES = unit1395.c $(UNITFILES)
+
+unit1396_SOURCES = unit1396.c $(UNITFILES)
+
+unit1397_SOURCES = unit1397.c $(UNITFILES)
+
+unit1398_SOURCES = unit1398.c $(UNITFILES)
+
+unit1399_SOURCES = unit1399.c $(UNITFILES)
+
+unit1600_SOURCES = unit1600.c $(UNITFILES)
+
+unit1601_SOURCES = unit1601.c $(UNITFILES)
+
+unit1602_SOURCES = unit1602.c $(UNITFILES)
+
+unit1603_SOURCES = unit1603.c $(UNITFILES)
+
+unit1604_SOURCES = unit1604.c $(UNITFILES)
+
+unit1605_SOURCES = unit1605.c $(UNITFILES)
+
+unit1606_SOURCES = unit1606.c $(UNITFILES)
+
+unit1607_SOURCES = unit1607.c $(UNITFILES)
+
+unit1608_SOURCES = unit1608.c $(UNITFILES)
+
+unit1609_SOURCES = unit1609.c $(UNITFILES)
+
+unit1610_SOURCES = unit1610.c $(UNITFILES)
+
+unit1611_SOURCES = unit1611.c $(UNITFILES)
+
+unit1612_SOURCES = unit1612.c $(UNITFILES)
+
+unit1614_SOURCES = unit1614.c $(UNITFILES)
+
+unit1620_SOURCES = unit1620.c $(UNITFILES)
+
+unit1621_SOURCES = unit1621.c $(UNITFILES)
+unit1621_LDADD = $(top_builddir)/src/libcurltool.la $(top_builddir)/lib/libcurl.la @NSS_LIBS@
+
+unit1650_SOURCES = unit1650.c $(UNITFILES)
+
+unit1651_SOURCES = unit1651.c $(UNITFILES)
+
+unit1652_SOURCES = unit1652.c $(UNITFILES)
+
+unit1653_SOURCES = unit1653.c $(UNITFILES)
+
+unit1654_SOURCES = unit1654.c $(UNITFILES)
+
+unit1655_SOURCES = unit1655.c $(UNITFILES)
+
+unit1660_SOURCES = unit1660.c $(UNITFILES)
+
+unit1661_SOURCES = unit1661.c $(UNITFILES)
+
+unit2600_SOURCES = unit2600.c $(UNITFILES)
+
+unit3200_SOURCES = unit3200.c $(UNITFILES)
diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
index 3d8d7d57e..4ab15b5db 100644
--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -38,131 +38,5 @@ UNITPROGS = unit1300          unit1302 unit1303 unit1304 unit1305 unit1307 \
  unit1620 unit1621 \
  unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \
  unit1660 unit1661 \
+ unit2600 \
  unit3200
-
-unit1300_SOURCES = unit1300.c $(UNITFILES)
-unit1300_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1302_SOURCES = unit1302.c $(UNITFILES)
-unit1302_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1303_SOURCES = unit1303.c $(UNITFILES)
-unit1303_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1304_SOURCES = unit1304.c $(UNITFILES)
-unit1304_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1305_SOURCES = unit1305.c $(UNITFILES)
-unit1305_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1307_SOURCES = unit1307.c $(UNITFILES)
-unit1307_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1308_SOURCES = unit1308.c $(UNITFILES)
-unit1308_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1309_SOURCES = unit1309.c $(UNITFILES)
-unit1309_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1323_SOURCES = unit1323.c $(UNITFILES)
-unit1323_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1330_SOURCES = unit1330.c $(UNITFILES)
-unit1330_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1394_SOURCES = unit1394.c $(UNITFILES)
-unit1394_CPPFLAGS = $(AM_CPPFLAGS)
-unit1394_LDADD = $(top_builddir)/lib/libcurl.la @LIBCURL_LIBS@
-unit1394_LDFLAGS = $(top_builddir)/src/libcurltool.la
-unit1394_LIBS =
-
-unit1395_SOURCES = unit1395.c $(UNITFILES)
-unit1395_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1396_SOURCES = unit1396.c $(UNITFILES)
-unit1396_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1397_SOURCES = unit1397.c $(UNITFILES)
-unit1397_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1398_SOURCES = unit1398.c $(UNITFILES)
-unit1398_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1399_SOURCES = unit1399.c $(UNITFILES)
-unit1399_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1600_SOURCES = unit1600.c $(UNITFILES)
-unit1600_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1601_SOURCES = unit1601.c $(UNITFILES)
-unit1601_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1602_SOURCES = unit1602.c $(UNITFILES)
-unit1602_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1603_SOURCES = unit1603.c $(UNITFILES)
-unit1603_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1604_SOURCES = unit1604.c $(UNITFILES)
-unit1604_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1605_SOURCES = unit1605.c $(UNITFILES)
-unit1605_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1606_SOURCES = unit1606.c $(UNITFILES)
-unit1606_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1607_SOURCES = unit1607.c $(UNITFILES)
-unit1607_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1608_SOURCES = unit1608.c $(UNITFILES)
-unit1608_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1609_SOURCES = unit1609.c $(UNITFILES)
-unit1609_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1610_SOURCES = unit1610.c $(UNITFILES)
-unit1610_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1611_SOURCES = unit1611.c $(UNITFILES)
-unit1611_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1612_SOURCES = unit1612.c $(UNITFILES)
-unit1612_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1614_SOURCES = unit1614.c $(UNITFILES)
-unit1614_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1620_SOURCES = unit1620.c $(UNITFILES)
-unit1620_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1621_SOURCES = unit1621.c $(UNITFILES)
-unit1621_CPPFLAGS = $(AM_CPPFLAGS)
-unit1621_LDADD = $(top_builddir)/src/libcurltool.la $(top_builddir)/lib/libcurl.la @NSS_LIBS@
-
-unit1650_SOURCES = unit1650.c $(UNITFILES)
-unit1650_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1651_SOURCES = unit1651.c $(UNITFILES)
-unit1651_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1652_SOURCES = unit1652.c $(UNITFILES)
-unit1652_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1653_SOURCES = unit1653.c $(UNITFILES)
-unit1653_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1654_SOURCES = unit1654.c $(UNITFILES)
-unit1654_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1655_SOURCES = unit1655.c $(UNITFILES)
-unit1655_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1660_SOURCES = unit1660.c $(UNITFILES)
-unit1660_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit1661_SOURCES = unit1661.c $(UNITFILES)
-unit1661_CPPFLAGS = $(AM_CPPFLAGS)
-
-unit3200_SOURCES = unit3200.c $(UNITFILES)
-unit3200_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/tests/unit/README.md b/tests/unit/README.md
index d17b249a0..cb3420c64 100644
--- a/tests/unit/README.md
+++ b/tests/unit/README.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 1998 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
diff --git a/tests/unit/curlcheck.h b/tests/unit/curlcheck.h
index 1e8ca0e8e..7c0ac4fb1 100644
--- a/tests/unit/curlcheck.h
+++ b/tests/unit/curlcheck.h
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1300.c b/tests/unit/unit1300.c
index db0d5c569..acbf89b90 100644
--- a/tests/unit/unit1300.c
+++ b/tests/unit/unit1300.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1302.c b/tests/unit/unit1302.c
index a9f37b53f..cf3c9b07e 100644
--- a/tests/unit/unit1302.c
+++ b/tests/unit/unit1302.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1303.c b/tests/unit/unit1303.c
index acc3ed7bf..c022496c3 100644
--- a/tests/unit/unit1303.c
+++ b/tests/unit/unit1303.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1304.c b/tests/unit/unit1304.c
index 3fab94b85..2e7e97a76 100644
--- a/tests/unit/unit1304.c
+++ b/tests/unit/unit1304.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1305.c b/tests/unit/unit1305.c
index a4f70d1d5..19cc62c44 100644
--- a/tests/unit/unit1305.c
+++ b/tests/unit/unit1305.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1307.c b/tests/unit/unit1307.c
index d8fcb8016..440b39060 100644
--- a/tests/unit/unit1307.c
+++ b/tests/unit/unit1307.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -316,10 +316,6 @@ UNITTEST_STOP
 #else
 
 UNITTEST_START
-{
-  /* nothing to do, just fail */
-  return 1;
-}
 UNITTEST_STOP
 
 #endif
diff --git a/tests/unit/unit1308.c b/tests/unit/unit1308.c
index 84e5d2ee8..c213b8f12 100644
--- a/tests/unit/unit1308.c
+++ b/tests/unit/unit1308.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1309.c b/tests/unit/unit1309.c
index 121dfedec..5c5801abd 100644
--- a/tests/unit/unit1309.c
+++ b/tests/unit/unit1309.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1323.c b/tests/unit/unit1323.c
index b089282f3..26498edbd 100644
--- a/tests/unit/unit1323.c
+++ b/tests/unit/unit1323.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1330.c b/tests/unit/unit1330.c
index ea6f99699..2e27e8093 100644
--- a/tests/unit/unit1330.c
+++ b/tests/unit/unit1330.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1394.c b/tests/unit/unit1394.c
index f4f05a06c..e4e998184 100644
--- a/tests/unit/unit1394.c
+++ b/tests/unit/unit1394.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1395.c b/tests/unit/unit1395.c
index c37f942d3..aebb43230 100644
--- a/tests/unit/unit1395.c
+++ b/tests/unit/unit1395.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,7 +24,7 @@
 #include "curlcheck.h"
 
 /* copied from urlapi.c */
-extern char *dedotdotify(const char *input, size_t clen);
+extern int dedotdotify(const char *input, size_t clen, char **out);
 
 #include "memdebug.h"
 
@@ -58,35 +58,43 @@ UNITTEST_START
     { "/1/./..", "/" },
     { "/1/./../2", "/2" },
     { "/hello/1/./../2", "/hello/2" },
-    { "test/this", "test/this" },
+    { "test/this", NULL },
     { "test/this/../now", "test/now" },
     { "/1../moo../foo", "/1../moo../foo"},
     { "/../../moo", "/moo"},
     { "/../../moo?andnot/../yay", "/moo?andnot/../yay"},
     { "/123?foo=/./&bar=/../", "/123?foo=/./&bar=/../"},
     { "/../moo/..?what", "/?what" },
-    { "/", "/" },
-    { "", "" },
+    { "/", NULL },
+    { "", NULL },
     { "/.../", "/.../" },
     { "./moo", "moo" },
     { "../moo", "moo" },
     { "/.", "/" },
     { "/..", "/" },
     { "/moo/..", "/" },
-    { "..", "" },
-    { ".", "" },
+    { "/..", "/" },
+    { "/.", "/" },
   };
 
   for(i = 0; i < sizeof(pairs)/sizeof(pairs[0]); i++) {
-    char *out = dedotdotify(pairs[i].input, strlen(pairs[i].input));
-    abort_unless(out != NULL, "returned NULL!");
+    char *out;
+    int err = dedotdotify(pairs[i].input, strlen(pairs[i].input), &out);
+    abort_unless(err == 0, "returned error");
+    abort_if(err && out, "returned error with output");
 
-    if(strcmp(out, pairs[i].output)) {
+    if(out && strcmp(out, pairs[i].output)) {
       fprintf(stderr, "Test %u: '%s' gave '%s' instead of '%s'\n",
               i, pairs[i].input, out, pairs[i].output);
       fail("Test case output mismatched");
       fails++;
     }
+    else if(!out && pairs[i].output) {
+      fprintf(stderr, "Test %u: '%s' gave '%s' instead of NULL\n",
+              i, pairs[i].input, out);
+      fail("Test case output mismatched");
+      fails++;
+    }
     else
       fprintf(stderr, "Test %u: OK\n", i);
     free(out);
diff --git a/tests/unit/unit1396.c b/tests/unit/unit1396.c
index 05b3323da..43f9c8667 100644
--- a/tests/unit/unit1396.c
+++ b/tests/unit/unit1396.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 90ec31c68..2f3d3aa4d 100644
--- a/tests/unit/unit1397.c
+++ b/tests/unit/unit1397.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1398.c b/tests/unit/unit1398.c
index 662e3bdbc..184489c49 100644
--- a/tests/unit/unit1398.c
+++ b/tests/unit/unit1398.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1399.c b/tests/unit/unit1399.c
index c364650fc..83e0f4543 100644
--- a/tests/unit/unit1399.c
+++ b/tests/unit/unit1399.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1600.c b/tests/unit/unit1600.c
index 544744840..ee36c5e65 100644
--- a/tests/unit/unit1600.c
+++ b/tests/unit/unit1600.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1601.c b/tests/unit/unit1601.c
index c598c0cf7..0bea388a0 100644
--- a/tests/unit/unit1601.c
+++ b/tests/unit/unit1601.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1602.c b/tests/unit/unit1602.c
index aa2b463aa..f7dc4a212 100644
--- a/tests/unit/unit1602.c
+++ b/tests/unit/unit1602.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1603.c b/tests/unit/unit1603.c
index e8640a760..004fdbccb 100644
--- a/tests/unit/unit1603.c
+++ b/tests/unit/unit1603.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1604.c b/tests/unit/unit1604.c
index f7f8cee3d..411b94a02 100644
--- a/tests/unit/unit1604.c
+++ b/tests/unit/unit1604.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1605.c b/tests/unit/unit1605.c
index 34a3690fa..d0006d2b5 100644
--- a/tests/unit/unit1605.c
+++ b/tests/unit/unit1605.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1606.c b/tests/unit/unit1606.c
index 0519b7c89..faa894155 100644
--- a/tests/unit/unit1606.c
+++ b/tests/unit/unit1606.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1607.c b/tests/unit/unit1607.c
index 7295f1883..b403fb971 100644
--- a/tests/unit/unit1607.c
+++ b/tests/unit/unit1607.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1608.c b/tests/unit/unit1608.c
index 64ef90fe8..7a5ea5f4b 100644
--- a/tests/unit/unit1608.c
+++ b/tests/unit/unit1608.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1609.c b/tests/unit/unit1609.c
index cab8383d0..06b669856 100644
--- a/tests/unit/unit1609.c
+++ b/tests/unit/unit1609.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1610.c b/tests/unit/unit1610.c
index 78d415c18..5624df8d6 100644
--- a/tests/unit/unit1610.c
+++ b/tests/unit/unit1610.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1611.c b/tests/unit/unit1611.c
index 46f9aa85a..16634234d 100644
--- a/tests/unit/unit1611.c
+++ b/tests/unit/unit1611.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1612.c b/tests/unit/unit1612.c
index d0e221cbd..1e99eeb7c 100644
--- a/tests/unit/unit1612.c
+++ b/tests/unit/unit1612.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1614.c b/tests/unit/unit1614.c
index 523d102bf..ef03e3b4c 100644
--- a/tests/unit/unit1614.c
+++ b/tests/unit/unit1614.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -46,6 +46,7 @@ struct noproxy {
   const char *a;
   const char *n;
   bool match;
+  bool space; /* space separated */
 };
 
 UNITTEST_START
@@ -77,50 +78,52 @@ UNITTEST_START
     { NULL, NULL, 0, FALSE} /* end marker */
   };
   struct noproxy list[]= {
-    { "www.example.com", "localhost,.example.com,.example.de", TRUE},
-    { "www.example.com.", "localhost,.example.com,.example.de", TRUE},
-    { "example.com", "localhost,.example.com,.example.de", TRUE},
-    { "example.com.", "localhost,.example.com,.example.de", TRUE},
-    { "www.example.com", "localhost,.example.com.,.example.de", TRUE},
-    { "www.example.com", "localhost,www.example.com.,.example.de", TRUE},
-    { "example.com", "localhost,example.com,.example.de", TRUE},
-    { "example.com.", "localhost,example.com,.example.de", TRUE},
-    { "nexample.com", "localhost,example.com,.example.de", FALSE},
-    { "www.example.com", "localhost,example.com,.example.de", TRUE},
-    { "127.0.0.1", "127.0.0.1,localhost", TRUE},
-    { "127.0.0.1", "127.0.0.1,localhost,", TRUE},
-    { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE},
-    { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE},
-    { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE},
-    { "127.0.0.1", "localhost,127.0.0.1", TRUE},
+    { "www.example.com", "localhost .example.com .example.de", TRUE, TRUE},
+    { "www.example.com", "localhost,.example.com,.example.de", TRUE, FALSE},
+    { "www.example.com.", "localhost,.example.com,.example.de", TRUE, FALSE},
+    { "example.com", "localhost,.example.com,.example.de", TRUE, FALSE},
+    { "example.com.", "localhost,.example.com,.example.de", TRUE, FALSE},
+    { "www.example.com", "localhost,.example.com.,.example.de", TRUE, FALSE},
+    { "www.example.com", "localhost,www.example.com.,.example.de",
+      TRUE, FALSE},
+    { "example.com", "localhost,example.com,.example.de", TRUE, FALSE},
+    { "example.com.", "localhost,example.com,.example.de", TRUE, FALSE},
+    { "nexample.com", "localhost,example.com,.example.de", FALSE, FALSE},
+    { "www.example.com", "localhost,example.com,.example.de", TRUE, FALSE},
+    { "127.0.0.1", "127.0.0.1,localhost", TRUE, FALSE},
+    { "127.0.0.1", "127.0.0.1,localhost,", TRUE, FALSE},
+    { "127.0.0.1", "127.0.0.1/8,localhost,", TRUE, FALSE},
+    { "127.0.0.1", "127.0.0.1/28,localhost,", TRUE, FALSE},
+    { "127.0.0.1", "127.0.0.1/31,localhost,", TRUE, FALSE},
+    { "127.0.0.1", "localhost,127.0.0.1", TRUE, FALSE},
     { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
       "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
-      "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE},
+      "0.0.1.127.0.0.1.127.0.0." /* 128 bytes "address" */, FALSE, FALSE},
     { "127.0.0.1", "localhost,127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1."
       "127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127.0.0.1.127."
-      "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE},
-    { "localhost", "localhost,127.0.0.1", TRUE},
-    { "localhost", "127.0.0.1,localhost", TRUE},
-    { "foobar", "barfoo", FALSE},
-    { "foobar", "foobar", TRUE},
-    { "192.168.0.1", "foobar", FALSE},
-    { "192.168.0.1", "192.168.0.0/16", TRUE},
-    { "192.168.0.1", "192.168.0.0/24", TRUE},
-    { "192.168.0.1", "192.168.0.0/32", FALSE},
-    { "192.168.0.1", "192.168.0.0", FALSE},
-    { "192.168.1.1", "192.168.0.0/24", FALSE},
-    { "192.168.1.1", "foo, bar, 192.168.0.0/24", FALSE},
-    { "192.168.1.1", "foo, bar, 192.168.0.0/16", TRUE},
-    { "[::1]", "foo, bar, 192.168.0.0/16", FALSE},
-    { "[::1]", "foo, bar, ::1/64", TRUE},
-    { "bar", "foo, bar, ::1/64", TRUE},
-    { "BAr", "foo, bar, ::1/64", TRUE},
-    { "BAr", "foo,,,,,              bar, ::1/64", TRUE},
-    { "www.example.com", "foo, .example.com", TRUE},
-    { "www.example.com", "www2.example.com, .example.net", FALSE},
-    { "example.com", ".example.com, .example.net", TRUE},
-    { "nonexample.com", ".example.com, .example.net", FALSE},
-    { NULL, NULL, FALSE}
+      "0.0.1.127.0.0.1.127.0.0" /* 127 bytes "address" */, FALSE, FALSE},
+    { "localhost", "localhost,127.0.0.1", TRUE, FALSE},
+    { "localhost", "127.0.0.1,localhost", TRUE, FALSE},
+    { "foobar", "barfoo", FALSE, FALSE},
+    { "foobar", "foobar", TRUE, FALSE},
+    { "192.168.0.1", "foobar", FALSE, FALSE},
+    { "192.168.0.1", "192.168.0.0/16", TRUE, FALSE},
+    { "192.168.0.1", "192.168.0.0/24", TRUE, FALSE},
+    { "192.168.0.1", "192.168.0.0/32", FALSE, FALSE},
+    { "192.168.0.1", "192.168.0.0", FALSE, FALSE},
+    { "192.168.1.1", "192.168.0.0/24", FALSE, FALSE},
+    { "192.168.1.1", "foo, bar, 192.168.0.0/24", FALSE, FALSE},
+    { "192.168.1.1", "foo, bar, 192.168.0.0/16", TRUE, FALSE},
+    { "[::1]", "foo, bar, 192.168.0.0/16", FALSE, FALSE},
+    { "[::1]", "foo, bar, ::1/64", TRUE, FALSE},
+    { "bar", "foo, bar, ::1/64", TRUE, FALSE},
+    { "BAr", "foo, bar, ::1/64", TRUE, FALSE},
+    { "BAr", "foo,,,,,              bar, ::1/64", TRUE, FALSE},
+    { "www.example.com", "foo, .example.com", TRUE, FALSE},
+    { "www.example.com", "www2.example.com, .example.net", FALSE, FALSE},
+    { "example.com", ".example.com, .example.net", TRUE, FALSE},
+    { "nonexample.com", ".example.com, .example.net", FALSE, FALSE},
+    { NULL, NULL, FALSE, FALSE}
   };
   for(i = 0; list4[i].a; i++) {
     bool match = Curl_cidr4_match(list4[i].a, list4[i].n, list4[i].bits);
@@ -141,17 +144,21 @@ UNITTEST_START
     }
   }
   for(i = 0; list[i].a; i++) {
-    bool match = Curl_check_noproxy(list[i].a, list[i].n);
+    bool spacesep = FALSE;
+    bool match = Curl_check_noproxy(list[i].a, list[i].n, &spacesep);
     if(match != list[i].match) {
       fprintf(stderr, "%s in %s should %smatch\n",
               list[i].a, list[i].n,
               list[i].match ? "": "not ");
       err++;
     }
+    if(spacesep != list[i].space) {
+      fprintf(stderr, "%s is claimed to be %sspace separated\n",
+              list[i].n, list[i].space?"":"NOT ");
+      err++;
+    }
   }
-  return err;
+  fail_if(err, "errors");
 }
-#else
-return 0;
 #endif
 UNITTEST_STOP
diff --git a/tests/unit/unit1620.c b/tests/unit/unit1620.c
index cd4623d6b..8b6f34ca7 100644
--- a/tests/unit/unit1620.c
+++ b/tests/unit/unit1620.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1621.c b/tests/unit/unit1621.c
index 9147d4070..7e8bac137 100644
--- a/tests/unit/unit1621.c
+++ b/tests/unit/unit1621.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1650.c b/tests/unit/unit1650.c
index ae748a971..8c60013d5 100644
--- a/tests/unit/unit1650.c
+++ b/tests/unit/unit1650.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1651.c b/tests/unit/unit1651.c
index 3f92f820c..dd1f3cb63 100644
--- a/tests/unit/unit1651.c
+++ b/tests/unit/unit1651.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1652.c b/tests/unit/unit1652.c
index 761bf8c64..ef2726216 100644
--- a/tests/unit/unit1652.c
+++ b/tests/unit/unit1652.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1653.c b/tests/unit/unit1653.c
index 40a21dd06..cf848c6a3 100644
--- a/tests/unit/unit1653.c
+++ b/tests/unit/unit1653.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -92,11 +92,16 @@ UNITTEST_START
   u = curl_url();
   if(!u)
     goto fail;
-  ipv6port = strdup("[fe80::250:56ff;fea7:da15]:80");
+  ipv6port = strdup("[fe80::250:56ff;fea7:da15]:808");
   if(!ipv6port)
     goto fail;
   ret = parse_port(u, ipv6port, FALSE);
-  fail_unless(ret != CURLUE_OK, "parse_port true on error");
+  fail_unless(ret == CURLUE_OK, "parse_port returned error");
+  ret = curl_url_get(u, CURLUPART_PORT, &portnum, 0);
+  fail_unless(ret == CURLUE_OK, "curl_url_get portnum returned error");
+  fail_unless(portnum && !strcmp(portnum, "808"), "Check portnumber");
+
+  curl_free(portnum);
   free_and_clear(ipv6port);
   curl_url_cleanup(u);
 
@@ -180,15 +185,19 @@ UNITTEST_START
   free_and_clear(ipv6port);
   curl_url_cleanup(u);
 
-  /* Incorrect zone index syntax */
+  /* Incorrect zone index syntax, but the port extractor doesn't care */
   u = curl_url();
   if(!u)
     goto fail;
-  ipv6port = strdup("[fe80::250:56ff:fea7:da15!25eth3]:80");
+  ipv6port = strdup("[fe80::250:56ff:fea7:da15!25eth3]:180");
   if(!ipv6port)
     goto fail;
   ret = parse_port(u, ipv6port, FALSE);
-  fail_unless(ret != CURLUE_OK, "parse_port returned non-error");
+  fail_unless(ret == CURLUE_OK, "parse_port returned error");
+  ret = curl_url_get(u, CURLUPART_PORT, &portnum, 0);
+  fail_unless(ret == CURLUE_OK, "curl_url_get portnum returned error");
+  fail_unless(portnum && !strcmp(portnum, "180"), "Check portnumber");
+  curl_free(portnum);
   free_and_clear(ipv6port);
   curl_url_cleanup(u);
 
diff --git a/tests/unit/unit1654.c b/tests/unit/unit1654.c
index 1e4a53550..91aca378e 100644
--- a/tests/unit/unit1654.c
+++ b/tests/unit/unit1654.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -38,105 +38,76 @@ unit_stop(void)
   curl_global_cleanup();
 }
 
-#if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_ALTSVC)
-UNITTEST_START
-{
-  return 0; /* nothing to do when HTTP or alt-svc is disabled */
-}
-UNITTEST_STOP
-#else
 UNITTEST_START
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_ALTSVC)
 {
   char outname[256];
   CURL *curl;
   CURLcode result;
   struct altsvcinfo *asi = Curl_altsvc_init();
-  if(!asi)
-    return 1;
+  abort_if(!asi, "Curl_altsvc_i");
   result = Curl_altsvc_load(asi, arg);
   if(result) {
-    Curl_altsvc_cleanup(&asi);
-    return result;
+    fail_if(result, "Curl_altsvc_load");
+    goto fail;
   }
   curl_global_init(CURL_GLOBAL_ALL);
   curl = curl_easy_init();
-  if(!curl)
+  if(!curl) {
+    fail_if(!curl, "curl_easy_init");
     goto fail;
+  }
   fail_unless(asi->list.size == 4, "wrong number of entries");
   msnprintf(outname, sizeof(outname), "%s-out", arg);
 
   result = Curl_altsvc_parse(curl, asi, "h2=\"example.com:8080\"\r\n",
                              ALPN_h1, "example.org", 8080);
-  if(result) {
-    fprintf(stderr, "Curl_altsvc_parse() failed!\n");
-    unitfail++;
-  }
+  fail_if(result, "Curl_altsvc_parse() failed!");
   fail_unless(asi->list.size == 5, "wrong number of entries");
 
   result = Curl_altsvc_parse(curl, asi, "h3=\":8080\"\r\n",
                              ALPN_h1, "2.example.org", 8080);
-  if(result) {
-    fprintf(stderr, "Curl_altsvc_parse(2) failed!\n");
-    unitfail++;
-  }
+  fail_if(result, "Curl_altsvc_parse(2) failed!");
   fail_unless(asi->list.size == 6, "wrong number of entries");
 
   result = Curl_altsvc_parse(curl, asi,
                              "h2=\"example.com:8080\", h3=\"yesyes.com\"\r\n",
                              ALPN_h1, "3.example.org", 8080);
-  if(result) {
-    fprintf(stderr, "Curl_altsvc_parse(3) failed!\n");
-    unitfail++;
-  }
+  fail_if(result, "Curl_altsvc_parse(3) failed!");
   /* that one should make two entries */
   fail_unless(asi->list.size == 8, "wrong number of entries");
 
   result = Curl_altsvc_parse(curl, asi,
                              "h2=\"example.com:443\"; ma = 120;\r\n",
                              ALPN_h2, "example.org", 80);
-  if(result) {
-    fprintf(stderr, "Curl_altsvc_parse(4) failed!\n");
-    unitfail++;
-  }
+  fail_if(result, "Curl_altsvc_parse(4) failed!");
   fail_unless(asi->list.size == 9, "wrong number of entries");
 
   /* quoted 'ma' value */
   result = Curl_altsvc_parse(curl, asi,
                              "h2=\"example.net:443\"; ma=\"180\";\r\n",
                              ALPN_h2, "example.net", 80);
-  if(result) {
-    fprintf(stderr, "Curl_altsvc_parse(4) failed!\n");
-    unitfail++;
-  }
+  fail_if(result, "Curl_altsvc_parse(4) failed!");
   fail_unless(asi->list.size == 10, "wrong number of entries");
 
   result =
     Curl_altsvc_parse(curl, asi,
                       "h2=\":443\", h3=\":443\"; ma = 120; persist = 1\r\n",
                       ALPN_h1, "curl.se", 80);
-  if(result) {
-    fprintf(stderr, "Curl_altsvc_parse(5) failed!\n");
-    unitfail++;
-  }
+  fail_if(result, "Curl_altsvc_parse(5) failed!");
   fail_unless(asi->list.size == 12, "wrong number of entries");
 
   /* clear that one again and decrease the counter */
   result = Curl_altsvc_parse(curl, asi, "clear;\r\n",
                              ALPN_h1, "curl.se", 80);
-  if(result) {
-    fprintf(stderr, "Curl_altsvc_parse(6) failed!\n");
-    unitfail++;
-  }
+  fail_if(result, "Curl_altsvc_parse(6) failed!");
   fail_unless(asi->list.size == 10, "wrong number of entries");
 
   Curl_altsvc_save(curl, asi, outname);
 
   curl_easy_cleanup(curl);
-  curl_global_cleanup();
   fail:
   Curl_altsvc_cleanup(&asi);
-  curl_global_cleanup();
-  return unitfail;
 }
-UNITTEST_STOP
 #endif
+UNITTEST_STOP
diff --git a/tests/unit/unit1655.c b/tests/unit/unit1655.c
index b5c9a3672..2457b74a1 100644
--- a/tests/unit/unit1655.c
+++ b/tests/unit/unit1655.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1660.c b/tests/unit/unit1660.c
index 4ef7faa73..2836d5d7d 100644
--- a/tests/unit/unit1660.c
+++ b/tests/unit/unit1660.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit1661.c b/tests/unit/unit1661.c
index 59cc5a9ec..265e483b5 100644
--- a/tests/unit/unit1661.c
+++ b/tests/unit/unit1661.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/unit/unit2600.c b/tests/unit/unit2600.c
new file mode 100644
index 000000000..3e346e04f
--- /dev/null
+++ b/tests/unit/unit2600.c
@@ -0,0 +1,413 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curlcheck.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef __VMS
+#include <in.h>
+#include <inet.h>
+#endif
+
+#ifdef HAVE_SETJMP_H
+#include <setjmp.h>
+#endif
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+
+#include "urldata.h"
+#include "connect.h"
+#include "cfilters.h"
+#include "curl_log.h"
+
+/* copied from hostip.c to switch using SIGALARM for timeouts.
+ * SIGALARM has only seconds resolution, so our tests will not work
+ * here. */
+#if defined(CURLRES_SYNCH) && \
+    defined(HAVE_ALARM) && defined(SIGALRM) && defined(HAVE_SIGSETJMP)
+#define USE_ALARM_TIMEOUT
+#endif
+
+
+static CURL *easy;
+
+static CURLcode unit_setup(void)
+{
+  CURLcode res = CURLE_OK;
+
+  global_init(CURL_GLOBAL_ALL);
+  easy = curl_easy_init();
+  if(!easy) {
+    curl_global_cleanup();
+    return CURLE_OUT_OF_MEMORY;
+  }
+  curl_easy_setopt(easy, CURLOPT_VERBOSE, 1L);
+  return res;
+}
+
+static void unit_stop(void)
+{
+  curl_easy_cleanup(easy);
+  curl_global_cleanup();
+}
+
+#ifdef DEBUGBUILD
+
+struct test_case {
+  int id;
+  const char *url;
+  const char *resolve_info;
+  unsigned char ip_version;
+  timediff_t connect_timeout_ms;
+  timediff_t he_timeout_ms;
+  timediff_t cf4_fail_delay_ms;
+  timediff_t cf6_fail_delay_ms;
+
+  int exp_cf4_creations;
+  int exp_cf6_creations;
+  timediff_t min_duration_ms;
+  timediff_t max_duration_ms;
+  CURLcode exp_result;
+  const char *pref_family;
+};
+
+struct ai_family_stats {
+  const char *family;
+  int creations;
+  timediff_t first_created;
+  timediff_t last_created;
+};
+
+struct test_result {
+  CURLcode result;
+  struct curltime started;
+  struct curltime ended;
+  struct ai_family_stats cf4;
+  struct ai_family_stats cf6;
+};
+
+static struct test_case *current_tc;
+static struct test_result *current_tr;
+
+struct cf_test_ctx {
+  int ai_family;
+  int transport;
+  char id[16];
+  struct curltime started;
+  timediff_t fail_delay_ms;
+  struct ai_family_stats *stats;
+};
+
+static void cf_test_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
+{
+  struct cf_test_ctx *ctx = cf->ctx;
+
+  infof(data, "%04dms: cf[%s] destroyed",
+       (int)Curl_timediff(Curl_now(), current_tr->started), ctx->id);
+  free(ctx);
+  cf->ctx = NULL;
+}
+
+static CURLcode cf_test_connect(struct Curl_cfilter *cf,
+                                struct Curl_easy *data,
+                                bool blocking, bool *done)
+{
+  struct cf_test_ctx *ctx = cf->ctx;
+  struct curltime now;
+
+  (void)data;
+  (void)blocking;
+  *done = FALSE;
+  now = Curl_now();
+  if(Curl_timediff(now, ctx->started) >= ctx->fail_delay_ms) {
+    infof(data, "%04dms: cf[%s] fail delay reached",
+         (int)Curl_timediff(Curl_now(), current_tr->started), ctx->id);
+    return CURLE_COULDNT_CONNECT;
+  }
+  infof(data, "%04dms: cf[%s] continuing",
+       (int)Curl_timediff(Curl_now(), current_tr->started), ctx->id);
+  return CURLE_OK;
+}
+
+static struct Curl_cftype cft_test = {
+  "TEST",
+  CF_TYPE_IP_CONNECT,
+  CURL_LOG_DEFAULT,
+  cf_test_destroy,
+  cf_test_connect,
+  Curl_cf_def_close,
+  Curl_cf_def_get_host,
+  Curl_cf_def_get_select_socks,
+  Curl_cf_def_data_pending,
+  Curl_cf_def_send,
+  Curl_cf_def_recv,
+  Curl_cf_def_cntrl,
+  Curl_cf_def_conn_is_alive,
+  Curl_cf_def_conn_keep_alive,
+  Curl_cf_def_query,
+};
+
+static CURLcode cf_test_create(struct Curl_cfilter **pcf,
+                               struct Curl_easy *data,
+                               struct connectdata *conn,
+                               const struct Curl_addrinfo *ai,
+                               int transport)
+{
+  struct cf_test_ctx *ctx = NULL;
+  struct Curl_cfilter *cf = NULL;
+  timediff_t created_at;
+  CURLcode result;
+
+  (void)data;
+  (void)conn;
+  ctx = calloc(sizeof(*ctx), 1);
+  if(!ctx) {
+    result = CURLE_OUT_OF_MEMORY;
+    goto out;
+  }
+  ctx->ai_family = ai->ai_family;
+  ctx->transport = transport;
+  ctx->started = Curl_now();
+#ifdef ENABLE_IPV6
+  if(ctx->ai_family == AF_INET6) {
+    ctx->stats = &current_tr->cf6;
+    ctx->fail_delay_ms = current_tc->cf6_fail_delay_ms;
+    curl_msprintf(ctx->id, "v6-%d", ctx->stats->creations);
+    ctx->stats->creations++;
+  }
+  else
+#endif
+  {
+    ctx->stats = &current_tr->cf4;
+    ctx->fail_delay_ms = current_tc->cf4_fail_delay_ms;
+    curl_msprintf(ctx->id, "v4-%d", ctx->stats->creations);
+    ctx->stats->creations++;
+  }
+
+  created_at = Curl_timediff(ctx->started, current_tr->started);
+  if(ctx->stats->creations == 1)
+    ctx->stats->first_created = created_at;
+  ctx->stats->last_created = created_at;
+  infof(data, "%04dms: cf[%s] created", (int)created_at, ctx->id);
+
+  result = Curl_cf_create(&cf, &cft_test, ctx);
+
+out:
+  *pcf = (!result)? cf : NULL;
+  if(result) {
+    free(cf);
+    free(ctx);
+  }
+  return result;
+}
+
+static void check_result(struct test_case *tc,
+                         struct test_result *tr)
+{
+  char msg[256];
+  timediff_t duration_ms = 0;
+
+  if(tr->result != tc->exp_result
+    && CURLE_OPERATION_TIMEDOUT != tr->result) {
+    /* on CI we encounter the TIMEOUT result, since images get less CPU
+     * and events are not as sharply timed. */
+    curl_msprintf(msg, "%d: expected result %d but got %d",
+                  tc->id, tc->exp_result, tr->result);
+    fail(msg);
+  }
+  if(tr->cf4.creations != tc->exp_cf4_creations) {
+    curl_msprintf(msg, "%d: expected %d ipv4 creations, but got %d",
+                  tc->id, tc->exp_cf4_creations, tr->cf4.creations);
+    fail(msg);
+  }
+  if(tr->cf6.creations != tc->exp_cf6_creations) {
+    curl_msprintf(msg, "%d: expected %d ipv6 creations, but got %d",
+                  tc->id, tc->exp_cf6_creations, tr->cf6.creations);
+    fail(msg);
+  }
+
+  (void)duration_ms;
+#ifndef USE_ALARM_TIMEOUT
+  duration_ms = Curl_timediff(tr->ended, tr->started);
+  if(duration_ms < tc->min_duration_ms) {
+    curl_msprintf(msg, "%d: expected min duration of %dms, but took %dms",
+                  tc->id, (int)tc->min_duration_ms, (int)duration_ms);
+    fail(msg);
+  }
+  if(duration_ms > tc->max_duration_ms) {
+    curl_msprintf(msg, "%d: expected max duration of %dms, but took %dms",
+                  tc->id, (int)tc->max_duration_ms, (int)duration_ms);
+    fail(msg);
+  }
+#endif
+  if(tr->cf6.creations && tr->cf4.creations && tc->pref_family) {
+    /* did ipv4 and ipv6 both, expect the preferred family to start right arway
+     * with the other being delayed by the happy_eyeball_timeout */
+    struct ai_family_stats *stats1 = !strcmp(tc->pref_family, "v6")?
+                                     &tr->cf6 : &tr->cf4;
+    struct ai_family_stats *stats2 = !strcmp(tc->pref_family, "v6")?
+                                     &tr->cf4 : &tr->cf6;
+
+    if(stats1->first_created > 100) {
+      curl_msprintf(msg, "%d: expected ip%s to start right away, instead "
+                    "first attempt made after %dms",
+                    tc->id, stats1->family, (int)stats1->first_created);
+      fail(msg);
+    }
+#ifndef USE_ALARM_TIMEOUT
+    if(stats2->first_created < tc->he_timeout_ms) {
+#else
+    if(stats2->first_created < 1000) {
+#endif
+      curl_msprintf(msg, "%d: expected ip%s to start delayed after %dms, "
+                    "instead first attempt made after %dms",
+                    tc->id, stats2->family, (int)tc->he_timeout_ms,
+                    (int)stats2->first_created);
+      fail(msg);
+    }
+  }
+}
+
+static void test_connect(struct test_case *tc)
+{
+  struct test_result tr;
+  struct curl_slist *list = NULL;
+
+  Curl_debug_set_transport_provider(TRNSPRT_TCP, cf_test_create);
+  current_tc = tc;
+  current_tr = &tr;
+
+  list = curl_slist_append(NULL, tc->resolve_info);
+  fail_unless(list, "error allocating resolve list entry");
+  curl_easy_setopt(easy, CURLOPT_RESOLVE, list);
+  curl_easy_setopt(easy, CURLOPT_IPRESOLVE, (long)tc->ip_version);
+#ifdef USE_ALARM_TIMEOUT
+  curl_easy_setopt(easy, CURLOPT_CONNECTTIMEOUT_MS, 2000L);
+  curl_easy_setopt(easy, CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS,
+                   (tc->he_timeout_ms > tc->connect_timeout_ms)?
+                   3000L : 1000L);
+#else
+  curl_easy_setopt(easy, CURLOPT_CONNECTTIMEOUT_MS,
+                   (long)tc->connect_timeout_ms);
+  curl_easy_setopt(easy, CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS,
+                   (long)tc->he_timeout_ms);
+#endif
+
+  curl_easy_setopt(easy, CURLOPT_URL, tc->url);
+  memset(&tr, 0, sizeof(tr));
+  tr.cf6.family = "v6";
+  tr.cf4.family = "v4";
+
+  tr.started = Curl_now();
+  tr.result = curl_easy_perform(easy);
+  tr.ended = Curl_now();
+
+  curl_easy_setopt(easy, CURLOPT_RESOLVE, NULL);
+  curl_slist_free_all(list);
+  list = NULL;
+  current_tc = NULL;
+  current_tr = NULL;
+
+  check_result(tc, &tr);
+}
+
+#endif /* DEBUGBUILD */
+
+/*
+ * How these test cases work:
+ * - replace the creation of the TCP socket filter with out test filter
+ * - test filter does nothing and reports failure after configured delay
+ * - we feed addresses into the resolve cache to simulate different cases
+ * - we monitor how many instances of ipv4/v6 attempts are made and when
+ * - for mixed families, we expect HAPPY_EYEBALLS_TIMEOUT to trigger
+ *
+ * Max Duration checks needs to be conservative since CI jobs are not
+ * as sharp.
+ */
+#define TURL "http://test.com:123"
+
+#define R_FAIL      CURLE_COULDNT_CONNECT
+
+static struct test_case TEST_CASES[] = {
+  /* TIMEOUT_MS,        FAIL_MS      CREATED    DURATION     Result, HE_PREF */
+  /* CNCT   HE          v4    v6     v4 v6      MIN   MAX */
+  { 1, TURL, "test.com:123:192.0.2.1", CURL_IPRESOLVE_WHATEVER,
+     250,  150,        200,  200,    1,  0,      200,  500,  R_FAIL, NULL },
+  /* 1 ipv4, fails after ~200ms, reports COULDNT_CONNECT   */
+  { 2, TURL, "test.com:123:192.0.2.1,192.0.2.2", CURL_IPRESOLVE_WHATEVER,
+     500,  150,        200,  200,    2,  0,      400,  800,  R_FAIL, NULL },
+  /* 2 ipv4, fails after ~400ms, reports COULDNT_CONNECT   */
+#ifdef ENABLE_IPV6
+  { 3, TURL, "test.com:123:::1", CURL_IPRESOLVE_WHATEVER,
+     250,  150,        200,  200,    0,  1,      200,  500,  R_FAIL, NULL },
+  /* 1 ipv6, fails after ~200ms, reports COULDNT_CONNECT   */
+  { 4, TURL, "test.com:123:::1,::2", CURL_IPRESOLVE_WHATEVER,
+     500,  150,        200,  200,    0,  2,      400,  800,  R_FAIL, NULL },
+  /* 2 ipv6, fails after ~400ms, reports COULDNT_CONNECT   */
+
+  { 5, TURL, "test.com:123:192.0.2.1,::1", CURL_IPRESOLVE_WHATEVER,
+     500,  150,        200, 200,     1,  1,      350,  800,  R_FAIL, "v4" },
+  /* mixed ip4+6, v4 starts, v6 kicks in on HE, fails after ~350ms */
+  { 6, TURL, "test.com:123:::1,192.0.2.1", CURL_IPRESOLVE_WHATEVER,
+     500,  150,        200, 200,     1,  1,      350,  800,  R_FAIL, "v6" },
+  /* mixed ip6+4, v6 starts, v4 kicks in on HE, fails after ~350ms */
+  { 7, TURL, "test.com:123:::1,192.0.2.1,::2,::3", CURL_IPRESOLVE_WHATEVER,
+     500,  600,        200, 200,     0,  3,      350,  800,  R_FAIL, "v6" },
+  /* mixed ip6+4, v6 starts, v4 never starts due to high HE, TIMEOUT */
+  { 8, TURL, "test.com:123:192.0.2.1,::1", CURL_IPRESOLVE_V4,
+     400,  150,        500, 500,     1,  0,      400,  600,  R_FAIL, NULL },
+  /* mixed ip4+6, but only use v4, check it uses full connect timeout,
+     although another address of the 'wrong' family is availbale */
+  { 9, TURL, "test.com:123:::1,192.0.2.1", CURL_IPRESOLVE_V6,
+     400,  150,        500, 500,     0,  1,      400,  600,  R_FAIL, NULL },
+  /* mixed ip4+6, but only use v6, check it uses full connect timeout,
+     although another address of the 'wrong' family is availbale */
+#endif
+};
+
+UNITTEST_START
+
+#if defined(DEBUGBUILD)
+  size_t i;
+
+  for(i = 0; i < sizeof(TEST_CASES)/sizeof(TEST_CASES[0]); ++i) {
+    test_connect(&TEST_CASES[i]);
+  }
+#else
+  (void)TEST_CASES;
+  (void)test_connect;
+#endif
+
+UNITTEST_STOP
diff --git a/tests/unit/unit3200.c b/tests/unit/unit3200.c
index 999b9caa5..b15b1efb8 100644
--- a/tests/unit/unit3200.c
+++ b/tests/unit/unit3200.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
diff --git a/tests/util.py b/tests/util.py
index b8c4ebd53..051c6934d 100755
--- a/tests/util.py
+++ b/tests/util.py
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2017 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/valgrind.pm b/tests/valgrind.pm
index 8916b5925..b32e2e984 100644
--- a/tests/valgrind.pm
+++ b/tests/valgrind.pm
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/tests/version-scan.pl b/tests/version-scan.pl
index c88501c46..156502480 100755
--- a/tests/version-scan.pl
+++ b/tests/version-scan.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2010 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
diff --git a/winbuild/.gitignore b/winbuild/.gitignore
index c3e10a0c6..0d7f2b276 100644
--- a/winbuild/.gitignore
+++ b/winbuild/.gitignore
@@ -1,4 +1,4 @@
-# Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # SPDX-License-Identifier: curl
 
diff --git a/winbuild/Makefile.vc b/winbuild/Makefile.vc
index 594b16fcc..44d9604ba 100644
--- a/winbuild/Makefile.vc
+++ b/winbuild/Makefile.vc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -265,6 +265,10 @@ CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-msh3
 
 !MESSAGE configuration name: $(CONFIG_NAME_LIB)
 
+# Note these directories are removed by this makefile's 'clean' so they should
+# not be changed to point to user-specified directories that may contain other
+# data. MakefileBuild.vc uses the same variable names but allows some user
+# changes and therefore does not remove the directories.
 BUILD_DIR=../builds/$(CONFIG_NAME_LIB)
 LIBCURL_DIROBJ = ..\builds\$(CONFIG_NAME_LIB)-obj-lib
 CURL_DIROBJ = ..\builds\$(CONFIG_NAME_LIB)-obj-curl
@@ -300,4 +304,7 @@ copy_from_lib:
 	FOR %%i IN ($(CURLX_CFILES:/=\)) DO copy %%i ..\src\
 
 clean:
+	@if exist $(LIBCURL_DIROBJ) rd /s /q $(LIBCURL_DIROBJ)
+	@if exist $(CURL_DIROBJ) rd /s /q $(CURL_DIROBJ)
+	@if exist $(DIRDIST) rd /s /q $(DIRDIST)
 	$(MAKE) /NOLOGO /F MakefileBuild.vc $@
diff --git a/winbuild/MakefileBuild.vc b/winbuild/MakefileBuild.vc
index e80bbc749..5cf65dcd7 100644
--- a/winbuild/MakefileBuild.vc
+++ b/winbuild/MakefileBuild.vc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -692,6 +692,12 @@ $(CURL_DIROBJ)\curl.res: $(CURL_SRC_DIR)\curl.rc
 
 !ENDIF  # End of case where a config was provided.
 
+# Makefile.vc's clean removes (LIB)CURL_DIROBJ and DIRDIST dirs then calls
+# this clean. Note those are the original directories we control and not the
+# directories possibly modified by this makefile to point to user-specified
+# directories.
+# For example, don't remove DIRDIST here since it may contain user files if it
+# has been changed by WITH_PREFIX to a different output dir (eg C:\usr\local).
 clean:
 	@-erase /s *.dll 2> NUL
 	@-erase /s *.exp 2> NUL
@@ -701,6 +707,3 @@ clean:
 	@-erase /s *.pch 2> NUL
 	@-erase /s *.pdb 2> NUL
 	@-erase /s *.res 2> NUL
-	@if exist $(LIB_DIROBJ) rd /s/q $(LIB_DIROBJ)
-	@if exist $(CURL_DIROBJ)rd /s/q $(CURL_DIROBJ)
-	@if exist $(DIRDIST) rd /s/q $(DIRDIST)
diff --git a/winbuild/README.md b/winbuild/README.md
index fe35a2145..1ecde7cee 100644
--- a/winbuild/README.md
+++ b/winbuild/README.md
@@ -1,5 +1,5 @@
 <!--
-Copyright (C) 2000 - 2022 Daniel Stenberg, <daniel@haxx.se>, et al.
+Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 
 SPDX-License-Identifier: curl
 -->
@@ -104,7 +104,7 @@ where `<options>` is one or many of:
  - `GEN_PDB=<yes/no>`            - Generate External Program Database
                                    (debug symbols for release build)
  - `DEBUG=<yes/no>`              - Debug builds
- - `MACHINE=<x86/x64>`           - Target architecture (default is x86)
+ - `MACHINE=<x86/x64/arm64>`     - Target architecture (default is x86)
  - `CARES_PATH=<path>`           - Custom path for c-ares
  - `MBEDTLS_PATH=<path>`         - Custom path for mbedTLS
  - `NGHTTP2_PATH=<path>`         - Custom path for nghttp2
diff --git a/winbuild/gen_resp_file.bat b/winbuild/gen_resp_file.bat
index 70332e720..157a1d979 100755
--- a/winbuild/gen_resp_file.bat
+++ b/winbuild/gen_resp_file.bat
@@ -6,7 +6,7 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+rem * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
diff --git a/winbuild/makedebug.cmd b/winbuild/makedebug.cmd
index e7de73d0e..39acd5845 100644
--- a/winbuild/makedebug.cmd
+++ b/winbuild/makedebug.cmd
@@ -6,7 +6,7 @@ rem *                             / __| | | | |_) | |
 rem *                            | (__| |_| |  _ <| |___
 rem *                             \___|\___/|_| \_\_____|
 rem *
-rem * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
+rem * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
deleted file mode 100644
index 7ff17709c..000000000
--- a/zuul.d/jobs.yaml
+++ /dev/null
@@ -1,228 +0,0 @@
-#***************************************************************************
-#                                  _   _ ____  _
-#  Project                     ___| | | |  _ \| |
-#                             / __| | | | |_) | |
-#                            | (__| |_| |  _ <| |___
-#                             \___|\___/|_| \_\_____|
-#
-# Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-#
-# This software is licensed as described in the file COPYING, which
-# you should have received as part of this distribution. The terms
-# are also available at https://curl.se/docs/copyright.html.
-#
-# You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# copies of the Software, and permit persons to whom the Software is
-# furnished to do so, under the terms of the COPYING file.
-#
-# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# KIND, either express or implied.
-#
-# SPDX-License-Identifier: curl
-#
-###########################################################################
-
-# The results of each of these jobs can be found at
-# https://curl.zuul.vexxhost.dev/builds. As of November 2021 they are not being
-# propagated to the GitHub "checks" UI, you need to check for them manually.
-
----
-- job:
-    name: curl-base
-    abstract: true
-    pre-run: zuul.d/playbooks/pre.yaml
-    run: zuul.d/playbooks/run.yaml
-    post-run: zuul.d/playbooks/post.yaml
-    nodeset: ubuntu-bionic
-    timeout: 3600
-    vars:
-      curl_env:
-        LD_LIBRARY_PATH: /usr/local/lib
-        # NOTE(mnaser): Workaround to keep existing Travis scripts compatible
-        TRAVIS_OS_NAME: linux
-
-- job:
-    name: curl-normal-with-openssl-gssapi-libssh2-checksrc
-    parent: curl-base
-    vars:
-      curl_env:
-        T: normal
-        C: --with-openssl --with-gssapi --with-libssh2
-        CHECKSRC: 1
-      curl_apt_packages:
-        - krb5-user
-        - libssh2-1-dev
-        - libbrotli-dev
-        - libzstd-dev
-
-- job:
-    name: curl-novalgrind-boringssl-with-openssl
-    parent: curl-base
-    vars:
-      gimme_stable: true
-      curl_env:
-        CC: gcc-8
-        CXX: g++-8
-        T: novalgrind
-        BORINGSSL: "yes"
-        C: >-
-          --with-openssl={{ ansible_user_dir }}/boringssl
-        LD_LIBRARY_PATH: "{{ ansible_user_dir }}/boringssl/lib:/usr/local/lib"
-
-- job:
-    name: curl-novalgrind-boringssl-with-openssl-quiche
-    parent: curl-base
-    vars:
-      curl_apt_packages:
-        - libpsl-dev
-        - libbrotli-dev
-        - libzstd-dev
-      curl_env:
-        CC: gcc-8
-        CXX: g++-8
-        T: novalgrind
-        QUICHE: "yes"
-        C: >-
-          --with-openssl={{ ansible_user_dir }}/quiche/quiche/deps/boringssl/src
-          --with-quiche={{ ansible_user_dir }}/quiche/target/release
-        LD_LIBRARY_PATH: "{{ ansible_user_dir }}/quiche/target/release:/usr/local/lib"
-
-- job:
-    name: curl-novalgrind-ngtcp2-with-openssl
-    parent: curl-base
-    vars:
-      curl_apt_packages:
-        - libpsl-dev
-        - libbrotli-dev
-        - libzstd-dev
-      curl_env:
-        CC: gcc-8
-        CXX: g++-8
-        T: novalgrind
-        NGTCP2: "yes"
-        C: >-
-          --with-openssl={{ ansible_user_dir }}/ngbuild
-          --with-ngtcp2={{ ansible_user_dir }}/ngbuild
-          --with-nghttp3={{ ansible_user_dir }}/ngbuild
-        NOTESTS:
-
-- job:
-    name: curl-debug-clang-disable-alt-svc-with-openssl
-    parent: curl-base
-    vars:
-      curl_apt_packages:
-        - clang-9
-        - libpsl-dev
-        - libbrotli-dev
-        - libzstd-dev
-      curl_env:
-        CC: clang-9
-        CXX: clang++-9
-        T: debug
-        C: >-
-          --with-openssl
-          --disable-alt-svc
-
-- job:
-    name: curl-debug-clang-with-gnutls
-    parent: curl-base
-    vars:
-      curl_apt_packages:
-        - clang-9
-        - libpsl-dev
-        - libbrotli-dev
-        - libzstd-dev
-        - libgnutls28-dev
-      curl_env:
-        CC: clang-9
-        CXX: clang++-9
-        T: debug
-        C: >-
-          --with-gnutls
-
-- job:
-    name: curl-cmake-boringssl-quiche
-    parent: curl-base
-    vars:
-      gimme_stable: true
-      curl_apt_packages:
-        - libpsl-dev
-        - libbrotli-dev
-        - libzstd-dev
-      curl_env:
-        BORINGSSL: "yes"
-        QUICHE: "yes"
-        CC: gcc-8
-        CXX: g++-8
-        T: cmake
-        C: >-
-          -GNinja
-          -DUSE_QUICHE=1
-          -DOPENSSL_ROOT_DIR={{ ansible_user_dir }}/boringssl
-          -DCURL_BROTLI=1
-          -DCURL_ZSTD=1
-        TFLAGS: https ftps
-        PKG_CONFIG_PATH: "{{ ansible_user_dir }}/quiche/target/release"
-
-- job:
-    name: curl-cmake-ngtcp2
-    parent: curl-base
-    vars:
-      curl_apt_packages:
-        - clang-9
-        - libpsl-dev
-        - libbrotli-dev
-        - libzstd-dev
-        - libnss3-dev
-      curl_env:
-        NGTCP2: "yes"
-        CC: clang-9
-        CXX: clang++-9
-        T: cmake
-        C: >-
-          -GNinja
-          -DUSE_NGTCP2=ON
-          -DCURL_BROTLI=1
-          -DCURL_ZSTD=1
-        PKG_CONFIG_PATH: "{{ ansible_user_dir }}/ngbuild/lib/pkgconfig"
-
-- job:
-    name: curl-debug-clang-with-openssl-dl-ubsan
-    parent: curl-base
-    vars:
-      curl_apt_packages:
-        - clang-9
-        - libpsl-dev
-        - libbrotli-dev
-        - libzstd-dev
-      curl_env:
-        CC: clang-9
-        CXX: clang++-9
-        T: debug
-        CFLAGS: >-
-          -fsanitize=address,undefined,signed-integer-overflow
-          -fno-sanitize-recover=undefined,integer
-          -Wformat
-          -Werror=format-security
-          -Werror=array-bounds
-          -g
-        LDFLAGS: >-
-          -fsanitize=address,undefined
-          -fno-sanitize-recover=undefined,integer
-        LIBS: -ldl -lubsan
-        TFLAGS: -n
-        C: --with-openssl
-
-- project:
-    check:
-      jobs:
-      - curl-normal-with-openssl-gssapi-libssh2-checksrc
-      - curl-novalgrind-boringssl-with-openssl
-      - curl-novalgrind-boringssl-with-openssl-quiche
-      - curl-novalgrind-ngtcp2-with-openssl
-      - curl-debug-clang-disable-alt-svc-with-openssl
-      - curl-debug-clang-with-gnutls
-      - curl-cmake-boringssl-quiche
-      - curl-cmake-ngtcp2
-      - curl-debug-clang-with-openssl-dl-ubsan
-...
diff --git a/zuul.d/playbooks/.zuul.ignore b/zuul.d/playbooks/.zuul.ignore
deleted file mode 100644
index e69de29bb..000000000
--- a/zuul.d/playbooks/.zuul.ignore
+++ /dev/null
diff --git a/zuul.d/playbooks/pre.yaml b/zuul.d/playbooks/pre.yaml
deleted file mode 100644
index 1ea967c3c..000000000
--- a/zuul.d/playbooks/pre.yaml
+++ /dev/null
@@ -1,93 +0,0 @@
-#***************************************************************************
-#                                  _   _ ____  _
-#  Project                     ___| | | |  _ \| |
-#                             / __| | | | |_) | |
-#                            | (__| |_| |  _ <| |___
-#                             \___|\___/|_| \_\_____|
-#
-# Copyright (C) 2021 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
-#
-# This software is licensed as described in the file COPYING, which
-# you should have received as part of this distribution. The terms
-# are also available at https://curl.se/docs/copyright.html.
-#
-# You may opt to use, copy, modify, merge, publish, distribute and/or sell
-# copies of the Software, and permit persons to whom the Software is
-# furnished to do so, under the terms of the COPYING file.
-#
-# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-# KIND, either express or implied.
-#
-# SPDX-License-Identifier: curl
-#
-###########################################################################
----
-- hosts: all
-  tasks:
-
-  - name: Install latest stable release of go
-    when: gimme_stable|default(false)
-    block:
-      - name: Find latest stable version
-        register: go_stable
-        uri:
-          url: https://golang.org/VERSION?m=text
-          return_content: true
-      - name: Install Go
-        include_role:
-          name: ensure-go
-        vars:
-          go_version: "{{ go_stable.content | regex_replace('^go', '') }}"
-
-      - name: Symlink /usr/local/go/bin/go to /usr/bin/go
-        become: true
-        file:
-          src: /usr/local/go/bin/go
-          dest: /usr/bin/go
-          state: link
-
-  - name: Install common dependencies
-    become: true
-    apt:
-      update_cache: true
-      pkg:
-      - autoconf
-      - automake
-      - cmake
-      - valgrind
-      - libev-dev
-      - libc-ares-dev
-      - libssl-dev
-      - libtool
-      - g++
-      - g++-8
-      - stunnel4
-      - libidn2-dev
-      - gnutls-bin
-      - python-impacket
-      - ninja-build
-      - libgsasl7-dev
-      - libnghttp2-dev
-
-  - name: Install job-specific packages
-    when: curl_apt_packages is defined
-    become: true
-    apt:
-      pkg: "{{ curl_apt_packages }}"
-
-  - name: Symlink /usr/bin/scan-build-10 to /usr/bin/scan-build
-    when:
-      - curl_apt_packages is defined
-      - '"clang-tools-10" in curl_apt_packages'
-    become: true
-    file:
-      src: /usr/bin/scan-build-10
-      dest: /usr/bin/scan-build
-      state: link
-
-  - name: Run before script
-    shell: "./scripts/zuul/before_script.sh"
-    args:
-      chdir: "{{ zuul.project.src_dir }}"
-    environment: "{{ curl_env }}"
-...
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-24 01:10:29 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-24 01:10:29 +0000
commit	fccbdadea9428b34e2aeeee59e87b5eed985c8c1 (patch)
tree	1da6691d1333d1574468678a5354e12ad3a4e760
parent	c392dd49023a4747eae43ab79f60aa1b1dc0be18 (diff)
parent	b8a443cf65e9c83cc179195ace84bd273158d7e3 (diff)
download	curl-android14-d1-s5-release.tar.gz