Update to 7.58.0 - January 24 2018.

Changes:
	new libssh-powered SSH SCP/SFTP back-end
	curl-config: add --ssl-backends

Bugfixes:
	http2: fix incorrect trailer buffer size
	http: prevent custom Authorization headers in redirects
	travis: add boringssl build
	examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
	SSL: Avoid magic allocation of SSL backend specific data
	lib: don't export all symbols, just everything curl_*
	libssh2: send the correct CURLE error code on scp file not found
	libssh2: return CURLE_UPLOAD_FAILED on failure to upload
	openssl: enable pkcs12 in boringssl builds
	libssh2: remove dead code from SSH_SFTP_QUOTE
	sasl_getmesssage: make sure we have a long enough string to pass
	conncache: fix several lock issues
	threaded-shared-conn.c: new example
	conncache: only allow multiplexing within same multi handle
	configure: check for netinet/in6.h
	URL: tolerate backslash after drive letter for FILE:
	openldap: add commented out debug possibilities
	include: get netinet/in.h before linux/tcp.h
	CONNECT: keep close connection flag in http_connect_state struct
	BINDINGS: another PostgreSQL client
	curl: limit -# update frequency for unknown total size
	configure: add AX_CODE_COVERAGE only if using gcc
	curl.h: remove incorrect comment about ERRORBUFFER
	openssl: improve data-pending check for https proxy
	curl: remove __EMX__ #ifdefs
	CURLOPT_PRIVATE.3: fix grammar
	sftp: allow quoted commands to use relative paths
	CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
	RESOLVE: output verbose text when trying to set a duplicate name
	openssl: Disable file buffering for Win32 SSLKEYLOGFILE
	multi_done: prune DNS cache
	tests: update .gitignore for libtests
	tests: mark data files as non-executable in git
	CURLOPT_DNS_LOCAL_IP4.3: fixed the "SEE ALSO" to not self-reference
	curl.1: documented two missing valid exit codes
	curl.1: mention http:// and https:// as valid proxy prefixes
	vtls: replaced getenv() with curl_getenv()
	setopt: less *or equal* than INT_MAX/1000 should be fine
	examples/smtp-mail.c: use separate defines for options and mail
	curl: support >256 bytes warning messsages
	conncache: fix a return code
	krb5: fix a potential access of uninitialized memory
	rand: add a clang-analyzer work-around
	CURLOPT_READFUNCTION.3: refer to argument with correct name
	brotli: allow compiling with version 0.6.0
	content_encoding: rework zlib_inflate
	curl_easy_reset: release mime-related data
	examples/rtsp: fix error handling macros
	build-openssl.bat: Added support for VC15
	build-wolfssl.bat: Added support for VC15
	build: Added Visual Studio 2017 project files
	winbuild: Added support for VC15
	curl: Support size modifiers for --max-filesize
	examples/cacertinmem: ignore cert-already-exists error
	brotli: data at the end of content can be lost
	curl_version_info.3: call the argument 'age'
	openssl: fix memory leak of SSLKEYLOGFILE filename
	build: remove HAVE_LIMITS_H check
	--mail-rcpt: fix short-text description
	scripts: allow all perl scripts to be run directly
	progress: calculate transfer speed on milliseconds if possible
	system.h: check __LONG_MAX__ for defining curl_off_t
	easy: fix connection ownership in curl_easy_pause
	setopt: reintroduce non-static Curl_vsetopt() for OS400 support
	setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
	configure.ac: append extra linker flags instead of prepending them
	HTTP: bail out on negative Content-Length: values
	docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
	mime: clone mime tree upon easy handle duplication
	openssl: enable SSLKEYLOGFILE support by default
	smtp/pop3/imap_get_message: decrease the data length too...
	CURLOPT_TCP_NODELAY.3: fix typo
	SMB: fix numeric constant suffix and variable types
	ftp-wildcard: fix matching an empty string with "*[^a]"
	curl_fnmatch: only allow 5 '*' sections in a single pattern
	openssl: fix potential memory leak in SSLKEYLOGFILE logic
	SSH: Fix state machine for ssh-agent authentication
	examples/url2file.c: add missing curl_global_cleanup() call
	http2: don't close connection when single transfer is stopped
	libcurl-env.3: first version
	curl: progress bar refresh, get width using ioctl()
	CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support

Bug: N/A
Test: builds, boots, `vendor/google/tools/fake-ota on streaming` works
Change-Id: I91e0837f7b34a785f5bddb173262038dcaabdcda

7 files changed, 279 insertions, 79 deletions

diff --git a/docs/examples/Makefile.inc b/docs/examples/Makefile.inc
index 075df9ea..9e4e1ffa 100644
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -38,8 +38,9 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
 
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
-COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c       \
-  ghiper.c hiperfifo.c htmltidy.c multithread.c          \
-  opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \
-  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp      \
-  multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c
+COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c	\
+  ghiper.c hiperfifo.c htmltidy.c multithread.c opensslthreadlock.c	\
+  sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c			\
+  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp	\
+  multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c			\
+  threaded-shared-conn.c
diff --git a/docs/examples/cacertinmem.c b/docs/examples/cacertinmem.c
index 43bb901a..cf7c76e1 100644
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@@ -24,85 +24,103 @@
  * </DESC>
  */
 
+#include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <curl/curl.h>
 #include <stdio.h>
 
 size_t writefunction(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  fwrite(ptr, size, nmemb, stream);
+  fwrite(ptr, size, nmemb, (FILE *)stream);
   return (nmemb*size);
 }
 
 static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
 {
-  X509_STORE *store;
+  CURLcode rv = CURLE_ABORTED_BY_CALLBACK;
+  X509_STORE *store = NULL;
   X509 *cert = NULL;
-  BIO *bio;
-  char *mypem = /* www.cacert.org */
-    "-----BEGIN CERTIFICATE-----\n"\
-    "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"\
-    "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"\
-    "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"\
-    "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"\
-    "BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi\n"\
-    "MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ\n"\
-    "ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC\n"\
-    "CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ\n"\
-    "8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6\n"\
-    "zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y\n"\
-    "fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7\n"\
-    "w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc\n"\
-    "G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k\n"\
-    "epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q\n"\
-    "laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ\n"\
-    "QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU\n"\
-    "fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826\n"\
-    "YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w\n"\
-    "ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY\n"\
-    "gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe\n"\
-    "MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0\n"\
-    "IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy\n"\
-    "dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw\n"\
-    "czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0\n"\
-    "dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl\n"\
-    "aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC\n"\
-    "AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg\n"\
-    "b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB\n"\
-    "ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc\n"\
-    "nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg\n"\
-    "18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c\n"\
-    "gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl\n"\
-    "Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY\n"\
-    "sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T\n"\
-    "SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF\n"\
-    "CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum\n"\
-    "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"\
-    "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"\
-    "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"\
+  BIO *bio = NULL;
+  char *mypem =
+    /* CA for example.com. CN = DigiCert High Assurance EV Root CA */
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\n"
+    "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
+    "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
+    "ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\n"
+    "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
+    "LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\n"
+    "RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n"
+    "+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\n"
+    "PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\n"
+    "xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\n"
+    "Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\n"
+    "hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\n"
+    "EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\n"
+    "MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\n"
+    "FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\n"
+    "nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\n"
+    "eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\n"
+    "hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\n"
+    "Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\n"
+    "vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n"
+    "+OkuE6N36B9K\n"
     "-----END CERTIFICATE-----\n";
+
+  /* clear the current thread's OpenSSL error queue */
+  ERR_clear_error();
+
   /* get a BIO */
   bio = BIO_new_mem_buf(mypem, -1);
+  if(!bio)
+    goto err;
+
   /* use it to read the PEM formatted certificate from memory into an X509
    * structure that SSL can use
    */
-  PEM_read_bio_X509(bio, &cert, 0, NULL);
-  if(cert == NULL)
-    printf("PEM_read_bio_X509 failed...\n");
+  if(!PEM_read_bio_X509(bio, &cert, 0, NULL))
+    goto err;
 
   /* get a pointer to the X509 certificate store (which may be empty!) */
   store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
+  if(!store)
+    goto err;
 
   /* add our certificate to this store */
-  if(X509_STORE_add_cert(store, cert) == 0)
-    printf("error adding certificate\n");
+  if(!X509_STORE_add_cert(store, cert)) {
+    unsigned long error = ERR_peek_last_error();
+
+    /* Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the
+     * certificate is already in the store. That could happen if
+     * libcurl already loaded the certificate from a ca cert bundle
+     * set at libcurl build-time or runtime.
+     */
+    if(ERR_GET_LIB(error) != ERR_LIB_X509 ||
+       ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+      goto err;
+
+    ERR_clear_error();
+  }
+
+  rv = CURLE_OK;
+
+err:
+  if(rv != CURLE_OK) {
+    char errbuf[256];
+    unsigned long error = ERR_peek_last_error();
+
+    fprintf(stderr, "error adding certificate\n");
+    if(error) {
+      ERR_error_string_n(error, errbuf, sizeof errbuf);
+      fprintf(stderr, "%s\n", errbuf);
+    }
+  }
 
-  /* decrease reference counts */
   X509_free(cert);
   BIO_free(bio);
+  ERR_clear_error();
 
-  /* all set to go */
-  return CURLE_OK;
+  return rv;
 }
 
 int main(void)
@@ -124,7 +142,15 @@ int main(void)
   rv = curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
   rv = curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
 
-  /* first try: retrieve page without cacerts' certificate -> will fail
+  /* turn off the default CA locations (optional)
+   * otherwise libcurl will load CA certificates from the locations that
+   * were detected/specified at build-time
+   */
+  rv = curl_easy_setopt(ch, CURLOPT_CAINFO, NULL);
+  rv = curl_easy_setopt(ch, CURLOPT_CAPATH, NULL);
+
+  /* first try: retrieve page without ca certificates -> should fail
+   * unless libcurl was built --with-ca-fallback enabled at build-time
    */
   rv = curl_easy_perform(ch);
   if(rv == CURLE_OK)
@@ -132,6 +158,17 @@ int main(void)
   else
     printf("*** transfer failed ***\n");
 
+  /* use a fresh connection (optional)
+   * this option seriously impacts performance of multiple transfers but
+   * it is necessary order to demonstrate this example. recall that the
+   * ssl ctx callback is only called _before_ an SSL connection is
+   * established, therefore it will not affect existing verified SSL
+   * connections already in the connection cache associated with this
+   * handle. normally you would set the ssl ctx function before making
+   * any transfers, and not use this option.
+   */
+  rv = curl_easy_setopt(ch, CURLOPT_FRESH_CONNECT, 1L);
+
   /* second try: retrieve page using cacerts' certificate -> will succeed
    * load the certificate by installing a function doing the necessary
    * "modifications" to the SSL CONTEXT just before link init
diff --git a/docs/examples/rtsp.c b/docs/examples/rtsp.c
index 3035e3fb..32084e9e 100644
--- a/docs/examples/rtsp.c
+++ b/docs/examples/rtsp.c
@@ -63,13 +63,13 @@ static int _getch(void)
 /* error handling macros */
 #define my_curl_easy_setopt(A, B, C)                             \
   res = curl_easy_setopt((A), (B), (C));                         \
-  if(!res)                                                       \
+  if(res != CURLE_OK)                                            \
     fprintf(stderr, "curl_easy_setopt(%s, %s, %s) failed: %d\n", \
             #A, #B, #C, res);
 
 #define my_curl_easy_perform(A)                                     \
   res = curl_easy_perform(A);                                       \
-  if(!res)                                                          \
+  if(res != CURLE_OK)                                               \
     fprintf(stderr, "curl_easy_perform(%s) failed: %d\n", #A, res);
 
 
diff --git a/docs/examples/smtp-mail.c b/docs/examples/smtp-mail.c
index 1fabe4b4..3285b318 100644
--- a/docs/examples/smtp-mail.c
+++ b/docs/examples/smtp-mail.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
  ***************************************************************************/
 
 /* <DESC>
- * SMTP example showing how to send e-mails
+ * Send e-mail with SMTP
  * </DESC>
  */
 
@@ -29,22 +29,26 @@
 #include <string.h>
 #include <curl/curl.h>
 
-/* This is a simple example showing how to send mail using libcurl's SMTP
- * capabilities. For an example of using the multi interface please see
- * smtp-multi.c.
- *
- * Note that this example requires libcurl 7.20.0 or above.
+/*
+ * For an SMTP example using the multi interface please see smtp-multi.c.
+ */
+
+/* The libcurl options want plain addresses, the viewable headers in the mail
+ * can very well get a full name as well.
  */
+#define FROM_ADDR    "<sender@example.org>"
+#define TO_ADDR      "<addressee@example.net>"
+#define CC_ADDR      "<info@example.org>"
 
-#define FROM    "<sender@example.org>"
-#define TO      "<addressee@example.net>"
-#define CC      "<info@example.org>"
+#define FROM_MAIL "Sender Person " FROM_ADDR
+#define TO_MAIL   "A Receiver " TO_ADDR
+#define CC_MAIL   "John CC Smith " CC_ADDR
 
 static const char *payload_text[] = {
   "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
-  "To: " TO "\r\n",
-  "From: " FROM " (Example User)\r\n",
-  "Cc: " CC " (Another example User)\r\n",
+  "To: " TO_MAIL "\r\n",
+  "From: " FROM_MAIL "\r\n",
+  "Cc: " CC_MAIL "\r\n",
   "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@"
   "rfcpedant.example.org>\r\n",
   "Subject: SMTP example message\r\n",
@@ -103,13 +107,13 @@ int main(void)
      * they could cause an endless loop. See RFC 5321 Section 4.5.5 for more
      * details.
      */
-    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM_ADDR);
 
     /* Add two recipients, in this particular case they correspond to the
      * To: and Cc: addressees in the header, but they could be any kind of
      * recipient. */
-    recipients = curl_slist_append(recipients, TO);
-    recipients = curl_slist_append(recipients, CC);
+    recipients = curl_slist_append(recipients, TO_ADDR);
+    recipients = curl_slist_append(recipients, CC_ADDR);
     curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
 
     /* We're using a callback function to specify the payload (the headers and
diff --git a/docs/examples/threaded-shared-conn.c b/docs/examples/threaded-shared-conn.c
new file mode 100644
index 00000000..ab5ac406
--- /dev/null
+++ b/docs/examples/threaded-shared-conn.c
@@ -0,0 +1,156 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/* <DESC>
+ * Multi-threaded transfers sharing a single connection pool
+ * </DESC>
+ *
+ * This example fires up NUM_THREADS threads and in each single thread, it
+ * downloads the same fixed URL a URL_ITERATIONS number of times. The received
+ * data is just thrown away. It sets up a single shared object that holds the
+ * connection cache and all easy handles in all threads share that same cache.
+ *
+ * This example uses pthreads for threads and mutexes, but should be easy to
+ * modify to use different thread/mutex system should you want to.
+ *
+ */
+
+#include <stdio.h>
+#include <pthread.h>
+#include <curl/curl.h>
+
+/*
+  URL to fetch. If you select HTTPS, you need to use a TLS backend with mutex
+  locks taken care of (OpenSSL 1.1.x, NSS, etc) or add SSL mutex callbacks!
+*/
+#define URL "http://localhost/4KB"
+
+/* number of threads to fire up in parallel */
+#define NUM_THREADS 67
+
+/* how many times each URL is transferred per thread */
+#define URL_ITERATIONS 11235
+
+static pthread_mutex_t connlock;
+
+static size_t write_db(void *ptr, size_t size, size_t nmemb, void *data)
+{
+  /* not interested in the downloaded bytes, return the size */
+  (void)ptr;  /* unused */
+  (void)data; /* unused */
+  return (size_t)(size * nmemb);
+}
+
+static void lock_cb(CURL *handle, curl_lock_data data,
+                    curl_lock_access access, void *userptr)
+{
+  (void)access; /* unused */
+  (void)userptr; /* unused */
+  (void)handle; /* unused */
+  (void)data; /* unused */
+  pthread_mutex_lock(&connlock);
+}
+
+static void unlock_cb(CURL *handle, curl_lock_data data,
+                      void *userptr)
+{
+  (void)userptr; /* unused */
+  (void)handle;  /* unused */
+  (void)data;    /* unused */
+  pthread_mutex_unlock(&connlock);
+}
+
+static void init_locks(void)
+{
+  pthread_mutex_init(&connlock, NULL);
+}
+
+static void kill_locks(void)
+{
+  pthread_mutex_destroy(&connlock);
+}
+
+struct initurl {
+  const char *url;
+  CURLSH *share;
+  int threadno;
+};
+
+static void *run_thread(void *ptr)
+{
+  struct initurl *u = (struct initurl *)ptr;
+  int i;
+
+  for(i = 0; i < URL_ITERATIONS; i++) {
+    CURL *curl = curl_easy_init();
+    curl_easy_setopt(curl, CURLOPT_URL, u->url);
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
+    curl_easy_setopt(curl, CURLOPT_SHARE, u->share);
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_db);
+    curl_easy_perform(curl); /* ignores error */
+    curl_easy_cleanup(curl);
+    fprintf(stderr, "Tread %d transfer %d\n", u->threadno, i);
+  }
+
+  return NULL;
+}
+
+int main(void)
+{
+  pthread_t tid[NUM_THREADS];
+  int i;
+  int error;
+  CURLSH *share;
+  struct initurl url[NUM_THREADS];
+
+  /* Must initialize libcurl before any threads are started */
+  curl_global_init(CURL_GLOBAL_ALL);
+
+  share = curl_share_init();
+  curl_share_setopt(share, CURLSHOPT_LOCKFUNC, lock_cb);
+  curl_share_setopt(share, CURLSHOPT_UNLOCKFUNC, unlock_cb);
+  curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_CONNECT);
+
+  init_locks();
+
+  for(i = 0; i< NUM_THREADS; i++) {
+    url[i].url = URL;
+    url[i].share = share;
+    url[i].threadno = i;
+    error = pthread_create(&tid[i], NULL, run_thread, &url[i]);
+    if(0 != error)
+      fprintf(stderr, "Couldn't run thread number %d, errno %d\n", i, error);
+    else
+      fprintf(stderr, "Thread %d, gets %s\n", i, URL);
+  }
+
+  /* now wait for all threads to terminate */
+  for(i = 0; i< NUM_THREADS; i++) {
+    error = pthread_join(tid[i], NULL);
+    fprintf(stderr, "Thread %d terminated\n", i);
+  }
+
+  kill_locks();
+
+  curl_share_cleanup(share);
+  curl_global_cleanup();
+  return 0;
+}
diff --git a/docs/examples/url2file.c b/docs/examples/url2file.c
index 39f84d68..1bede8c1 100644
--- a/docs/examples/url2file.c
+++ b/docs/examples/url2file.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -80,5 +80,7 @@ int main(int argc, char *argv[])
   /* cleanup curl stuff */
   curl_easy_cleanup(curl_handle);
 
+  curl_global_cleanup();
+
   return 0;
 }
diff --git a/docs/examples/xmlstream.c b/docs/examples/xmlstream.c
index 8066828f..9ee4a2e8 100644
--- a/docs/examples/xmlstream.c
+++ b/docs/examples/xmlstream.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -127,7 +127,7 @@ int main(void)
   XML_SetCharacterDataHandler(parser, characterDataHandler);
 
   /* Initialize a libcurl handle. */
-  curl_global_init(CURL_GLOBAL_ALL ^ CURL_GLOBAL_SSL);
+  curl_global_init(CURL_GLOBAL_DEFAULT);
   curl_handle = curl_easy_init();
   curl_easy_setopt(curl_handle, CURLOPT_URL,
                    "http://www.w3schools.com/xml/simple.xml");