diff --git a/lib/url.c b/lib/url.c
index cfaab0601f321be7a22a4522b0355177fc2bb334..e22ddee6ecde59231acdf2d8d38deec1cfa1a75b 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1536,14 +1536,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     break;
   case CURLOPT_USERNAME:
     /*
-     * user:password to use in the operation
+     * authentication user name to use in the operation
      */
     result = setstropt(&data->set.str[STRING_USERNAME],
                        va_arg(param, char *));
     break;
   case CURLOPT_PASSWORD:
     /*
-     * user:password to use in the operation
+     * authentication password to use in the operation
      */
     result = setstropt(&data->set.str[STRING_PASSWORD],
                        va_arg(param, char *));
diff --git a/packages/OS400/README.OS400 b/packages/OS400/README.OS400
index 81173430e2a51ce7f41f793a3c26b8c92019fa34..bdfcae169a9cad51f555f8b0a84d561f9f7a1227 100644
--- a/packages/OS400/README.OS400
+++ b/packages/OS400/README.OS400
@@ -101,6 +101,8 @@ options:
         CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
         CURLOPT_CRLFILE
         CURLOPT_ISSUERCERT
+        CURLOPT_USERNAME
+        CURLOPT_PASSWORD
   Else it is the same as for curl_easy_setopt().
   Note that CURLOPT_ERRORBUFFER is not in the list above, since it gives the
 address of an (empty) character buffer, not the address of a string.
diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c
index 9694a345c6862c23b76d8bf294493166d4665405..0530b5232987e25be99c61c2fcd4e12c5cbc3529 100644
--- a/packages/OS400/ccsidcurl.c
+++ b/packages/OS400/ccsidcurl.c
@@ -728,7 +728,7 @@ curl_formadd_ccsid(struct curl_httppost * * httppost,
   /* Allocate the local curl_forms array. */
 
   lformlen = ALLOC_GRANULE;
-  lforms = malloc(lformlen * sizeof(struct curl_forms));
+  lforms = malloc(lformlen * sizeof *lforms);
 
   if (!lforms)
     return CURL_FORMADD_MEMORY;
@@ -1030,7 +1030,7 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...)
   if (testwarn) {
     testwarn = 0;
 
-    if ((int) STRING_LAST != (int) STRING_SSL_ISSUERCERT + 1)
+    if ((int) STRING_LAST != (int) STRING_PASSWORD + 1)
       curl_mfprintf(stderr,
        "*** WARNING: curl_easy_setopt_ccsid() should be reworked ***\n");
     }
@@ -1075,6 +1075,8 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...)
   case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5:
   case CURLOPT_CRLFILE:
   case CURLOPT_ISSUERCERT:
+  case CURLOPT_USERNAME:
+  case CURLOPT_PASSWORD:
     s = va_arg(arg, char *);
     ccsid = va_arg(arg, unsigned int);
 
diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in
index 5ef5a08579e97cff70bcf1cec7d413d493689390..7474e06a062dd3aef9227879ea32a245f08301e9 100644
--- a/packages/OS400/curl.inc.in
+++ b/packages/OS400/curl.inc.in
@@ -782,6 +782,10 @@
      d                 c                   00171
      d  CURLOPT_CERTINFO...
      d                 c                   00172
+     d  CURLOPT_USERNAME...
+     d                 c                   10173
+     d  CURLOPT_PASSWORD...
+     d                 c                   10174
       *
      d  CURLOPT_POST301...
      d                 c                   00161                                Obsolescent