man page.

CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this
return code get used by the previous SSH MD5 fingerprint check in case it
fails.

CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both make
the SCP or SFTP connection verify the remote host's md5 checksum of the public
key before doing a connect, to reduce the risk of a man-in-the-middle attack.

CURLOPT_POST301 written by Philip Langdale

Debian bug report http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443734

the --proxy-negotiate command line option to allow a user to explicitly
select it.

o It looks for the NSS database first in the environment variable SSL_DIR,
  then in /etc/pki/nssdb, then it initializes with no database if neither of
  those exist.

o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
  loaded, including the ca-bundle. If it is not available then only
  certificates already in the NSS database are used.

o Tries to detect whether a file or nickname is being passed in so the right
  thing is done

o Added a bit of code to make the output more like the OpenSSL module,
  including displaying the certificate information when connecting in
  verbose mode

o Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.

lower case for consistency since sftp commands are case insensitive.

libcurl. This also makes the options change name to --krb (from --krb4) and
CURLOPT_KRBLEVEL (from CURLOPT_KRB4LEVEL) but the old names are still

upload.  Some text provieded by Tom Regner

case 614.
Allow SFTP quote commands chmod, chown, chgrp to set a value of 0.

  the man page now.

to GET on redirect

plus made --pass work on an SSH private key as well.

  -v, --trace and --trace-ascii, since it could really confuse the user.
  Clarified this fact in the man page.

New FTP CCC functionality - adds passive and active mode to accomodate for different server behaviour

SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/

  to the debug callback.

- Shmulik Regev added CURLOPT_HTTP_CONTENT_DECODING and
  CURLOPT_HTTP_TRANSFER_DECODING that if set to zero will disable libcurl's
  internal decoding of content or transfer encoded content. This may be
  preferable in cases where you use libcurl for proxy purposes or similar. The
  command line tool got a --raw option to disable both at once.

  ordinary curl command line, and you will get a libcurl-using source code
  written to the file that does the equivalent operation of what your command
  line operation does!

  curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
  will make libcurl shutdown SSL/TLS after the authentication is done on a
  FTP-SSL operation.

temporarily higher speeds than requested, but the given limiting is considered
"over time" and is an average

case when 401 or 407 are returned, *IF* no auth credentials have been given.
The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401
and 407 cases when auth credentials is given, but we've now covered this
somewhat more.

You might get some amounts of headers transferred before this situation is
detected, like for when a "100-continue" is received as a response to a
POST/PUT and a 401 or 407 is received immediately afterwards.

Added test 281 to verify this change.

encrypt the control connection and use the data connection "plain".

FTPS