An ongoing port of my Lua application server using mongoose httpd to squirrel

ext/mongoose.c

@@ -0,0 +1,5271 @@
+// Copyright (c) 2004-2012 Sergey Lyubka
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#if defined(_WIN32)
+#define _CRT_SECURE_NO_WARNINGS // Disable deprecation warning in VS2005
+#else
+#ifdef __linux__
+#define _XOPEN_SOURCE 600     // For flockfile() on Linux
+#endif
+#define _LARGEFILE_SOURCE     // Enable 64-bit file offsets
+#define __STDC_FORMAT_MACROS  // <inttypes.h> wants this for C++
+#define __STDC_LIMIT_MACROS   // C++ wants that for INT64_MAX
+#endif
+
+#ifdef WIN32_LEAN_AND_MEAN
+#undef WIN32_LEAN_AND_MEAN    // Disable WIN32_LEAN_AND_MEAN, if necessary
+#endif
+
+#if defined(__SYMBIAN32__)
+#define NO_SSL // SSL is not supported
+#define NO_CGI // CGI is not supported
+#define PATH_MAX FILENAME_MAX
+#endif // __SYMBIAN32__
+
+#ifndef _WIN32_WCE // Some ANSI #includes are not available on Windows CE
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <signal.h>
+#include <fcntl.h>
+#endif // !_WIN32_WCE
+
+#include <time.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdio.h>
+//#include "duma.h"
+
+#if defined(_WIN32) && !defined(__SYMBIAN32__) // Windows specific
+#ifndef __MINGW32__
+#define _WIN32_WINNT 0x0400 // To make it link in VS2005
+#endif
+#include <windows.h>
+
+#ifndef PATH_MAX
+#define PATH_MAX MAX_PATH
+#endif
+
+#ifndef _WIN32_WCE
+#include <process.h>
+#include <direct.h>
+#include <io.h>
+#else // _WIN32_WCE
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#ifdef __GNUC__
+#include <malloc.h>
+#endif
+#define NO_CGI // WinCE has no pipes
+
+typedef long off_t;
+#ifndef BUFSIZ
+#define BUFSIZ  4096
+#endif
+
+#define errno   GetLastError()
+#define strerror(x)  _ultoa(x, (char *) _alloca(sizeof(x) *3 ), 10)
+#endif // _WIN32_WCE
+
+#define MAKEUQUAD(lo, hi) ((uint64_t)(((uint32_t)(lo)) | \
+      ((uint64_t)((uint32_t)(hi))) << 32))
+#define RATE_DIFF 10000000 // 100 nsecs
+#define EPOCH_DIFF MAKEUQUAD(0xd53e8000, 0x019db1de)
+#define SYS2UNIX_TIME(lo, hi) \
+  (time_t) ((MAKEUQUAD((lo), (hi)) - EPOCH_DIFF) / RATE_DIFF)
+
+// Visual Studio 6 does not know __func__ or __FUNCTION__
+// The rest of MS compilers use __FUNCTION__, not C99 __func__
+// Also use _strtoui64 on modern M$ compilers
+#if defined(_MSC_VER) && _MSC_VER < 1300
+#define STRX(x) #x
+#define STR(x) STRX(x)
+#define __func__ "line " STR(__LINE__)
+#define strtoull(x, y, z) strtoul(x, y, z)
+#define strtoll(x, y, z) strtol(x, y, z)
+#else
+#define __func__  __FUNCTION__
+#ifndef __GNUC__
+#define strtoull(x, y, z) _strtoui64(x, y, z)
+#define strtoll(x, y, z) _strtoi64(x, y, z)
+#endif
+#endif // _MSC_VER
+
+#define ERRNO   GetLastError()
+#define NO_SOCKLEN_T
+#define SSL_LIB   "ssleay32.dll"
+#define CRYPTO_LIB  "libeay32.dll"
+#define DIRSEP '\\'
+#define IS_DIRSEP_CHAR(c) ((c) == '/' || (c) == '\\')
+#define O_NONBLOCK  0
+#if !defined(EWOULDBLOCK)
+#define EWOULDBLOCK  WSAEWOULDBLOCK
+#endif // !EWOULDBLOCK
+#define _POSIX_
+#define INT64_FMT  "I64d"
+
+#define WINCDECL __cdecl
+#define SHUT_WR 1
+#define snprintf _snprintf
+#define vsnprintf _vsnprintf
+#define mg_sleep(x) Sleep(x)
+
+#define pipe(x) _pipe(x, BUFSIZ, _O_BINARY)
+#ifndef popen
+#define popen(x, y) _popen(x, y)
+#define pclose(x) _pclose(x)
+#endif
+#define close(x) _close(x)
+#ifdef _WIN32_WCE
+#define dlsym(x,y) GetProcAddressA((HINSTANCE) (x), (y))
+#else
+#define dlsym(x,y) GetProcAddress((HINSTANCE) (x), (y))
+#endif
+#define RTLD_LAZY  0
+//#define fseeko(x, y, z) _lseeki64(_fileno(x), (y), (z))
+#define fseeko(x, y, z) fseek((x), (y), (z))
+#define fdopen(x, y) _fdopen((x), (y))
+#define write(x, y, z) _write((x), (y), (unsigned) z)
+#define read(x, y, z) _read((x), (y), (unsigned) z)
+#define flockfile(x) EnterCriticalSection(&global_log_file_lock)
+#define funlockfile(x) LeaveCriticalSection(&global_log_file_lock)
+
+#if !defined(fileno)
+#define fileno(x) _fileno(x)
+#endif // !fileno MINGW #defines fileno
+
+typedef HANDLE pthread_mutex_t;
+typedef struct {HANDLE signal, broadcast;} pthread_cond_t;
+typedef DWORD pthread_t;
+#define pid_t HANDLE // MINGW typedefs pid_t to int. Using #define here.
+
+#ifndef __MINGW32__
+struct timespec {
+  long tv_nsec;
+  long tv_sec;
+};
+#endif
+
+static int pthread_mutex_lock(pthread_mutex_t *);
+static int pthread_mutex_unlock(pthread_mutex_t *);
+static FILE *mg_fopen(const char *path, const char *mode);
+
+#if defined(HAVE_STDINT)
+#include <stdint.h>
+#else
+typedef unsigned int  uint32_t;
+typedef unsigned short  uint16_t;
+typedef unsigned __int64 uint64_t;
+typedef __int64   int64_t;
+#endif // HAVE_STDINT
+
+// POSIX dirent interface
+struct dirent {
+  char d_name[PATH_MAX];
+};
+
+typedef struct DIR {
+  HANDLE   handle;
+  WIN32_FIND_DATAW info;
+  struct dirent  result;
+} DIR;
+
+// Mark required libraries
+#pragma comment(lib, "Ws2_32.lib")
+
+#else    // UNIX  specific
+#include <sys/wait.h>
+#include <sys/socket.h>
+#include <sys/select.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/time.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <netdb.h>
+
+#include <pwd.h>
+#include <unistd.h>
+#include <dirent.h>
+#if !defined(NO_SSL_DL) && !defined(NO_SSL)
+#include <dlfcn.h>
+#endif
+#include <pthread.h>
+#if defined(__MACH__)
+#define SSL_LIB   "libssl.dylib"
+#define CRYPTO_LIB  "libcrypto.dylib"
+#else
+#if !defined(SSL_LIB)
+#define SSL_LIB   "libssl.so"
+#endif
+#if !defined(CRYPTO_LIB)
+#define CRYPTO_LIB  "libcrypto.so"
+#endif
+#endif
+#define DIRSEP   '/'
+#define IS_DIRSEP_CHAR(c) ((c) == '/')
+#ifndef O_BINARY
+#define O_BINARY  0
+#endif // O_BINARY
+#define closesocket(a) close(a)
+#define mg_fopen(x, y) fopen(x, y)
+#define mg_mkdir(x, y) mkdir(x, y)
+#define mg_remove(x) remove(x)
+#define mg_rename(x, y) rename(x, y)
+#define mg_sleep(x) usleep((x) * 1000)
+#define ERRNO errno
+#define INVALID_SOCKET (-1)
+#define INT64_FMT PRId64
+typedef int SOCKET;
+#define WINCDECL
+
+#endif // End of Windows and UNIX specific includes
+
+#ifndef INT64_MAX
+#define INT64_MAX  9223372036854775807
+#endif
+
+#define ON_MONGOOSE_SRC
+#include "mongoose.h"
+
+#define MONGOOSE_VERSION "3.4"
+#define PASSWORDS_FILE_NAME ".htpasswd"
+#define CGI_ENVIRONMENT_SIZE 4096
+#define MAX_CGI_ENVIR_VARS 64
+#define MG_BUF_LEN 8192
+#define ARRAY_SIZE(array) (sizeof(array) / sizeof(array[0]))
+
+#ifdef _WIN32
+static CRITICAL_SECTION global_log_file_lock;
+static pthread_t pthread_self(void) {
+  return GetCurrentThreadId();
+}
+#endif // _WIN32
+
+#ifdef DEBUG_TRACE
+#undef DEBUG_TRACE
+#define DEBUG_TRACE(x)
+#else
+#if defined(DEBUG) || defined(MG_DEBUG)
+#define DEBUG_TRACE(x) do { \
+  flockfile(stdout); \
+  printf("*** %lu.%p.%s.%d: ", \
+         (unsigned long) time(NULL), (void *) pthread_self(), \
+         __func__, __LINE__); \
+  printf x; \
+  putchar('\n'); \
+  fflush(stdout); \
+  funlockfile(stdout); \
+} while (0)
+#else
+#define DEBUG_TRACE(x)
+#endif // DEBUG
+#endif // DEBUG_TRACE
+
+#if 0
+static void *mymg_malloc(size_t size, int line){
+    void *ptr = malloc(size);
+    printf("malloc %d : %p\n", line, ptr);
+    return ptr;
+}
+static void *mymg_calloc(size_t count, size_t size, int line){
+    void *ptr = calloc(count, size);
+    printf("calloc %d : %p\n", line, ptr);
+    return ptr;
+}
+static void *mymg_realloc(void *old, size_t size, int line){
+    void *ptr = realloc(old, size);
+    printf("realloc %d : %p : %p\n", line, old, ptr);
+    return ptr;
+}
+static void *mymg_free(void *ptr, int line){
+    free(ptr);
+    printf("free %d : %p\n", line, ptr);
+    return ptr;
+}
+# define MG_MALLOC(x) mymg_malloc(x, __LINE__)
+# define MG_CALLOC(a,b) mymg_calloc(a,b, __LINE__)
+# define MG_REALLOC(x, z) mymg_realloc(x, z, __LINE__)
+# define MG_FREE(x) mymg_free(x, __LINE__)
+#else
+# define MG_MALLOC(x) malloc(x)
+# define MG_CALLOC(a,b) calloc(a,b)
+# define MG_REALLOC(x, z) realloc(x, z)
+# define MG_FREE(x) free(x)
+#endif
+
+// Darwin prior to 7.0 and Win32 do not have socklen_t
+#ifdef NO_SOCKLEN_T
+typedef int socklen_t;
+#endif // NO_SOCKLEN_T
+#define _DARWIN_UNLIMITED_SELECT
+
+#if !defined(MSG_NOSIGNAL)
+#define MSG_NOSIGNAL 0
+#endif
+
+#if !defined(SOMAXCONN)
+#define SOMAXCONN 100
+#endif
+
+#if !defined(PATH_MAX)
+#define PATH_MAX 4096
+#endif
+
+#ifndef HAS_MG_THREAD_FUNC_DEFINED
+typedef void * (*mg_thread_func_t)(void *);
+#endif
+
+static const char *http_500_error = "Internal Server Error";
+
+// Snatched from OpenSSL includes. I put the prototypes here to be independent
+// from the OpenSSL source installation. Having this, mongoose + SSL can be
+// built on any system with binary SSL libraries installed.
+typedef struct ssl_st SSL;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_ctx_st SSL_CTX;
+
+#define SSL_ERROR_WANT_READ 2
+#define SSL_ERROR_WANT_WRITE 3
+#define SSL_FILETYPE_PEM 1
+#define CRYPTO_LOCK  1
+
+#if defined(NO_SSL_DL)
+extern void SSL_free(SSL *);
+extern int SSL_accept(SSL *);
+extern int SSL_connect(SSL *);
+extern int SSL_read(SSL *, void *, int);
+extern int SSL_write(SSL *, const void *, int);
+extern int SSL_get_error(const SSL *, int);
+extern int SSL_set_fd(SSL *, int);
+extern SSL *SSL_new(SSL_CTX *);
+extern SSL_CTX *SSL_CTX_new(SSL_METHOD *);
+extern SSL_METHOD *SSLv23_server_method(void);
+extern SSL_METHOD *SSLv23_client_method(void);
+extern int SSL_library_init(void);
+extern void SSL_load_error_strings(void);
+extern int SSL_CTX_use_PrivateKey_file(SSL_CTX *, const char *, int);
+extern int SSL_CTX_use_certificate_file(SSL_CTX *, const char *, int);
+extern int SSL_CTX_use_certificate_chain_file(SSL_CTX *, const char *);
+extern void SSL_CTX_set_default_passwd_cb(SSL_CTX *, mg_callback_t);
+extern void SSL_CTX_free(SSL_CTX *);
+extern unsigned long ERR_get_error(void);
+extern char *ERR_error_string(unsigned long, char *);
+extern int CRYPTO_num_locks(void);
+extern void CRYPTO_set_locking_callback(void (*)(int, int, const char *, int));
+extern void CRYPTO_set_id_callback(unsigned long (*)(void));
+#else
+// Dynamically loaded SSL functionality
+struct ssl_func {
+  const char *name;   // SSL function name
+  void  (*ptr)(void); // Function pointer
+};
+
+#define SSL_free (* (void (*)(SSL *)) ssl_sw[0].ptr)
+#define SSL_accept (* (int (*)(SSL *)) ssl_sw[1].ptr)
+#define SSL_connect (* (int (*)(SSL *)) ssl_sw[2].ptr)
+#define SSL_read (* (int (*)(SSL *, void *, int)) ssl_sw[3].ptr)
+#define SSL_write (* (int (*)(SSL *, const void *,int)) ssl_sw[4].ptr)
+#define SSL_get_error (* (int (*)(SSL *, int)) ssl_sw[5].ptr)
+#define SSL_set_fd (* (int (*)(SSL *, SOCKET)) ssl_sw[6].ptr)
+#define SSL_new (* (SSL * (*)(SSL_CTX *)) ssl_sw[7].ptr)
+#define SSL_CTX_new (* (SSL_CTX * (*)(SSL_METHOD *)) ssl_sw[8].ptr)
+#define SSLv23_server_method (* (SSL_METHOD * (*)(void)) ssl_sw[9].ptr)
+#define SSL_library_init (* (int (*)(void)) ssl_sw[10].ptr)
+#define SSL_CTX_use_PrivateKey_file (* (int (*)(SSL_CTX *, \
+        const char *, int)) ssl_sw[11].ptr)
+#define SSL_CTX_use_certificate_file (* (int (*)(SSL_CTX *, \
+        const char *, int)) ssl_sw[12].ptr)
+#define SSL_CTX_set_default_passwd_cb \
+  (* (void (*)(SSL_CTX *, mg_callback_t)) ssl_sw[13].ptr)
+#define SSL_CTX_free (* (void (*)(SSL_CTX *)) ssl_sw[14].ptr)
+#define SSL_load_error_strings (* (void (*)(void)) ssl_sw[15].ptr)
+#define SSL_CTX_use_certificate_chain_file \
+  (* (int (*)(SSL_CTX *, const char *)) ssl_sw[16].ptr)
+#define SSLv23_client_method (* (SSL_METHOD * (*)(void)) ssl_sw[17].ptr)
+
+#define CRYPTO_num_locks (* (int (*)(void)) crypto_sw[0].ptr)
+#define CRYPTO_set_locking_callback \
+  (* (void (*)(void (*)(int, int, const char *, int))) crypto_sw[1].ptr)
+#define CRYPTO_set_id_callback \
+  (* (void (*)(unsigned long (*)(void))) crypto_sw[2].ptr)
+#define ERR_get_error (* (unsigned long (*)(void)) crypto_sw[3].ptr)
+#define ERR_error_string (* (char * (*)(unsigned long,char *)) crypto_sw[4].ptr)
+
+// set_ssl_option() function updates this array.
+// It loads SSL library dynamically and changes NULLs to the actual addresses
+// of respective functions. The macros above (like SSL_connect()) are really
+// just calling these functions indirectly via the pointer.
+static struct ssl_func ssl_sw[] = {
+  {"SSL_free",   NULL},
+  {"SSL_accept",   NULL},
+  {"SSL_connect",   NULL},
+  {"SSL_read",   NULL},
+  {"SSL_write",   NULL},
+  {"SSL_get_error",  NULL},
+  {"SSL_set_fd",   NULL},
+  {"SSL_new",   NULL},
+  {"SSL_CTX_new",   NULL},
+  {"SSLv23_server_method", NULL},
+  {"SSL_library_init",  NULL},
+  {"SSL_CTX_use_PrivateKey_file", NULL},
+  {"SSL_CTX_use_certificate_file",NULL},
+  {"SSL_CTX_set_default_passwd_cb",NULL},
+  {"SSL_CTX_free",  NULL},
+  {"SSL_load_error_strings", NULL},
+  {"SSL_CTX_use_certificate_chain_file", NULL},
+  {"SSLv23_client_method", NULL},
+  {NULL,    NULL}
+};
+
+// Similar array as ssl_sw. These functions could be located in different lib.
+#if !defined(NO_SSL)
+static struct ssl_func crypto_sw[] = {
+  {"CRYPTO_num_locks",  NULL},
+  {"CRYPTO_set_locking_callback", NULL},
+  {"CRYPTO_set_id_callback", NULL},
+  {"ERR_get_error",  NULL},
+  {"ERR_error_string", NULL},
+  {NULL,    NULL}
+};
+#endif // NO_SSL
+#endif // NO_SSL_DL
+
+static const char *month_names[] = {
+  "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+  "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+// Unified socket address. For IPv6 support, add IPv6 address structure
+// in the union u.
+union usa {
+  struct sockaddr sa;
+  struct sockaddr_in sin;
+#if defined(USE_IPV6)
+  struct sockaddr_in6 sin6;
+#endif
+};
+
+// Describes a string (chunk of memory).
+struct vec {
+  const char *ptr;
+  size_t len;
+};
+
+// Structure used by mg_stat() function. Uses 64 bit file length.
+struct mgstat {
+  int is_directory;  // Directory marker
+  int64_t size;      // File size
+  time_t mtime;      // Modification time
+};
+
+// Describes listening socket, or socket which was accept()-ed by the master
+// thread and queued for future handling by the worker thread.
+#define MG_FLAG_IS_SSL      0x0001
+#define MG_IS_SSL(flag) (flag & MG_FLAG_IS_SSL)
+#define MSG_SET_IS_SSL(flag, b) flag &= (b ? MG_FLAG_IS_SSL : ~MG_FLAG_IS_SSL)
+
+#define MG_FLAG_IS_PROXY    0x0002
+#define MG_IS_PROXY(flag) (flag & MG_FLAG_IS_PROXY)
+#define MSG_SET_IS_PROXY(flag, b) flag &= (b ? MG_FLAG_IS_PROXY : ~MG_FLAG_IS_PROXY)
+
+#define MG_FLAG_IS_KEEP_ALIVE    0x0004
+#define MG_IS_ALIVE(flag) (flag & MG_FLAG_IS_ALIVE)
+#define MSG_SET_IS_ALIVE(flag, b) flag &= (b ? MG_FLAG_IS_ALIVE : ~MG_FLAG_IS_ALIVE)
+
+struct socket {
+  struct socket *next;  // Linkage
+  SOCKET sock;          // Listening socket
+  union usa lsa;        // Local socket address
+  union usa rsa;        // Remote socket address
+  int is_ssl;           // Is socket SSL-ed
+  int is_proxy;
+  //DAD using bitfield here only need on int and allow more flags
+  //int connection_count;
+};
+
+// NOTE(lsm): this enum shoulds be in sync with the config_options below.
+enum {
+  CGI_EXTENSIONS, CGI_ENVIRONMENT, PUT_DELETE_PASSWORDS_FILE, CGI_INTERPRETER,
+  PROTECT_URI, AUTHENTICATION_DOMAIN, SSI_EXTENSIONS, THROTTLE,
+  ACCESS_LOG_FILE, SSL_CHAIN_FILE, ENABLE_DIRECTORY_LISTING, ERROR_LOG_FILE,
+  GLOBAL_PASSWORDS_FILE, INDEX_FILES, ENABLE_KEEP_ALIVE, ACCESS_CONTROL_LIST,
+  MAX_REQUEST_SIZE,
+  EXTRA_MIME_TYPES, LISTENING_PORTS, DOCUMENT_ROOT, SSL_CERTIFICATE,
+  NUM_THREADS, RUN_AS_USER, REWRITE, HIDE_FILES,
+  MAX_THREADS, NUM_OPTIONS
+};
+
+static const char *config_options[] = {
+  "C", "cgi_pattern", "**.cgi$|**.pl$|**.php$",
+  "E", "cgi_environment", NULL,
+  "G", "put_delete_passwords_file", NULL,
+  "I", "cgi_interpreter", NULL,
+  "P", "protect_uri", NULL,
+  "R", "authentication_domain", "mydomain.com",
+  "S", "ssi_pattern", "**.shtml$|**.shtm$",
+  "T", "throttle", NULL,
+  "a", "access_log_file", NULL,
+  "c", "ssl_chain_file", NULL,
+  "d", "enable_directory_listing", "yes",
+  "e", "error_log_file", NULL,
+  "g", "global_passwords_file", NULL,
+  "i", "index_files", "index.html,index.htm,index.cgi,index.shtml,index.php",
+  "k", "enable_keep_alive", "no",
+  "l", "access_control_list", NULL,
+  "M", "max_request_size", "16384",
+  "m", "extra_mime_types", NULL,
+  "p", "listening_ports", "8080",
+  "r", "document_root",  ".",
+  "s", "ssl_certificate", NULL,
+  "t", "num_threads", "10",
+  "u", "run_as_user", NULL,
+  "w", "url_rewrite_patterns", NULL,
+  "x", "hide_files_patterns", NULL,
+  "T", "max_threads", NULL,
+  NULL
+};
+#define ENTRIES_PER_CONFIG_OPTION 3
+
+struct mg_context {
+  volatile int stop_flag;       // Should we stop event loop
+  SSL_CTX *ssl_ctx;             // SSL context
+  SSL_CTX *client_ssl_ctx;      // Client SSL context
+  char *config[NUM_OPTIONS];    // Mongoose configuration parameters
+  mg_callback_t user_callback;  // User-defined callback function
+  void *user_data;              // User-defined data
+
+  struct socket *listening_sockets;
+
+  volatile int num_threads;  // Number of threads
+  volatile int idle_threads; // Number of inactive threads
+  volatile int base_threads; // Number of threads to maintain when idle
+  volatile int max_threads;  // Limit on number of threads
+  pthread_mutex_t mutex;     // Protects (max|num)_threads
+  pthread_cond_t  cond;      // Condvar for tracking workers terminations
+
+  struct socket queue[20];   // Accepted sockets
+  //int connection_count;
+  volatile int sq_head;      // Head of the socket queue
+  volatile int sq_tail;      // Tail of the socket queue
+  pthread_cond_t sq_full;    // Singaled when socket is produced
+  pthread_cond_t sq_empty;   // Signaled when socket is consumed
+
+  void *master_plugin;       // User defined master plugin
+  pthread_mutex_t master_plugin_mutex;     // Protects master_plugin_thread
+  pthread_cond_t  master_plugin_cond;      // Condvar for tracking master_plugin_thread
+};
+
+struct mg_connection {
+  struct mg_connection *peer; // Remote target in proxy mode
+  struct mg_request_info request_info;
+  struct mg_context *ctx;
+  SSL *ssl;                   // SSL descriptor
+  struct socket client;       // Connected client
+  time_t birth_time;          // Time when request was received
+  int64_t num_bytes_sent;     // Total bytes sent to client
+  int64_t content_len;        // Content-Length header value
+  int64_t consumed_content;   // How many bytes of content have been read
+  char *buf;                  // Buffer for received data
+  char *path_info;            // PATH_INFO part of the URL
+  char *body;                 // Pointer to not-read yet buffered body data
+  char *next_request;         // Pointer to the buffered next request
+  int must_close;             // 1 if connection must be closed
+  int buf_size;               // Buffer size
+  int request_len;            // Size of the request + headers in a buffer
+  int data_len;               // Total size of data in a buffer
+  int throttle;               // Throttling, bytes/sec. <= 0 means no throttle
+  time_t last_throttle_time;  // Last time throttled data was sent
+  int64_t last_throttle_bytes;// Bytes sent this second
+  char *auth_header;          // Buffer for the Authorization header (request_info.ah points into it).
+  void *plugin;
+};
+
+const char **mg_get_valid_option_names(void) {
+  return config_options;
+}
+
+static void *call_user(struct mg_connection *conn, enum mg_event event) {
+  conn->request_info.user_data = conn->ctx->user_data;
+  return conn->ctx->user_callback == NULL ? NULL :
+    conn->ctx->user_callback(event, conn, &conn->request_info);
+}
+
+void *mg_get_user_data(struct mg_connection *conn) {
+  return conn != NULL && conn->ctx != NULL ? conn->ctx->user_data : NULL;
+}
+
+const char *mg_get_log_message(const struct mg_connection *conn) {
+  return conn == NULL ? NULL : conn->request_info.log_message;
+}
+
+int mg_get_reply_status_code(const struct mg_connection *conn) {
+  return conn == NULL ? -1 : conn->request_info.status_code;
+}
+
+void *mg_get_ssl_context(const struct mg_connection *conn) {
+  return conn == NULL || conn->ctx == NULL ? NULL : conn->ctx->ssl_ctx;
+}
+
+static int get_option_index(const char *name) {
+  int i;
+
+  for (i = 0; config_options[i] != NULL; i += ENTRIES_PER_CONFIG_OPTION) {
+    if (strcmp(config_options[i], name) == 0 ||
+        strcmp(config_options[i + 1], name) == 0) {
+      return i / ENTRIES_PER_CONFIG_OPTION;
+    }
+  }
+  return -1;
+}
+
+const char *mg_get_option(const struct mg_context *ctx, const char *name) {
+  int i;
+  if ((i = get_option_index(name)) == -1) {
+    return NULL;
+  } else if (ctx->config[i] == NULL) {
+    return "";
+  } else {
+    return ctx->config[i];
+  }
+}
+
+const char *mg_get_document_root(const struct mg_connection *conn) {
+  return conn->ctx->config[DOCUMENT_ROOT];
+}
+
+static void sockaddr_to_string(char *buf, size_t len,
+                                     const union usa *usa) {
+  buf[0] = '\0';
+#if defined(USE_IPV6)
+  inet_ntop(usa->sa.sa_family, usa->sa.sa_family == AF_INET ?
+            (void *) &usa->sin.sin_addr :
+            (void *) &usa->sin6.sin6_addr, buf, len);
+#elif defined(_WIN32)
+  // Only Windoze Vista (and newer) have inet_ntop()
+  strncpy(buf, inet_ntoa(usa->sin.sin_addr), len);
+#else
+  inet_ntop(usa->sa.sa_family, (void *) &usa->sin.sin_addr, buf, len);
+#endif
+}
+
+// Print error message to the opened error log stream.
+static void cry(struct mg_connection *conn, const char *fmt, ...) {
+  char buf[MG_BUF_LEN], src_addr[20];
+  va_list ap;
+  FILE *fp;
+  time_t timestamp;
+
+  va_start(ap, fmt);
+  (void) vsnprintf(buf, sizeof(buf), fmt, ap);
+  va_end(ap);
+
+  // Do not lock when getting the callback value, here and below.
+  // I suppose this is fine, since function cannot disappear in the
+  // same way string option can.
+  conn->request_info.log_message = buf;
+  if (call_user(conn, MG_EVENT_LOG) == NULL) {
+    fp = conn->ctx == NULL || conn->ctx->config[ERROR_LOG_FILE] == NULL ? NULL :
+      mg_fopen(conn->ctx->config[ERROR_LOG_FILE], "a+");
+
+    if (fp != NULL) {
+      flockfile(fp);
+      timestamp = time(NULL);
+
+      sockaddr_to_string(src_addr, sizeof(src_addr), &conn->client.rsa);
+      fprintf(fp, "[%010lu] [error] [client %s] ", (unsigned long) timestamp,
+              src_addr);
+
+      if (conn->request_info.request_method != NULL) {
+        fprintf(fp, "%s %s: ", conn->request_info.request_method,
+                conn->request_info.uri);
+      }
+
+      (void) fprintf(fp, "%s", buf);
+      fputc('\n', fp);
+      funlockfile(fp);
+      if (fp != stderr) {
+        fclose(fp);
+      }
+    }
+  }
+  conn->request_info.log_message = NULL;
+}
+
+#define MG_SSL_CREATE_CTX_ERROR -100
+#define MG_SSL_ALOCATE_MUTEX_ERROR -2000
+
+// Return OpenSSL error message
+static const char *ssl_error(int err_code) {
+#ifdef USE_AXTLS
+    extern const char* ssl_get_error(int error_code, char *buf, size_t bufsize);
+    static char buf[256];
+    switch(err_code){
+        case MG_SSL_CREATE_CTX_ERROR:
+            snprintf(buf, sizeof(buf), "MG_SSL_CREATE_CTX_ERROR");
+            return buf;
+            break;
+        case MG_SSL_ALOCATE_MUTEX_ERROR:
+            snprintf(buf, sizeof(buf), "MG_SSL_ALOCATE_MUTEX_ERROR");
+            return buf;
+            break;
+    }
+    return ssl_get_error(err_code, buf, sizeof(buf));
+#else
+  unsigned long err;
+  err = ERR_get_error();
+  return err == 0 ? "" : ERR_error_string(err, NULL);
+#endif
+}
+
+// Return fake connection structure. Used for logging, if connection
+// is not applicable at the moment of logging.
+static struct mg_connection *fc(struct mg_context *ctx) {
+  static struct mg_connection fake_connection;
+  fake_connection.ctx = ctx;
+  return &fake_connection;
+}
+
+const char *mg_version(void) {
+  return MONGOOSE_VERSION;
+}
+
+const struct mg_request_info *
+mg_get_request_info(const struct mg_connection *conn) {
+  return &conn->request_info;
+}
+
+static void mg_strlcpy(register char *dst, register const char *src, size_t n) {
+  for (; *src != '\0' && n > 1; n--) {
+    *dst++ = *src++;
+  }
+  *dst = '\0';
+}
+
+//DAD
+//static int lowercase(const char *s) {
+//  return tolower(* (const unsigned char *) s);
+//}
+#define lowercase(s) tolower(* (const unsigned char *) s)
+
+int mg_strncasecmp(const char *s1, const char *s2, size_t len) {
+  int diff = 0;
+
+  if (len > 0)
+    do {
+      diff = lowercase(s1++) - lowercase(s2++);
+    } while (diff == 0 && s1[-1] != '\0' && --len > 0);
+
+  return diff;
+}
+
+int mg_strcasecmp(const char *s1, const char *s2) {
+  int diff;
+
+  do {
+    diff = lowercase(s1++) - lowercase(s2++);
+  } while (diff == 0 && s1[-1] != '\0');
+
+  return diff;
+}
+
+char * mg_strndup(const char *ptr, size_t len) {
+  char *p;
+  if ((p = (char *) MG_MALLOC(len + 1)) != NULL) {
+    mg_strlcpy(p, ptr, len + 1);
+  }
+
+  return p;
+}
+
+char * mg_strdup(const char *str) {
+  return mg_strndup(str, strlen(str));
+}
+
+// Like snprintf(), but never returns negative value, or a value
+// that is larger than a supplied buffer.
+// Thanks to Adam Zeldis to pointing snprintf()-caused vulnerability
+// in his audit report.
+static int mg_vsnprintf(struct mg_connection *conn, char *buf, size_t buflen,
+                        const char *fmt, va_list ap) {
+  int n;
+
+  if (buflen == 0)
+    return 0;
+
+  n = vsnprintf(buf, buflen, fmt, ap);
+
+  if (n < 0) {
+    cry(conn, "vsnprintf error");
+    n = 0;
+  } else if (n >= (int) buflen) {
+    cry(conn, "truncating vsnprintf buffer: [%.*s]",
+        n > 200 ? 200 : n, buf);
+    n = (int) buflen - 1;
+  }
+  buf[n] = '\0';
+
+  return n;
+}
+
+static int mg_snprintf(struct mg_connection *conn, char *buf, size_t buflen,
+                       const char *fmt, ...) {
+  va_list ap;
+  int n;
+
+  va_start(ap, fmt);
+  n = mg_vsnprintf(conn, buf, buflen, fmt, ap);
+  va_end(ap);
+
+  return n;
+}
+
+// Skip the characters until one of the delimiters characters found.
+// 0-terminate resulting word. Skip the delimiter and following whitespaces if any.
+// Advance pointer to buffer to the next word. Return found 0-terminated word.
+// Delimiters can be quoted with quotechar.
+static char *skip_quoted(char **buf, const char *delimiters,
+                         const char *whitespace, char quotechar) {
+  char *p, *begin_word, *end_word, *end_whitespace;
+
+  begin_word = *buf;
+  end_word = begin_word + strcspn(begin_word, delimiters);
+
+  // Check for quotechar
+  if (end_word > begin_word) {
+    p = end_word - 1;
+    while (*p == quotechar) {
+      // If there is anything beyond end_word, copy it
+      if (*end_word == '\0') {
+        *p = '\0';
+        break;
+      } else {
+        size_t end_off = strcspn(end_word + 1, delimiters);
+        memmove (p, end_word, end_off + 1);
+        p += end_off; // p must correspond to end_word - 1
+        end_word += end_off + 1;
+      }
+    }
+    for (p++; p < end_word; p++) {
+      *p = '\0';
+    }
+  }
+
+  if (*end_word == '\0') {
+    *buf = end_word;
+  } else {
+    end_whitespace = end_word + 1 + strspn(end_word + 1, whitespace);
+
+    for (p = end_word; p < end_whitespace; p++) {
+      *p = '\0';
+    }
+
+    *buf = end_whitespace;
+  }
+
+  return begin_word;
+}
+
+// Simplified version of skip_quoted without quote char
+// and whitespace == delimiters
+static char *skip(char **buf, const char *delimiters) {
+  return skip_quoted(buf, delimiters, delimiters, 0);
+}
+
+
+// Return HTTP header value, or NULL if not found.
+static const char *get_header(const struct mg_request_info *ri,
+                              const char *name) {
+  int i;
+
+  for (i = 0; i < ri->num_headers; i++)
+    if (!mg_strcasecmp(name, ri->http_headers[i].name))
+      return ri->http_headers[i].value;
+
+  return NULL;
+}
+
+const char *mg_get_header(const struct mg_connection *conn, const char *name) {
+  return get_header(&conn->request_info, name);
+}
+//int mg_get_connection_count(const struct mg_connection *conn) {
+//  return conn->client.connection_count;
+//}
+
+// A helper function for traversing a comma separated list of values.
+// It returns a list pointer shifted to the next value, or NULL if the end
+// of the list found.
+// Value is stored in val vector. If value has form "x=y", then eq_val
+// vector is initialized to point to the "y" part, and val vector length
+// is adjusted to point only to "x".
+static const char *next_option(const char *list, struct vec *val,
+                               struct vec *eq_val) {
+  if (list == NULL || *list == '\0') {
+    // End of the list
+    list = NULL;
+  } else {
+    val->ptr = list;
+    if ((list = strchr(val->ptr, ',')) != NULL) {
+      // Comma found. Store length and shift the list ptr
+      val->len = list - val->ptr;
+      list++;
+    } else {
+      // This value is the last one
+      list = val->ptr + strlen(val->ptr);
+      val->len = list - val->ptr;
+    }
+
+    if (eq_val != NULL) {
+      // Value has form "x=y", adjust pointers and lengths
+      // so that val points to "x", and eq_val points to "y".
+      eq_val->len = 0;
+      eq_val->ptr = (const char *) memchr(val->ptr, '=', val->len);
+      if (eq_val->ptr != NULL) {
+        eq_val->ptr++;  // Skip over '=' character
+        eq_val->len = val->ptr + val->len - eq_val->ptr;
+        val->len = (eq_val->ptr - val->ptr) - 1;
+      }
+    }
+  }
+
+  return list;
+}
+
+static int match_prefix(const char *pattern, int pattern_len, const char *str) {
+  const char *or_str;
+  int i, j, len, res;
+
+  if ((or_str = (const char *) memchr(pattern, '|', pattern_len)) != NULL) {
+    res = match_prefix(pattern, or_str - pattern, str);
+    return res > 0 ? res :
+        match_prefix(or_str + 1, (pattern + pattern_len) - (or_str + 1), str);
+  }
+
+  i = j = 0;
+  res = -1;
+  for (; i < pattern_len; i++, j++) {
+    if (pattern[i] == '?' && str[j] != '\0') {
+      continue;
+    } else if (pattern[i] == '$') {
+      return str[j] == '\0' ? j : -1;
+    } else if (pattern[i] == '*') {
+      i++;
+      if (pattern[i] == '*') {
+        i++;
+        len = (int) strlen(str + j);
+      } else {
+        len = (int) strcspn(str + j, "/");
+      }
+      if (i == pattern_len) {
+        return j + len;
+      }
+      do {
+        res = match_prefix(pattern + i, pattern_len - i, str + j + len);
+      } while (res == -1 && len-- > 0);
+      return res == -1 ? -1 : j + res + len;
+    } else if (pattern[i] != str[j]) {
+      return -1;
+    }
+  }
+  return j;
+}
+
+// HTTP 1.1 assumes keep alive if "Connection:" header is not set
+// This function must tolerate situations when connection info is not
+// set up, for example if request parsing failed.
+static int should_keep_alive(const struct mg_connection *conn) {
+  const char *http_version = conn->request_info.http_version;
+  const char *header = mg_get_header(conn, "Connection");
+  if (conn->must_close ||
+      conn->request_info.status_code == 401 ||
+      mg_strcasecmp(conn->ctx->config[ENABLE_KEEP_ALIVE], "yes") != 0 ||
+      (header != NULL && mg_strcasecmp(header, "keep-alive") != 0) ||
+      (header == NULL && http_version && strcmp(http_version, "1.1"))) {
+    return 0;
+  }
+  return 1;
+}
+
+static const char *suggest_connection_header(const struct mg_connection *conn) {
+  return should_keep_alive(conn) ? "keep-alive" : "close";
+}
+
+static void send_http_error(struct mg_connection *conn, int status,
+                            const char *reason, const char *fmt, ...) {
+  char buf[MG_BUF_LEN];
+  va_list ap;
+  int len;
+
+  conn->request_info.status_code = status;
+
+  if (call_user(conn, MG_HTTP_ERROR) == NULL) {
+    buf[0] = '\0';
+    len = 0;
+
+    // Errors 1xx, 204 and 304 MUST NOT send a body
+    if (status > 199 && status != 204 && status != 304) {
+      len = mg_snprintf(conn, buf, sizeof(buf), "Error %d: %s", status, reason);
+      buf[len++] = '\n';
+
+      va_start(ap, fmt);
+      len += mg_vsnprintf(conn, buf + len, sizeof(buf) - len, fmt, ap);
+      va_end(ap);
+    }
+    DEBUG_TRACE(("[%s]", buf));
+
+    mg_printf(conn, "HTTP/1.1 %d %s\r\n"
+              "Content-Type: text/plain\r\n"
+              "Content-Length: %d\r\n"
+              "Connection: %s\r\n\r\n", status, reason, len,
+              suggest_connection_header(conn));
+    conn->num_bytes_sent += mg_printf(conn, "%s", buf);
+  }
+}
+
+#if defined(_WIN32) && !defined(__SYMBIAN32__)
+static int pthread_mutex_init(pthread_mutex_t *mutex, const void *unused) {
+  unused = NULL;
+  *mutex = CreateMutex(NULL, FALSE, NULL);
+  return *mutex == NULL ? -1 : 0;
+}
+
+static int pthread_mutex_destroy(pthread_mutex_t *mutex) {
+  return CloseHandle(*mutex) == 0 ? -1 : 0;
+}
+
+static int pthread_mutex_lock(pthread_mutex_t *mutex) {
+  return WaitForSingleObject(*mutex, INFINITE) == WAIT_OBJECT_0? 0 : -1;
+}
+
+static int pthread_mutex_unlock(pthread_mutex_t *mutex) {
+  return ReleaseMutex(*mutex) == 0 ? -1 : 0;
+}
+
+static int pthread_cond_init(pthread_cond_t *cv, const void *unused) {
+  unused = NULL;
+  cv->signal = CreateEvent(NULL, FALSE, FALSE, NULL);
+  cv->broadcast = CreateEvent(NULL, TRUE, FALSE, NULL);
+  return cv->signal != NULL && cv->broadcast != NULL ? 0 : -1;
+}
+
+static int pthread_cond_wait(pthread_cond_t *cv, pthread_mutex_t *mutex) {
+  HANDLE handles[] = {cv->signal, cv->broadcast};
+  ReleaseMutex(*mutex);
+  WaitForMultipleObjects(2, handles, FALSE, INFINITE);
+  return WaitForSingleObject(*mutex, INFINITE) == WAIT_OBJECT_0? 0 : -1;
+}
+
+static int pthread_cond_signal(pthread_cond_t *cv) {
+  return SetEvent(cv->signal) == 0 ? -1 : 0;
+}
+
+static int pthread_cond_broadcast(pthread_cond_t *cv) {
+  // Implementation with PulseEvent() has race condition, see
+  // http://www.cs.wustl.edu/~schmidt/win32-cv-1.html
+  return PulseEvent(cv->broadcast) == 0 ? -1 : 0;
+}
+
+static int pthread_cond_destroy(pthread_cond_t *cv) {
+  return CloseHandle(cv->signal) && CloseHandle(cv->broadcast) ? 0 : -1;
+}
+
+// For Windows, change all slashes to backslashes in path names.
+static void change_slashes_to_backslashes(char *path) {
+  int i;
+
+  for (i = 0; path[i] != '\0'; i++) {
+    if (path[i] == '/')
+      path[i] = '\\';
+    // i > 0 check is to preserve UNC paths, like \\server\file.txt
+    if (path[i] == '\\' && i > 0)
+      while (path[i + 1] == '\\' || path[i + 1] == '/')
+        (void) memmove(path + i + 1,
+            path + i + 2, strlen(path + i + 1));
+  }
+}
+
+// Encode 'path' which is assumed UTF-8 string, into UNICODE string.
+// wbuf and wbuf_len is a target buffer and its length.
+static void to_unicode(const char *path, wchar_t *wbuf, size_t wbuf_len) {
+  char buf[PATH_MAX], buf2[PATH_MAX], *p;
+
+  mg_strlcpy(buf, path, sizeof(buf));
+  change_slashes_to_backslashes(buf);
+
+  // Point p to the end of the file name
+  p = buf + strlen(buf) - 1;
+
+  // Trim trailing backslash character
+  while (p > buf && *p == '\\' && p[-1] != ':') {
+    *p-- = '\0';
+  }
+
+   // Protect from CGI code disclosure.
+   // This is very nasty hole. Windows happily opens files with
+   // some garbage in the end of file name. So fopen("a.cgi    ", "r")
+   // actually opens "a.cgi", and does not return an error!
+  if (*p == 0x20 ||               // No space at the end
+      (*p == 0x2e && p > buf) ||  // No '.' but allow '.' as full path
+      *p == 0x2b ||               // No '+'
+      (*p & ~0x7f)) {             // And generally no non-ASCII chars
+    (void) fprintf(stderr, "Rejecting suspicious path: [%s]", buf);
+    wbuf[0] = L'\0';
+  } else {
+    // Convert to Unicode and back. If doubly-converted string does not
+    // match the original, something is fishy, reject.
+    memset(wbuf, 0, wbuf_len * sizeof(wchar_t));
+    MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, (int) wbuf_len);
+    WideCharToMultiByte(CP_UTF8, 0, wbuf, (int) wbuf_len, buf2, sizeof(buf2),
+                        NULL, NULL);
+    if (strcmp(buf, buf2) != 0) {
+      wbuf[0] = L'\0';
+    }
+  }
+}
+
+#if defined(_WIN32_WCE) && !defined(__GNUC__)
+static time_t time(time_t *ptime) {
+  time_t t;
+  SYSTEMTIME st;
+  FILETIME ft;
+
+  GetSystemTime(&st);
+  SystemTimeToFileTime(&st, &ft);
+  t = SYS2UNIX_TIME(ft.dwLowDateTime, ft.dwHighDateTime);
+
+  if (ptime != NULL) {
+    *ptime = t;
+  }
+
+  return t;
+}
+
+static time_t mktime(struct tm *ptm) {
+  SYSTEMTIME st;
+  FILETIME ft, lft;
+
+  st.wYear = ptm->tm_year + 1900;
+  st.wMonth = ptm->tm_mon + 1;
+  st.wDay = ptm->tm_mday;
+  st.wHour = ptm->tm_hour;
+  st.wMinute = ptm->tm_min;
+  st.wSecond = ptm->tm_sec;
+  st.wMilliseconds = 0;
+
+  SystemTimeToFileTime(&st, &ft);
+  LocalFileTimeToFileTime(&ft, &lft);
+  return (time_t) ((MAKEUQUAD(lft.dwLowDateTime, lft.dwHighDateTime) -
+                    EPOCH_DIFF) / RATE_DIFF);
+}
+
+static struct tm *localtime(const time_t *ptime, struct tm *ptm) {
+  int64_t t = ((int64_t) *ptime) * RATE_DIFF + EPOCH_DIFF;
+  FILETIME ft, lft;
+  SYSTEMTIME st;
+  TIME_ZONE_INFORMATION tzinfo;
+
+  if (ptm == NULL) {
+    return NULL;
+  }
+
+  * (int64_t *) &ft = t;
+  FileTimeToLocalFileTime(&ft, &lft);
+  FileTimeToSystemTime(&lft, &st);
+  ptm->tm_year = st.wYear - 1900;
+  ptm->tm_mon = st.wMonth - 1;
+  ptm->tm_wday = st.wDayOfWeek;
+  ptm->tm_mday = st.wDay;
+  ptm->tm_hour = st.wHour;
+  ptm->tm_min = st.wMinute;
+  ptm->tm_sec = st.wSecond;
+  ptm->tm_yday = 0; // hope nobody uses this
+  ptm->tm_isdst =
+    GetTimeZoneInformation(&tzinfo) == TIME_ZONE_ID_DAYLIGHT ? 1 : 0;
+
+  return ptm;
+}
+
+static struct tm *gmtime(const time_t *ptime, struct tm *ptm) {
+  // FIXME(lsm): fix this.
+  return localtime(ptime, ptm);
+}
+
+static size_t strftime(char *dst, size_t dst_size, const char *fmt,
+                       const struct tm *tm) {
+  (void) snprintf(dst, dst_size, "implement strftime() for WinCE");
+  return 0;
+}
+#endif
+
+static int mg_rename(const char* oldname, const char* newname) {
+  wchar_t woldbuf[PATH_MAX];
+  wchar_t wnewbuf[PATH_MAX];
+
+  to_unicode(oldname, woldbuf, ARRAY_SIZE(woldbuf));
+  to_unicode(newname, wnewbuf, ARRAY_SIZE(wnewbuf));
+
+  return MoveFileW(woldbuf, wnewbuf) ? 0 : -1;
+}
+
+
+static FILE *mg_fopen(const char *path, const char *mode) {
+  wchar_t wbuf[PATH_MAX], wmode[20];
+
+  to_unicode(path, wbuf, ARRAY_SIZE(wbuf));
+  MultiByteToWideChar(CP_UTF8, 0, mode, -1, wmode, ARRAY_SIZE(wmode));
+
+  return _wfopen(wbuf, wmode);
+}
+
+static int mg_stat(const char *path, struct mgstat *stp) {
+  int ok = -1; // Error
+  wchar_t wbuf[PATH_MAX];
+  WIN32_FILE_ATTRIBUTE_DATA info;
+
+  to_unicode(path, wbuf, ARRAY_SIZE(wbuf));
+
+  if (GetFileAttributesExW(wbuf, GetFileExInfoStandard, &info) != 0) {
+    stp->size = MAKEUQUAD(info.nFileSizeLow, info.nFileSizeHigh);
+    stp->mtime = SYS2UNIX_TIME(info.ftLastWriteTime.dwLowDateTime,
+                               info.ftLastWriteTime.dwHighDateTime);
+    stp->is_directory =
+      info.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY;
+    ok = 0;  // Success
+  }
+
+  return ok;
+}
+
+static int mg_remove(const char *path) {
+  wchar_t wbuf[PATH_MAX];
+  to_unicode(path, wbuf, ARRAY_SIZE(wbuf));
+  return DeleteFileW(wbuf) ? 0 : -1;
+}
+
+static int mg_mkdir(const char *path, int mode) {
+  char buf[PATH_MAX];
+  wchar_t wbuf[PATH_MAX];
+
+  mode = 0; // Unused
+  mg_strlcpy(buf, path, sizeof(buf));
+  change_slashes_to_backslashes(buf);
+
+  (void) MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, sizeof(wbuf));
+
+  return CreateDirectoryW(wbuf, NULL) ? 0 : -1;
+}
+
+// Implementation of POSIX opendir/closedir/readdir for Windows.
+static DIR * opendir(const char *name) {
+  DIR *dir = NULL;
+  wchar_t wpath[PATH_MAX];
+  DWORD attrs;
+
+  if (name == NULL) {
+    SetLastError(ERROR_BAD_ARGUMENTS);
+  } else if ((dir = (DIR *) MG_MALLOC(sizeof(*dir))) == NULL) {
+    SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+  } else {
+    to_unicode(name, wpath, ARRAY_SIZE(wpath));
+    attrs = GetFileAttributesW(wpath);
+    if (attrs != 0xFFFFFFFF &&
+        ((attrs & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)) {
+      (void) wcscat(wpath, L"\\*");
+      dir->handle = FindFirstFileW(wpath, &dir->info);
+      dir->result.d_name[0] = '\0';
+    } else {
+      MG_FREE(dir);
+      dir = NULL;
+    }
+  }
+
+  return dir;
+}
+
+static int closedir(DIR *dir) {
+  int result = 0;
+
+  if (dir != NULL) {
+    if (dir->handle != INVALID_HANDLE_VALUE)
+      result = FindClose(dir->handle) ? 0 : -1;
+
+    MG_FREE(dir);
+  } else {
+    result = -1;
+    SetLastError(ERROR_BAD_ARGUMENTS);
+  }
+
+  return result;
+}
+
+struct dirent * readdir(DIR *dir) {
+  struct dirent *result = 0;
+
+  if (dir) {
+    if (dir->handle != INVALID_HANDLE_VALUE) {
+      result = &dir->result;
+      (void) WideCharToMultiByte(CP_UTF8, 0,
+          dir->info.cFileName, -1, result->d_name,
+          sizeof(result->d_name), NULL, NULL);
+
+      if (!FindNextFileW(dir->handle, &dir->info)) {
+        (void) FindClose(dir->handle);
+        dir->handle = INVALID_HANDLE_VALUE;
+      }
+
+    } else {
+      SetLastError(ERROR_FILE_NOT_FOUND);
+    }
+  } else {
+    SetLastError(ERROR_BAD_ARGUMENTS);
+  }
+
+  return result;
+}
+
+#define set_close_on_exec(fd) // No FD_CLOEXEC on Windows
+
+int mg_start_thread(mg_thread_func_t f, void *p) {
+#ifdef _WIN32_WCE
+  HANDLE hThread;
+
+  hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) f, p, 0,
+                         NULL);
+  if (hThread != NULL) {
+    (void) CloseHandle(hThread);
+  }
+
+  return hThread == NULL ? -1 : 0;
+#else
+  return _beginthread((void (__cdecl *)(void *)) f, 0, p) == -1L ? -1 : 0;
+#endif
+}
+
+static HANDLE dlopen(const char *dll_name, int flags) {
+  wchar_t wbuf[PATH_MAX];
+  flags = 0; // Unused
+  to_unicode(dll_name, wbuf, ARRAY_SIZE(wbuf));
+  return LoadLibraryW(wbuf);
+}
+
+#if !defined(NO_CGI)
+#define SIGKILL 0
+static int kill(pid_t pid, int sig_num) {
+  (void) TerminateProcess(pid, sig_num);
+  (void) CloseHandle(pid);
+  return 0;
+}
+
+static pid_t spawn_process(struct mg_connection *conn, const char *prog,
+                           char *envblk, char *envp[], int fd_stdin,
+                           int fd_stdout, const char *dir) {
+  HANDLE me;
+  char *p, *interp, full_interp[PATH_MAX], cmdline[PATH_MAX], buf[PATH_MAX];
+  FILE *fp;
+  STARTUPINFOA si = { sizeof(si) };
+  PROCESS_INFORMATION pi = { 0 };
+
+  envp = NULL; // Unused
+
+  // TODO(lsm): redirect CGI errors to the error log file
+  si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
+  si.wShowWindow = SW_HIDE;
+
+  me = GetCurrentProcess();
+  DuplicateHandle(me, (HANDLE) _get_osfhandle(fd_stdin), me,
+                  &si.hStdInput, 0, TRUE, DUPLICATE_SAME_ACCESS);
+  DuplicateHandle(me, (HANDLE) _get_osfhandle(fd_stdout), me,
+                  &si.hStdOutput, 0, TRUE, DUPLICATE_SAME_ACCESS);
+
+  // If CGI file is a script, try to read the interpreter line
+  interp = conn->ctx->config[CGI_INTERPRETER];
+  if (interp == NULL) {
+    buf[0] = buf[2] = '\0';
+
+    // Read the first line of the script into the buffer
+    snprintf(cmdline, sizeof(cmdline), "%s%c%s", dir, '/', prog);
+    if ((fp = mg_fopen(cmdline, "r")) != NULL) {
+      fgets(buf, sizeof(buf), fp);
+      fclose(fp);
+      buf[sizeof(buf) - 1] = '\0';
+    }
+
+    if (buf[0] == '#' && buf[1] == '!') {
+      // Trim whitespace in interpreter name
+      for (p = buf + 2; *p != '\0' && isspace(* (unsigned char *) p); )
+        p++;
+      *p = '\0';
+    }
+    interp = buf + 2;
+  }
+
+  if (interp[0] != '\0') {
+    GetFullPathName(interp, sizeof(full_interp), full_interp, NULL);
+    interp = full_interp;
+  }
+
+  (void) mg_snprintf(conn, cmdline, sizeof(cmdline), "%s%s%s%c%s",
+                     interp, interp[0] == '\0' ? "" : " ", dir, DIRSEP, prog);
+
+  DEBUG_TRACE(("Running [%s]", cmdline));
+  if (CreateProcessA(NULL, cmdline, NULL, NULL, TRUE,
+        CREATE_NEW_PROCESS_GROUP, envblk, dir, &si, &pi) == 0) {
+    cry(conn, "%s: CreateProcess(%s): %d",
+        __func__, cmdline, ERRNO);
+    pi.hProcess = (pid_t) -1;
+  }
+
+  // Always close these to prevent handle leakage.
+  (void) close(fd_stdin);
+  (void) close(fd_stdout);
+
+  (void) CloseHandle(si.hStdOutput);
+  (void) CloseHandle(si.hStdInput);
+  (void) CloseHandle(pi.hThread);
+
+  return (pid_t) pi.hProcess;
+}
+#endif // !NO_CGI
+
+static int set_non_blocking_mode(SOCKET sock) {
+  unsigned long on = 1;
+  return ioctlsocket(sock, FIONBIO, &on);
+}
+
+#else
+static int mg_stat(const char *path, struct mgstat *stp) {
+  struct stat st;
+  int ok;
+
+  if (stat(path, &st) == 0) {
+    ok = 0;
+    stp->size = st.st_size;
+    stp->mtime = st.st_mtime;
+    stp->is_directory = S_ISDIR(st.st_mode);
+  } else {
+    ok = -1;
+  }
+
+  return ok;
+}
+
+static void set_close_on_exec(int fd) {
+  (void) fcntl(fd, F_SETFD, FD_CLOEXEC);
+}
+
+int mg_start_thread(mg_thread_func_t func, void *param) {
+  pthread_t thread_id;
+  pthread_attr_t attr;
+
+  (void) pthread_attr_init(&attr);
+  (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+  // TODO(lsm): figure out why mongoose dies on Linux if next line is enabled
+  // (void) pthread_attr_setstacksize(&attr, sizeof(struct mg_connection) * 5);
+
+  return pthread_create(&thread_id, &attr, func, param);
+}
+
+#ifndef NO_CGI
+static pid_t spawn_process(struct mg_connection *conn, const char *prog,
+                           char *envblk, char *envp[], int fd_stdin,
+                           int fd_stdout, const char *dir) {
+  pid_t pid;
+  const char *interp;
+
+  envblk = NULL; // Unused
+
+  if ((pid = fork()) == -1) {
+    // Parent
+    send_http_error(conn, 500, http_500_error, "fork(): %s", strerror(ERRNO));
+  } else if (pid == 0) {
+    // Child
+    if (chdir(dir) != 0) {
+      cry(conn, "%s: chdir(%s): %s", __func__, dir, strerror(ERRNO));
+    } else if (dup2(fd_stdin, 0) == -1) {
+      cry(conn, "%s: dup2(%d, 0): %s", __func__, fd_stdin, strerror(ERRNO));
+    } else if (dup2(fd_stdout, 1) == -1) {
+      cry(conn, "%s: dup2(%d, 1): %s", __func__, fd_stdout, strerror(ERRNO));
+    } else {
+      (void) dup2(fd_stdout, 2);
+      (void) close(fd_stdin);
+      (void) close(fd_stdout);
+
+      // Execute CGI program. No need to lock: new process
+      interp = conn->ctx->config[CGI_INTERPRETER];
+      if (interp == NULL) {
+        (void) execle(prog, prog, NULL, envp);
+        cry(conn, "%s: execle(%s): %s", __func__, prog, strerror(ERRNO));
+      } else {
+        (void) execle(interp, interp, prog, NULL, envp);
+        cry(conn, "%s: execle(%s %s): %s", __func__, interp, prog,
+            strerror(ERRNO));
+      }
+    }
+    exit(EXIT_FAILURE);
+  }
+
+  // Parent. Close stdio descriptors
+  (void) close(fd_stdin);
+  (void) close(fd_stdout);
+
+  return pid;
+}
+#endif // !NO_CGI
+
+static int set_non_blocking_mode(SOCKET sock) {
+  int flags;
+
+  flags = fcntl(sock, F_GETFL, 0);
+  (void) fcntl(sock, F_SETFL, flags | O_NONBLOCK);
+
+  return 0;
+}
+#endif // _WIN32
+
+// Write data to the IO channel - opened file descriptor, socket or SSL
+// descriptor. Return number of bytes written.
+static int64_t push(FILE *fp, SOCKET sock, SSL *ssl, const char *buf,
+                    int64_t len) {
+  int64_t sent;
+  int n, k;
+
+  sent = 0;
+  while (sent < len) {
+
+    // How many bytes we send in this iteration
+    k = len - sent > INT_MAX ? INT_MAX : (int) (len - sent);
+
+    if (ssl != NULL) {
+      n = SSL_write(ssl, buf + sent, k);
+    } else if (fp != NULL) {
+      n = (int) fwrite(buf + sent, 1, (size_t) k, fp);
+      if (ferror(fp))
+        n = -1;
+    } else {
+      n = send(sock, buf + sent, (size_t) k, MSG_NOSIGNAL);
+    }
+
+    if (n < 0)
+      break;
+
+    sent += n;
+  }
+
+  return sent;
+}
+
+// This function is needed to prevent Mongoose to be stuck in a blocking
+// socket read when user requested exit. To do that, we sleep in select
+// with a timeout, and when returned, check the context for the stop flag.
+// If it is set, we return 0, and this means that we must not continue
+// reading, must give up and close the connection and exit serving thread.
+static int wait_until_socket_is_readable(struct mg_connection *conn) {
+  int result;
+  struct timeval tv;
+  fd_set set;
+#ifdef _WIN32_WCE
+	#define EINTR           4
+#endif
+  do {
+    tv.tv_sec = 0;
+    tv.tv_usec = 300 * 1000;
+    FD_ZERO(&set);
+    FD_SET(conn->client.sock, &set);
+    result = select(conn->client.sock + 1, &set, NULL, NULL, &tv);
+  } while ((result == 0 || (result < 0 && ERRNO == EINTR)) &&
+           conn->ctx->stop_flag == 0);
+
+  return conn->ctx->stop_flag || result < 0 ? 0 : 1;
+}
+
+// Read from IO channel - opened file descriptor, socket, or SSL descriptor.
+// Return negative value on error, or number of bytes read on success.
+static int pull(FILE *fp, struct mg_connection *conn, char *buf, int len) {
+  int nread;
+
+  if (fp != NULL) {
+    // Use read() instead of fread(), because if we're reading from the CGI
+    // pipe, fread() may block until IO buffer is filled up. We cannot afford
+    // to block and must pass all read bytes immediately to the client.
+    nread = read(fileno(fp), buf, (size_t) len);
+  } else if (!wait_until_socket_is_readable(conn)) {
+    nread = -1;
+  } else if (conn->ssl != NULL) {
+    nread = SSL_read(conn->ssl, buf, len);
+  } else {
+    nread = recv(conn->client.sock, buf, (size_t) len, 0);
+  }
+
+  return conn->ctx->stop_flag ? -1 : nread;
+}
+
+int mg_read(struct mg_connection *conn, void *buf, size_t len) {
+  int n, buffered_len, nread;
+
+  assert(conn->next_request != NULL &&
+         conn->body != NULL &&
+         conn->next_request >= conn->body);
+  nread = 0;
+  if (conn->consumed_content < conn->content_len) {
+    // Adjust number of bytes to read.
+    int64_t to_read = conn->content_len - conn->consumed_content;
+    if (to_read < (int64_t) len) {
+      len = (size_t) to_read;
+    }
+
+    // Return buffered data
+    buffered_len = conn->next_request - conn->body;
+    if (buffered_len > 0) {
+      if (len < (size_t) buffered_len) {
+        buffered_len = (int) len;
+      }
+      memcpy(buf, conn->body, (size_t) buffered_len);
+      len -= buffered_len;
+      conn->body += buffered_len;
+      conn->consumed_content += buffered_len;
+      nread += buffered_len;
+      buf = (char *) buf + buffered_len;
+    }
+
+    // We have returned all buffered data. Read new data from the remote socket.
+    while (len > 0) {
+      n = pull(NULL, conn, (char *) buf, (int) len);
+      if (n < 0) {
+        nread = n;  // Propagate the error
+        break;
+      } else if (n == 0) {
+        break;  // No more data to read
+      } else {
+        buf = (char *) buf + n;
+        conn->consumed_content += n;
+        nread += n;
+        len -= n;
+      }
+    }
+  }
+  return nread;
+}
+
+int mg_write(struct mg_connection *conn, const void *buf, size_t len) {
+  time_t now;
+  int64_t n, total, allowed;
+
+  if (conn->throttle > 0) {
+    if ((now = time(NULL)) != conn->last_throttle_time) {
+      conn->last_throttle_time = now;
+      conn->last_throttle_bytes = 0;
+    }
+    allowed = conn->throttle - conn->last_throttle_bytes;
+    if (allowed > (int64_t) len) {
+      allowed = len;
+    }
+    if ((total = push(NULL, conn->client.sock, conn->ssl, (const char *) buf,
+                      (int64_t) allowed)) == allowed) {
+      buf = (char *) buf + total;
+      conn->last_throttle_bytes += total;
+      while (total < (int64_t) len && conn->ctx->stop_flag == 0) {
+        allowed = conn->throttle > (int64_t) len - total ?
+          (int64_t) len - total : conn->throttle;
+        if ((n = push(NULL, conn->client.sock, conn->ssl, (const char *) buf,
+                      (int64_t) allowed)) != allowed) {
+          break;
+        }
+        mg_sleep(1);
+        conn->last_throttle_bytes = allowed;
+        conn->last_throttle_time = time(NULL);
+        buf = (char *) buf + n;
+        total += n;
+      }
+    }
+  } else {
+    total = push(NULL, conn->client.sock, conn->ssl, (const char *) buf,
+                 (int64_t) len);
+  }
+  return (int) total;
+}
+
+int mg_printf(struct mg_connection *conn, const char *fmt, ...) {
+  char buf[MG_BUF_LEN];
+  int len;
+  va_list ap;
+
+  va_start(ap, fmt);
+  len = mg_vsnprintf(conn, buf, sizeof(buf), fmt, ap);
+  va_end(ap);
+
+  return mg_write(conn, buf, (size_t)len);
+}
+
+// URL-decode input buffer into destination buffer.
+// 0-terminate the destination buffer. Return the length of decoded data.
+// form-url-encoded data differs from URI encoding in a way that it
+// uses '+' as character for space, see RFC 1866 section 8.2.1
+// http://ftp.ics.uci.edu/pub/ietf/html/rfc1866.txt
+size_t mg_url_decode(const char *src, size_t src_len, char *dst,
+                         size_t dst_len, int is_form_url_encoded) {
+  size_t i, j;
+  int a, b;
+#define HEXTOI(x) (isdigit(x) ? x - '0' : x - 'W')
+
+  for (i = j = 0; i < src_len && j < dst_len - 1; i++, j++) {
+    if (src[i] == '%' &&
+        isxdigit(* (const unsigned char *) (src + i + 1)) &&
+        isxdigit(* (const unsigned char *) (src + i + 2))) {
+      a = tolower(* (const unsigned char *) (src + i + 1));
+      b = tolower(* (const unsigned char *) (src + i + 2));
+      dst[j] = (char) ((HEXTOI(a) << 4) | HEXTOI(b));
+      i += 2;
+    } else if (is_form_url_encoded && src[i] == '+') {
+      dst[j] = ' ';
+    } else {
+      dst[j] = src[i];
+    }
+  }
+
+  dst[j] = '\0'; // Null-terminate the destination
+
+  return j;
+}
+
+// Scan given buffer and fetch the value of the given variable.
+// It can be specified in query string, or in the POST data.
+// Return NULL if the variable not found, or allocated 0-terminated value.
+// It is caller's responsibility to free the returned value.
+int mg_find_var(const char *buf, size_t buf_len, const char *name,
+                const char **start) {
+  const char *p, *e, *s;
+  size_t name_len, len;
+
+  name_len = strlen(name);
+  e = buf + buf_len;
+  len = -1;
+
+  // buf is "var1=val1&var2=val2...". Find variable first
+  for (p = buf; p != NULL && p + name_len < e; p++) {
+    if ((p == buf || p[-1] == '&') && p[name_len] == '=' &&
+        !mg_strncasecmp(name, p, name_len)) {
+
+      // Point p to variable value
+      p += name_len + 1;
+
+      // Point s to the end of the value
+      s = (const char *) memchr(p, '&', (size_t)(e - p));
+      if (s == NULL) {
+        s = e;
+      }
+      assert(s >= p);
+      *start = p;
+      len = (s - p);
+      break;
+    }
+  }
+
+  return len;
+}
+
+int mg_get_var(const char *buf, size_t buf_len, const char *name,
+               char *dst, size_t dst_len) {
+  const char *start;
+  int len;
+
+  len = mg_find_var(buf, buf_len, name, &start);
+
+  if( (len > 0) && (len < dst_len) ) {
+    len = mg_url_decode(start, len, dst, dst_len, 1);
+  } else dst[0] = '\0';
+
+  return len;
+}
+
+int mg_find_cookie(const struct mg_connection *conn, const char *cookie_name,
+                  const char **start) {
+  const char *s, *p, *end;
+  int name_len, len = -1;
+
+  if ((s = mg_get_header(conn, "Cookie")) == NULL) {
+    return -1;
+  }
+
+  name_len = (int) strlen(cookie_name);
+  end = s + strlen(s);
+
+  for (; (s = strstr(s, cookie_name)) != NULL; s += name_len)
+    if (s[name_len] == '=') {
+      s += name_len + 1;
+      if ((p = strchr(s, ' ')) == NULL)
+        p = end;
+      if (p[-1] == ';')
+        p--;
+      if (*s == '"' && p[-1] == '"' && p > s + 1) {
+        s++;
+        p--;
+      }
+      len = (p - s) + 1;
+      *start = s;
+      break;
+    }
+
+  return len;
+}
+
+int mg_get_cookie(const struct mg_connection *conn, const char *cookie_name,
+                  char *dst, size_t dst_size) {
+  const char *start;
+  int len;
+
+  len = mg_find_cookie(conn, cookie_name, &start);
+
+  if( (len > 0) && (len < dst_size) ) {
+      mg_strlcpy(dst, start, (size_t)len);
+      dst[len] = '\0';
+  } else dst[0] = '\0';
+
+  return len;
+}
+
+// Mongoose allows to specify multiple directories to serve,
+// like /var/www,/~bob=/home/bob. That means that root directory depends on URI.
+// This function returns root dir for given URI.
+static int get_document_root(const struct mg_connection *conn,
+                             struct vec *document_root) {
+  const char *root, *uri;
+  int len_of_matched_uri;
+  struct vec uri_vec, path_vec;
+
+  uri = conn->request_info.uri;
+  len_of_matched_uri = 0;
+  root = next_option(conn->ctx->config[DOCUMENT_ROOT], document_root, NULL);
+
+  while ((root = next_option(root, &uri_vec, &path_vec)) != NULL) {
+    if (memcmp(uri, uri_vec.ptr, uri_vec.len) == 0) {
+      *document_root = path_vec;
+      len_of_matched_uri = uri_vec.len;
+      break;
+    }
+  }
+
+  return len_of_matched_uri;
+}
+
+static int convert_uri_to_file_name(struct mg_connection *conn, char *buf,
+                                    size_t buf_len, struct mgstat *st) {
+  struct vec a, b;
+  const char *rewrite, *uri = conn->request_info.uri;
+  char *p;
+  int match_len, stat_result;
+
+  buf_len--;  // This is because memmove() for PATH_INFO may shift part
+              // of the path one byte on the right.
+  mg_snprintf(conn, buf, buf_len, "%s%s", conn->ctx->config[DOCUMENT_ROOT],
+              uri);
+
+  rewrite = conn->ctx->config[REWRITE];
+  while ((rewrite = next_option(rewrite, &a, &b)) != NULL) {
+    if ((match_len = match_prefix(a.ptr, a.len, uri)) > 0) {
+      mg_snprintf(conn, buf, buf_len, "%.*s%s", (int) b.len, b.ptr,
+                  uri + match_len);
+      break;
+    }
+  }
+
+#if defined(_WIN32) && !defined(__SYMBIAN32__)
+  //change_slashes_to_backslashes(buf);
+#endif // _WIN32
+
+  if ((stat_result = mg_stat(buf, st)) != 0) {
+    // Support PATH_INFO for CGI scripts.
+    for (p = buf + strlen(buf); p > buf + 1; p--) {
+      if (*p == '/') {
+        *p = '\0';
+        if (match_prefix(conn->ctx->config[CGI_EXTENSIONS],
+                         strlen(conn->ctx->config[CGI_EXTENSIONS]), buf) > 0 &&
+            (stat_result = mg_stat(buf, st)) == 0) {
+          // Shift PATH_INFO block one character right, e.g.
+          //  "/x.cgi/foo/bar\x00" => "/x.cgi\x00/foo/bar\x00"
+          // conn->path_info is pointing to the local variable "path" declared
+          // in handle_request(), so PATH_INFO is not valid after
+          // handle_request returns.
+          conn->path_info = p + 1;
+          memmove(p + 2, p + 1, strlen(p + 1) + 1);  // +1 is for trailing \0
+          p[1] = '/';
+          break;
+        } else {
+          *p = '/';
+          stat_result = -1;
+        }
+      }
+    }
+  }
+
+  return stat_result;
+}
+
+static int sslize(struct mg_connection *conn, SSL_CTX *s, int (*func)(SSL *)) {
+  return (conn->ssl = SSL_new(s)) != NULL &&
+    SSL_set_fd(conn->ssl, conn->client.sock) == 1 &&
+    func(conn->ssl) == 1;
+}
+
+// Check whether full request is buffered. Return:
+//   -1  if request is malformed
+//    0  if request is not yet fully buffered
+//   >0  actual request length, including last \r\n\r\n
+static int get_request_len(const char *buf, int buflen) {
+  const char *s, *e;
+  int len = 0;
+
+  for (s = buf, e = s + buflen - 1; len <= 0 && s < e; s++)
+    // Control characters are not allowed but >=128 is.
+    if (!isprint(* (const unsigned char *) s) && *s != '\r' &&
+        *s != '\n' && * (const unsigned char *) s < 128) {
+      len = -1;
+      break; // [i_a] abort scan as soon as one malformed character is found; don't let subsequent \r\n\r\n win us over anyhow
+    } else if (s[0] == '\n' && s[1] == '\n') {
+      len = (int) (s - buf) + 2;
+    } else if (s[0] == '\n' && &s[1] < e &&
+        s[1] == '\r' && s[2] == '\n') {
+      len = (int) (s - buf) + 3;
+    }
+
+  return len;
+}
+
+// Convert month to the month number. Return -1 on error, or month number
+static int get_month_index(const char *s) {
+  size_t i;
+
+  for (i = 0; i < ARRAY_SIZE(month_names); i++)
+    if (!strcmp(s, month_names[i]))
+      return (int) i;
+
+  return -1;
+}
+
+static int num_leap_years(int year) {
+  return year / 4 - year / 100 + year / 400;
+}
+
+// Parse UTC date-time string, and return the corresponding time_t value.
+static time_t parse_date_string(const char *datetime) {
+  static const unsigned short days_before_month[] = {
+    0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
+  };
+  char month_str[32];
+  int second, minute, hour, day, month, year, leap_days, days;
+  time_t result = (time_t) 0;
+
+  if (((sscanf(datetime, "%d/%3s/%d %d:%d:%d",
+               &day, month_str, &year, &hour, &minute, &second) == 6) ||
+       (sscanf(datetime, "%d %3s %d %d:%d:%d",
+               &day, month_str, &year, &hour, &minute, &second) == 6) ||
+       (sscanf(datetime, "%*3s, %d %3s %d %d:%d:%d",
+               &day, month_str, &year, &hour, &minute, &second) == 6) ||
+       (sscanf(datetime, "%d-%3s-%d %d:%d:%d",
+               &day, month_str, &year, &hour, &minute, &second) == 6)) &&
+      year > 1970 &&
+      (month = get_month_index(month_str)) != -1) {
+    leap_days = num_leap_years(year) - num_leap_years(1970);
+    year -= 1970;
+    days = year * 365 + days_before_month[month] + (day - 1) + leap_days;
+    result = days * 24 * 3600 + hour * 3600 + minute * 60 + second;
+  }
+
+  return result;
+}
+
+// Protect against directory disclosure attack by removing '..',
+// excessive '/' and '\' characters
+static void remove_double_dots_and_double_slashes(char *s) {
+  char *p = s;
+
+  while (*s != '\0') {
+    *p++ = *s++;
+    if (IS_DIRSEP_CHAR(s[-1])) {
+      // Skip all following slashes and backslashes
+      while (IS_DIRSEP_CHAR(s[0])) {
+        s++;
+      }
+
+      // Skip all double-dots
+      while (*s == '.' && s[1] == '.') {
+        s += 2;
+      }
+    }
+  }
+  *p = '\0';
+}
+
+static const struct {
+  const char *extension;
+  size_t ext_len;
+  const char *mime_type;
+} builtin_mime_types[] = {
+  {".html", 5, "text/html"},
+  {".htm", 4, "text/html"},
+  {".shtm", 5, "text/html"},
+  {".shtml", 6, "text/html"},
+  {".css", 4, "text/css"},
+  {".js",  3, "application/x-javascript"},
+  {".ico", 4, "image/x-icon"},
+  {".gif", 4, "image/gif"},
+  {".jpg", 4, "image/jpeg"},
+  {".jpeg", 5, "image/jpeg"},
+  {".png", 4, "image/png"},
+  {".svg", 4, "image/svg+xml"},
+  {".txt", 4, "text/plain"},
+  {".torrent", 8, "application/x-bittorrent"},
+  {".wav", 4, "audio/x-wav"},
+  {".mp3", 4, "audio/x-mp3"},
+  {".mid", 4, "audio/mid"},
+  {".m3u", 4, "audio/x-mpegurl"},
+  {".ram", 4, "audio/x-pn-realaudio"},
+  {".xml", 4, "text/xml"},
+  {".json",  5, "text/json"},
+  {".xslt", 5, "application/xml"},
+  {".ra",  3, "audio/x-pn-realaudio"},
+  {".doc", 4, "application/msword"},
+  {".exe", 4, "application/octet-stream"},
+  {".zip", 4, "application/x-zip-compressed"},
+  {".xls", 4, "application/excel"},
+  {".tgz", 4, "application/x-tar-gz"},
+  {".tar", 4, "application/x-tar"},
+  {".gz",  3, "application/x-gunzip"},
+  {".arj", 4, "application/x-arj-compressed"},
+  {".rar", 4, "application/x-arj-compressed"},
+  {".rtf", 4, "application/rtf"},
+  {".pdf", 4, "application/pdf"},
+  {".swf", 4, "application/x-shockwave-flash"},
+  {".mpg", 4, "video/mpeg"},
+  {".webm", 5, "video/webm"},
+  {".mpeg", 5, "video/mpeg"},
+  {".mp4", 4, "video/mp4"},
+  {".m4v", 4, "video/x-m4v"},
+  {".asf", 4, "video/x-ms-asf"},
+  {".avi", 4, "video/x-msvideo"},
+  {".bmp", 4, "image/bmp"},
+  {".apk", 4, "application/vnd.android.package-archive"},
+  {".manifest", 9, "text/cache-manifest"},
+  {NULL,  0, NULL}
+};
+
+const char *mg_get_builtin_mime_type(const char *path) {
+  const char *ext;
+  size_t i, path_len;
+
+  path_len = strlen(path);
+
+  for (i = 0; builtin_mime_types[i].extension != NULL; i++) {
+    ext = path + (path_len - builtin_mime_types[i].ext_len);
+    if (path_len > builtin_mime_types[i].ext_len &&
+        mg_strcasecmp(ext, builtin_mime_types[i].extension) == 0) {
+      return builtin_mime_types[i].mime_type;
+    }
+  }
+
+  return "text/plain";
+}
+
+// Look at the "path" extension and figure what mime type it has.
+// Store mime type in the vector.
+static void get_mime_type(struct mg_context *ctx, const char *path,
+                          struct vec *vec) {
+  struct vec ext_vec, mime_vec;
+  const char *list, *ext;
+  size_t path_len;
+
+  path_len = strlen(path);
+
+  // Scan user-defined mime types first, in case user wants to
+  // override default mime types.
+  list = ctx->config[EXTRA_MIME_TYPES];
+  while ((list = next_option(list, &ext_vec, &mime_vec)) != NULL) {
+    // ext now points to the path suffix
+    ext = path + path_len - ext_vec.len;
+    if (mg_strncasecmp(ext, ext_vec.ptr, ext_vec.len) == 0) {
+      *vec = mime_vec;
+      return;
+    }
+  }
+
+  vec->ptr = mg_get_builtin_mime_type(path);
+  vec->len = strlen(vec->ptr);
+}
+
+#ifndef HAVE_MD5
+typedef struct MD5Context {
+  uint32_t buf[4];
+  uint32_t bits[2];
+  unsigned char in[64];
+} MD5_CTX;
+
+#if defined(__BYTE_ORDER) && (__BYTE_ORDER == 1234)
+#define byteReverse(buf, len) // Do nothing
+#else
+static void byteReverse(unsigned char *buf, unsigned longs) {
+  uint32_t t;
+  do {
+    t = (uint32_t) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
+      ((unsigned) buf[1] << 8 | buf[0]);
+    *(uint32_t *) buf = t;
+    buf += 4;
+  } while (--longs);
+}
+#endif
+
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+#define MD5STEP(f, w, x, y, z, data, s) \
+  ( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
+
+// Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
+// initialization constants.
+void MD5Init(MD5_CTX *ctx) {
+  ctx->buf[0] = 0x67452301;
+  ctx->buf[1] = 0xefcdab89;
+  ctx->buf[2] = 0x98badcfe;
+  ctx->buf[3] = 0x10325476;
+
+  ctx->bits[0] = 0;
+  ctx->bits[1] = 0;
+}
+
+void MD5Transform(uint32_t buf[4], uint32_t const in[16]) {
+  register uint32_t a, b, c, d;
+
+  a = buf[0];
+  b = buf[1];
+  c = buf[2];
+  d = buf[3];
+
+  MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
+  MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
+  MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
+  MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
+  MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
+  MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
+  MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
+  MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
+  MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
+  MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
+  MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
+  MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
+  MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
+  MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
+  MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
+  MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
+
+  MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
+  MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
+  MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
+  MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
+  MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
+  MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
+  MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
+  MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
+  MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
+  MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
+  MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
+  MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
+  MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
+  MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
+  MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
+  MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
+
+  MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
+  MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
+  MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
+  MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
+  MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
+  MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
+  MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
+  MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
+  MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
+  MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
+  MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
+  MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
+  MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
+  MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
+  MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
+  MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
+
+  MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
+  MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
+  MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
+  MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
+  MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
+  MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
+  MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
+  MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
+  MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
+  MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
+  MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
+  MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
+  MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
+  MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
+  MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
+  MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
+
+  buf[0] += a;
+  buf[1] += b;
+  buf[2] += c;
+  buf[3] += d;
+}
+
+void MD5Update(MD5_CTX *ctx, unsigned char const *buf, unsigned len) {
+  uint32_t t;
+
+  t = ctx->bits[0];
+  if ((ctx->bits[0] = t + ((uint32_t) len << 3)) < t)
+    ctx->bits[1]++;
+  ctx->bits[1] += len >> 29;
+
+  t = (t >> 3) & 0x3f;
+
+  if (t) {
+    unsigned char *p = (unsigned char *) ctx->in + t;
+
+    t = 64 - t;
+    if (len < t) {
+      memcpy(p, buf, len);
+      return;
+    }
+    memcpy(p, buf, t);
+    byteReverse(ctx->in, 16);
+    MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+    buf += t;
+    len -= t;
+  }
+
+  while (len >= 64) {
+    memcpy(ctx->in, buf, 64);
+    byteReverse(ctx->in, 16);
+    MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+    buf += 64;
+    len -= 64;
+  }
+
+  memcpy(ctx->in, buf, len);
+}
+
+void MD5Final(unsigned char digest[16], MD5_CTX *ctx) {
+  unsigned count;
+  unsigned char *p;
+
+  count = (ctx->bits[0] >> 3) & 0x3F;
+
+  p = ctx->in + count;
+  *p++ = 0x80;
+  count = 64 - 1 - count;
+  if (count < 8) {
+    memset(p, 0, count);
+    byteReverse(ctx->in, 16);
+    MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+    memset(ctx->in, 0, 56);
+  } else {
+    memset(p, 0, count - 8);
+  }
+  byteReverse(ctx->in, 14);
+
+  ((uint32_t *) ctx->in)[14] = ctx->bits[0];
+  ((uint32_t *) ctx->in)[15] = ctx->bits[1];
+
+  MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+  byteReverse((unsigned char *) ctx->buf, 4);
+  memcpy(digest, ctx->buf, 16);
+  memset((char *) ctx, 0, sizeof(*ctx));
+}
+#endif // !HAVE_MD5
+
+// Stringify binary data. Output buffer must be twice as big as input,
+// because each byte takes 2 bytes in string representation
+void mg_bin2str(char *to, const unsigned char *p, size_t len) {
+  static const char *hex = "0123456789abcdef";
+
+  for (; len--; p++) {
+    *to++ = hex[p[0] >> 4];
+    *to++ = hex[p[0] & 0x0f];
+  }
+  *to = '\0';
+}
+
+// Return stringified MD5 hash for list of vectors. Buffer must be 33 bytes.
+void mg_md5(md5_buf_t buf, ...) {
+  unsigned char hash[16];
+  const char *p;
+  va_list ap;
+  MD5_CTX ctx;
+
+  MD5Init(&ctx);
+
+  va_start(ap, buf);
+  while ((p = va_arg(ap, const char *)) != NULL) {
+    MD5Update(&ctx, (const unsigned char *) p, (unsigned) strlen(p));
+  }
+  va_end(ap);
+
+  MD5Final(hash, &ctx);
+  mg_bin2str(buf, hash, sizeof(hash));
+}
+
+// Check the user's password, return 1 if OK
+static int check_password(struct mg_connection *conn) {
+  char ha2[32 + 1], expected_response[32 + 1];
+  struct mg_auth_header *ah = conn->request_info.ah;
+
+  // Some of the parameters may be NULL
+  if (conn->request_info.request_method == NULL || ah == NULL ||
+      ah->nonce == NULL || ah->nc == NULL ||
+      ah->cnonce == NULL || ah->qop == NULL || ah->uri == NULL ||
+      ah->response == NULL) {
+    return 0;
+  }
+
+  // NOTE(lsm): due to a bug in MSIE, we do not compare the URI
+  // TODO(lsm): check for authentication timeout
+  if (// strcmp(ah->uri, conn->request_info.uri) != 0 ||
+      strlen(ah->response) != 32
+      // || now - strtoul(ah->nonce, NULL, 10) > 3600
+      ) {
+    return 0;
+  }
+
+  mg_md5(ha2, conn->request_info.request_method, ":", ah->uri, NULL);
+  mg_md5(expected_response, ah->ha1, ":", ah->nonce, ":", ah->nc,
+      ":", ah->cnonce, ":", ah->qop, ":", ha2, NULL);
+
+  return mg_strcasecmp(ah->response, expected_response) == 0;
+}
+
+// Use the global passwords file, if specified by auth_gpass option,
+// or search for .htpasswd in the requested directory.
+static FILE *open_auth_file(struct mg_connection *conn, const char *path) {
+  struct mg_context *ctx = conn->ctx;
+  char name[PATH_MAX];
+  const char *p, *e;
+  struct mgstat st;
+  FILE *fp;
+
+  if (ctx->config[GLOBAL_PASSWORDS_FILE] != NULL) {
+    // Use global passwords file
+    fp =  mg_fopen(ctx->config[GLOBAL_PASSWORDS_FILE], "r");
+    if (fp == NULL)
+      cry(fc(ctx), "fopen(%s): %s",
+          ctx->config[GLOBAL_PASSWORDS_FILE], strerror(ERRNO));
+  } else if (!mg_stat(path, &st) && st.is_directory) {
+    (void) mg_snprintf(conn, name, sizeof(name), "%s%c%s",
+        path, DIRSEP, PASSWORDS_FILE_NAME);
+    fp = mg_fopen(name, "r");
+  } else {
+     // Try to find .htpasswd in requested directory.
+    for (p = path, e = p + strlen(p) - 1; e > p; e--)
+      if (IS_DIRSEP_CHAR(*e))
+        break;
+    (void) mg_snprintf(conn, name, sizeof(name), "%.*s%c%s",
+        (int) (e - p), p, DIRSEP, PASSWORDS_FILE_NAME);
+    fp = mg_fopen(name, "r");
+  }
+
+  return fp;
+}
+
+static int parse_auth_header(struct mg_connection *conn) {
+  char *name, *value, *s;
+  const char *auth_header;
+
+  if ((auth_header = mg_get_header(conn, "Authorization")) == NULL ||
+      mg_strncasecmp(auth_header, "Digest ", 7) != 0) {
+    return 0;
+  }
+
+  // Make modifiable copy of the auth header
+  conn->auth_header = mg_strdup(auth_header + 7);
+  s = conn->auth_header;
+
+  conn->request_info.ah = (struct mg_auth_header*)MG_CALLOC(1, sizeof(struct mg_auth_header));
+
+  // Parse authorization header
+  for (;;) {
+    // Gobble initial spaces
+    while (isspace(* (unsigned char *) s)) {
+      s++;
+    }
+    name = skip_quoted(&s, "=", " ", 0);
+    // Value is either quote-delimited, or ends at first comma or space.
+    if (s[0] == '\"') {
+      s++;
+      value = skip_quoted(&s, "\"", " ", '\\');
+      if (s[0] == ',') {
+        s++;
+      }
+    } else {
+      value = skip_quoted(&s, ", ", " ", 0);  // IE uses commas, FF uses spaces
+    }
+    if (*name == '\0') {
+      break;
+    }
+
+    if (!strcmp(name, "username")) {
+      conn->request_info.ah->user = value;
+    } else if (!strcmp(name, "cnonce")) {
+      conn->request_info.ah->cnonce = value;
+    } else if (!strcmp(name, "response")) {
+      conn->request_info.ah->response = value;
+    } else if (!strcmp(name, "uri")) {
+      conn->request_info.ah->uri = value;
+    } else if (!strcmp(name, "qop")) {
+      conn->request_info.ah->qop = value;
+    } else if (!strcmp(name, "nc")) {
+      conn->request_info.ah->nc = value;
+    } else if (!strcmp(name, "nonce")) {
+      conn->request_info.ah->nonce = value;
+    }
+  }
+
+  // CGI needs it as REMOTE_USER
+  if (conn->request_info.ah->user != NULL) {
+    conn->request_info.remote_user = mg_strdup(conn->request_info.ah->user);
+  } else {
+    // Can't be valid; clean up
+    MG_FREE(conn->request_info.ah);
+    conn->request_info.ah = NULL;
+    MG_FREE(conn->auth_header);
+    conn->auth_header = NULL;
+	return 0;
+  }
+
+  return 1;
+}
+
+// Authorize against the opened passwords file. Return 1 if authorized.
+static int authorize(struct mg_connection *conn, FILE *fp) {
+  char line[256], f_user[256], ha1[256], f_domain[256];
+
+  if (conn->request_info.ah == NULL)
+    return 0;
+
+  // Loop over passwords file
+  while (fgets(line, sizeof(line), fp) != NULL) {
+    if (sscanf(line, "%[^:]:%[^:]:%s", f_user, f_domain, ha1) != 3) {
+      continue;
+    }
+
+    if (!strcmp(conn->request_info.ah->user, f_user) &&
+        !strcmp(conn->ctx->config[AUTHENTICATION_DOMAIN], f_domain)) {
+      conn->request_info.ah->ha1 = mg_strdup(ha1);
+      return check_password(conn);
+    }
+  }
+
+  return 0;
+}
+
+// Return 1 if request is authorised, 0 otherwise.
+static int check_authorization(struct mg_connection *conn, const char *path) {
+  FILE *fp;
+  char fname[PATH_MAX];
+  struct vec uri_vec, filename_vec;
+  const char *list;
+  int authorized;
+
+  /* Check for embedded authentication first */
+  if (conn->request_info.ah != NULL &&
+      conn->request_info.ah->ha1 != NULL) {
+    return check_password(conn);
+  }
+
+  fp = NULL;
+  authorized = 1;
+
+  list = conn->ctx->config[PROTECT_URI];
+  while ((list = next_option(list, &uri_vec, &filename_vec)) != NULL) {
+    if (!memcmp(conn->request_info.uri, uri_vec.ptr, uri_vec.len)) {
+      mg_snprintf(conn, fname, sizeof(fname), "%.*s",
+                  (int) filename_vec.len, filename_vec.ptr);
+      if ((fp = mg_fopen(fname, "r")) == NULL) {
+        cry(conn, "%s: cannot open %s: %s", __func__, fname, strerror(errno));
+      }
+      break;
+    }
+  }
+
+  if (fp == NULL) {
+    fp = open_auth_file(conn, path);
+  }
+
+  if (fp != NULL) {
+    authorized = authorize(conn, fp);
+    (void) fclose(fp);
+  }
+
+  return authorized;
+}
+
+void mg_send_authorization_request(struct mg_connection *conn, const char *nonce) {
+  conn->request_info.status_code = 401;
+  (void) mg_printf(conn,
+      "HTTP/1.1 401 Unauthorized\r\n"
+      "Content-Length: 0\r\n"
+      "WWW-Authenticate: Digest qop=\"auth\", "
+      "realm=\"%s\", nonce=\"",
+      conn->ctx->config[AUTHENTICATION_DOMAIN]);
+  if (nonce == NULL)
+    (void) mg_printf(conn, "%lu", (unsigned long) time(NULL));
+  else
+    (void) mg_printf(conn, "%s", nonce);
+  (void) mg_printf(conn, "\"\r\n\r\n");
+}
+
+static int is_authorized_for_put(struct mg_connection *conn) {
+  FILE *fp;
+  int ret = 0;
+
+  /* No need to check for embedded authentication here: we already passed
+   * check_authorization() */
+  fp = conn->ctx->config[PUT_DELETE_PASSWORDS_FILE] == NULL ? NULL :
+    mg_fopen(conn->ctx->config[PUT_DELETE_PASSWORDS_FILE], "r");
+
+  if (fp != NULL) {
+    ret = authorize(conn, fp);
+    (void) fclose(fp);
+  }
+
+  return ret;
+}
+
+int mg_modify_passwords_file(const char *fname, const char *domain,
+                             const char *user, const char *pass) {
+  int found;
+  char line[512], u[512], d[512], ha1[33], tmp[PATH_MAX];
+  FILE *fp, *fp2;
+
+  found = 0;
+  fp = fp2 = NULL;
+
+  // Regard empty password as no password - remove user record.
+  if (pass != NULL && pass[0] == '\0') {
+    pass = NULL;
+  }
+
+  (void) snprintf(tmp, sizeof(tmp), "%s.tmp", fname);
+
+  // Create the file if does not exist
+  if ((fp = mg_fopen(fname, "a+")) != NULL) {
+    (void) fclose(fp);
+  }
+
+  // Open the given file and temporary file
+  if ((fp = mg_fopen(fname, "r")) == NULL) {
+    return 0;
+  } else if ((fp2 = mg_fopen(tmp, "w+")) == NULL) {
+    fclose(fp);
+    return 0;
+  }
+
+  // Copy the stuff to temporary file
+  while (fgets(line, sizeof(line), fp) != NULL) {
+    if (sscanf(line, "%[^:]:%[^:]:%*s", u, d) != 2) {
+      continue;
+    }
+
+    if (!strcmp(u, user) && !strcmp(d, domain)) {
+      found++;
+      if (pass != NULL) {
+        mg_md5(ha1, user, ":", domain, ":", pass, NULL);
+        fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
+      }
+    } else {
+      (void) fprintf(fp2, "%s", line);
+    }
+  }
+
+  // If new user, just add it
+  if (!found && pass != NULL) {
+    mg_md5(ha1, user, ":", domain, ":", pass, NULL);
+    (void) fprintf(fp2, "%s:%s:%s\n", user, domain, ha1);
+  }
+
+  // Close files
+  (void) fclose(fp);
+  (void) fclose(fp2);
+
+  // Put the temp file in place of real file
+  (void) mg_remove(fname);
+  (void) mg_rename(tmp, fname);
+
+  return 1;
+}
+
+struct de {
+  struct mg_connection *conn;
+  char *file_name;
+  struct mgstat st;
+};
+
+const char * mg_url_encode_to(const char *src, char *dst, size_t dst_len) {
+  static const char *dont_escape = "._-$,;~()";
+  static const char *hex = "0123456789abcdef";
+  const char *end = dst + dst_len - 1;
+
+  for (; *src != '\0' && dst < end; src++, dst++) {
+    if (isalnum(*(const unsigned char *) src) ||
+        strchr(dont_escape, * (const unsigned char *) src) != NULL) {
+      *dst = *src;
+    } else if (dst + 2 < end) {
+      dst[0] = '%';
+      dst[1] = hex[(* (const unsigned char *) src) >> 4];
+      dst[2] = hex[(* (const unsigned char *) src) & 0xf];
+      dst += 2;
+    } else break;
+  }
+
+  *dst = '\0';
+  return src;
+}
+
+char * mg_url_encode(const char *src) {
+    size_t dst_len = strlen(src)*2;
+    char *dst = (char*)MG_MALLOC(dst_len);
+    if(dst){
+        const char *done = mg_url_encode_to(src, dst, dst_len);
+        while(*done){
+            int old_dst_len = dst_len;
+            dst_len = dst_len + (dst_len / 2);
+            dst = (char*)MG_REALLOC(dst, dst_len);
+            if(!dst) break;
+            done = mg_url_encode_to(done, dst+strlen(dst), dst_len-old_dst_len);
+        }
+    }
+    return dst;
+}
+
+static void print_dir_entry(struct de *de) {
+  char size[64], mod[64], href[PATH_MAX];
+
+  if (de->st.is_directory) {
+    (void) mg_snprintf(de->conn, size, sizeof(size), "%s", "[DIRECTORY]");
+  } else {
+     // We use (signed) cast below because MSVC 6 compiler cannot
+     // convert unsigned __int64 to double. Sigh.
+    if (de->st.size < 1024) {
+      (void) mg_snprintf(de->conn, size, sizeof(size),
+          "%lu", (unsigned long) de->st.size);
+    } else if (de->st.size < 1024 * 1024) {
+      (void) mg_snprintf(de->conn, size, sizeof(size),
+          "%.1fk", (double) de->st.size / 1024.0);
+    } else if (de->st.size < 1024 * 1024 * 1024) {
+      (void) mg_snprintf(de->conn, size, sizeof(size),
+          "%.1fM", (double) de->st.size / 1048576);
+    } else {
+      (void) mg_snprintf(de->conn, size, sizeof(size),
+          "%.1fG", (double) de->st.size / 1073741824);
+    }
+  }
+  (void) strftime(mod, sizeof(mod), "%d-%b-%Y %H:%M", localtime(&de->st.mtime));
+  mg_url_encode_to(de->file_name, href, sizeof(href));
+  de->conn->num_bytes_sent += mg_printf(de->conn,
+      "<tr><td><a href=\"%s%s%s\">%s%s</a></td>"
+      "<td>&nbsp;%s</td><td>&nbsp;&nbsp;%s</td></tr>\n",
+      de->conn->request_info.uri, href, de->st.is_directory ? "/" : "",
+      de->file_name, de->st.is_directory ? "/" : "", mod, size);
+}
+
+// This function is called from send_directory() and used for
+// sorting directory entries by size, or name, or modification time.
+// On windows, __cdecl specification is needed in case if project is built
+// with __stdcall convention. qsort always requires __cdels callback.
+static int WINCDECL compare_dir_entries(const void *p1, const void *p2) {
+  const struct de *a = (const struct de *) p1, *b = (const struct de *) p2;
+  const char *query_string = a->conn->request_info.query_string;
+  int cmp_result = 0;
+
+  if (query_string == NULL) {
+    query_string = "na";
+  }
+
+  if (a->st.is_directory && !b->st.is_directory) {
+    return -1;  // Always put directories on top
+  } else if (!a->st.is_directory && b->st.is_directory) {
+    return 1;   // Always put directories on top
+  } else if (*query_string == 'n') {
+    cmp_result = strcmp(a->file_name, b->file_name);
+  } else if (*query_string == 's') {
+    cmp_result = a->st.size == b->st.size ? 0 :
+      a->st.size > b->st.size ? 1 : -1;
+  } else if (*query_string == 'd') {
+    cmp_result = a->st.mtime == b->st.mtime ? 0 :
+      a->st.mtime > b->st.mtime ? 1 : -1;
+  }
+
+  return query_string[1] == 'd' ? -cmp_result : cmp_result;
+}
+
+static int must_hide_file(struct mg_connection *conn, const char *path) {
+  const char *pw_pattern = "**" PASSWORDS_FILE_NAME "$";
+  const char *pattern = conn->ctx->config[HIDE_FILES];
+  return match_prefix(pw_pattern, strlen(pw_pattern), path) > 0 ||
+    (pattern != NULL && match_prefix(pattern, strlen(pattern), path) > 0);
+}
+
+static int scan_directory(struct mg_connection *conn, const char *dir,
+                          void *data, void (*cb)(struct de *, void *)) {
+  char path[PATH_MAX];
+  struct dirent *dp;
+  DIR *dirp;
+  struct de de;
+
+  if ((dirp = opendir(dir)) == NULL) {
+    return 0;
+  } else {
+    de.conn = conn;
+
+    while ((dp = readdir(dirp)) != NULL) {
+      // Do not show current dir and hidden files
+      if (!strcmp(dp->d_name, ".") ||
+          !strcmp(dp->d_name, "..") ||
+          must_hide_file(conn, dp->d_name)) {
+        continue;
+      }
+
+      mg_snprintf(conn, path, sizeof(path), "%s%c%s", dir, DIRSEP, dp->d_name);
+
+      // If we don't memset stat structure to zero, mtime will have
+      // garbage and strftime() will segfault later on in
+      // print_dir_entry(). memset is required only if mg_stat()
+      // fails. For more details, see
+      // http://code.google.com/p/mongoose/issues/detail?id=79
+      if (mg_stat(path, &de.st) != 0) {
+        memset(&de.st, 0, sizeof(de.st));
+      }
+      de.file_name = dp->d_name;
+
+      cb(&de, data);
+    }
+    (void) closedir(dirp);
+  }
+  return 1;
+}
+
+struct dir_scan_data {
+  struct de *entries;
+  int num_entries;
+  int arr_size;
+};
+
+static void dir_scan_callback(struct de *de, void *data) {
+  struct dir_scan_data *dsd = (struct dir_scan_data *) data;
+
+  if (dsd->entries == NULL || dsd->num_entries >= dsd->arr_size) {
+    dsd->arr_size *= 2;
+    dsd->entries = (struct de *) MG_REALLOC(dsd->entries, dsd->arr_size *
+                                         sizeof(dsd->entries[0]));
+  }
+  if (dsd->entries == NULL) {
+    // TODO(lsm): propagate an error to the caller
+    dsd->num_entries = 0;
+  } else {
+    dsd->entries[dsd->num_entries].file_name = mg_strdup(de->file_name);
+    dsd->entries[dsd->num_entries].st = de->st;
+    dsd->entries[dsd->num_entries].conn = de->conn;
+    dsd->num_entries++;
+  }
+}
+
+static void handle_directory_request(struct mg_connection *conn,
+                                     const char *dir) {
+  int i, sort_direction;
+  struct dir_scan_data data = { NULL, 0, 128 };
+
+  if (!scan_directory(conn, dir, &data, dir_scan_callback)) {
+    send_http_error(conn, 500, "Cannot open directory",
+                    "Error: opendir(%s): %s", dir, strerror(ERRNO));
+    return;
+  }
+
+  sort_direction = conn->request_info.query_string != NULL &&
+    conn->request_info.query_string[1] == 'd' ? 'a' : 'd';
+
+  conn->must_close = 1;
+  mg_printf(conn, "%s",
+            "HTTP/1.1 200 OK\r\n"
+            "Connection: close\r\n"
+            "Content-Type: text/html; charset=utf-8\r\n\r\n");
+
+  conn->num_bytes_sent += mg_printf(conn,
+      "<html><head><title>Index of %s</title>"
+      "<style>th {text-align: left;}</style></head>"
+      "<body><h1>Index of %s</h1><pre><table cellpadding=\"0\">"
+      "<tr><th><a href=\"?n%c\">Name</a></th>"
+      "<th><a href=\"?d%c\">Modified</a></th>"
+      "<th><a href=\"?s%c\">Size</a></th></tr>"
+      "<tr><td colspan=\"3\"><hr></td></tr>",
+      conn->request_info.uri, conn->request_info.uri,
+      sort_direction, sort_direction, sort_direction);
+
+  // Print first entry - link to a parent directory
+  conn->num_bytes_sent += mg_printf(conn,
+      "<tr><td><a href=\"%s%s\">%s</a></td>"
+      "<td>&nbsp;%s</td><td>&nbsp;&nbsp;%s</td></tr>\n",
+      conn->request_info.uri, "..", "Parent directory", "-", "-");
+
+  // Sort and print directory entries
+  qsort(data.entries, (size_t) data.num_entries, sizeof(data.entries[0]),
+        compare_dir_entries);
+  for (i = 0; i < data.num_entries; i++) {
+    print_dir_entry(&data.entries[i]);
+    MG_FREE(data.entries[i].file_name);
+  }
+  MG_FREE(data.entries);
+
+  conn->num_bytes_sent += mg_printf(conn, "%s", "</table></body></html>");
+  conn->request_info.status_code = 200;
+}
+
+// Send len bytes from the opened file to the client.
+static void send_file_data(struct mg_connection *conn, FILE *fp, int64_t len) {
+  char buf[MG_BUF_LEN];
+  int to_read, num_read, num_written;
+
+  while (len > 0) {
+    // Calculate how much to read from the file in the buffer
+    to_read = sizeof(buf);
+    if ((int64_t) to_read > len) {
+      to_read = (int) len;
+    }
+
+    // Read from file, exit the loop on error
+    if ((num_read = fread(buf, 1, (size_t)to_read, fp)) <= 0) {
+      break;
+    }
+
+    // Send read bytes to the client, exit the loop on error
+    if ((num_written = mg_write(conn, buf, (size_t)num_read)) != num_read) {
+      break;
+    }
+
+    // Both read and were successful, adjust counters
+    conn->num_bytes_sent += num_written;
+    len -= num_written;
+  }
+}
+
+static int parse_range_header(const char *header, int64_t *a, int64_t *b) {
+  return sscanf(header, "bytes=%" INT64_FMT "-%" INT64_FMT, a, b);
+}
+
+static void gmt_time_string(char *buf, size_t buf_len, time_t *t) {
+  strftime(buf, buf_len, "%a, %d %b %Y %H:%M:%S GMT", gmtime(t));
+}
+
+static void construct_etag(char *buf, size_t buf_len,
+                           const struct mgstat *stp) {
+  snprintf(buf, buf_len, "\"%lx.%" INT64_FMT "\"",
+           (unsigned long) stp->mtime, stp->size);
+}
+
+static void handle_file_request(struct mg_connection *conn, const char *path,
+                                struct mgstat *stp) {
+  char date[64], lm[64], etag[64], range[64];
+  const char *msg = "OK", *hdr;
+  time_t curtime = time(NULL);
+  int64_t cl, r1, r2;
+  struct vec mime_vec;
+  FILE *fp;
+  int n;
+
+  get_mime_type(conn->ctx, path, &mime_vec);
+  cl = stp->size;
+  conn->request_info.status_code = 200;
+  range[0] = '\0';
+
+  if ((fp = mg_fopen(path, "rb")) == NULL) {
+    send_http_error(conn, 500, http_500_error,
+        "fopen(%s): %s", path, strerror(ERRNO));
+    return;
+  }
+  set_close_on_exec(fileno(fp));
+
+  // If Range: header specified, act accordingly
+  r1 = r2 = 0;
+  hdr = mg_get_header(conn, "Range");
+  if (hdr != NULL && (n = parse_range_header(hdr, &r1, &r2)) > 0) {
+    conn->request_info.status_code = 206;
+    (void) fseeko(fp, (off_t) r1, SEEK_SET);
+    cl = n == 2 ? r2 - r1 + 1: cl - r1;
+    (void) mg_snprintf(conn, range, sizeof(range),
+        "Content-Range: bytes "
+        "%" INT64_FMT "-%"
+        INT64_FMT "/%" INT64_FMT "\r\n",
+        r1, r1 + cl - 1, stp->size);
+    msg = "Partial Content";
+  }
+
+  // Prepare Etag, Date, Last-Modified headers. Must be in UTC, according to
+  // http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3
+  gmt_time_string(date, sizeof(date), &curtime);
+  gmt_time_string(lm, sizeof(lm), &stp->mtime);
+  construct_etag(etag, sizeof(etag), stp);
+
+  (void) mg_printf(conn,
+      "HTTP/1.1 %d %s\r\n"
+      "Date: %s\r\n"
+      "Last-Modified: %s\r\n"
+      "Etag: %s\r\n"
+      "Content-Type: %.*s\r\n"
+      "Content-Length: %" INT64_FMT "\r\n"
+      "Connection: %s\r\n"
+      "Accept-Ranges: bytes\r\n"
+      "%s\r\n",
+      conn->request_info.status_code, msg, date, lm, etag, (int) mime_vec.len,
+      mime_vec.ptr, cl, suggest_connection_header(conn), range);
+
+  if (strcmp(conn->request_info.request_method, "HEAD") != 0) {
+    send_file_data(conn, fp, cl);
+  }
+  (void) fclose(fp);
+}
+
+void mg_send_file(struct mg_connection *conn, const char *path) {
+  struct mgstat st;
+  if (mg_stat(path, &st) == 0) {
+    handle_file_request(conn, path, &st);
+  } else {
+    send_http_error(conn, 404, "Not Found", "%s", "File not found");
+  }
+}
+
+
+// Parse HTTP headers from the given buffer, advance buffer to the point
+// where parsing stopped.
+static void parse_http_headers(char **buf, struct mg_request_info *ri) {
+  int i;
+
+  for (i = 0; i < (int) ARRAY_SIZE(ri->http_headers); i++) {
+    ri->http_headers[i].name = skip_quoted(buf, ":", " ", 0);
+    ri->http_headers[i].value = skip(buf, "\r\n");
+    if (ri->http_headers[i].name[0] == '\0')
+      break;
+    ri->num_headers = i + 1;
+  }
+}
+
+static int is_valid_http_method(const char *method) {
+  return !strcmp(method, "GET") || !strcmp(method, "POST") ||
+    !strcmp(method, "HEAD") || !strcmp(method, "CONNECT") ||
+    !strcmp(method, "PUT") || !strcmp(method, "DELETE") ||
+    !strcmp(method, "OPTIONS") || !strcmp(method, "PROPFIND");
+}
+
+// Parse HTTP request, fill in mg_request_info structure.
+// This function modifies the buffer with HTTP request by nul-terminating
+// HTTP request components, header names and header values.
+static int parse_http_message(char *buf, int len, struct mg_request_info *ri) {
+  int request_length = get_request_len(buf, len);
+  if (request_length > 0) {
+    // Reset attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
+    ri->remote_user = ri->request_method = ri->uri = ri->http_version = NULL;
+    ri->num_headers = 0;
+    ri->status_code = -1;
+
+    buf[request_length - 1] = '\0';
+
+    // RFC says that all initial whitespaces should be ingored
+    while (*buf != '\0' && isspace(* (unsigned char *) buf)) {
+      buf++;
+    }
+    ri->request_method = skip(&buf, " ");
+    ri->uri = skip(&buf, " ");
+    ri->http_version = skip(&buf, "\r\n");
+    parse_http_headers(&buf, ri);
+  }
+  return request_length;
+}
+
+static int parse_http_request(char *buf, int len, struct mg_request_info *ri) {
+  int result = parse_http_message(buf, len, ri);
+  if (result > 0 &&
+      is_valid_http_method(ri->request_method) &&
+      !strncmp(ri->http_version, "HTTP/", 5)) {
+    ri->http_version += 5;   // Skip "HTTP/"
+  } else {
+    result = -1;
+  }
+  return result;
+}
+
+static int parse_http_response(char *buf, int len, struct mg_request_info *ri) {
+  int result = parse_http_message(buf, len, ri);
+  return result > 0 && !strncmp(ri->request_method, "HTTP/", 5) ? result : -1;
+}
+
+// Keep reading the input (either opened file descriptor fd, or socket sock,
+// or SSL descriptor ssl) into buffer buf, until \r\n\r\n appears in the
+// buffer (which marks the end of HTTP request). Buffer buf may already
+// have some data. The length of the data is stored in nread.
+// Upon every read operation, increase nread by the number of bytes read.
+static int read_request(FILE *fp, struct mg_connection *conn,
+                        char *buf, int bufsiz, int *nread) {
+  int request_len, n = 1;
+
+  request_len = get_request_len(buf, *nread);
+  while (*nread < bufsiz && request_len == 0 && n > 0) {
+    n = pull(fp, conn, buf + *nread, bufsiz - *nread);
+    if (n > 0) {
+      *nread += n;
+      request_len = get_request_len(buf, *nread);
+    }
+  }
+
+  if (n < 0) {
+    // recv() error -> propagate error; do not process a b0rked-with-very-high-probability request
+    return -1;
+  }
+  return request_len;
+}
+
+// For given directory path, substitute it to valid index file.
+// Return 0 if index file has been found, -1 if not found.
+// If the file is found, it's stats is returned in stp.
+static int substitute_index_file(struct mg_connection *conn, char *path,
+                                 size_t path_len, struct mgstat *stp) {
+  const char *list = conn->ctx->config[INDEX_FILES];
+  struct mgstat st;
+  struct vec filename_vec;
+  size_t n = strlen(path);
+  int found = 0;
+
+  // The 'path' given to us points to the directory. Remove all trailing
+  // directory separator characters from the end of the path, and
+  // then append single directory separator character.
+  while (n > 0 && IS_DIRSEP_CHAR(path[n - 1])) {
+    n--;
+  }
+  path[n] = DIRSEP;
+
+  // Traverse index files list. For each entry, append it to the given
+  // path and see if the file exists. If it exists, break the loop
+  while ((list = next_option(list, &filename_vec, NULL)) != NULL) {
+
+    // Ignore too long entries that may overflow path buffer
+    if (filename_vec.len > path_len - (n + 2))
+      continue;
+
+    // Prepare full path to the index file
+    (void) mg_strlcpy(path + n + 1, filename_vec.ptr, filename_vec.len + 1);
+
+    // Does it exist?
+    if (mg_stat(path, &st) == 0) {
+      // Yes it does, break the loop
+      *stp = st;
+      found = 1;
+      break;
+    }
+  }
+
+  // If no index file exists, restore directory path
+  if (!found) {
+    path[n] = '\0';
+  }
+
+  return found;
+}
+
+// Return True if we should reply 304 Not Modified.
+static int is_not_modified(const struct mg_connection *conn,
+                           const struct mgstat *stp) {
+  char etag[64];
+  const char *ims = mg_get_header(conn, "If-Modified-Since");
+  const char *inm = mg_get_header(conn, "If-None-Match");
+  construct_etag(etag, sizeof(etag), stp);
+  return (inm != NULL && !mg_strcasecmp(etag, inm)) ||
+    (ims != NULL && stp->mtime <= parse_date_string(ims));
+}
+
+static int forward_body_data(struct mg_connection *conn, FILE *fp,
+                             SOCKET sock, SSL *ssl) {
+  const char *expect;
+  char buf[MG_BUF_LEN];
+  int to_read, nread, buffered_len, success = 0;
+
+  expect = mg_get_header(conn, "Expect");
+  assert(fp != NULL);
+
+  if (conn->content_len == -1) {
+    send_http_error(conn, 411, "Length Required", "");
+  } else if (expect != NULL && mg_strcasecmp(expect, "100-continue")) {
+    send_http_error(conn, 417, "Expectation Failed", "");
+  } else {
+    if (expect != NULL) {
+      (void) mg_printf(conn, "%s", "HTTP/1.1 100 Continue\r\n\r\n");
+    }
+
+    buffered_len = conn->next_request - conn->body;
+    assert(buffered_len >= 0);
+    assert(conn->consumed_content == 0);
+
+    if (buffered_len > 0) {
+      if ((int64_t) buffered_len > conn->content_len) {
+        buffered_len = (int) conn->content_len;
+      }
+      push(fp, sock, ssl, conn->body, (int64_t) buffered_len);
+      conn->consumed_content += buffered_len;
+      conn->body += buffered_len;
+    }
+
+    nread = 0;
+    while (conn->consumed_content < conn->content_len) {
+      to_read = sizeof(buf);
+      if ((int64_t) to_read > conn->content_len - conn->consumed_content) {
+        to_read = (int) (conn->content_len - conn->consumed_content);
+      }
+      nread = pull(NULL, conn, buf, to_read);
+      if (nread <= 0 || push(fp, sock, ssl, buf, nread) != nread) {
+        break;
+      }
+      conn->consumed_content += nread;
+    }
+
+    if (conn->consumed_content == conn->content_len) {
+      success = nread >= 0;
+    }
+
+    // Each error code path in this function must send an error
+    if (!success) {
+      send_http_error(conn, 577, http_500_error, "");
+    }
+  }
+
+  return success;
+}
+
+#if !defined(NO_CGI)
+// This structure helps to create an environment for the spawned CGI program.
+// Environment is an array of "VARIABLE=VALUE\0" ASCIIZ strings,
+// last element must be NULL.
+// However, on Windows there is a requirement that all these VARIABLE=VALUE\0
+// strings must reside in a contiguous buffer. The end of the buffer is
+// marked by two '\0' characters.
+// We satisfy both worlds: we create an envp array (which is vars), all
+// entries are actually pointers inside buf.
+struct cgi_env_block {
+  struct mg_connection *conn;
+  char buf[CGI_ENVIRONMENT_SIZE]; // Environment buffer
+  int len; // Space taken
+  char *vars[MAX_CGI_ENVIR_VARS]; // char **envp
+  int nvars; // Number of variables
+};
+
+// Append VARIABLE=VALUE\0 string to the buffer, and add a respective
+// pointer into the vars array.
+static char *addenv(struct cgi_env_block *block, const char *fmt, ...) {
+  int n, space;
+  char *added;
+  va_list ap;
+
+  // Calculate how much space is left in the buffer
+  space = sizeof(block->buf) - block->len - 2;
+  assert(space >= 0);
+
+  // Make a pointer to the free space int the buffer
+  added = block->buf + block->len;
+
+  // Copy VARIABLE=VALUE\0 string into the free space
+  va_start(ap, fmt);
+  n = mg_vsnprintf(block->conn, added, (size_t) space, fmt, ap);
+  va_end(ap);
+
+  // Make sure we do not overflow buffer and the envp array
+  if (n > 0 && n + 1 < space &&
+      block->nvars < (int) ARRAY_SIZE(block->vars) - 2) {
+    // Append a pointer to the added string into the envp array
+    block->vars[block->nvars++] = added;
+    // Bump up used length counter. Include \0 terminator
+    block->len += n + 1;
+  } else {
+    cry(block->conn, "%s: CGI env buffer truncated for [%s]", __func__, fmt);
+  }
+
+  return added;
+}
+
+static void prepare_cgi_environment(struct mg_connection *conn,
+                                    const char *prog,
+                                    struct cgi_env_block *blk) {
+  const char *s, *slash;
+  struct vec var_vec;
+  char *p, src_addr[20];
+  int  i;
+
+  blk->len = blk->nvars = 0;
+  blk->conn = conn;
+  sockaddr_to_string(src_addr, sizeof(src_addr), &conn->client.rsa);
+
+  addenv(blk, "SERVER_NAME=%s", conn->ctx->config[AUTHENTICATION_DOMAIN]);
+  addenv(blk, "SERVER_ROOT=%s", conn->ctx->config[DOCUMENT_ROOT]);
+  addenv(blk, "DOCUMENT_ROOT=%s", conn->ctx->config[DOCUMENT_ROOT]);
+
+  // Prepare the environment block
+  addenv(blk, "%s", "GATEWAY_INTERFACE=CGI/1.1");
+  addenv(blk, "%s", "SERVER_PROTOCOL=HTTP/1.1");
+  addenv(blk, "%s", "REDIRECT_STATUS=200"); // For PHP
+
+  // TODO(lsm): fix this for IPv6 case
+  addenv(blk, "SERVER_PORT=%d", ntohs(conn->client.lsa.sin.sin_port));
+
+  addenv(blk, "REQUEST_METHOD=%s", conn->request_info.request_method);
+  addenv(blk, "REMOTE_ADDR=%s", src_addr);
+  addenv(blk, "REMOTE_PORT=%d", conn->request_info.remote_port);
+  addenv(blk, "REQUEST_URI=%s", conn->request_info.uri);
+
+  // SCRIPT_NAME
+  assert(conn->request_info.uri[0] == '/');
+  slash = strrchr(conn->request_info.uri, '/');
+  if ((s = strrchr(prog, '/')) == NULL)
+    s = prog;
+  addenv(blk, "SCRIPT_NAME=%.*s%s", (int) (slash - conn->request_info.uri),
+         conn->request_info.uri, s);
+
+  addenv(blk, "SCRIPT_FILENAME=%s", prog);
+  addenv(blk, "PATH_TRANSLATED=%s", prog);
+  addenv(blk, "HTTPS=%s", conn->ssl == NULL ? "off" : "on");
+
+  if ((s = mg_get_header(conn, "Content-Type")) != NULL)
+    addenv(blk, "CONTENT_TYPE=%s", s);
+
+  if (conn->request_info.query_string != NULL)
+    addenv(blk, "QUERY_STRING=%s", conn->request_info.query_string);
+
+  if ((s = mg_get_header(conn, "Content-Length")) != NULL)
+    addenv(blk, "CONTENT_LENGTH=%s", s);
+
+  if ((s = getenv("PATH")) != NULL)
+    addenv(blk, "PATH=%s", s);
+
+  if (conn->path_info != NULL) {
+    addenv(blk, "PATH_INFO=%s", conn->path_info);
+  }
+
+#if defined(_WIN32)
+  if ((s = getenv("COMSPEC")) != NULL) {
+    addenv(blk, "COMSPEC=%s", s);
+  }
+  if ((s = getenv("SYSTEMROOT")) != NULL) {
+    addenv(blk, "SYSTEMROOT=%s", s);
+  }
+  if ((s = getenv("SystemDrive")) != NULL) {
+    addenv(blk, "SystemDrive=%s", s);
+  }
+#else
+  if ((s = getenv("LD_LIBRARY_PATH")) != NULL)
+    addenv(blk, "LD_LIBRARY_PATH=%s", s);
+#endif // _WIN32
+
+  if ((s = getenv("PERLLIB")) != NULL)
+    addenv(blk, "PERLLIB=%s", s);
+
+  if (conn->request_info.remote_user != NULL) {
+    addenv(blk, "REMOTE_USER=%s", conn->request_info.remote_user);
+    addenv(blk, "%s", "AUTH_TYPE=Digest");
+  }
+
+  // Add all headers as HTTP_* variables
+  for (i = 0; i < conn->request_info.num_headers; i++) {
+    p = addenv(blk, "HTTP_%s=%s",
+        conn->request_info.http_headers[i].name,
+        conn->request_info.http_headers[i].value);
+
+    // Convert variable name into uppercase, and change - to _
+    for (; *p != '=' && *p != '\0'; p++) {
+      if (*p == '-')
+        *p = '_';
+      *p = (char) toupper(* (unsigned char *) p);
+    }
+  }
+
+  // Add user-specified variables
+  s = conn->ctx->config[CGI_ENVIRONMENT];
+  while ((s = next_option(s, &var_vec, NULL)) != NULL) {
+    addenv(blk, "%.*s", (int) var_vec.len, var_vec.ptr);
+  }
+
+  blk->vars[blk->nvars++] = NULL;
+  blk->buf[blk->len++] = '\0';
+
+  assert(blk->nvars < (int) ARRAY_SIZE(blk->vars));
+  assert(blk->len > 0);
+  assert(blk->len < (int) sizeof(blk->buf));
+}
+
+void mg_handle_cgi_request(struct mg_connection *conn, const char *prog) {
+  int headers_len, data_len, i, fd_stdin[2], fd_stdout[2];
+  const char *status, *status_text;
+  char buf[16384], *pbuf, dir[PATH_MAX], *p;
+  struct mg_request_info ri;
+  struct cgi_env_block blk;
+  FILE *in, *out;
+  pid_t pid;
+
+  memset(&ri, 0, sizeof(ri));
+  prepare_cgi_environment(conn, prog, &blk);
+
+  // CGI must be executed in its own directory. 'dir' must point to the
+  // directory containing executable program, 'p' must point to the
+  // executable program name relative to 'dir'.
+  (void) mg_snprintf(conn, dir, sizeof(dir), "%s", prog);
+  if ((p = strrchr(dir, DIRSEP)) != NULL) {
+    *p++ = '\0';
+  } else {
+    dir[0] = '.', dir[1] = '\0';
+    p = (char *) prog;
+  }
+
+  pid = (pid_t) -1;
+  fd_stdin[0] = fd_stdin[1] = fd_stdout[0] = fd_stdout[1] = -1;
+  in = out = NULL;
+
+  if (pipe(fd_stdin) != 0 || pipe(fd_stdout) != 0) {
+    send_http_error(conn, 500, http_500_error,
+        "Cannot create CGI pipe: %s", strerror(ERRNO));
+    goto done;
+  } else if ((pid = spawn_process(conn, p, blk.buf, blk.vars,
+          fd_stdin[0], fd_stdout[1], dir)) == (pid_t) -1) {
+    send_http_error(conn, 500, http_500_error,
+        "Cannot spawn CGI process [%s]: %s", prog, strerror(ERRNO));
+    goto done;
+  }
+
+  // spawn_process() must close those!
+  // If we don't mark them as closed, close() attempt before
+  // return from this function throws an exception on Windows.
+  // Windows does not like when closed descriptor is closed again.
+  fd_stdin[0] = fd_stdout[1] = -1;
+
+  if ((in = fdopen(fd_stdin[1], "wb")) == NULL ||
+      (out = fdopen(fd_stdout[0], "rb")) == NULL) {
+    send_http_error(conn, 500, http_500_error,
+        "fopen: %s", strerror(ERRNO));
+    goto done;
+  }
+
+  setbuf(in, NULL);
+  setbuf(out, NULL);
+
+  // Send POST data to the CGI process if needed
+  if (!strcmp(conn->request_info.request_method, "POST") &&
+      !forward_body_data(conn, in, INVALID_SOCKET, NULL)) {
+    goto done;
+  }
+
+  // Close so child gets an EOF.
+  fclose(in);
+  in = NULL;
+  fd_stdin[1] = -1;
+
+  // Now read CGI reply into a buffer. We need to set correct
+  // status code, thus we need to see all HTTP headers first.
+  // Do not send anything back to client, until we buffer in all
+  // HTTP headers.
+  data_len = 0;
+  headers_len = read_request(out, fc(conn->ctx), buf, sizeof(buf), &data_len);
+  if (headers_len <= 0) {
+    send_http_error(conn, 500, http_500_error,
+                    "CGI program sent malformed or too big (>%u bytes) "
+                    "HTTP headers: [%.*s]",
+                    (unsigned) sizeof(buf), data_len, buf);
+    goto done;
+  }
+  pbuf = buf;
+  buf[headers_len - 1] = '\0';
+  parse_http_headers(&pbuf, &ri);
+
+  // Make up and send the status line
+  status_text = "OK";
+  if ((status = get_header(&ri, "Status")) != NULL) {
+    conn->request_info.status_code = atoi(status);
+    status_text = status;
+    while (isdigit(* (unsigned char *) status_text) || *status_text == ' ') {
+      status_text++;
+    }
+  } else if (get_header(&ri, "Location") != NULL) {
+    conn->request_info.status_code = 302;
+  } else {
+    conn->request_info.status_code = 200;
+  }
+  if (get_header(&ri, "Connection") != NULL &&
+      !mg_strcasecmp(get_header(&ri, "Connection"), "keep-alive")) {
+    conn->must_close = 1;
+  }
+  (void) mg_printf(conn, "HTTP/1.1 %d %s\r\n", conn->request_info.status_code,
+                   status_text);
+
+  // Send headers
+  for (i = 0; i < ri.num_headers; i++) {
+    mg_printf(conn, "%s: %s\r\n",
+              ri.http_headers[i].name, ri.http_headers[i].value);
+  }
+  (void) mg_write(conn, "\r\n", 2);
+
+  // Send chunk of data that may have been read after the headers
+  conn->num_bytes_sent += mg_write(conn, buf + headers_len,
+                                   (size_t)(data_len - headers_len));
+
+  // Read the rest of CGI output and send to the client
+  send_file_data(conn, out, INT64_MAX);
+
+done:
+  if (pid != (pid_t) -1) {
+    kill(pid, SIGKILL);
+  }
+  if (fd_stdin[0] != -1) {
+    (void) close(fd_stdin[0]);
+  }
+  if (fd_stdout[1] != -1) {
+    (void) close(fd_stdout[1]);
+  }
+
+  if (in != NULL) {
+    (void) fclose(in);
+  } else if (fd_stdin[1] != -1) {
+    (void) close(fd_stdin[1]);
+  }
+
+  if (out != NULL) {
+    (void) fclose(out);
+  } else if (fd_stdout[0] != -1) {
+    (void) close(fd_stdout[0]);
+  }
+}
+#endif // !NO_CGI
+
+// For a given PUT path, create all intermediate subdirectories
+// for given path. Return 0 if the path itself is a directory,
+// or -1 on error, 1 if OK.
+static int put_dir(const char *path) {
+  char buf[PATH_MAX];
+  const char *s, *p;
+  struct mgstat st;
+  int len, res = 1;
+
+  for (s = p = path + 2; (p = strchr(s, DIRSEP)) != NULL; s = ++p) {
+    len = p - path;
+    if (len >= (int) sizeof(buf)) {
+      res = -1;
+      break;
+    }
+    memcpy(buf, path, len);
+    buf[len] = '\0';
+
+    // Try to create intermediate directory
+    DEBUG_TRACE(("mkdir(%s)", buf));
+    if (mg_stat(buf, &st) == -1 && mg_mkdir(buf, 0755) != 0) {
+      res = -1;
+      break;
+    }
+
+    // Is path itself a directory?
+    if (p[1] == '\0') {
+      res = 0;
+    }
+  }
+
+  return res;
+}
+
+static void put_file(struct mg_connection *conn, const char *path) {
+  struct mgstat st;
+  const char *range;
+  int64_t r1, r2;
+  FILE *fp;
+  int rc;
+
+  conn->request_info.status_code = mg_stat(path, &st) == 0 ? 200 : 201;
+
+  if ((rc = put_dir(path)) == 0) {
+    mg_printf(conn, "HTTP/1.1 %d OK\r\n\r\n", conn->request_info.status_code);
+  } else if (rc == -1) {
+    send_http_error(conn, 500, http_500_error,
+        "put_dir(%s): %s", path, strerror(ERRNO));
+  } else if ((fp = mg_fopen(path, "wb+")) == NULL) {
+    send_http_error(conn, 500, http_500_error,
+        "fopen(%s): %s", path, strerror(ERRNO));
+  } else {
+    set_close_on_exec(fileno(fp));
+    range = mg_get_header(conn, "Content-Range");
+    r1 = r2 = 0;
+    if (range != NULL && parse_range_header(range, &r1, &r2) > 0) {
+      conn->request_info.status_code = 206;
+      // TODO(lsm): handle seek error
+      (void) fseeko(fp, (off_t) r1, SEEK_SET);
+    }
+    if (forward_body_data(conn, fp, INVALID_SOCKET, NULL))
+      (void) mg_printf(conn, "HTTP/1.1 %d OK\r\n\r\n",
+          conn->request_info.status_code);
+    (void) fclose(fp);
+  }
+}
+
+static void send_ssi_file(struct mg_connection *, const char *, FILE *, int);
+
+static void do_ssi_include(struct mg_connection *conn, const char *ssi,
+                           char *tag, int include_level) {
+  char file_name[MG_BUF_LEN], path[PATH_MAX], *p;
+  FILE *fp;
+
+  // sscanf() is safe here, since send_ssi_file() also uses buffer
+  // of size MG_BUF_LEN to get the tag. So strlen(tag) is always < MG_BUF_LEN.
+  if (sscanf(tag, " virtual=\"%[^\"]\"", file_name) == 1) {
+    // File name is relative to the webserver root
+    (void) mg_snprintf(conn, path, sizeof(path), "%s%c%s",
+        conn->ctx->config[DOCUMENT_ROOT], DIRSEP, file_name);
+  } else if (sscanf(tag, " file=\"%[^\"]\"", file_name) == 1) {
+    // File name is relative to the webserver working directory
+    // or it is absolute system path
+    (void) mg_snprintf(conn, path, sizeof(path), "%s", file_name);
+  } else if (sscanf(tag, " \"%[^\"]\"", file_name) == 1) {
+    // File name is relative to the currect document
+    (void) mg_snprintf(conn, path, sizeof(path), "%s", ssi);
+    if ((p = strrchr(path, DIRSEP)) != NULL) {
+      p[1] = '\0';
+    }
+    (void) mg_snprintf(conn, path + strlen(path),
+        sizeof(path) - strlen(path), "%s", file_name);
+  } else {
+    cry(conn, "Bad SSI #include: [%s]", tag);
+    return;
+  }
+
+  if ((fp = mg_fopen(path, "rb")) == NULL) {
+    cry(conn, "Cannot open SSI #include: [%s]: fopen(%s): %s",
+        tag, path, strerror(ERRNO));
+  } else {
+    set_close_on_exec(fileno(fp));
+    if (match_prefix(conn->ctx->config[SSI_EXTENSIONS],
+                     strlen(conn->ctx->config[SSI_EXTENSIONS]), path) > 0) {
+      send_ssi_file(conn, path, fp, include_level + 1);
+    } else {
+      send_file_data(conn, fp, LONG_MAX); //INT64_MAX);
+    }
+    (void) fclose(fp);
+  }
+}
+
+#if !defined(NO_POPEN)
+static void do_ssi_exec(struct mg_connection *conn, char *tag) {
+  char cmd[MG_BUF_LEN];
+  FILE *fp;
+
+  if (sscanf(tag, " \"%[^\"]\"", cmd) != 1) {
+    cry(conn, "Bad SSI #exec: [%s]", tag);
+  } else if ((fp = popen(cmd, "r")) == NULL) {
+    cry(conn, "Cannot SSI #exec: [%s]: %s", cmd, strerror(ERRNO));
+  } else {
+    send_file_data(conn, fp, INT64_MAX);
+    (void) pclose(fp);
+  }
+}
+#endif // !NO_POPEN
+
+static void send_ssi_file(struct mg_connection *conn, const char *path,
+                          FILE *fp, int include_level) {
+  char buf[MG_BUF_LEN];
+  int ch, len, in_ssi_tag;
+
+  if (include_level > 10) {
+    cry(conn, "SSI #include level is too deep (%s)", path);
+    return;
+  }
+
+  in_ssi_tag = 0;
+  len = 0;
+
+  while ((ch = fgetc(fp)) != EOF) {
+    if (in_ssi_tag && ch == '>') {
+      in_ssi_tag = 0;
+      buf[len++] = (char) ch;
+      buf[len] = '\0';
+      assert(len <= (int) sizeof(buf));
+      if (len < 6 || memcmp(buf, "<!--#", 5) != 0) {
+        // Not an SSI tag, pass it
+        (void) mg_write(conn, buf, (size_t)len);
+      } else {
+        if (!memcmp(buf + 5, "include", 7)) {
+          do_ssi_include(conn, path, buf + 12, include_level);
+#if !defined(NO_POPEN)
+        } else if (!memcmp(buf + 5, "exec", 4)) {
+          do_ssi_exec(conn, buf + 9);
+#endif // !NO_POPEN
+        } else {
+          cry(conn, "%s: unknown SSI " "command: \"%s\"", path, buf);
+        }
+      }
+      len = 0;
+    } else if (in_ssi_tag) {
+      if (len == 5 && memcmp(buf, "<!--#", 5) != 0) {
+        // Not an SSI tag
+        in_ssi_tag = 0;
+      } else if (len == (int) sizeof(buf) - 2) {
+        cry(conn, "%s: SSI tag is too large", path);
+        len = 0;
+      }
+      buf[len++] = ch & 0xff;
+    } else if (ch == '<') {
+      in_ssi_tag = 1;
+      if (len > 0) {
+        (void) mg_write(conn, buf, (size_t)len);
+      }
+      len = 0;
+      buf[len++] = ch & 0xff;
+    } else {
+      buf[len++] = ch & 0xff;
+      if (len == (int) sizeof(buf)) {
+        (void) mg_write(conn, buf, (size_t)len);
+        len = 0;
+      }
+    }
+  }
+
+  // Send the rest of buffered data
+  if (len > 0) {
+    (void) mg_write(conn, buf, (size_t)len);
+  }
+}
+
+static void handle_ssi_file_request(struct mg_connection *conn,
+                                    const char *path) {
+  FILE *fp;
+
+  if ((fp = mg_fopen(path, "rb")) == NULL) {
+    send_http_error(conn, 500, http_500_error, "fopen(%s): %s", path,
+                    strerror(ERRNO));
+  } else {
+    conn->must_close = 1;
+    set_close_on_exec(fileno(fp));
+    mg_printf(conn, "HTTP/1.1 200 OK\r\n"
+              "Content-Type: text/html\r\nConnection: %s\r\n\r\n",
+              suggest_connection_header(conn));
+    send_ssi_file(conn, path, fp, 0);
+    (void) fclose(fp);
+  }
+}
+
+static void send_options(struct mg_connection *conn) {
+  conn->request_info.status_code = 200;
+
+  (void) mg_printf(conn,
+      "HTTP/1.1 200 OK\r\n"
+      "Allow: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS\r\n"
+      "DAV: 1\r\n\r\n");
+}
+
+// Writes PROPFIND properties for a collection element
+static void print_props(struct mg_connection *conn, const char* uri,
+                        struct mgstat* st) {
+  char mtime[64];
+  gmt_time_string(mtime, sizeof(mtime), &st->mtime);
+  conn->num_bytes_sent += mg_printf(conn,
+      "<d:response>"
+       "<d:href>%s</d:href>"
+       "<d:propstat>"
+        "<d:prop>"
+         "<d:resourcetype>%s</d:resourcetype>"
+         "<d:getcontentlength>%" INT64_FMT "</d:getcontentlength>"
+         "<d:getlastmodified>%s</d:getlastmodified>"
+        "</d:prop>"
+        "<d:status>HTTP/1.1 200 OK</d:status>"
+       "</d:propstat>"
+      "</d:response>\n",
+      uri,
+      st->is_directory ? "<d:collection/>" : "",
+      st->size,
+      mtime);
+}
+
+static void print_dav_dir_entry(struct de *de, void *data) {
+  char href[PATH_MAX];
+  struct mg_connection *conn = (struct mg_connection *) data;
+  mg_snprintf(conn, href, sizeof(href), "%s%s",
+              conn->request_info.uri, de->file_name);
+  print_props(conn, href, &de->st);
+}
+
+static void handle_propfind(struct mg_connection *conn, const char* path,
+                            struct mgstat* st) {
+  const char *depth = mg_get_header(conn, "Depth");
+
+  conn->must_close = 1;
+  conn->request_info.status_code = 207;
+  mg_printf(conn, "HTTP/1.1 207 Multi-Status\r\n"
+            "Connection: close\r\n"
+            "Content-Type: text/xml; charset=utf-8\r\n\r\n");
+
+  conn->num_bytes_sent += mg_printf(conn,
+      "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
+      "<d:multistatus xmlns:d='DAV:'>\n");
+
+  // Print properties for the requested resource itself
+  print_props(conn, conn->request_info.uri, st);
+
+  // If it is a directory, print directory entries too if Depth is not 0
+  if (st->is_directory &&
+      !mg_strcasecmp(conn->ctx->config[ENABLE_DIRECTORY_LISTING], "yes") &&
+      (depth == NULL || strcmp(depth, "0") != 0)) {
+    scan_directory(conn, path, conn, &print_dav_dir_entry);
+  }
+
+  conn->num_bytes_sent += mg_printf(conn, "%s\n", "</d:multistatus>");
+}
+
+#if defined(USE_WEBSOCKET)
+
+// START OF SHA-1 code
+// Copyright(c) By Steve Reid <[email protected]>
+#define SHA1HANDSOFF
+#if defined(__sun)
+#include "solarisfixes.h"
+#endif
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
+    |(rol(block->l[i],8)&0x00FF00FF))
+#elif BYTE_ORDER == BIG_ENDIAN
+#define blk0(i) block->l[i]
+#else
+#error "Endianness not defined!"
+#endif
+#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
+    ^block->l[(i+2)&15]^block->l[i&15],1))
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+typedef struct {
+    uint32_t state[5];
+    uint32_t count[2];
+    unsigned char buffer[64];
+} SHA1_CTX;
+
+static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) {
+  uint32_t a, b, c, d, e;
+  typedef union { unsigned char c[64]; uint32_t l[16]; } CHAR64LONG16;
+
+  CHAR64LONG16 block[1];
+  memcpy(block, buffer, 64);
+  a = state[0];
+  b = state[1];
+  c = state[2];
+  d = state[3];
+  e = state[4];
+  R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+  R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+  R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+  R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+  R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+  R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+  R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+  R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+  R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+  R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+  R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+  R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+  R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+  R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+  R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+  R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+  R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+  R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+  R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+  R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+  state[0] += a;
+  state[1] += b;
+  state[2] += c;
+  state[3] += d;
+  state[4] += e;
+  a = b = c = d = e = 0;
+  memset(block, '\0', sizeof(block));
+}
+
+static void SHA1Init(SHA1_CTX* context) {
+  context->state[0] = 0x67452301;
+  context->state[1] = 0xEFCDAB89;
+  context->state[2] = 0x98BADCFE;
+  context->state[3] = 0x10325476;
+  context->state[4] = 0xC3D2E1F0;
+  context->count[0] = context->count[1] = 0;
+}
+
+static void SHA1Update(SHA1_CTX* context, const unsigned char* data,
+                       uint32_t len) {
+  uint32_t i, j;
+
+  j = context->count[0];
+  if ((context->count[0] += len << 3) < j)
+    context->count[1]++;
+  context->count[1] += (len>>29);
+  j = (j >> 3) & 63;
+  if ((j + len) > 63) {
+    memcpy(&context->buffer[j], data, (i = 64-j));
+    SHA1Transform(context->state, context->buffer);
+    for ( ; i + 63 < len; i += 64) {
+      SHA1Transform(context->state, &data[i]);
+    }
+    j = 0;
+  }
+  else i = 0;
+  memcpy(&context->buffer[j], &data[i], len - i);
+}
+
+static void SHA1Final(unsigned char digest[20], SHA1_CTX* context) {
+  unsigned i;
+  unsigned char finalcount[8], c;
+
+  for (i = 0; i < 8; i++) {
+    finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
+                                     >> ((3-(i & 3)) * 8) ) & 255);
+  }
+  c = 0200;
+  SHA1Update(context, &c, 1);
+  while ((context->count[0] & 504) != 448) {
+    c = 0000;
+    SHA1Update(context, &c, 1);
+  }
+  SHA1Update(context, finalcount, 8);
+  for (i = 0; i < 20; i++) {
+    digest[i] = (unsigned char)
+      ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
+  }
+  memset(context, '\0', sizeof(*context));
+  memset(&finalcount, '\0', sizeof(finalcount));
+}
+// END OF SHA1 CODE
+
+static void base64_encode(const unsigned char *src, int src_len, char *dst) {
+  static const char *b64 =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+  int i, j, a, b, c;
+
+  for (i = j = 0; i < src_len; i += 3) {
+    a = src[i];
+    b = i + 1 >= src_len ? 0 : src[i + 1];
+    c = i + 2 >= src_len ? 0 : src[i + 2];
+
+    dst[j++] = b64[a >> 2];
+    dst[j++] = b64[((a & 3) << 4) | (b >> 4)];
+    if (i + 1 < src_len) {
+      dst[j++] = b64[(b & 15) << 2 | (c >> 6)];
+    }
+    if (i + 2 < src_len) {
+      dst[j++] = b64[c & 63];
+    }
+  }
+  while (j % 4 != 0) {
+    dst[j++] = '=';
+  }
+  dst[j++] = '\0';
+}
+
+static void send_websocket_handshake(struct mg_connection *conn) {
+  static const char *magic = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
+  char buf[100], sha[20], b64_sha[sizeof(sha) * 2];
+  SHA1_CTX sha_ctx;
+
+  mg_snprintf(conn, buf, sizeof(buf), "%s%s",
+              mg_get_header(conn, "Sec-WebSocket-Key"), magic);
+  SHA1Init(&sha_ctx);
+  SHA1Update(&sha_ctx, (unsigned char *) buf, strlen(buf));
+  SHA1Final((unsigned char *) sha, &sha_ctx);
+  base64_encode((unsigned char *) sha, sizeof(sha), b64_sha);
+  mg_printf(conn, "%s%s%s",
+            "HTTP/1.1 101 Switching Protocols\r\n"
+            "Upgrade: websocket\r\n"
+            "Connection: Upgrade\r\n"
+            "Sec-WebSocket-Accept: ", b64_sha, "\r\n\r\n");
+}
+
+static void read_websocket(struct mg_connection *conn) {
+  unsigned char *mask, *buf = (unsigned char *) conn->buf + conn->request_len;
+  int n, len, mask_len, body_len, discard_len;
+
+  for (;;) {
+    if ((body_len = conn->data_len - conn->request_len) >= 2) {
+      len = buf[1] & 127;
+      mask_len = buf[1] & 128 ? 4 : 0;
+      if (len < 126) {
+        conn->content_len = 2 + mask_len + len;
+        mask = buf + 2;
+      } else if (len == 126 && body_len >= 4) {
+        conn->content_len = 2 + mask_len + ((((int) buf[2]) << 8) + buf[3]);
+        mask = buf + 4;
+      } else if (body_len >= 10) {
+        conn->content_len = 2 + mask_len +
+          (((uint64_t) htonl(* (uint32_t *) &buf[2])) << 32) |
+          htonl(* (uint32_t *) &buf[6]);
+        mask = buf + 10;
+      }
+    }
+
+    if (conn->content_len > 0) {
+      if (call_user(conn, MG_WEBSOCKET_MESSAGE) != NULL) {
+        break;  // Callback signalled to exit
+      }
+      discard_len = conn->content_len > body_len ?
+          body_len : (int) conn->content_len;
+      memmove(buf, buf + discard_len, conn->data_len - discard_len);
+      conn->data_len -= discard_len;
+      conn->content_len = conn->consumed_content = 0;
+    } else {
+      if (wait_until_socket_is_readable(conn) == 0) {
+        break;
+      }
+      n = pull(NULL, conn, conn->buf + conn->data_len,
+               conn->buf_size - conn->data_len);
+      if (n <= 0) {
+        break;
+      }
+      conn->data_len += n;
+    }
+  }
+}
+
+static void handle_websocket_request(struct mg_connection *conn) {
+  if (strcmp(mg_get_header(conn, "Sec-WebSocket-Version"), "13") != 0) {
+    send_http_error(conn, 426, "Upgrade Required", "%s", "Upgrade Required");
+  } else if (call_user(conn, MG_WEBSOCKET_CONNECT) != NULL) {
+    // Callback has returned non-NULL, do not proceed with handshake
+  } else {
+    send_websocket_handshake(conn);
+    call_user(conn, MG_WEBSOCKET_READY);
+    read_websocket(conn);
+    call_user(conn, MG_WEBSOCKET_CLOSE);
+  }
+}
+
+static int is_websocket_request(const struct mg_connection *conn) {
+  const char *host, *upgrade, *connection, *version, *key;
+
+  host = mg_get_header(conn, "Host");
+  upgrade = mg_get_header(conn, "Upgrade");
+  connection = mg_get_header(conn, "Connection");
+  key = mg_get_header(conn, "Sec-WebSocket-Key");
+  version = mg_get_header(conn, "Sec-WebSocket-Version");
+
+  return host != NULL && upgrade != NULL && connection != NULL &&
+    key != NULL && version != NULL &&
+    strstr(upgrade, "websocket") != NULL &&
+    strstr(connection, "Upgrade") != NULL;
+}
+#endif // !USE_WEBSOCKET
+
+static int isbyte(int n) {
+  return n >= 0 && n <= 255;
+}
+
+static int parse_net(const char *spec, uint32_t *net, uint32_t *mask) {
+  int n, a, b, c, d, slash = 32, len = 0;
+
+  if ((sscanf(spec, "%d.%d.%d.%d/%d%n", &a, &b, &c, &d, &slash, &n) == 5 ||
+      sscanf(spec, "%d.%d.%d.%d%n", &a, &b, &c, &d, &n) == 4) &&
+      isbyte(a) && isbyte(b) && isbyte(c) && isbyte(d) &&
+      slash >= 0 && slash < 33) {
+    len = n;
+    *net = ((uint32_t)a << 24) | ((uint32_t)b << 16) | ((uint32_t)c << 8) | d;
+    *mask = slash ? 0xffffffffU << (32 - slash) : 0;
+  }
+
+  return len;
+}
+
+static int set_throttle(const char *spec, uint32_t remote_ip, const char *uri) {
+  int throttle = 0;
+  struct vec vec, val;
+  uint32_t net, mask;
+  char mult;
+  double v;
+
+  while ((spec = next_option(spec, &vec, &val)) != NULL) {
+    mult = ',';
+    if (sscanf(val.ptr, "%lf%c", &v, &mult) < 1 || v < 0 ||
+        (lowercase(&mult) != 'k' && lowercase(&mult) != 'm' && mult != ',')) {
+      continue;
+    }
+    v *= lowercase(&mult) == 'k' ? 1024 : lowercase(&mult) == 'm' ? 1048576 : 1;
+    if (vec.len == 1 && vec.ptr[0] == '*') {
+      throttle = (int) v;
+    } else if (parse_net(vec.ptr, &net, &mask) > 0) {
+      if ((remote_ip & mask) == net) {
+        throttle = (int) v;
+      }
+    } else if (match_prefix(vec.ptr, vec.len, uri) > 0) {
+      throttle = (int) v;
+    }
+  }
+
+  return throttle;
+}
+
+static uint32_t get_remote_ip(const struct mg_connection *conn) {
+  return ntohl(* (uint32_t *) &conn->client.rsa.sin.sin_addr);
+}
+
+// This is the heart of the Mongoose's logic.
+// This function is called when the request is read, parsed and validated,
+// and Mongoose must decide what action to take: serve a file, or
+// a directory, or call embedded function, etcetera.
+static void handle_request(struct mg_connection *conn) {
+  struct mg_request_info *ri = &conn->request_info;
+  char path[PATH_MAX];
+  int stat_result, uri_len;
+  struct mgstat st;
+
+  if ((conn->request_info.query_string = strchr(ri->uri, '?')) != NULL) {
+    *conn->request_info.query_string++ = '\0';
+  }
+  uri_len = (int) strlen(ri->uri);
+  mg_url_decode(ri->uri, (size_t)uri_len, ri->uri, (size_t)(uri_len + 1), 0);
+  remove_double_dots_and_double_slashes(ri->uri);
+  stat_result = convert_uri_to_file_name(conn, path, sizeof(path), &st);
+  conn->throttle = set_throttle(conn->ctx->config[THROTTLE],
+                                get_remote_ip(conn), ri->uri);
+
+  DEBUG_TRACE(("%s", ri->uri));
+
+  parse_auth_header(conn);
+
+  if (call_user(conn, MG_AUTHENTICATE) != NULL) {
+    // Do nothing, callback has served the request
+  } else if (!check_authorization(conn, path)) {
+    mg_send_authorization_request(conn, NULL);
+#if defined(USE_WEBSOCKET)
+  } else if (is_websocket_request(conn)) {
+    handle_websocket_request(conn);
+#endif
+  } else if (call_user(conn, MG_NEW_REQUEST) != NULL) {
+    // Do nothing, callback has served the request
+  } else if (!strcmp(ri->request_method, "OPTIONS")) {
+    send_options(conn);
+  } else if (conn->ctx->config[DOCUMENT_ROOT] == NULL) {
+    send_http_error(conn, 404, "Not Found", "Not Found");
+  } else if ((!strcmp(ri->request_method, "PUT") ||
+        !strcmp(ri->request_method, "DELETE")) &&
+      (conn->ctx->config[PUT_DELETE_PASSWORDS_FILE] == NULL ||
+       !is_authorized_for_put(conn))) {
+    mg_send_authorization_request(conn, NULL);
+  } else if (!strcmp(ri->request_method, "PUT")) {
+    put_file(conn, path);
+  } else if (!strcmp(ri->request_method, "DELETE")) {
+    if (mg_remove(path) == 0) {
+      send_http_error(conn, 200, "OK", "");
+    } else {
+      send_http_error(conn, 500, http_500_error, "remove(%s): %s", path,
+                      strerror(ERRNO));
+    }
+  } else if (stat_result != 0 || must_hide_file(conn, path)) {
+    send_http_error(conn, 404, "Not Found", "%s", "File not found");
+  } else if (st.is_directory && ri->uri[uri_len - 1] != '/') {
+    (void) mg_printf(conn, "HTTP/1.1 301 Moved Permanently\r\n"
+                     "Location: %s/\r\n\r\n", ri->uri);
+  } else if (!strcmp(ri->request_method, "PROPFIND")) {
+    handle_propfind(conn, path, &st);
+  } else if (st.is_directory &&
+             !substitute_index_file(conn, path, sizeof(path), &st)) {
+    if (!mg_strcasecmp(conn->ctx->config[ENABLE_DIRECTORY_LISTING], "yes")) {
+      handle_directory_request(conn, path);
+    } else {
+      send_http_error(conn, 403, "Directory Listing Denied",
+          "Directory listing denied");
+    }
+#if !defined(NO_CGI)
+  } else if (match_prefix(conn->ctx->config[CGI_EXTENSIONS],
+                          strlen(conn->ctx->config[CGI_EXTENSIONS]),
+                          path) > 0) {
+    if (strcmp(ri->request_method, "POST") &&
+        strcmp(ri->request_method, "GET")) {
+      send_http_error(conn, 501, "Not Implemented",
+                      "Method %s is not implemented", ri->request_method);
+    } else {
+      mg_handle_cgi_request(conn, path);
+    }
+#endif // !NO_CGI
+  } else if (match_prefix(conn->ctx->config[SSI_EXTENSIONS],
+                          strlen(conn->ctx->config[SSI_EXTENSIONS]),
+                          path) > 0) {
+    handle_ssi_file_request(conn, path);
+  } else if (is_not_modified(conn, &st)) {
+    send_http_error(conn, 304, "Not Modified", "");
+  } else {
+    handle_file_request(conn, path, &st);
+  }
+}
+
+static void close_all_listening_sockets(struct mg_context *ctx) {
+  struct socket *sp, *tmp;
+  for (sp = ctx->listening_sockets; sp != NULL; sp = tmp) {
+    tmp = sp->next;
+    (void) closesocket(sp->sock);
+    MG_FREE(sp);
+  }
+}
+
+// Valid listening port specification is: [ip_address:]port[s]
+// Examples: 80, 443s, 127.0.0.1:3128, 1.2.3.4:8080s
+// TODO(lsm): add parsing of the IPv6 address
+static int parse_port_string(const struct vec *vec, struct socket *so) {
+  int a, b, c, d, port, len;
+
+  // MacOS needs that. If we do not zero it, subsequent bind() will fail.
+  // Also, all-zeroes in the socket address means binding to all addresses
+  // for both IPv4 and IPv6 (INADDR_ANY and IN6ADDR_ANY_INIT).
+  memset(so, 0, sizeof(*so));
+
+  if (sscanf(vec->ptr, "%d.%d.%d.%d:%d%n", &a, &b, &c, &d, &port, &len) == 5) {
+    // Bind to a specific IPv4 address
+    so->lsa.sin.sin_addr.s_addr = htonl((a << 24) | (b << 16) | (c << 8) | d);
+  } else if (sscanf(vec->ptr, "%d%n", &port, &len) != 1 ||
+             len <= 0 ||
+             len > (int) vec->len ||
+             (vec->ptr[len] && vec->ptr[len] != 's' && vec->ptr[len] != ',')) {
+    return 0;
+  }
+
+  so->is_ssl = vec->ptr[len] == 's';
+#if defined(USE_IPV6)
+  so->lsa.sin6.sin6_family = AF_INET6;
+  so->lsa.sin6.sin6_port = htons((uint16_t) port);
+#else
+  so->lsa.sin.sin_family = AF_INET;
+  so->lsa.sin.sin_port = htons((uint16_t) port);
+#endif
+
+  return 1;
+}
+
+static void set_receive_timeout(SOCKET sock) {
+
+#ifdef SOCKET_RECEIVE_TIMEOUT
+   if (SOCKET_RECEIVE_TIMEOUT>0) {
+#ifdef _WIN32
+      unsigned long to = SOCKET_RECEIVE_TIMEOUT * 1000;
+      unsigned int uto = SOCKET_RECEIVE_TIMEOUT * 1000;
+      setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (const char *)&to, sizeof(to));
+      /* TCP_USER_TIMEOUT (according to RFC5482) is not (yet?) supported in win32 ?
+      setsockopt(sock, IPPROTO_TCP, TCP_USER_TIMEOUT, (const char *)&uto, sizeof(uto));
+      */
+#else
+      unsigned int uto = SOCKET_RECEIVE_TIMEOUT * 1000;
+      struct timeval to;
+      to.tv_usec=0;
+      to.tv_sec=socketTimeOut;
+
+      setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (const void *)&to, sizeof(to));
+      setsockopt(sock, SOL_TCP, TCP_USER_TIMEOUT, (const void *)&uto, sizeof(uto));
+#endif
+   }
+#endif
+}
+
+static int set_ports_option(struct mg_context *ctx) {
+  const char *list = ctx->config[LISTENING_PORTS];
+  int on = 1, success = 1;
+  SOCKET sock;
+  struct vec vec;
+  struct socket so, *listener;
+
+  while (success && (list = next_option(list, &vec, NULL)) != NULL) {
+    if (!parse_port_string(&vec, &so)) {
+      cry(fc(ctx), "%s: %.*s: invalid port spec. Expecting list of: %s",
+          __func__, (int) vec.len, vec.ptr, "[IP_ADDRESS:]PORT[s|p]");
+      success = 0;
+    } else if (so.is_ssl &&
+               (ctx->ssl_ctx == NULL || ctx->config[SSL_CERTIFICATE] == NULL)) {
+      cry(fc(ctx), "Cannot add SSL socket, is -ssl_certificate option set?");
+      success = 0;
+    } else if ((sock = socket(so.lsa.sa.sa_family, SOCK_STREAM, 6)) ==
+               INVALID_SOCKET ||
+#if !defined(_WIN32)
+               // On Windows, SO_REUSEADDR is recommended only for
+               // broadcast UDP sockets
+setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on,
+sizeof(on)) != 0 ||
+#endif // !_WIN32
+// Set TCP keep-alive. This is needed because if HTTP-level
+// keep-alive is enabled, and client resets the connection,
+// server won't get TCP FIN or RST and will keep the connection
+// open forever. With TCP keep-alive, next keep-alive
+// handshake will figure out that the client is down and
+// will close the server end.
+// Thanks to Igor Klopov who suggested the patch.
+               setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *) &on,
+sizeof(on)) != 0 ||
+               bind(sock, &so.lsa.sa, sizeof(so.lsa)) != 0 ||
+               listen(sock, SOMAXCONN) != 0) {
+      closesocket(sock);
+      cry(fc(ctx), "%s: cannot bind to %.*s: %s", __func__,
+          (int) vec.len, vec.ptr, strerror(ERRNO));
+      success = 0;
+    } else if ((listener = (struct socket *)
+                MG_CALLOC(1, sizeof(*listener))) == NULL) {
+      // NOTE(lsm): order is important: call cry before closesocket(),
+      // cause closesocket() alters the errno.
+      cry(fc(ctx), "%s: %s", __func__, strerror(ERRNO));
+      closesocket(sock);
+      success = 0;
+    } else {
+      *listener = so;
+      listener->sock = sock;
+      set_close_on_exec(listener->sock);
+      listener->next = ctx->listening_sockets;
+      ctx->listening_sockets = listener;
+      //set_receive_timeout(sock); // <bel> set timeouts
+    }
+  }
+
+  if (!success) {
+    close_all_listening_sockets(ctx);
+  }
+
+  return success;
+}
+
+static void log_header(const struct mg_connection *conn, const char *header,
+                       FILE *fp) {
+  const char *header_value;
+
+  if ((header_value = mg_get_header(conn, header)) == NULL) {
+    (void) fprintf(fp, "%s", " -");
+  } else {
+    (void) fprintf(fp, " \"%s\"", header_value);
+  }
+}
+
+static void log_access(const struct mg_connection *conn) {
+  const struct mg_request_info *ri;
+  FILE *fp;
+  char date[64], src_addr[20];
+
+  fp = conn->ctx->config[ACCESS_LOG_FILE] == NULL ?  NULL :
+    mg_fopen(conn->ctx->config[ACCESS_LOG_FILE], "a+");
+
+  if (fp == NULL)
+    return;
+
+  strftime(date, sizeof(date), "%d/%b/%Y:%H:%M:%S %z",
+           localtime(&conn->birth_time));
+
+  ri = &conn->request_info;
+  flockfile(fp);
+
+  sockaddr_to_string(src_addr, sizeof(src_addr), &conn->client.rsa);
+  fprintf(fp, "%s - %s [%s] \"%s %s HTTP/%s\" %d %" INT64_FMT,
+          src_addr, ri->remote_user == NULL ? "-" : ri->remote_user, date,
+          ri->request_method ? ri->request_method : "-",
+          ri->uri ? ri->uri : "-", ri->http_version,
+          conn->request_info.status_code, conn->num_bytes_sent);
+  log_header(conn, "Referer", fp);
+  log_header(conn, "User-Agent", fp);
+  fputc('\n', fp);
+  fflush(fp);
+
+  funlockfile(fp);
+  fclose(fp);
+}
+
+// Verify given socket address against the ACL.
+// Return -1 if ACL is malformed, 0 if address is disallowed, 1 if allowed.
+static int check_acl(struct mg_context *ctx, uint32_t remote_ip) {
+  int allowed, flag;
+  uint32_t net, mask;
+  struct vec vec;
+  const char *list = ctx->config[ACCESS_CONTROL_LIST];
+
+  // If any ACL is set, deny by default
+  allowed = list == NULL ? '+' : '-';
+
+  while ((list = next_option(list, &vec, NULL)) != NULL) {
+    flag = vec.ptr[0];
+    if ((flag != '+' && flag != '-') ||
+        parse_net(&vec.ptr[1], &net, &mask) == 0) {
+      cry(fc(ctx), "%s: subnet must be [+|-]x.x.x.x[/x]", __func__);
+      return -1;
+    }
+
+    if (net == (remote_ip & mask)) {
+      allowed = flag;
+    }
+  }
+
+  return allowed == '+';
+}
+
+static void add_to_set(SOCKET fd, fd_set *set, int *max_fd) {
+  FD_SET(fd, set);
+  if (fd > (SOCKET) *max_fd) {
+    *max_fd = (int) fd;
+  }
+}
+
+#if !defined(_WIN32)
+static int set_uid_option(struct mg_context *ctx) {
+  struct passwd *pw;
+  const char *uid = ctx->config[RUN_AS_USER];
+  int success = 0;
+
+  if (uid == NULL) {
+    success = 1;
+  } else {
+    if ((pw = getpwnam(uid)) == NULL) {
+      cry(fc(ctx), "%s: unknown user [%s]", __func__, uid);
+    } else if (setgid(pw->pw_gid) == -1) {
+      cry(fc(ctx), "%s: setgid(%s): %s", __func__, uid, strerror(errno));
+    } else if (setuid(pw->pw_uid) == -1) {
+      cry(fc(ctx), "%s: setuid(%s): %s", __func__, uid, strerror(errno));
+    } else {
+      success = 1;
+    }
+  }
+
+  return success;
+}
+#endif // !_WIN32
+
+#if !defined(NO_SSL)
+static pthread_mutex_t *ssl_mutexes;
+
+static void ssl_locking_callback(int mode, int mutex_num, const char *file,
+                                 int line) {
+  line = 0;    // Unused
+  file = NULL; // Unused
+
+  if (mode & CRYPTO_LOCK) {
+    (void) pthread_mutex_lock(&ssl_mutexes[mutex_num]);
+  } else {
+    (void) pthread_mutex_unlock(&ssl_mutexes[mutex_num]);
+  }
+}
+
+static unsigned long ssl_id_callback(void) {
+  return (unsigned long) pthread_self();
+}
+
+#if !defined(NO_SSL_DL)
+static int load_dll(struct mg_context *ctx, const char *dll_name,
+                    struct ssl_func *sw) {
+  union {void *p; void (*fp)(void);} u;
+  void  *dll_handle;
+  struct ssl_func *fp;
+
+  if ((dll_handle = dlopen(dll_name, RTLD_LAZY)) == NULL) {
+    cry(fc(ctx), "%s: cannot load %s", __func__, dll_name);
+    return 0;
+  }
+
+  for (fp = sw; fp->name != NULL; fp++) {
+#ifdef _WIN32
+    // GetProcAddress() returns pointer to function
+    u.fp = (void (*)(void)) dlsym(dll_handle, fp->name);
+#else
+    // dlsym() on UNIX returns void *. ISO C forbids casts of data pointers to
+    // function pointers. We need to use a union to make a cast.
+    u.p = dlsym(dll_handle, fp->name);
+#endif // _WIN32
+    if (u.fp == NULL) {
+      cry(fc(ctx), "%s: %s: cannot find %s", __func__, dll_name, fp->name);
+      return 0;
+    } else {
+      fp->ptr = u.fp;
+    }
+  }
+
+  return 1;
+}
+#endif // NO_SSL_DL
+
+// Dynamically load SSL library. Set up ctx->ssl_ctx pointer.
+static int set_ssl_option(struct mg_context *ctx) {
+  struct mg_request_info request_info;
+  SSL_CTX *CTX;
+  int i, size;
+  int ssl_result;
+  const char *pem = ctx->config[SSL_CERTIFICATE];
+  const char *chain = ctx->config[SSL_CHAIN_FILE];
+
+#ifndef USE_AXTLS_ON_MEMORY
+  if (pem == NULL) {
+    return 1;
+  }
+#endif
+
+#if !defined(NO_SSL_DL)
+  if (!load_dll(ctx, SSL_LIB, ssl_sw) ||
+      !load_dll(ctx, CRYPTO_LIB, crypto_sw)) {
+    return 0;
+  }
+#endif // NO_SSL_DL
+
+  // Initialize SSL crap
+  SSL_library_init();
+  SSL_load_error_strings();
+
+#ifdef USE_AXTLS
+  CTX = 0;
+  if (ctx->user_callback != NULL) {
+    memset(&request_info, 0, sizeof(request_info));
+    request_info.user_data = ctx->user_data;
+    request_info.uri = ctx->config[DOCUMENT_ROOT];
+    ctx->user_callback(MG_INIT_SSL, (struct mg_connection *) &CTX,
+                       &request_info);
+  }
+  if (!CTX) {
+    cry(fc(ctx), "SSL_CTX_new error: %s", ssl_error(MG_SSL_CREATE_CTX_ERROR));
+    return 0;
+  }
+#else
+  if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) {
+    cry(fc(ctx), "SSL_CTX_new error: %s", ssl_error(MG_SSL_CREATE_CTX_ERROR));
+    return 0;
+  } else if (ctx->user_callback != NULL) {
+    memset(&request_info, 0, sizeof(request_info));
+    request_info.user_data = ctx->user_data;
+    ctx->user_callback(MG_INIT_SSL, (struct mg_connection *) CTX,
+                       &request_info);
+  }
+#endif
+
+#ifndef USE_AXTLS_ON_MEMORY
+  if (CTX != NULL && (ssl_result = SSL_CTX_use_certificate_file(CTX, pem,
+        SSL_FILETYPE_PEM)) == 0) {
+    cry(fc(ctx), "%s: cannot open %s: %s", __func__, pem, ssl_error(ssl_result));
+    return 0;
+  }
+#ifndef USE_AXTLS
+  else if (CTX != NULL && (ssl_result = SSL_CTX_use_PrivateKey_file(CTX, pem,
+        SSL_FILETYPE_PEM)) == 0) {
+    cry(fc(ctx), "%s: cannot open %s: %s", NULL, pem, ssl_error(ssl_result));
+    return 0;
+  }
+#endif
+
+  if (CTX != NULL && chain != NULL &&
+      (ssl_result = SSL_CTX_use_certificate_chain_file(CTX, chain)) == 0) {
+    cry(fc(ctx), "%s: cannot open %s: %s", NULL, chain, ssl_error(ssl_result));
+    return 0;
+  }
+
+#ifndef USE_AXTLS
+  // Initialize locking callbacks, needed for thread safety.
+  // http://www.openssl.org/support/faq.html#PROG1
+  size = sizeof(pthread_mutex_t) * CRYPTO_num_locks();
+  if ((ssl_mutexes = (pthread_mutex_t *) MG_MALLOC((size_t)size)) == NULL) {
+    cry(fc(ctx), "%s: cannot allocate mutexes: %s", __func__, ssl_error(MG_SSL_ALOCATE_MUTEX_ERROR));
+    return 0;
+  }
+
+  for (i = 0; i < CRYPTO_num_locks(); i++) {
+    pthread_mutex_init(&ssl_mutexes[i], NULL);
+  }
+
+  CRYPTO_set_locking_callback(&ssl_locking_callback);
+  CRYPTO_set_id_callback(&ssl_id_callback);
+#endif
+
+#endif //USE_AXTLS_ON_MEMORY
+  // Done with everything. Save the context.
+  ctx->ssl_ctx = CTX;
+
+  return 1;
+}
+
+static void uninitialize_ssl(struct mg_context *ctx) {
+#ifndef USE_AXTLS
+  int i;
+  if (ctx->ssl_ctx != NULL) {
+    CRYPTO_set_locking_callback(NULL);
+    for (i = 0; i < CRYPTO_num_locks(); i++) {
+      pthread_mutex_destroy(&ssl_mutexes[i]);
+    }
+    CRYPTO_set_locking_callback(NULL);
+    CRYPTO_set_id_callback(NULL);
+  }
+#endif
+}
+#endif // !NO_SSL
+
+static int set_gpass_option(struct mg_context *ctx) {
+  struct mgstat mgstat;
+  const char *path = ctx->config[GLOBAL_PASSWORDS_FILE];
+  return path == NULL || mg_stat(path, &mgstat) == 0;
+}
+
+static int set_acl_option(struct mg_context *ctx) {
+  return check_acl(ctx, (uint32_t) 0x7f000001UL) != -1;
+}
+
+static void reset_per_request_attributes(struct mg_connection *conn) {
+  struct mg_request_info *ri = &conn->request_info;
+
+  // Reset request info attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
+  if (ri->remote_user != NULL) {
+    MG_FREE((void *) ri->remote_user);
+  }
+  if (ri->ah != NULL) {
+    if (ri->ah->ha1 != NULL) {
+      MG_FREE((void *) ri->ah->ha1);
+    }
+    if (ri->ah->expected_response != NULL) {
+      MG_FREE((void *) ri->ah->expected_response);
+    }
+    MG_FREE((void *) ri->ah);
+  }
+  ri->remote_user = ri->request_method = ri->uri = ri->http_version = NULL;
+  ri->ah = NULL;
+  ri->num_headers = 0;
+  ri->status_code = -1;
+
+  if (conn->auth_header != NULL) {
+    MG_FREE((void *) conn->auth_header);
+  }
+  conn->auth_header = NULL;
+  conn->num_bytes_sent = conn->consumed_content = 0;
+  conn->content_len = -1;
+  conn->request_len = conn->data_len = 0;
+  conn->must_close = 0;
+}
+
+static void close_socket_gracefully(struct mg_connection *conn) {
+  char buf[MG_BUF_LEN];
+  struct linger linger;
+  int n, sock = conn->client.sock;
+
+  // Set linger option to avoid socket hanging out after close. This prevent
+  // ephemeral port exhaust problem under high QPS.
+  linger.l_onoff = 1;
+  linger.l_linger = 1;
+  setsockopt(sock, SOL_SOCKET, SO_LINGER, (char *) &linger, sizeof(linger));
+
+  // Send FIN to the client
+  (void) shutdown(sock, SHUT_WR);
+  set_non_blocking_mode(sock);
+
+  // Read and discard pending incoming data. If we do not do that and close the
+  // socket, the data in the send buffer may be discarded. This
+  // behaviour is seen on Windows, when client keeps sending data
+  // when server decides to close the connection; then when client
+  // does recv() it gets no data back.
+  do {
+    n = pull(NULL, conn, buf, sizeof(buf));
+  } while (n > 0);
+
+  // Now we know that our FIN is ACK-ed, safe to close
+  (void) closesocket(sock);
+}
+
+static void close_connection(struct mg_connection *conn) {
+  if (conn->ssl) {
+    SSL_free(conn->ssl);
+    conn->ssl = NULL;
+  }
+
+  if (conn->client.sock != INVALID_SOCKET) {
+    close_socket_gracefully(conn);
+  }
+}
+
+void mg_close_connection(struct mg_connection *conn) {
+  close_connection(conn);
+  free(conn);
+}
+
+struct mg_connection *mg_connect(struct mg_context *ctx,
+                                 const char *host, int port, int use_ssl) {
+  struct mg_connection *newconn = NULL;
+  struct sockaddr_in sin;
+  struct hostent *he;
+  int sock;
+
+  if (use_ssl && (ctx == NULL || ctx->client_ssl_ctx == NULL)) {
+    cry(fc(ctx), "%s: SSL is not initialized", __func__);
+  } else if ((he = gethostbyname(host)) == NULL) {
+    cry(fc(ctx), "%s: gethostbyname(%s): %s", __func__, host, strerror(ERRNO));
+  } else if ((sock = socket(PF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
+    cry(fc(ctx), "%s: socket: %s", __func__, strerror(ERRNO));
+  } else {
+    sin.sin_family = AF_INET;
+    sin.sin_port = htons((uint16_t) port);
+    sin.sin_addr = * (struct in_addr *) he->h_addr_list[0];
+    if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) != 0) {
+      cry(fc(ctx), "%s: connect(%s:%d): %s", __func__, host, port,
+          strerror(ERRNO));
+      closesocket(sock);
+    } else if ((newconn = (struct mg_connection *)
+                calloc(1, sizeof(*newconn))) == NULL) {
+      cry(fc(ctx), "%s: calloc: %s", __func__, strerror(ERRNO));
+      closesocket(sock);
+    } else {
+      newconn->ctx = ctx;
+      newconn->client.sock = sock;
+      newconn->client.rsa.sin = sin;
+      newconn->client.is_ssl = use_ssl;
+      if (use_ssl) {
+        sslize(newconn, ctx->client_ssl_ctx, SSL_connect);
+      }
+    }
+  }
+
+  return newconn;
+}
+
+FILE *mg_fetch(struct mg_context *ctx, const char *url, const char *path,
+               char *buf, size_t buf_len, struct mg_request_info *ri) {
+  struct mg_connection *newconn;
+  int n, req_length, data_length, port;
+  char host[1025], proto[10], buf2[MG_BUF_LEN];
+  FILE *fp = NULL;
+
+  if (sscanf(url, "%9[htps]://%1024[^:]:%d/%n", proto, host, &port, &n) == 3) {
+  } else if (sscanf(url, "%9[htps]://%1024[^/]/%n", proto, host, &n) == 2) {
+    port = mg_strcasecmp(proto, "https") == 0 ? 443 : 80;
+  } else {
+    cry(fc(ctx), "%s: invalid URL: [%s]", __func__, url);
+    return NULL;
+  }
+
+  if ((newconn = mg_connect(ctx, host, port,
+                            !strcmp(proto, "https"))) == NULL) {
+    cry(fc(ctx), "%s: mg_connect(%s): %s", __func__, url, strerror(ERRNO));
+  } else {
+    mg_printf(newconn, "GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n", url + n, host);
+    data_length = 0;
+    req_length = read_request(NULL, newconn, buf, buf_len, &data_length);
+    if (req_length <= 0) {
+      cry(fc(ctx), "%s(%s): invalid HTTP reply", __func__, url);
+    } else if (parse_http_response(buf, req_length, ri) <= 0) {
+      cry(fc(ctx), "%s(%s): cannot parse HTTP headers", __func__, url);
+    } else if ((fp = fopen(path, "w+b")) == NULL) {
+      cry(fc(ctx), "%s: fopen(%s): %s", __func__, path, strerror(ERRNO));
+    } else {
+      // Write chunk of data that may be in the user's buffer
+      data_length -= req_length;
+      if (data_length > 0 &&
+        fwrite(buf + req_length, 1, data_length, fp) != (size_t) data_length) {
+        cry(fc(ctx), "%s: fwrite(%s): %s", __func__, path, strerror(ERRNO));
+        fclose(fp);
+        fp = NULL;
+      }
+      // Read the rest of the response and write it to the file. Do not use
+      // mg_read() cause we didn't set newconn->content_len properly.
+      while (fp && (data_length = pull(0, newconn, buf2, sizeof(buf2))) > 0) {
+        if (fwrite(buf2, 1, data_length, fp) != (size_t) data_length) {
+          cry(fc(ctx), "%s: fwrite(%s): %s", __func__, path, strerror(ERRNO));
+          fclose(fp);
+          fp = NULL;
+          break;
+        }
+      }
+    }
+    mg_close_connection(newconn);
+  }
+
+  return fp;
+}
+
+static void discard_current_request_from_buffer(struct mg_connection *conn) {
+  //char *buffered;
+  int buffered_len, body_len;
+
+  //buffered = conn->buf + conn->request_len;
+  buffered_len = conn->data_len - conn->request_len;
+  assert(buffered_len >= 0);
+
+  if (conn->content_len <= 0) {
+    // Protect from negative Content-Length, too
+    body_len = 0;
+  } else if (conn->content_len < (int64_t) buffered_len) {
+    body_len = (int) conn->content_len;
+  } else {
+    body_len = buffered_len;
+  }
+
+  conn->data_len -= conn->request_len + body_len;
+  memmove(conn->buf, conn->buf + conn->request_len + body_len,
+          (size_t) conn->data_len);
+}
+
+static int parse_url(const char *url, char *host, int *port) {
+  int len;
+
+  if (sscanf(url, "%*[htps]://%1024[^:]:%d%n", host, port, &len) == 2 ||
+      sscanf(url, "%1024[^:]:%d%n", host, port, &len) == 2) {
+  } else if (sscanf(url, "%*[htps]://%1024[^/]%n", host, &len) == 1) {
+    *port = 80;
+  } else {
+    sscanf(url, "%1024[^/]%n", host, &len);
+    *port = 80;
+  }
+  DEBUG_TRACE(("Host:%s, port:%d", host, *port));
+
+  return len;
+}
+
+static void handle_proxy_request(struct mg_connection *conn) {
+  struct mg_request_info *ri = &conn->request_info;
+  char host[1025], buf[BUFSIZ];
+  int port, is_ssl, len, i, n;
+
+  DEBUG_TRACE(("URL: %s", ri->uri));
+  if (ri->uri == NULL ||
+      ri->uri[0] == '/' ||
+      (len = parse_url(ri->uri, host, &port)) == 0) {
+    return;
+  }
+
+  if (conn->peer == NULL) {
+    is_ssl = !strcmp(ri->request_method, "CONNECT");
+    if ((conn->peer = mg_connect(conn->ctx, host, port, is_ssl)) == NULL) {
+      return;
+    }
+    conn->peer->client.is_ssl = is_ssl;
+  }
+
+  // Forward client's request to the target
+  mg_printf(conn->peer, "%s %s HTTP/%s\r\n", ri->request_method, ri->uri + len,
+            ri->http_version);
+
+  // And also all headers. TODO(lsm): anonymize!
+  for (i = 0; i < ri->num_headers; i++) {
+    mg_printf(conn->peer, "%s: %s\r\n", ri->http_headers[i].name,
+              ri->http_headers[i].value);
+  }
+  // End of headers, final newline
+  mg_write(conn->peer, "\r\n", 2);
+
+  // Read and forward body data if any
+  if (!strcmp(ri->request_method, "POST")) {
+    forward_body_data(conn, NULL, conn->peer->client.sock, conn->peer->ssl);
+  }
+
+  // Read data from the target and forward it to the client
+  while ((n = pull(NULL, conn, buf, sizeof(buf))) > 0) {
+    if (mg_write(conn, buf, (size_t)n) != n) {
+      break;
+    }
+  }
+
+  if (!conn->peer->client.is_ssl) {
+    close_connection(conn->peer);
+    MG_FREE(conn->peer);
+    conn->peer = NULL;
+  }
+}
+
+static int is_valid_uri(const char *uri) {
+  // Conform to http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
+  // URI can be an asterisk (*) or should start with slash.
+  return (uri[0] == '/' || (uri[0] == '*' && uri[1] == '\0'));
+}
+
+static void process_new_connection(struct mg_connection *conn) {
+  struct mg_request_info *ri = &conn->request_info;
+  int keep_alive_enabled, buffered_len;
+  const char *cl;
+
+  keep_alive_enabled = !strcmp(conn->ctx->config[ENABLE_KEEP_ALIVE], "yes");
+
+  do {
+    reset_per_request_attributes(conn);
+    conn->request_len = read_request(NULL, conn, conn->buf, conn->buf_size,
+                                     &conn->data_len);
+    assert(conn->request_len < 0 || conn->data_len >= conn->request_len);
+    if (conn->request_len == 0 && conn->data_len == conn->buf_size) {
+      send_http_error(conn, 413, "Request Too Large", "");
+      return;
+    } if (conn->request_len <= 0) {
+      return;  // Remote end closed the connection
+    }
+    conn->body = conn->next_request = conn->buf + conn->request_len;
+
+    if (parse_http_request(conn->buf, conn->buf_size, ri) <= 0 ||
+        !is_valid_uri(ri->uri)) {
+      // Do not put garbage in the access log, just send it back to the client
+      send_http_error(conn, 400, "Bad Request",
+          "Cannot parse HTTP request: [%.*s]", conn->data_len, conn->buf);
+      conn->must_close = 1;
+    } else if (strcmp(ri->http_version, "1.0") &&
+               strcmp(ri->http_version, "1.1")) {
+      // Request seems valid, but HTTP version is strange
+      send_http_error(conn, 505, "HTTP version not supported", "");
+      log_access(conn);
+    } else {
+      // Request is valid, handle it
+      cl = get_header(ri, "Content-Length");
+      conn->content_len = cl == NULL ? -1 : strtoll(cl, NULL, 10);
+
+      // Set pointer to the next buffered request
+      buffered_len = conn->data_len - conn->request_len;
+      assert(buffered_len >= 0);
+      if (conn->content_len <= 0) {
+      } else if (conn->content_len < (int64_t) buffered_len) {
+        conn->next_request += conn->content_len;
+      } else {
+        conn->next_request += buffered_len;
+      }
+
+      conn->birth_time = time(NULL);
+      if (conn->client.is_proxy) {
+        handle_proxy_request(conn);
+      } else {
+        handle_request(conn);
+		call_user(conn, MG_REQUEST_COMPLETE);
+      }
+      log_access(conn);
+      discard_current_request_from_buffer(conn);
+    }
+    // conn->peer is not NULL only for SSL-ed proxy connections
+  } while (conn->ctx->stop_flag == 0 &&
+           (conn->peer || (keep_alive_enabled && should_keep_alive(conn))));
+}
+
+// Worker threads take accepted socket from the queue
+static int consume_socket(struct mg_context *ctx, struct socket *sp) {
+  (void) pthread_mutex_lock(&ctx->mutex);
+  DEBUG_TRACE(("going idle"));
+
+  // If the queue is empty, wait. We're idle at this point.
+  while (ctx->sq_head == ctx->sq_tail && ctx->stop_flag == 0) {
+    pthread_cond_wait(&ctx->sq_full, &ctx->mutex);
+  }
+
+  // If we're stopping, sq_head may be equal to sq_tail.
+  if (ctx->sq_head > ctx->sq_tail) {
+    // Copy socket from the queue and increment tail
+    *sp = ctx->queue[ctx->sq_tail % ARRAY_SIZE(ctx->queue)];
+    ctx->sq_tail++;
+    DEBUG_TRACE(("grabbed socket %d, going busy", sp->sock));
+
+    // Wrap pointers if needed
+    while (ctx->sq_tail > (int) ARRAY_SIZE(ctx->queue)) {
+      ctx->sq_tail -= ARRAY_SIZE(ctx->queue);
+      ctx->sq_head -= ARRAY_SIZE(ctx->queue);
+    }
+  }
+
+  (void) pthread_cond_signal(&ctx->sq_empty);
+  (void) pthread_mutex_unlock(&ctx->mutex);
+
+  return !ctx->stop_flag;
+}
+
+void *mg_get_plugin(struct mg_connection *conn){
+    return conn->plugin;
+}
+
+void *mg_lock_master_plugin(struct mg_connection *conn){
+    (void) pthread_mutex_lock(&conn->ctx->master_plugin_mutex);
+    return conn->ctx->master_plugin;
+}
+
+void mg_unlock_master_plugin(struct mg_connection *conn){
+    (void) pthread_mutex_unlock(&conn->ctx->master_plugin_mutex);
+}
+
+
+static void worker_thread(struct mg_context *ctx) {
+  struct mg_connection *conn;
+  int buf_size = atoi(ctx->config[MAX_REQUEST_SIZE]);
+
+  conn = (struct mg_connection *) MG_CALLOC(1, sizeof(*conn) + buf_size);
+  assert(conn != NULL);
+  conn->buf_size = buf_size;
+  conn->buf = (char *) (conn + 1);
+  conn->ctx = ctx;
+  if(ctx->user_callback)
+    conn->plugin = ctx->user_callback(MG_NEW_PLUGIN, conn,
+                                      (struct mg_request_info *)ctx);
+
+  // Call consume_socket() even when ctx->stop_flag > 0, to let it signal
+  // sq_empty condvar to wake up the master waiting in produce_socket()
+  while (consume_socket(ctx, &conn->client)) {
+    conn->birth_time = time(NULL);
+    conn->ctx = ctx;
+    //set_receive_timeout(conn->client.sock);  // <bel> set timeouts
+
+    // Fill in IP, port info early so even if SSL setup below fails,
+    // error handler would have the corresponding info.
+    // Thanks to Johannes Winkelmann for the patch.
+    // TODO(lsm): Fix IPv6 case
+    conn->request_info.remote_port = ntohs(conn->client.rsa.sin.sin_port);
+    memcpy(&conn->request_info.remote_ip,
+           &conn->client.rsa.sin.sin_addr.s_addr, 4);
+    conn->request_info.remote_ip = ntohl(conn->request_info.remote_ip);
+    conn->request_info.is_ssl = conn->client.is_ssl;
+
+    if (!conn->client.is_ssl ||
+        (conn->client.is_ssl && sslize(conn, conn->ctx->ssl_ctx, SSL_accept))) {
+      void *done = 0;
+      if(ctx->user_callback){
+        done = ctx->user_callback(MG_NEW_CONNECTION, conn,
+                                      (struct mg_request_info *)ctx);
+      }
+      if(!done) process_new_connection(conn);
+    }
+
+    close_connection(conn);
+  }
+  conn->ctx = ctx;
+  if(ctx->user_callback)
+    conn->plugin = ctx->user_callback(MG_FREE_PLUGIN, conn,
+                                      (struct mg_request_info *)ctx->user_data);
+  MG_FREE(conn);
+
+  // Signal master that we're done with connection and exiting
+  (void) pthread_mutex_lock(&ctx->mutex);
+  ctx->num_threads--;
+  (void) pthread_cond_signal(&ctx->cond);
+  assert(ctx->num_threads >= 0);
+  (void) pthread_mutex_unlock(&ctx->mutex);
+
+  DEBUG_TRACE(("exiting"));
+}
+
+// Master thread adds accepted socket to a queue
+static void produce_socket(struct mg_context *ctx, const struct socket *sp) {
+  (void) pthread_mutex_lock(&ctx->mutex);
+
+  // If the queue is full, wait
+  while (ctx->stop_flag == 0 &&
+         ctx->sq_head - ctx->sq_tail >= (int) ARRAY_SIZE(ctx->queue)) {
+    (void) pthread_cond_wait(&ctx->sq_empty, &ctx->mutex);
+  }
+
+  if (ctx->sq_head - ctx->sq_tail < (int) ARRAY_SIZE(ctx->queue)) {
+    // Copy socket to the queue and increment head
+    ctx->queue[ctx->sq_head % ARRAY_SIZE(ctx->queue)] = *sp;
+    ctx->sq_head++;
+    DEBUG_TRACE(("queued socket %d", sp->sock));
+  }
+
+  (void) pthread_cond_signal(&ctx->sq_full);
+  (void) pthread_mutex_unlock(&ctx->mutex);
+}
+
+static void accept_new_connection(const struct socket *listener,
+                                  struct mg_context *ctx) {
+  struct socket accepted;
+  char src_addr[20];
+  socklen_t len;
+  int allowed;
+
+  len = sizeof(accepted.rsa);
+  accepted.lsa = listener->lsa;
+  accepted.sock = accept(listener->sock, &accepted.rsa.sa, &len);
+  if (accepted.sock != INVALID_SOCKET) {
+    allowed = check_acl(ctx, ntohl(* (uint32_t *) &accepted.rsa.sin.sin_addr));
+    if (allowed) {
+      // Put accepted socket structure into the queue
+      DEBUG_TRACE(("accepted socket %d", accepted.sock));
+      accepted.is_ssl = listener->is_ssl;
+      accepted.is_proxy = listener->is_proxy;
+      //ctx->connection_count++;
+      //accepted.connection_count = ctx->connection_count;
+      produce_socket(ctx, &accepted);
+    } else {
+      sockaddr_to_string(src_addr, sizeof(src_addr), &accepted.rsa);
+      cry(fc(ctx), "%s: %s is not allowed to connect", __func__, src_addr);
+      (void) closesocket(accepted.sock);
+    }
+  }
+}
+
+static void master_thread(struct mg_context *ctx) {
+  fd_set read_set;
+  struct timeval tv;
+  struct socket *sp;
+  int max_fd;
+
+  // Increase priority of the master thread
+#if defined(_WIN32)
+  SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_ABOVE_NORMAL);
+#endif
+
+#if defined(ISSUE_317)
+  struct sched_param sched_param;
+  sched_param.sched_priority = sched_get_priority_max(SCHED_RR);
+  pthread_setschedparam(pthread_self(), SCHED_RR, &sched_param);
+#endif
+
+  while (ctx->stop_flag == 0) {
+    FD_ZERO(&read_set);
+    max_fd = -1;
+
+    // Add listening sockets to the read set
+    for (sp = ctx->listening_sockets; sp != NULL; sp = sp->next) {
+      add_to_set(sp->sock, &read_set, &max_fd);
+    }
+
+    tv.tv_sec = 0;
+    tv.tv_usec = 200 * 1000;
+
+    if (select(max_fd + 1, &read_set, NULL, NULL, &tv) < 0) {
+#ifdef _WIN32
+      // On windows, if read_set and write_set are empty,
+      // select() returns "Invalid parameter" error
+      // (at least on my Windows XP Pro). So in this case, we sleep here.
+      mg_sleep(1000);
+#endif // _WIN32
+    } else {
+      for (sp = ctx->listening_sockets; sp != NULL; sp = sp->next) {
+        if (ctx->stop_flag == 0 && FD_ISSET(sp->sock, &read_set)) {
+          accept_new_connection(sp, ctx);
+        }
+      }
+    }
+  }
+  DEBUG_TRACE(("stopping workers"));
+
+  // Stop signal received: somebody called mg_stop. Quit.
+  close_all_listening_sockets(ctx);
+
+  // Wakeup workers that are waiting for connections to handle.
+  pthread_cond_broadcast(&ctx->sq_full);
+
+  // Wait until all threads finish
+  (void) pthread_mutex_lock(&ctx->mutex);
+  while (ctx->num_threads > 0) {
+    (void) pthread_cond_wait(&ctx->cond, &ctx->mutex);
+  }
+  (void) pthread_mutex_unlock(&ctx->mutex);
+
+  // All threads exited, no sync is needed. Destroy mutex and condvars
+  (void) pthread_mutex_destroy(&ctx->mutex);
+  (void) pthread_cond_destroy(&ctx->cond);
+  (void) pthread_cond_destroy(&ctx->sq_empty);
+  (void) pthread_cond_destroy(&ctx->sq_full);
+
+  (void) pthread_mutex_destroy(&ctx->master_plugin_mutex);
+  (void) pthread_cond_destroy(&ctx->master_plugin_cond);
+
+#if !defined(NO_SSL)
+  uninitialize_ssl(ctx);
+#endif
+  DEBUG_TRACE(("exiting"));
+
+  // Signal mg_stop() that we're done.
+  // WARNING: This must be the very last thing this
+  // thread does, as ctx becomes invalid after this line.
+  ctx->stop_flag = 2;
+}
+
+static void free_context(struct mg_context *ctx) {
+  int i;
+
+  // Deallocate config parameters
+  for (i = 0; i < NUM_OPTIONS; i++) {
+    if (ctx->config[i] != NULL)
+      MG_FREE(ctx->config[i]);
+  }
+
+  // Deallocate SSL context
+  if (ctx->ssl_ctx != NULL) {
+    SSL_CTX_free(ctx->ssl_ctx);
+  }
+  if (ctx->client_ssl_ctx != NULL) {
+    SSL_CTX_free(ctx->client_ssl_ctx);
+  }
+#ifndef NO_SSL
+  if (ssl_mutexes != NULL) {
+    MG_FREE(ssl_mutexes);
+    ssl_mutexes = NULL;
+  }
+#endif // !NO_SSL
+
+  // Deallocate context itself
+  MG_FREE(ctx);
+}
+
+void mg_stop(struct mg_context *ctx) {
+  ctx->stop_flag = 1;
+
+  // Wait until mg_fini() stops
+  while (ctx->stop_flag != 2) {
+    (void) mg_sleep(10);
+  }
+
+  if(ctx->user_callback)
+    ctx->master_plugin = ctx->user_callback(MG_FREE_MASTER_PLUGIN,
+                        (struct mg_connection *)ctx->master_plugin,
+                        (struct mg_request_info *)ctx->user_data);
+
+  free_context(ctx);
+
+#if defined(_WIN32) && !defined(__SYMBIAN32__)
+  (void) WSACleanup();
+#endif // _WIN32
+}
+
+struct mg_context *mg_start(mg_callback_t user_callback, void *user_data,
+                            const char **options) {
+  struct mg_context *ctx;
+  const char *name, *value, *default_value;
+  int i;
+
+#if defined(_WIN32) && !defined(__SYMBIAN32__)
+  WSADATA data;
+  WSAStartup(MAKEWORD(2,2), &data);
+  InitializeCriticalSection(&global_log_file_lock);
+#endif // _WIN32
+
+  // Allocate context and initialize reasonable general case defaults.
+  // TODO(lsm): do proper error handling here.
+  ctx = (struct mg_context *) MG_CALLOC(1, sizeof(*ctx));
+  ctx->user_callback = user_callback;
+  ctx->user_data = user_data;
+  //ctx->connection_count = 0;
+
+  while (options && (name = *options++) != NULL) {
+    if ((i = get_option_index(name)) == -1) {
+      cry(fc(ctx), "Invalid option: %s", name);
+      free_context(ctx);
+      return NULL;
+    } else if ((value = *options++) == NULL) {
+      cry(fc(ctx), "%s: option value cannot be NULL", name);
+      free_context(ctx);
+      return NULL;
+    }
+    if (ctx->config[i] != NULL) {
+      cry(fc(ctx), "warning: %s: duplicate option", name);
+    }
+    ctx->config[i] = mg_strdup(value);
+    DEBUG_TRACE(("[%s] -> [%s]", name, value));
+  }
+
+  // Set default value if needed
+  for (i = 0; config_options[i * ENTRIES_PER_CONFIG_OPTION] != NULL; i++) {
+    default_value = config_options[i * ENTRIES_PER_CONFIG_OPTION + 2];
+    if (ctx->config[i] == NULL && default_value != NULL) {
+      ctx->config[i] = mg_strdup(default_value);
+      DEBUG_TRACE(("Setting default: [%s] -> [%s]",
+                   config_options[i * ENTRIES_PER_CONFIG_OPTION + 1],
+                   default_value));
+    }
+  }
+
+
+  if (ctx->config[MAX_THREADS] == NULL) {
+    ctx->config[MAX_THREADS] = mg_strdup(ctx->config[NUM_THREADS]);
+  }
+
+  ctx->base_threads = atoi(ctx->config[NUM_THREADS]);
+  ctx->max_threads = atoi(ctx->config[MAX_THREADS]);
+
+  // NOTE(lsm): order is important here. SSL certificates must
+  // be initialized before listening ports. UID must be set last.
+  if (!set_gpass_option(ctx) ||
+#if !defined(NO_SSL)
+      !set_ssl_option(ctx) ||
+#endif
+      !set_ports_option(ctx) ||
+#if !defined(_WIN32)
+      !set_uid_option(ctx) ||
+#endif
+      !set_acl_option(ctx)) {
+    free_context(ctx);
+    return NULL;
+  }
+
+#if !defined(_WIN32) && !defined(__SYMBIAN32__)
+  // Ignore SIGPIPE signal, so if browser cancels the request, it
+  // won't kill the whole process.
+  (void) signal(SIGPIPE, SIG_IGN);
+  // Also ignoring SIGCHLD to let the OS to reap zombies properly.
+  (void) signal(SIGCHLD, SIG_IGN);
+#endif // !_WIN32
+
+  (void) pthread_mutex_init(&ctx->mutex, NULL);
+  (void) pthread_cond_init(&ctx->cond, NULL);
+  (void) pthread_cond_init(&ctx->sq_empty, NULL);
+  (void) pthread_cond_init(&ctx->sq_full, NULL);
+
+  (void) pthread_mutex_init(&ctx->master_plugin_mutex, NULL);
+  (void) pthread_cond_init(&ctx->master_plugin_cond, NULL);
+
+  if(ctx->user_callback)
+    ctx->master_plugin = ctx->user_callback(MG_NEW_MASTER_PLUGIN,
+                            (struct mg_connection *)ctx->user_data,
+                            (struct mg_request_info *)ctx);
+  // Start master (listening) thread
+  mg_start_thread((mg_thread_func_t) master_thread, ctx);
+
+  // Start worker threads
+  for (i = 0; i < ctx->base_threads; i++) {
+    if (mg_start_thread((mg_thread_func_t) worker_thread, ctx) != 0) {
+      cry(fc(ctx), "Cannot start worker thread: %d", ERRNO);
+    } else {
+      ctx->num_threads++;
+    }
+  }
+
+  return ctx;
+}
+
+mg_thread_t mg_thread_self(void){
+    return pthread_self();
+}
+
+int mg_thread_mutex_init(mg_thread_mutex_t *mutex, const mg_thread_mutexattr_t *attr){
+    return pthread_mutex_init(mutex, attr);
+}
+
+int mg_thread_mutex_destroy(mg_thread_mutex_t *mutex){
+    return pthread_mutex_destroy(mutex);
+}
+
+int mg_thread_mutex_lock(mg_thread_mutex_t *mutex){
+    return pthread_mutex_lock(mutex);
+}
+
+int mg_thread_mutex_unlock(mg_thread_mutex_t *mutex){
+    return pthread_mutex_unlock(mutex);
+}
+
+int mg_thread_cond_init(mg_thread_cond_t *cv, const mg_thread_condattr_t *attr){
+    return pthread_cond_init((pthread_cond_t*)cv, attr);
+}
+
+int mg_thread_cond_wait(mg_thread_cond_t *cv, mg_thread_mutex_t *mutex){
+    return pthread_cond_wait((pthread_cond_t*)cv, mutex);
+}
+
+int mg_thread_cond_signal(mg_thread_cond_t *cv){
+    return pthread_cond_signal((pthread_cond_t*)cv);
+}
+
+int mg_thread_cond_broadcast(mg_thread_cond_t *cv){
+    return pthread_cond_broadcast((pthread_cond_t*)cv);
+}
+
+int mg_thread_cond_destroy(mg_thread_cond_t *cv){
+    return pthread_cond_destroy((pthread_cond_t*)cv);
+}

ext/mongoose.h

@@ -0,0 +1,413 @@
+// Copyright (c) 2004-2012 Sergey Lyubka
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#ifndef MONGOOSE_HEADER_INCLUDED
+#define  MONGOOSE_HEADER_INCLUDED
+
+#include <stdio.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+struct mg_context;     // Handle for the HTTP service itself
+struct mg_connection;  // Handle for the individual connection
+
+// Parsed Authorization header
+struct mg_auth_header {
+  const char *user, *uri, *cnonce, *response, *qop, *nc, *nonce; // Fields of the Authorization header
+  // The following members can be set by MG_AUTHENTICATE callback
+  // if non-NULL, will be freed by mongoose
+  char *ha1;               // ha1 = md5(username:domain:password), used to compute expected_response
+  char *expected_response; // Compared against response
+};
+
+// This structure contains information about the HTTP request.
+struct mg_request_info {
+  void *user_data;       // User-defined pointer passed to mg_start()
+  char *request_method;  // "GET", "POST", etc
+  char *uri;             // URL-decoded URI
+  char *http_version;    // E.g. "1.0", "1.1"
+  char *query_string;    // URL part after '?' (not including '?') or NULL
+  char *remote_user;     // Authenticated user, or NULL if no auth used
+  char *log_message;     // Mongoose error log message, MG_EVENT_LOG only
+  long remote_ip;        // Client's IP address
+  int remote_port;       // Client's port
+  int status_code;       // HTTP reply status code, e.g. 200
+  int is_ssl;            // 1 if SSL-ed, 0 if not
+  int num_headers;       // Number of headers
+  struct mg_header {
+    char *name;          // HTTP header name
+    char *value;         // HTTP header value
+  } http_headers[64];    // Maximum 64 headers
+  struct mg_auth_header *ah; // Parsed Authorization header, if present
+};
+
+
+// Various events on which user-defined function is called by Mongoose.
+enum mg_event {
+  MG_NEW_MASTER_PLUGIN,    // New master plugin thread created user can add plugin to it
+                    // that will survive the whole server life
+  MG_FREE_MASTER_PLUGIN,   // Master plgugin thread is exiting free user added plugin
+  MG_NEW_PLUGIN,    // New worker thread created user can add plugin to it
+                    // that will survive the whole thread life
+  MG_FREE_PLUGIN,   // Worker thread is exiting free user added plugin
+  MG_NEW_CONNECTION,// New TCP connection request has arrived from the client
+  MG_NEW_REQUEST,   // New HTTP request has arrived from the client
+  MG_REQUEST_COMPLETE, // Mongoose has finished handling the request
+  MG_HTTP_ERROR,    // HTTP error must be returned to the client
+  MG_EVENT_LOG,     // Mongoose logs an event, request_info.log_message
+  MG_INIT_SSL,      // Mongoose initializes SSL. Instead of mg_connection *,
+                    // SSL context is passed to the callback function.
+  MG_WEBSOCKET_CONNECT, // Sent on HTTP connect, before websocket handshake.
+                        // If user callback returns NULL, then mongoose proceeds
+                        // with handshake, otherwise it closes the connection.
+  MG_WEBSOCKET_READY,   // Handshake has been successfully completed.
+  MG_WEBSOCKET_MESSAGE, // Incoming message from the client
+  MG_WEBSOCKET_CLOSE,   // Client has closed the connection
+  MG_AUTHENTICATE,  // Authenticate a new HTTP request.  request_info->ah
+                    // is set, if available.  Callback should fill in request_info->ha1.
+};
+
+
+// Prototype for the user-defined function. Mongoose calls this function
+// on every MG_* event.
+//
+// Parameters:
+//   event: which event has been triggered.
+//   conn: opaque connection handler. Could be used to read, write data to the
+//         client, etc. See functions below that have "mg_connection *" arg.
+//   request_info: Information about HTTP request.
+//
+// Return:
+//   If handler returns non-NULL, that means that handler has processed the
+//   request by sending appropriate HTTP reply to the client. Mongoose treats
+//   the request as served.
+//   If handler returns NULL, that means that handler has not processed
+//   the request. Handler must not send any data to the client in this case.
+//   Mongoose proceeds with request handling as if nothing happened.
+typedef void * (*mg_callback_t)(enum mg_event event,
+                                struct mg_connection *conn,
+                                const struct mg_request_info *request_info);
+
+void *mg_get_plugin(struct mg_connection *conn);
+void *mg_lock_master_plugin(struct mg_connection *conn);
+void mg_unlock_master_plugin(struct mg_connection *conn);
+void *mg_get_user_data(struct mg_connection *conn);
+
+// Start web server.
+//
+// Parameters:
+//   callback: user defined event handling function or NULL.
+//   options: NULL terminated list of option_name, option_value pairs that
+//            specify Mongoose configuration parameters.
+//
+// Side-effects: on UNIX, ignores SIGCHLD and SIGPIPE signals. If custom
+//    processing is required for these, signal handlers must be set up
+//    after calling mg_start().
+//
+//
+// Example:
+//   const char *options[] = {
+//     "document_root", "/var/www",
+//     "listening_ports", "80,443s",
+//     NULL
+//   };
+//   struct mg_context *ctx = mg_start(&my_func, NULL, options);
+//
+// Please refer to http://code.google.com/p/mongoose/wiki/MongooseManual
+// for the list of valid option and their possible values.
+//
+// Return:
+//   web server context, or NULL on error.
+struct mg_context *mg_start(mg_callback_t callback, void *user_data,
+                            const char **options);
+
+void mg_handle_cgi_request(struct mg_connection *conn, const char *prog);
+int mg_strncasecmp(const char *s1, const char *s2, size_t len);
+int mg_strcasecmp(const char *s1, const char *s2);
+char * mg_strdup(const char *str);
+char * mg_strndup(const char *ptr, size_t len);
+
+// Stop the web server.
+//
+// Must be called last, when an application wants to stop the web server and
+// release all associated resources. This function blocks until all Mongoose
+// threads are stopped. Context pointer becomes invalid.
+void mg_stop(struct mg_context *);
+
+
+// Get the value of particular configuration parameter.
+// The value returned is read-only. Mongoose does not allow changing
+// configuration at run time.
+// If given parameter name is not valid, NULL is returned. For valid
+// names, return value is guaranteed to be non-NULL. If parameter is not
+// set, zero-length string is returned.
+const char *mg_get_option(const struct mg_context *ctx, const char *name);
+
+
+// Return array of strings that represent valid configuration options.
+// For each option, a short name, long name, and default value is returned.
+// Array is NULL terminated.
+const char **mg_get_valid_option_names(void);
+
+
+// Add, edit or delete the entry in the passwords file.
+//
+// This function allows an application to manipulate .htpasswd files on the
+// fly by adding, deleting and changing user records. This is one of the
+// several ways of implementing authentication on the server side. For another,
+// cookie-based way please refer to the examples/chat.c in the source tree.
+//
+// If password is not NULL, entry is added (or modified if already exists).
+// If password is NULL, entry is deleted.
+//
+// Return:
+//   1 on success, 0 on error.
+int mg_modify_passwords_file(const char *passwords_file_name,
+                             const char *domain,
+                             const char *user,
+                             const char *password);
+
+
+// Return information associated with the request.
+// These functions always succeed.
+const struct mg_request_info *mg_get_request_info(const struct mg_connection *);
+void *mg_get_user_data(struct mg_connection *);
+const char *mg_get_log_message(const struct mg_connection *);
+int mg_get_reply_status_code(const struct mg_connection *);
+void *mg_get_ssl_context(const struct mg_connection *);
+
+
+// Send data to the client.
+// Return:
+//  0   when the connection has been closed
+//  -1  on error
+//  number of bytes written on success
+int mg_write(struct mg_connection *, const void *buf, size_t len);
+
+
+// Send data to the browser using printf() semantics.
+//
+// Works exactly like mg_write(), but allows to do message formatting.
+// Below are the macros for enabling compiler-specific checks for
+// printf-like arguments.
+
+#undef PRINTF_FORMAT_STRING
+#if _MSC_VER >= 1400
+#include <sal.h>
+#if _MSC_VER > 1400
+#define PRINTF_FORMAT_STRING(s) _Printf_format_string_ s
+#else
+#define PRINTF_FORMAT_STRING(s) __format_string s
+#endif
+#else
+#define PRINTF_FORMAT_STRING(s) s
+#endif
+
+#ifdef __GNUC__
+#define PRINTF_ARGS(x, y) __attribute__((format(printf, x, y)))
+#else
+#define PRINTF_ARGS(x, y)
+#endif
+
+int mg_printf(struct mg_connection *,
+              PRINTF_FORMAT_STRING(const char *fmt), ...) PRINTF_ARGS(2, 3);
+
+
+// Send contents of the entire file together with HTTP headers.
+void mg_send_file(struct mg_connection *conn, const char *path);
+
+
+// Read data from the remote end, return number of bytes read.
+int mg_read(struct mg_connection *, void *buf, size_t len);
+
+// Send a 401 Unauthorized response to the browser.
+//
+// This triggers a username/password entry in the browser.  The realm
+// in the request is set to the AUTHENTICATION_DOMAIN option.
+// If nonce is non-NULL, it is sent as the nonce of the authentication
+// request, else a nonce is generated.
+void mg_send_authorization_request(struct mg_connection *conn, const char *nonce);
+
+// Get the value of particular HTTP header.
+//
+// This is a helper function. It traverses request_info->http_headers array,
+// and if the header is present in the array, returns its value. If it is
+// not present, NULL is returned.
+const char *mg_get_header(const struct mg_connection *, const char *name);
+//int mg_get_connection_count(const struct mg_connection *conn);
+// Get a value of particular form variable.
+//
+// Parameters:
+//   data: pointer to form-uri-encoded buffer. This could be either POST data,
+//         or request_info.query_string.
+//   data_len: length of the encoded data.
+//   var_name: variable name to decode from the buffer
+//   buf: destination buffer for the decoded variable
+//   buf_len: length of the destination buffer
+//
+// Return:
+//   On success, length of the decoded variable.
+//   On error:
+//      -1 (variable not found, or destination buffer is too small).
+//      -2 (destination buffer is NULL or zero length).
+//
+// Destination buffer is guaranteed to be '\0' - terminated. In case of
+// failure, dst[0] == '\0'.
+int mg_find_var(const char *buf, size_t buf_len, const char *name,
+                const char **start);
+int mg_get_var(const char *data, size_t data_len,
+    const char *var_name, char *buf, size_t buf_len);
+
+// Fetch value of certain cookie variable into the destination buffer.
+//
+// Destination buffer is guaranteed to be '\0' - terminated. In case of
+// failure, dst[0] == '\0'. Note that RFC allows many occurrences of the same
+// parameter. This function returns only first occurrence.
+//
+// Return:
+//   On success, value length.
+//   On error, -1 (either "Cookie:" header is not present at all, or the
+//   requested parameter is not found, or destination buffer is too small
+//   to hold the value).
+int mg_get_cookie(const struct mg_connection *,
+    const char *cookie_name, char *buf, size_t buf_len);
+int mg_find_cookie(const struct mg_connection *,
+    const char *cookie_name, const char **start);
+
+const char *mg_get_document_root(const struct mg_connection *);
+
+// Connect to the remote web server.
+// Return:
+//   On success, valid pointer to the new connection
+//   On error, NULL
+struct mg_connection *mg_connect(struct mg_context *ctx,
+                                 const char *host, int port, int use_ssl);
+
+
+// Close the connection opened by mg_connect().
+void mg_close_connection(struct mg_connection *conn);
+
+
+// Download given URL to a given file.
+//   url: URL to download
+//   path: file name where to save the data
+//   request_info: pointer to a structure that will hold parsed reply headers
+//   buf, bul_len: a buffer for the reply headers
+// Return:
+//   On error, NULL
+//   On success, opened file stream to the downloaded contents. The stream
+//   is positioned to the end of the file. It is the user's responsibility
+//   to fclose() the opened file stream.
+FILE *mg_fetch(struct mg_context *ctx, const char *url, const char *path,
+               char *buf, size_t buf_len, struct mg_request_info *request_info);
+
+
+// Convenience function -- create detached thread.
+// Return: 0 on success, non-0 on error.
+typedef void * (*mg_thread_func_t)(void *);
+int mg_start_thread(mg_thread_func_t f, void *p);
+
+
+// Return builtin mime type for the given file name.
+// For unrecognized extensions, "text/plain" is returned.
+const char *mg_get_builtin_mime_type(const char *file_name);
+
+
+// Return Mongoose version.
+const char *mg_version(void);
+
+
+// MD5 hash given strings.
+// Buffer 'buf' must be 33 bytes long. Varargs is a NULL terminated list of
+// ASCIIz strings. When function returns, buf will contain human-readable
+// MD5 hash. Example:
+//   char buf[33];
+//   mg_md5(buf, "aa", "bb", NULL);
+#define MD5_BUF_SIZE 33
+typedef char md5_buf_t[MD5_BUF_SIZE];
+void mg_md5(md5_buf_t buf, ...);
+
+// Stringify binary data. Output buffer must be twice as big as input,
+// because each byte takes 2 bytes in string representation
+void mg_bin2str(char *to, const unsigned char *p, size_t len);
+
+#ifdef USE_MG_MD5
+#include <stdint.h>
+typedef struct MD5Context {
+  uint32_t buf[4];
+  uint32_t bits[2];
+  unsigned char in[64];
+} MD5_CTX;
+void MD5Init(MD5_CTX *ctx);
+void MD5Transform(uint32_t buf[4], uint32_t const in[16]);
+void MD5Update(MD5_CTX *ctx, unsigned char const *buf, unsigned len);
+void MD5Final(unsigned char digest[16], MD5_CTX *ctx);
+#endif //HAVE_MD5
+
+// URL-decode input buffer into destination buffer.
+// 0-terminate the destination buffer. Return the length of decoded data.
+// form-url-encoded data differs from URI encoding in a way that it
+// uses '+' as character for space, see RFC 1866 section 8.2.1
+// http://ftp.ics.uci.edu/pub/ietf/html/rfc1866.txt
+size_t mg_url_decode(const char *src, size_t src_len, char *dst,
+                         size_t dst_len, int is_form_url_encoded);
+
+const char * mg_url_encode_to(const char *src, char *dst, size_t dst_len);
+char * mg_url_encode(const char *src);
+
+#if defined(_WIN32) || defined(_WIN32_WCE)
+#include <windows.h>
+typedef HANDLE mg_thread_mutex_t;
+typedef struct {HANDLE signal, broadcast;} mg_thread_cond_t;
+typedef DWORD mg_thread_t;
+typedef void mg_thread_mutexattr_t;
+typedef void mg_thread_condattr_t;
+#else
+#include <pthread.h>
+typedef pthread_mutex_t mg_thread_mutex_t;
+typedef pthread_cond_t mg_thread_cond_t;
+typedef pthread_t mg_thread_t;
+typedef pthread_mutexattr_t mg_thread_mutexattr_t;
+typedef pthread_condattr_t mg_thread_condattr_t;
+#endif
+
+#define HAS_MG_THREAD_FUNC_DEFINED
+//typedef void * (*mg_thread_func_t)(void *);
+
+mg_thread_t mg_thread_self(void);
+int mg_thread_mutex_init(mg_thread_mutex_t *mutex, const mg_thread_mutexattr_t *attr);
+int mg_thread_mutex_destroy(mg_thread_mutex_t *mutex);
+int mg_thread_mutex_lock(mg_thread_mutex_t *mutex);
+int mg_thread_mutex_unlock(mg_thread_mutex_t *mutex);
+int mg_thread_cond_init(mg_thread_cond_t *cv, const mg_thread_condattr_t *attr);
+int mg_thread_cond_wait(mg_thread_cond_t *cv, mg_thread_mutex_t *mutex);
+int mg_thread_cond_signal(mg_thread_cond_t *cv);
+int mg_thread_cond_broadcast(mg_thread_cond_t *cv);
+int mg_thread_cond_destroy(mg_thread_cond_t *cv);
+int mg_start_thread(mg_thread_func_t func, void *param);
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif // MONGOOSE_HEADER_INCLUDED

ext/sqmongoose.cpp

@@ -0,0 +1,1005 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include "squirrel.h"
+SQ_OPT_STRING_STRLEN();
+
+#ifdef USE_SQ_SQLITE3
+#include "lsqlite3.h"
+#endif
+
+#ifdef USE_AXTLS
+#ifdef __cplusplus
+extern "C" {
+#endif
+    void * SSL_CTX_new(void *);
+#ifdef __cplusplus
+}
+#endif
+#endif
+
+#define USE_MG_MD5 1
+
+#include "mongoose.h"
+
+#define PRINT_FILE_LINE printf("%s %d\n", __FILE__,__LINE__);
+
+#ifdef UNUSED
+#elif defined(__GNUC__)
+# define UNUSED(x) UNUSED_ ## x __attribute__((unused))
+#elif defined(__LCLINT__)
+# define UNUSED(x) /*@unused@*/ x
+#else
+# define UNUSED(x) x
+#endif
+
+#define MARK()  do { \
+    printf("%s:%d (%s)\n", __FILE__, __LINE__, __FUNCTION__); \
+} while (0)
+
+typedef struct SQ_Mg_Context SQ_Mg_Context;
+typedef struct SQ_MG_Callback SQ_MG_Callback;
+
+struct SQ_MG_Callback {
+    char *buf;
+    size_t len;
+    size_t size;
+    const char *name;
+};
+
+struct SQ_Mg_Context {
+    HSQUIRRELVM v;
+    struct mg_context *ctx;
+    SQ_MG_Callback master_plugin;
+    SQ_MG_Callback master_plugin_exit;
+    SQ_MG_Callback user_callback;
+    SQ_MG_Callback user_callback_setup;
+    SQ_MG_Callback user_callback_exit;
+};
+
+static const char SQ_MG_CONN_TAG[] = "sq_mg_conn_tag";
+
+static SQRESULT sq_mg_conn_releasehook(SQUserPointer p, SQInteger size)
+{
+	return 1;
+}
+
+static SQRESULT sq_mg_conn_constructor(HSQUIRRELVM v)
+{
+    //SQ_FUNC_VARS_NO_TOP(v);
+    struct mg_connection *conn = 0;
+
+    sq_setinstanceup(v, 1, conn);
+    sq_setreleasehook(v,1, sq_mg_conn_releasehook);
+	return 1;
+}
+
+#define GET_MG_CONNECION() \
+    struct mg_connection *conn; \
+    if((_rc_ = sq_getinstanceup(v,1,(SQUserPointer*)&conn,(void*)SQ_MG_CONN_TAG)) < 0) return _rc_;
+
+static SQRESULT
+sq_mg_conn_print(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS(v);
+    GET_MG_CONNECION();
+    SQInteger i, write_count = 0;
+
+    for (i = 2; i <= _top_; ++i) {
+        sq_tostring(v, i);
+        SQ_GET_STRING(v, -1, value);
+        write_count += mg_write(conn, value, value_size);
+        sq_poptop(v);
+    }
+
+    sq_pushinteger(v, write_count);
+    return 1;
+}
+
+#ifdef USE_SQ_LSQLITE3
+static SQRESULT
+sq_mg_conn_vm_print(HSQUIRRELVM v)
+{
+    GET_MG_CONNECION();
+    lsqlite3_sdb_vm *svm = (lsqlite3_sdb_vm *)luaL_checkudata(v, 1,
+                                                              lsqlite3_sqlite_vm_meta);
+    SQInteger idx = luaL_checkint(v,2);
+
+    SQInteger len = sqlite3_column_bytes(svm->vm, idx);
+    if(len) sq_pushinteger(v, mg_write(conn, sqlite3_column_text(svm->vm, idx), len));
+    else sq_pushinteger(v, 0);
+    return 1;
+}
+#endif
+
+static SQRESULT
+sq_mg_conn_write(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, buf);
+    SQ_OPT_INTEGER(v, 3, write_size, buf_size);
+    sq_pushinteger(v, mg_write(conn, buf, write_size));
+    return 1;
+}
+
+static SQRESULT
+sq_mg_conn_read(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS(v);
+    GET_MG_CONNECION();
+    SQ_OPT_INTEGER(v, 2, n, 1024*2000);
+    size_t rlen;  /* how much to read */
+    size_t nr;  /* number of chars actually read */
+    rlen = 8192;  /* try to read that much each time */
+#if 0
+    SQBlob blob(0, rlen);
+    if (rlen > n) rlen = n;  /* cannot read more than asked */
+    char *p = sq_getscratchpad(v,rlen);
+    do {
+        nr = mg_read(conn, p, rlen);
+        blob.Write(p, nr);
+        n -= nr;  /* still have to read `n' chars */
+    } while (n > 0 && nr == rlen);  /* until end of count or eof */
+    sq_pushstring(v, (const SQchar *)blob.GetBuf(), blob.Len());  /* close buffer */
+#endif
+    return 1;
+}
+
+static SQRESULT
+sq_mg_conn_send_file(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, file_path);
+    mg_send_file(conn, file_path);
+    return 0;
+}
+
+static SQRESULT
+sq_mg_conn_write_blob(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+#if 0
+    SQInteger saved_top = sq_gettop(v);
+    memfile_raw_data(v);
+    const void *buf = sq_touserdata(v, -2);
+    size_t buf_len = sq_tointeger(v, -1);
+    sq_settop(v, saved_top);
+    sq_pushinteger(v, mg_write(conn, buf, buf_len));
+#endif
+    return 1;
+}
+
+static SQRESULT
+sq_mg_conn_get_header(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, name);
+    sq_pushstring(v, mg_get_header(conn, name), -1);
+    return 1;
+}
+
+static SQRESULT
+sq_mg_conn_get_cookie(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, cookie_name);
+
+    const char *start;
+    int len = mg_find_cookie(conn, cookie_name, &start);
+
+    if(len > 0) sq_pushstring(v, start, len);
+    else sq_pushnull(v);
+    return 1;
+}
+
+static SQRESULT
+sq_mg_conn_get_var(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, data);
+    SQ_GET_STRING(v, 3, name);
+
+    const char *start;
+    size_t buffer_len;
+    int var_len = mg_find_var(data, data_size, name, &start);
+    if(var_len > 0){
+        buffer_len = var_len+1;
+        char *buffer = sq_getscratchpad(v,buffer_len);
+        if(buffer){
+            var_len = mg_url_decode(start, var_len, buffer, buffer_len, 1);
+            sq_pushstring(v, buffer, var_len);
+            return 1;
+        }
+    }
+    sq_pushnull(v);
+    return 1;
+}
+
+static SQRESULT
+sq_mg_conn_handle_cgi_request(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, prog);
+
+    mg_handle_cgi_request(conn, prog);
+
+    return 0;
+}
+
+static SQRESULT
+sq_mg_conn_get_option(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, name);
+    SQ_Mg_Context *sq_mg_ctx = (SQ_Mg_Context *) mg_get_user_data(conn);
+    sq_pushstring(v, mg_get_option(sq_mg_ctx->ctx, name), -1);
+
+    return 1;
+}
+
+#define _DECL_FUNC(name,nparams,tycheck) {_SC(#name),  sq_mg_conn_##name,nparams,tycheck}
+static SQRegFunction mg_conn_methods[] =
+{
+	_DECL_FUNC(constructor,  1, _SC("x")),
+
+	_DECL_FUNC(print,  -2, _SC("x n|s")),
+	_DECL_FUNC(read,  2, _SC("xi")),
+	_DECL_FUNC(write,  3, _SC("xsi")),
+	_DECL_FUNC(write_blob,  -2, _SC("xxi")),
+	_DECL_FUNC(get_var,  2, _SC("xs")),
+	_DECL_FUNC(get_cookie,  2, _SC("xs")),
+	_DECL_FUNC(get_header,  2, _SC("xs")),
+	_DECL_FUNC(send_file,  2, _SC("xs")),
+	_DECL_FUNC(handle_cgi_request,  2, _SC("xs")),
+	_DECL_FUNC(get_option,  2, _SC("xs")),
+	{0,0}
+};
+#undef _DECL_FUNC
+
+/***********/
+
+// helper function to extract a single mg_config value from a Lua table
+static void
+fetchfield(HSQUIRRELVM v, int idx, const char *key, char **value, const char *d)
+{
+    const char *s;
+    sq_pushstring(v, key, -1);
+    if(sq_rawget(v, idx) == SQ_OK){
+        if(sq_gettype(v, -1) != OT_NULL){
+            sq_tostring(v, -1);
+            sq_getstring(v, -1, &s);
+            *value = mg_strdup(s);
+            sq_pop(v, 2); //retrieved value and converted value
+            return;
+        }
+    }
+    *value = NULL;
+}
+
+// initializes an options string array from a Lua table
+static SQRESULT
+fetchoptions(HSQUIRRELVM v, int idx, const char **options)
+{
+    struct {
+        const char *key;
+        const char *value;
+    } OPTIONS[] = {
+        { "cgi_extensions", ".cgi,.pl,.php" },
+        { "cgi_environment", NULL },
+        { "put_delete_passwords_file", NULL },
+        { "cgi_interpreter", NULL },
+        { "protect_uri", NULL },
+        { "authentication_domain", "mydomain.com" },
+        { "ssi_extensions", ".shtml,.shtm" },
+        { "access_log_file", NULL },
+        { "ssl_chain_file", NULL },
+        { "enable_directory_listing", "yes" },
+        { "error_log_file", NULL },
+        { "global_passwords_file", NULL },
+        { "index_files", "index.html,index.htm,index.cgi" },
+        { "enable_keep_alive", "no" },
+        { "access_control_list", NULL },
+        { "max_request_size", "16384" },
+        { "extra_mime_types", NULL },
+        { "listening_ports", "8080" },
+        { "document_root",  "." },
+        { "ssl_certificate", NULL },
+        { "num_threads", "10" },
+        { "run_as_user", NULL },
+        { NULL, NULL }
+    };
+    char *value;
+    int i, j;
+
+    if(sq_gettype(v, idx) != OT_TABLE) return sq_throwerror(v, "a table is needed to retrieve options");
+
+    for (i = 0, j = 0; OPTIONS[i].key; ++i) {
+        fetchfield(v, idx, OPTIONS[i].key, &value, OPTIONS[i].value);
+        if (NULL != value) {
+            options[j++] = mg_strdup(OPTIONS[i].key);
+            options[j++] = value;
+        }
+    }
+    options[j] = NULL;
+    return 0;
+}
+
+/***********/
+
+static const char SQ_MONGOOSE_TAG[] = "sq_mongoose_tag";
+static SQBool show_errors_on_stdout = SQFalse;
+
+static SQRESULT sq_mongoose_releasehook(SQUserPointer p, SQInteger size)
+{
+    SQ_Mg_Context *sq_mg_ctx = (    SQ_Mg_Context *)p;
+    sq_free(sq_mg_ctx, sizeof(SQ_Mg_Context));
+	return 1;
+}
+
+static SQRESULT sq_mongoose_constructor(HSQUIRRELVM v)
+{
+    //SQ_FUNC_VARS_NO_TOP(v);
+    SQ_Mg_Context *sq_mg_ctx = (SQ_Mg_Context *)sq_malloc(sizeof(SQ_Mg_Context));
+    memset(sq_mg_ctx, 0, sizeof(SQ_Mg_Context));
+
+    sq_setinstanceup(v, 1, sq_mg_ctx);
+    sq_setreleasehook(v,1, sq_mongoose_releasehook);
+	return 1;
+}
+
+#define GET_mongoose_INSTANCE() \
+    SQ_Mg_Context *self; \
+    if((_rc_ = sq_getinstanceup(v,1,(SQUserPointer*)&self,(void*)SQ_MONGOOSE_TAG)) < 0) return _rc_;
+
+static SQRESULT
+sq_mongoose_show_errors_on_stdout(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    SQ_GET_BOOL(v, 2, onOff);
+    show_errors_on_stdout = onOff;
+    return 0;
+}
+
+static SQRESULT
+sq_mongoose_modify_passwords_file(HSQUIRRELVM v)
+{
+	SQ_FUNC_VARS_NO_TOP(v);
+	SQ_GET_STRING(v, 2, passwords_file_name);
+	SQ_GET_STRING(v, 3, domain);
+	SQ_GET_STRING(v, 4, user);
+	SQ_GET_STRING(v, 5, password);
+
+    sq_pushinteger(v, mg_modify_passwords_file(passwords_file_name,
+                             domain, user, password));
+    return 1;
+}
+
+static SQRESULT
+sq_mongoose_version(HSQUIRRELVM v)
+{
+    sq_pushstring(v, mg_version(), -1);
+    return 1;
+}
+
+// creates a reference dispatching callbacks to squirrel functions
+static SQRESULT
+fetchcallback(HSQUIRRELVM v, const char *key, SQ_MG_Callback *dump)
+{
+    if(sq_gettype(v, -1) != OT_TABLE) return sq_throwerror(v, "table expected to fetch callbacks");
+    sq_pushstring(v, key, -1);
+    sq_rawget(v, -2);
+
+    dump->buf = NULL;
+    dump->len = 0;
+    dump->size = 0;
+    dump->name = key;
+#if 0
+    if (sq_gettype(v, -1) == OT_CLOSURE){
+        SQBlob b(0, 8192);
+        if (sqstd_writeclosure(v, blob_write, &b) != 0)
+            return sq_throwerror(v, "unable to dump given function");
+        dump->buf = malloc(b.Len());
+        if(dump->buf) {
+            dump->len = b.Len();
+            memcpy(dump->buf, b.GetBuf(),  dump->len);
+        }
+    }
+#endif
+    sq_pop(v, 1);
+    return 1;
+}
+
+static void *
+user_callback_proxy(enum mg_event event,
+                    struct mg_connection *conn,
+                    const struct mg_request_info *ri);
+
+// creates a new server using a configuration table
+static SQRESULT
+sq_mongoose_start(HSQUIRRELVM v)
+{
+	SQ_FUNC_VARS_NO_TOP(v);
+	GET_mongoose_INSTANCE();
+	_rc_ = 1; //assumes succeed
+
+    const char *options[64];
+    SQInteger i;
+
+    if(self->ctx) return sq_throwerror(v, _SC("mongoose already running or stoped incorrectly"));
+
+    // store the Lua state for use in callback proxies
+    self->v = v;
+
+    // prepare the mg_config structure from the squirrel table argument
+    memset(options, 0, sizeof (options));
+    fetchoptions(v, 2, options);
+
+    fetchcallback(v, "master_plugin", &self->master_plugin);
+    fetchcallback(v, "master_plugin_exit", &self->master_plugin_exit);
+
+    fetchcallback(v, "user_callback", &self->user_callback);
+    fetchcallback(v, "user_callback_setup", &self->user_callback_setup);
+    fetchcallback(v, "user_callback_exit", &self->user_callback_exit);
+
+    self->ctx = mg_start(user_callback_proxy, self, options);
+
+    // free the options string list memory
+    for (i = 0; options[i]; ++i)
+        free((void *) options[i]);
+
+    // throw an error if the server did not start
+    if (self->ctx == NULL) {
+        _rc_ = sq_throwerror(v, "could not start mongoose");
+    }
+
+    // return the context so it can be stopped later
+    return _rc_;
+}
+
+static SQRESULT
+sq_mongoose_stop(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_mongoose_INSTANCE();
+
+    if(self->ctx){
+        mg_stop(self->ctx);
+
+        if(self->user_callback.buf) {
+            sq_free(self->user_callback.buf, self->user_callback.size);
+            self->user_callback.buf = NULL;
+        }
+        self->ctx = 0;
+    }
+
+    return 0;
+}
+
+#define _DECL_FUNC(name,nparams,tycheck) {_SC(#name),  sq_mongoose_##name,nparams,tycheck}
+static SQRegFunction sq_mongoose_methods[] =
+{
+	_DECL_FUNC(constructor,  1, _SC("x")),
+
+	_DECL_FUNC(start,  -1, _SC("x")),
+	_DECL_FUNC(stop,  1, _SC("x")),
+	_DECL_FUNC(modify_passwords_file,  1, _SC("x")),
+	_DECL_FUNC(version,  1, _SC("x")),
+	_DECL_FUNC(show_errors_on_stdout,  1, _SC("x")),
+	{0,0}
+};
+#undef _DECL_FUNC
+
+static SQRESULT
+sq_mg_url_decode_base(HSQUIRRELVM v, SQInteger is_form_url_encoded)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, src);
+
+    int dst_len = src_size +1;
+    char *dst = sq_getscratchpad(v,dst_len);
+    dst_len = mg_url_decode(src, src_size, dst, dst_len, is_form_url_encoded);
+    sq_pushstring(v, dst, dst_len);
+    return 1;
+}
+
+static SQRESULT
+sq_mg_url_decode(HSQUIRRELVM v)
+{
+    return sq_mg_url_decode_base(v, 1);
+}
+
+static SQRESULT
+sq_mg_uri_decode(HSQUIRRELVM v)
+{
+    return sq_mg_url_decode_base(v, 0);
+}
+
+static SQRESULT
+sq_mg_url_encode(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, src);
+
+    char *dst = mg_url_encode(src);
+
+    sq_pushstring(v, dst, -1);
+    free(dst);
+    return 1;
+}
+
+static SQRESULT
+sq_mg_md5(HSQUIRRELVM v)
+{
+	SQ_FUNC_VARS(v);
+
+    char buf[32 + 1];
+    unsigned char hash[16];
+    MD5_CTX ctx;
+    MD5Init(&ctx);
+
+    for (int i = 2; i <= _top_; ++i) {
+        SQ_GET_STRING(v, i, p);
+        MD5Update(&ctx, (const unsigned char *) p, p_size);
+    }
+
+    MD5Final(hash, &ctx);
+    mg_bin2str(buf, hash, sizeof(hash));
+    sq_pushstring(v, buf, -1);
+    return 1;
+}
+
+static SQRESULT
+sq_mg_debug_print(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS(v);
+    GET_MG_CONNECION();
+    SQInteger i, write_count = 0;
+
+    for (i = 2; i <= _top_; ++i) {
+        sq_tostring(v, i);
+        SQ_GET_STRING(v, -1, value);
+        write_count += fwrite(value, 1, value_size, stderr);
+        sq_poptop(v);
+    }
+
+    sq_pushinteger(v, write_count);
+    return 1;
+}
+
+#ifdef JNI_ENABLE_LOG
+#include <android/log.h>
+
+/*
+** A callback for the android_log() SQIntegererface.
+*/
+static void jniLog(int iErrCode, const char *zMsg){
+  __android_log_print(ANDROID_LOG_ERROR,"jniLuaServerLog","(%d) %s\n", iErrCode, zMsg);
+}
+
+static SQRESULT sq_mg_jniLog(HSQUIRRELVM v)
+{
+    SQ_FUNC_VARS_NO_TOP(v);
+    SQ_GET_INTEGER(v, 2, code);
+    SQ_GET_STRING(v, 3, error_message);
+    jniLog(code, error_message);
+    return 0;
+}
+#endif
+
+#define _DECL_FUNC(name,nparams,tycheck) {_SC(#name),  sq_mg_##name,nparams,tycheck}
+static SQRegFunction sq_mg_methods[] =
+{
+	_DECL_FUNC(url_decode,  2, _SC(".s")),
+	_DECL_FUNC(uri_decode,  2, _SC(".s")),
+	_DECL_FUNC(url_encode,  2, _SC(".s")),
+	_DECL_FUNC(md5,  -2, _SC("xs")),
+#ifdef JNI_ENABLE_LOG
+	_DECL_FUNC(jniLog,  -2, _SC("xs")),
+#endif
+	_DECL_FUNC(debug_print,  -2, _SC("xs")),
+	{0,0}
+};
+#undef _DECL_FUNC
+
+static void reg_string(HSQUIRRELVM v, const char *name, const char *val) {
+  sq_pushstring(v, name, -1);
+  if(val) sq_pushstring(v, val, -1);
+  else sq_pushnull(v);
+  sq_rawset(v, -3);
+}
+
+static void reg_integer(HSQUIRRELVM v, const char *name, int val) {
+  sq_pushstring(v, name, -1);
+  sq_pushinteger(v, val);
+  sq_rawset(v, -3);
+}
+
+// pushes request info on the Lua stack as a table
+static void
+push_request(HSQUIRRELVM v, const struct mg_request_info *ri)
+{
+    int i;
+
+    sq_newtable(v);
+#define NEWSLOT_STR(ks) reg_string(v, #ks, ri->ks);
+    NEWSLOT_STR(request_method);
+    NEWSLOT_STR(uri);
+    NEWSLOT_STR(http_version);
+    NEWSLOT_STR(query_string);
+    NEWSLOT_STR(remote_user);
+    NEWSLOT_STR(log_message);
+#define NEWSLOT_INT(ks) reg_integer(v, #ks, ri->ks);
+    NEWSLOT_INT(remote_ip);
+    NEWSLOT_INT(remote_port);
+    NEWSLOT_INT(status_code);
+    NEWSLOT_INT(is_ssl);
+#undef NEWSLOT_STR
+#undef NEWSLOT_INT
+
+    sq_pushliteral(v, "http_headers");
+    sq_newtable(v);
+    for (i = 0; i < ri->num_headers; ++i) {
+        reg_string(v, ri->http_headers[i].name, ri->http_headers[i].value);
+    }
+    sq_newslot(v, -3, SQFalse);
+}
+
+/*
+** Copies values from State src to State dst.
+*/
+static int copy_values (HSQUIRRELVM dst, HSQUIRRELVM src, int i, int top) {
+  int _rc_;
+  sq_reservestack(dst, top - i + 1);
+  for (; i <= top; i++) {
+    switch (sq_gettype(src, i)) {
+      case OT_INTEGER:
+        SQ_GET_INTEGER(src, i, vint);
+        sq_pushinteger(dst, vint);
+        break;
+      case OT_FLOAT:
+        SQ_GET_FLOAT(src, i, vfloat);
+        sq_pushfloat (dst, vfloat);
+        break;
+      case OT_BOOL:
+        SQ_GET_BOOL(src, i, vbool);
+        sq_pushbool (dst, vbool);
+        break;
+      case OT_STRING: {
+        SQ_GET_STRING(src, i, vstr)
+        sq_pushstring (dst, vstr, vstr_size);
+        break;
+      }
+//      case sq_TLIGHTUSERDATA: {
+//        sq_pushlightuserdata (dst, sq_touserdata (src, i));
+//        break;
+//      }
+      case OT_NULL:
+      default:
+        sq_pushnull(dst);
+        break;
+    }
+  }
+}
+
+static SQInteger
+sq_mg_pcall_master_plugin(HSQUIRRELVM v)
+{
+#if 0
+    SQ_FUNC_VARS_NO_TOP(v);
+    GET_MG_CONNECION();
+    SQ_GET_STRING(v, 2, func_name);
+    const SQChar *error_message = _SC("No master plugin installed !");
+    HSQUIRRELVM master_plugin = (HSQUIRRELVM) mg_lock_master_plugin(conn);
+    if(master_plugin){
+        int master_plugin_saved_top = sq_gettop(master_plugin);
+        sq_pushcfunction(master_plugin, traceback);  /* push traceback function */
+        int error_func = sq_gettop(master_plugin);
+
+        sq_getglobal(master_plugin, func_name);
+        if(sq_isfunction(master_plugin, -1)){
+            int arg_top = sq_gettop (v);
+            /* Push arguments to dst stack */
+            int idx = 4;
+            copy_values (master_plugin, v, idx, arg_top);
+            if (sq_pcall (master_plugin, arg_top-idx+1, sq_MULTRET, error_func) == 0) {
+              /* run OK? */
+              int ret_top = sq_gettop (master_plugin);
+              /* Push status = OK */
+              sq_pushbool (v, SQTrue);
+              /* Return values to src */
+              copy_values (v, master_plugin, master_plugin_saved_top+2, ret_top);
+              /* pops debug.traceback and result from dst state */
+              sq_settop(master_plugin, master_plugin_saved_top);
+              /*unlock master plugin*/
+              mg_unlock_master_plugin(conn);
+              /* Return true (success) plus return values */
+              return (ret_top-master_plugin_saved_top);
+            }
+            error_message = sq_tostring (master_plugin, -1);
+        } else error_message = "Attempt to call an invalid function on master plugin !";
+
+        /* pops debug.traceback and result from dst state */
+        sq_settop(master_plugin, master_plugin_saved_top);
+        /*unlock master plugin*/
+        mg_unlock_master_plugin(conn);
+    }
+
+    return sq_throwerror(v, error_message);
+#endif
+}
+
+static void write_error_message(struct mg_connection *conn,
+                        const char * error_msg, SQInteger error_len){
+#define PRE_TAG_OPEN "<pre>"
+#define PRE_TAG_CLOSE "</pre>"
+    mg_write(conn, PRE_TAG_OPEN, sizeof(PRE_TAG_OPEN));
+    mg_write(conn, error_msg, error_len);
+    mg_write(conn, PRE_TAG_CLOSE, sizeof(PRE_TAG_CLOSE));
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+SQUIRREL_API SQRESULT sqstd_register_SQLite3(HSQUIRRELVM v);
+SQUIRREL_API SQRESULT sqstd_register_base64(HSQUIRRELVM v);
+SQUIRREL_API SQRESULT sq_register_mix(HSQUIRRELVM v);
+SQUIRREL_API SQRESULT sqstd_register_bloblib(HSQUIRRELVM v);
+SQUIRREL_API SQRESULT sqstd_register_iolib(HSQUIRRELVM v);
+SQUIRREL_API SQInteger sqstd_register_systemlib(HSQUIRRELVM v);
+SQUIRREL_API SQRESULT sqstd_register_mathlib(HSQUIRRELVM v);
+SQUIRREL_API SQRESULT sqstd_register_stringlib(HSQUIRRELVM v);
+SQUIRREL_API SQRESULT sqstd_register_Sq_Fpdf(HSQUIRRELVM v);
+//SQUIRREL_API SQRESULT sqopen_lfs(HSQUIRRELVM v);
+SQUIRREL_API void sqstd_seterrorhandlers(HSQUIRRELVM v);
+SQUIRREL_API void sqstd_printcallstack(HSQUIRRELVM v);
+#ifdef __cplusplus
+} /*extern "C"*/
+#endif
+
+void sq_printfunc(HSQUIRRELVM v,const SQChar *s,...)
+{
+	va_list vl;
+	va_start(vl, s);
+	vfprintf(stdout, s, vl);
+	va_end(vl);
+}
+
+void sq_errorfunc(HSQUIRRELVM v,const SQChar *s,...)
+{
+	va_list vl;
+	va_start(vl, s);
+	vfprintf(stderr, s, vl);
+	va_end(vl);
+}
+
+
+static HSQUIRRELVM my_new_squirrel(struct mg_context *ctx) {
+    HSQUIRRELVM v = sq_open(1024);
+    if(!v) return 0;
+    sq_pushroottable(v);
+
+	sqstd_register_bloblib(v);
+	sqstd_register_iolib(v);
+	sqstd_register_systemlib(v);
+	sqstd_register_mathlib(v);
+	sqstd_register_stringlib(v);
+	sqstd_register_base64(v);
+	sqstd_register_Sq_Fpdf(v);
+	sqstd_register_SQLite3(v);
+	sq_register_mix(v);
+
+	sqstd_seterrorhandlers(v); //registers the default error handlers
+	sq_setprintfunc(v, sq_printfunc, sq_errorfunc); //sets the print function
+
+    sq_pushliteral(v,_SC("mg_connection"));
+    sq_newclass(v,SQFalse);
+    sq_settypetag(v,-1,(void*)SQ_MG_CONN_TAG);
+    sq_insert_reg_funcs(v, mg_conn_methods);
+    sq_newslot(v,-3,SQTrue);
+
+    sq_insert_reg_funcs(v, sq_mg_methods);
+
+    sq_pushliteral(v, "APP_ROOT_FOLDER");
+    sq_pushstring(v, mg_get_option(ctx, "document_root"), -1);
+    sq_newslot(v, -3, SQFalse);
+
+    sq_poptop(v); //remove roottable
+
+    return v;
+}
+
+// dispatches a callback to a Lua function if one is registered
+static void *
+user_callback_proxy(enum mg_event event,
+                    struct mg_connection *conn,
+                    const struct mg_request_info *ri)
+{
+    HSQUIRRELVM v;
+    int e;
+
+    switch(event){
+        case MG_NEW_MASTER_PLUGIN: {
+            SQ_Mg_Context *sq_mg_ctx = (SQ_Mg_Context *) conn;
+            SQ_MG_Callback *dump = &sq_mg_ctx->master_plugin;
+            v = my_new_squirrel((struct mg_context *)ri);
+            if(!v) return 0;
+            if(dump->buf){
+                if (sq_compilebuffer(v, dump->buf, dump->len, dump->name, SQFalse) == SQ_OK) {
+                    sq_pushroottable(v);
+                    if(sq_call(v, 1, SQFalse, SQTrue) != SQ_OK){
+                        sq_errorfunc(v, "sq_call failed %d\n%s", __LINE__, sq_getlasterror_str(v));
+                    }
+                    sq_poptop(v); //remove function from stack
+                }
+            }
+            return v;
+        }
+        break;
+
+        case MG_FREE_MASTER_PLUGIN:
+            v = (HSQUIRRELVM)conn;
+            if(v) {
+                SQ_Mg_Context *sq_mg_ctx = (SQ_Mg_Context *) ri;
+                SQ_MG_Callback *dump = &sq_mg_ctx->master_plugin_exit;
+                if(dump->buf){
+                    if (sq_compilebuffer(v, dump->buf, dump->len, dump->name, SQFalse) == SQ_OK) {
+                        sq_pushroottable(v);
+                        if(sq_call(v, 1, SQFalse, SQTrue) != SQ_OK){
+                            sq_errorfunc(v, "sq_call failed %d\n%s", __LINE__, sq_getlasterror_str(v));
+                        }
+                        sq_poptop(v); //remove function from stack
+                    }
+                }
+                sq_close(v);
+            }
+            return 0;
+        break;
+
+        case MG_NEW_PLUGIN:{
+            SQ_Mg_Context *sq_mg_ctx = (SQ_Mg_Context *) mg_get_user_data(conn);
+            if(!sq_mg_ctx) return 0;
+            SQ_MG_Callback *dump = &sq_mg_ctx->user_callback;
+            if (dump->buf) {
+                v = my_new_squirrel((struct mg_context *)ri);
+                if(!v) return 0;
+                sq_pushroottable(v);
+
+                sq_pushregistrytable(v);
+                sq_pushstring(v, SQ_MG_CONN_TAG,-1);
+                int rc = sq_rawget(v, -2);
+                sq_remove(v, -2); //remove registrytable
+                sq_pushroottable(v);
+                rc = sq_call(v, 1, SQTrue, SQFalse);
+                sq_remove(v, -2); //class
+                rc = sq_getinstanceup(v, -1, (void**)sq_mg_ctx, (void*)SQ_MG_CONN_TAG);
+
+
+
+                //_g_io_dostring(v, dump->buf, dump->len, dump->name);
+                //sq_setglobal(v, "__manage_conn___");
+                dump = &sq_mg_ctx->user_callback_setup;
+                if(dump->buf){
+                    if (sq_compilebuffer(v, dump->buf, dump->len, dump->name, SQFalse) == SQ_OK) {
+                        sq_pushroottable(v);
+                        if(sq_call(v, 1, SQFalse, SQTrue) != SQ_OK){
+                            sq_errorfunc(v, "sq_call failed %d\n%s", __LINE__, sq_getlasterror_str(v));
+                        }
+                        sq_poptop(v); //remove function from stack
+                    }
+                }
+                sq_poptop(v); //remove root table
+                return v;
+            }
+        }
+        return 0;
+
+        case MG_FREE_PLUGIN:
+            v = (HSQUIRRELVM)mg_get_plugin(conn);
+            if(v){
+                SQ_Mg_Context *sq_mg_ctx = (SQ_Mg_Context *) ri;
+                if(sq_mg_ctx){
+                    SQ_MG_Callback *dump = &sq_mg_ctx->user_callback_exit;
+
+                    if(dump->buf){
+                        if (sq_compilebuffer(v, dump->buf, dump->len, dump->name, SQFalse) == SQ_OK) {
+                            sq_pushroottable(v);
+                            if(sq_call(v, 1, SQFalse, SQTrue) != SQ_OK){
+                                sq_errorfunc(v, "sq_call failed %d\n%s", __LINE__, sq_getlasterror_str(v));
+                            }
+                            sq_poptop(v); //remove function from stack
+                        }
+                    }
+                }
+                sq_close(v);
+            }
+        return NULL;
+
+        case MG_INIT_SSL:
+#ifdef USE_AXTLS
+            //lua_pushstring(L, "MG_INIT_SSL");
+            *((void**)conn) = SSL_CTX_new(0);
+            return 0;
+#endif
+        case MG_NEW_REQUEST:
+        case MG_HTTP_ERROR:
+        case MG_EVENT_LOG:{
+            v = (HSQUIRRELVM) mg_get_plugin(conn);
+
+            if (v) {
+                SQInteger saved_top = sq_gettop(v);
+                //set_mg_conn(v, conn);
+
+                //sq_pushcfunction(v, traceback);  /* push traceback function */
+                SQInteger error_func = sq_gettop(v);
+
+                //sq_getglobal(v, "__manage_conn___");
+                //if the SQIntegererpreter is in a mess state what to do ?
+                if(sq_gettype(v,-1) != OT_CLOSURE) {
+                    const char *error_msg = "Lua SQIntegererpreter lost manage_conn";
+                    write_error_message(conn, error_msg, sizeof(error_msg));
+                };
+
+                switch (event) {
+                case MG_NEW_REQUEST:    sq_pushliteral(v, "MG_NEW_REQUEST");    break;
+                case MG_HTTP_ERROR:     sq_pushliteral(v, "MG_HTTP_ERROR");     break;
+                case MG_EVENT_LOG:      sq_pushliteral(v, "MG_EVENT_LOG");      break;
+                case MG_INIT_SSL:       sq_pushliteral(v, "MG_INIT_SSL");       break;
+                default:                sq_pushnull(v);                         break;
+                }
+                push_request(v, ri);
+        //        sq_call(v, 2, 1);
+        //        e = sq_toboolean(v, -1) ? 1 : 0;
+#if 0
+                if(sq_call(v, 2, 1, error_func) != SQ_OK) {
+                    size_t error_len;
+                    const char *error_msg = sq_tolstring(v, -1, &error_len);
+                    //printf("%s\n", error_msg);
+                    write_error_message(conn, error_msg, error_len);
+                    e = 0;
+                } else {
+                    e = sq_toboolean(v, -1) ? 1 : 0;
+                }
+#endif
+                sq_settop(v, saved_top);
+                return (void *) e;
+            }
+        }
+
+        default:
+            return NULL;
+    }
+
+    return NULL;
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    SQRESULT sqstd_register_mongoose(HSQUIRRELVM v)
+    {
+        sq_insert_reg_funcs(v, sq_mg_methods);
+        sq_pushliteral(v,_SC("mongoose"));
+        sq_newclass(v,SQFalse);
+        sq_settypetag(v,-1,(void*)SQ_MONGOOSE_TAG);
+        sq_insert_reg_funcs(v, sq_mongoose_methods);
+        sq_newslot(v,-3,SQTrue);
+        return 1;
+    }
+
+#ifdef __cplusplus
+}
+#endif
+