int active_requests = 0;
 
 #ifdef USE_CURL_MULTI
-int max_requests = -1;
-CURLM *curlm;
+static int max_requests = -1;
+static CURLM *curlm;
 #endif
 #ifndef NO_CURL_EASY_DUPHANDLE
-CURL *curl_default;
+static CURL *curl_default;
 #endif
 char curl_errorstr[CURL_ERROR_SIZE];
 
-int curl_ssl_verify = -1;
-char *ssl_cert = NULL;
+static int curl_ssl_verify = -1;
+static const char *ssl_cert = NULL;
 #if LIBCURL_VERSION_NUM >= 0x070902
-char *ssl_key = NULL;
+static const char *ssl_key = NULL;
 #endif
 #if LIBCURL_VERSION_NUM >= 0x070908
-char *ssl_capath = NULL;
+static const char *ssl_capath = NULL;
 #endif
-char *ssl_cainfo = NULL;
-long curl_low_speed_limit = -1;
-long curl_low_speed_time = -1;
+static const char *ssl_cainfo = NULL;
+static long curl_low_speed_limit = -1;
+static long curl_low_speed_time = -1;
+static int curl_ftp_no_epsv = 0;
+static char *curl_http_proxy = NULL;
 
-struct curl_slist *pragma_header;
-struct curl_slist *no_range_header;
+static struct curl_slist *pragma_header;
 
-struct active_request_slot *active_queue_head = NULL;
+static struct active_request_slot *active_queue_head = NULL;
 
-size_t fread_buffer(void *ptr, size_t eltsize, size_t nmemb,
-                          struct buffer *buffer)
+size_t fread_buffer(void *ptr, size_t eltsize, size_t nmemb, void *buffer_)
 {
        size_t size = eltsize * nmemb;
-       if (size > buffer->size - buffer->posn)
-               size = buffer->size - buffer->posn;
-       memcpy(ptr, buffer->buffer + buffer->posn, size);
+       struct buffer *buffer = buffer_;
+
+       if (size > buffer->buf.len - buffer->posn)
+               size = buffer->buf.len - buffer->posn;
+       memcpy(ptr, buffer->buf.buf + buffer->posn, size);
        buffer->posn += size;
+
        return size;
 }
 
-size_t fwrite_buffer(const void *ptr, size_t eltsize,
-                           size_t nmemb, struct buffer *buffer)
+size_t fwrite_buffer(const void *ptr, size_t eltsize, size_t nmemb, void *buffer_)
 {
        size_t size = eltsize * nmemb;
-       if (size > buffer->size - buffer->posn) {
-               buffer->size = buffer->size * 3 / 2;
-               if (buffer->size < buffer->posn + size)
-                       buffer->size = buffer->posn + size;
-               buffer->buffer = xrealloc(buffer->buffer, buffer->size);
-       }
-       memcpy(buffer->buffer + buffer->posn, ptr, size);
-       buffer->posn += size;
+       struct strbuf *buffer = buffer_;
+
+       strbuf_add(buffer, ptr, size);
        data_received++;
        return size;
 }
 
-size_t fwrite_null(const void *ptr, size_t eltsize,
-                         size_t nmemb, struct buffer *buffer)
+size_t fwrite_null(const void *ptr, size_t eltsize, size_t nmemb, void *strbuf)
 {
        data_received++;
        return eltsize * nmemb;
 }
 #endif
 
-static int http_options(const char *var, const char *value)
+static int http_options(const char *var, const char *value, void *cb)
 {
        if (!strcmp("http.sslverify", var)) {
                if (curl_ssl_verify == -1) {
        }
 
        if (!strcmp("http.sslcert", var)) {
-               if (ssl_cert == NULL) {
-                       ssl_cert = xmalloc(strlen(value)+1);
-                       strcpy(ssl_cert, value);
-               }
+               if (ssl_cert == NULL)
+                       return git_config_string(&ssl_cert, var, value);
                return 0;
        }
 #if LIBCURL_VERSION_NUM >= 0x070902
        if (!strcmp("http.sslkey", var)) {
-               if (ssl_key == NULL) {
-                       ssl_key = xmalloc(strlen(value)+1);
-                       strcpy(ssl_key, value);
-               }
+               if (ssl_key == NULL)
+                       return git_config_string(&ssl_key, var, value);
                return 0;
        }
 #endif
 #if LIBCURL_VERSION_NUM >= 0x070908
        if (!strcmp("http.sslcapath", var)) {
-               if (ssl_capath == NULL) {
-                       ssl_capath = xmalloc(strlen(value)+1);
-                       strcpy(ssl_capath, value);
-               }
+               if (ssl_capath == NULL)
+                       return git_config_string(&ssl_capath, var, value);
                return 0;
        }
 #endif
        if (!strcmp("http.sslcainfo", var)) {
-               if (ssl_cainfo == NULL) {
-                       ssl_cainfo = xmalloc(strlen(value)+1);
-                       strcpy(ssl_cainfo, value);
-               }
+               if (ssl_cainfo == NULL)
+                       return git_config_string(&ssl_cainfo, var, value);
                return 0;
        }
 
-#ifdef USE_CURL_MULTI  
+#ifdef USE_CURL_MULTI
        if (!strcmp("http.maxrequests", var)) {
                if (max_requests == -1)
                        max_requests = git_config_int(var, value);
                return 0;
        }
 
+       if (!strcmp("http.noepsv", var)) {
+               curl_ftp_no_epsv = git_config_bool(var, value);
+               return 0;
+       }
+       if (!strcmp("http.proxy", var)) {
+               if (curl_http_proxy == NULL) {
+                       if (!value)
+                               return config_error_nonbool(var);
+                       curl_http_proxy = xstrdup(value);
+               }
+               return 0;
+       }
+
        /* Fall back on the default ones */
-       return git_default_config(var, value);
+       return git_default_config(var, value, cb);
 }
 
 static CURL* get_curl_handle(void)
 {
        CURL* result = curl_easy_init();
 
-       curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, curl_ssl_verify);
+       if (!curl_ssl_verify) {
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0);
+       } else {
+               /* Verify authenticity of the peer's certificate */
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1);
+               /* The name in the cert must match whom we tried to connect */
+               curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 2);
+       }
+
 #if LIBCURL_VERSION_NUM >= 0x070907
        curl_easy_setopt(result, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
 #endif
        if (getenv("GIT_CURL_VERBOSE"))
                curl_easy_setopt(result, CURLOPT_VERBOSE, 1);
 
+       curl_easy_setopt(result, CURLOPT_USERAGENT, GIT_USER_AGENT);
+
+       if (curl_ftp_no_epsv)
+               curl_easy_setopt(result, CURLOPT_FTP_USE_EPSV, 0);
+
+       if (curl_http_proxy)
+               curl_easy_setopt(result, CURLOPT_PROXY, curl_http_proxy);
+
        return result;
 }
 
-void http_init(void)
+void http_init(struct remote *remote)
 {
        char *low_speed_limit;
        char *low_speed_time;
 
        curl_global_init(CURL_GLOBAL_ALL);
 
+       if (remote && remote->http_proxy)
+               curl_http_proxy = xstrdup(remote->http_proxy);
+
        pragma_header = curl_slist_append(pragma_header, "Pragma: no-cache");
-       no_range_header = curl_slist_append(no_range_header, "Range:");
 
 #ifdef USE_CURL_MULTI
        {
        if (low_speed_time != NULL)
                curl_low_speed_time = strtol(low_speed_time, NULL, 10);
 
-       git_config(http_options);
+       git_config(http_options, NULL);
 
        if (curl_ssl_verify == -1)
                curl_ssl_verify = 1;
                max_requests = DEFAULT_MAX_REQUESTS;
 #endif
 
+       if (getenv("GIT_CURL_FTP_NO_EPSV"))
+               curl_ftp_no_epsv = 1;
+
 #ifndef NO_CURL_EASY_DUPHANDLE
        curl_default = get_curl_handle();
 #endif
 void http_cleanup(void)
 {
        struct active_request_slot *slot = active_queue_head;
-#ifdef USE_CURL_MULTI
-       char *wait_url;
-#endif
 
        while (slot != NULL) {
+               struct active_request_slot *next = slot->next;
+               if (slot->curl != NULL) {
 #ifdef USE_CURL_MULTI
-               if (slot->in_use) {
-                       curl_easy_getinfo(slot->curl,
-                                         CURLINFO_EFFECTIVE_URL,
-                                         &wait_url);
-                       fprintf(stderr, "Waiting for %s\n", wait_url);
-                       run_active_slot(slot);
-               }
+                       curl_multi_remove_handle(curlm, slot->curl);
 #endif
-               if (slot->curl != NULL)
                        curl_easy_cleanup(slot->curl);
-               slot = slot->next;
+               }
+               free(slot);
+               slot = next;
        }
+       active_queue_head = NULL;
 
 #ifndef NO_CURL_EASY_DUPHANDLE
        curl_easy_cleanup(curl_default);
        curl_multi_cleanup(curlm);
 #endif
        curl_global_cleanup();
-       
+
+       curl_slist_free_all(pragma_header);
+       pragma_header = NULL;
+
+       if (curl_http_proxy) {
+               free(curl_http_proxy);
+               curl_http_proxy = NULL;
+       }
 }
 
 struct active_request_slot *get_active_slot(void)
        slot->in_use = 1;
        slot->local = NULL;
        slot->results = NULL;
+       slot->finished = NULL;
        slot->callback_data = NULL;
        slot->callback_func = NULL;
        curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, pragma_header);
-       curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, no_range_header);
        curl_easy_setopt(slot->curl, CURLOPT_ERRORBUFFER, curl_errorstr);
+       curl_easy_setopt(slot->curl, CURLOPT_CUSTOMREQUEST, NULL);
+       curl_easy_setopt(slot->curl, CURLOPT_READFUNCTION, NULL);
+       curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, NULL);
+       curl_easy_setopt(slot->curl, CURLOPT_UPLOAD, 0);
+       curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
 
        return slot;
 }
 {
 #ifdef USE_CURL_MULTI
        CURLMcode curlm_result = curl_multi_add_handle(curlm, slot->curl);
+       int num_transfers;
 
        if (curlm_result != CURLM_OK &&
            curlm_result != CURLM_CALL_MULTI_PERFORM) {
                slot->in_use = 0;
                return 0;
        }
+
+       /*
+        * We know there must be something to do, since we just added
+        * something.
+        */
+       curl_multi_perform(curlm, &num_transfers);
 #endif
        return 1;
 }
 
 #ifdef USE_CURL_MULTI
+struct fill_chain {
+       void *data;
+       int (*fill)(void *);
+       struct fill_chain *next;
+};
+
+static struct fill_chain *fill_cfg = NULL;
+
+void add_fill_function(void *data, int (*fill)(void *))
+{
+       struct fill_chain *new = xmalloc(sizeof(*new));
+       struct fill_chain **linkp = &fill_cfg;
+       new->data = data;
+       new->fill = fill;
+       new->next = NULL;
+       while (*linkp)
+               linkp = &(*linkp)->next;
+       *linkp = new;
+}
+
+void fill_active_slots(void)
+{
+       struct active_request_slot *slot = active_queue_head;
+
+       while (active_requests < max_requests) {
+               struct fill_chain *fill;
+               for (fill = fill_cfg; fill; fill = fill->next)
+                       if (fill->fill(fill->data))
+                               break;
+
+               if (!fill)
+                       break;
+       }
+
+       while (slot != NULL) {
+               if (!slot->in_use && slot->curl != NULL) {
+                       curl_easy_cleanup(slot->curl);
+                       slot->curl = NULL;
+               }
+               slot = slot->next;
+       }
+}
+
 void step_active_slots(void)
 {
        int num_transfers;
        fd_set excfds;
        int max_fd;
        struct timeval select_timeout;
+       int finished = 0;
 
-       while (slot->in_use) {
+       slot->finished = &finished;
+       while (!finished) {
                data_received = 0;
                step_active_slots();
 
 #endif
 }
 
+static void closedown_active_slot(struct active_request_slot *slot)
+{
+       active_requests--;
+       slot->in_use = 0;
+}
+
+void release_active_slot(struct active_request_slot *slot)
+{
+       closedown_active_slot(slot);
+       if (slot->curl) {
+#ifdef USE_CURL_MULTI
+               curl_multi_remove_handle(curlm, slot->curl);
+#endif
+               curl_easy_cleanup(slot->curl);
+               slot->curl = NULL;
+       }
+#ifdef USE_CURL_MULTI
+       fill_active_slots();
+#endif
+}
+
 static void finish_active_slot(struct active_request_slot *slot)
 {
-        active_requests--;
-        slot->in_use = 0;
-        curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE, &slot->http_code);
+       closedown_active_slot(slot);
+       curl_easy_getinfo(slot->curl, CURLINFO_HTTP_CODE, &slot->http_code);
+
+       if (slot->finished != NULL)
+               (*slot->finished) = 1;
 
        /* Store slot results so they can be read after the slot is reused */
        if (slot->results != NULL) {
                slot->results->http_code = slot->http_code;
        }
 
-        /* Run callback if appropriate */
-        if (slot->callback_func != NULL) {
-                slot->callback_func(slot->callback_data);
-        }
+       /* Run callback if appropriate */
+       if (slot->callback_func != NULL) {
+               slot->callback_func(slot->callback_data);
+       }
 }
 
 void finish_all_active_slots(void)
                        slot = slot->next;
                }
 }
+
+static inline int needs_quote(int ch)
+{
+       if (((ch >= 'A') && (ch <= 'Z'))
+                       || ((ch >= 'a') && (ch <= 'z'))
+                       || ((ch >= '0') && (ch <= '9'))
+                       || (ch == '/')
+                       || (ch == '-')
+                       || (ch == '.'))
+               return 0;
+       return 1;
+}
+
+static inline int hex(int v)
+{
+       if (v < 10) return '0' + v;
+       else return 'A' + v - 10;
+}
+
+static char *quote_ref_url(const char *base, const char *ref)
+{
+       const char *cp;
+       char *dp, *qref;
+       int len, baselen, ch;
+
+       baselen = strlen(base);
+       len = baselen + 2; /* '/' after base and terminating NUL */
+       for (cp = ref; (ch = *cp) != 0; cp++, len++)
+               if (needs_quote(ch))
+                       len += 2; /* extra two hex plus replacement % */
+       qref = xmalloc(len);
+       memcpy(qref, base, baselen);
+       dp = qref + baselen;
+       *(dp++) = '/';
+       for (cp = ref; (ch = *cp) != 0; cp++) {
+               if (needs_quote(ch)) {
+                       *dp++ = '%';
+                       *dp++ = hex((ch >> 4) & 0xF);
+                       *dp++ = hex(ch & 0xF);
+               }
+               else
+                       *dp++ = ch;
+       }
+       *dp = 0;
+
+       return qref;
+}
+
+int http_fetch_ref(const char *base, struct ref *ref)
+{
+       char *url;
+       struct strbuf buffer = STRBUF_INIT;
+       struct active_request_slot *slot;
+       struct slot_results results;
+       int ret;
+
+       url = quote_ref_url(base, ref->name);
+       slot = get_active_slot();
+       slot->results = &results;
+       curl_easy_setopt(slot->curl, CURLOPT_FILE, &buffer);
+       curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, fwrite_buffer);
+       curl_easy_setopt(slot->curl, CURLOPT_HTTPHEADER, NULL);
+       curl_easy_setopt(slot->curl, CURLOPT_URL, url);
+       if (start_active_slot(slot)) {
+               run_active_slot(slot);
+               if (results.curl_result == CURLE_OK) {
+                       strbuf_rtrim(&buffer);
+                       if (buffer.len == 40)
+                               ret = get_sha1_hex(buffer.buf, ref->old_sha1);
+                       else if (!prefixcmp(buffer.buf, "ref: ")) {
+                               ref->symref = xstrdup(buffer.buf + 5);
+                               ret = 0;
+                       } else
+                               ret = 1;
+               } else {
+                       ret = error("Couldn't get %s for %s\n%s",
+                                   url, ref->name, curl_errorstr);
+               }
+       } else {
+               ret = error("Unable to start request");
+       }
+
+       strbuf_release(&buffer);
+       free(url);
+       return ret;
+}