Always register for TCP events even if there are no outstanding queries, as the other side could always close the connection, which is a valid event which should be responded to.

Support a few more socket options, and refactor the option setting a bit. (Patch from the Google tree.)

Make the query callbacks return the number of timeouts that happened during the execution of a query, and update documentation accordingly. (Patch from the Google tree.)

Three fixes in one commit (sorry): a) Take care of the tcpbuf if it ends while queued for transmission, note broken servers and close them in the main loop, and store TCP socket generation number in order not to send the same query twice over the same socket.

is non-NULL before we FD_CLR

both to occur

variables to avoid shadowing global declarations.

curl_easy_setopt() that alters how libcurl functions when following
redirects. It makes libcurl obey the RFC2616 when a 301 response is received
after a non-GET request is made. Default libcurl behaviour is to change
method to GET in the subsequent request (like it does for response code 302
- because that's what many/most browsers do), but with this CURLOPT_POST301
option enabled it will do what the spec says and do the next request using
the same method again. I.e keep POST after 301.

The curl tool got this option as --post301

Test case 1011 and 1012 were added to verify.

CURLOPT_NOBODY enabled but not CURLOPT_HEADER, libcurl wouldn't do TYPE
before it does SIZE which makes it less useful. I walked over the code and
made it do this properly, and added test case 542 to verify it.

out "written"

URLs ending with a slash properly (it should list the contents of that
directory). Test case 351 brought back and also test 1010 was added.

Debian bug report http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443734

several functions (write_tcp_data, read_tcp_data, read_udp_packets) so that
if it fails and the socket is closed the following code doesn't try to use
the file descriptor.

TCP is used since there are several edge cases where it still makes sense.

something with the ares_save_options() where it would try to do a malloc(0)
when no options of that type needed to be saved.  On most platforms, this was
fine because malloc(0) doesn't actually return NULL, but on AIX it does, so
ares_save_options would return ARES_ENOMEM.

the --proxy-negotiate command line option to allow a user to explicitly
select it.

Made a few more tests work remotely.

http://curl.haxx.se/docs/contribute.html

o It looks for the NSS database first in the environment variable SSL_DIR,
  then in /etc/pki/nssdb, then it initializes with no database if neither of
  those exist.

o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
  loaded, including the ca-bundle. If it is not available then only
  certificates already in the NSS database are used.

o Tries to detect whether a file or nickname is being passed in so the right
  thing is done

o Added a bit of code to make the output more like the OpenSSL module,
  including displaying the certificate information when connecting in
  verbose mode

o Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.