Reported-by: Roy Bellingan
Bug: #3885

As we treat a given proxy as a URL we should use the unified URL parser
to extract the parts out of it.

Closes #3878

Given that this member variable is not used by the SASL based protocols
there is no need to have it here.

Closes #3882

Given that this member variable is not used by the SASL based protocols
there is no need to have it here.

Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
to calling conn_shutdown() and it in turn performs this, there is no
need to perform the same action in conn_shutdown().

Closes #3881

Updated test 1560 to verify.

Closes #3880

If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the fact.

Suggested-by: Isaiah Norton
Fixes #3824
Closes #3830

No need to set variables to zero as calloc() does this for us.

Closes #3879

Clues-provided-by: Jay Satiro
Clues-provided-by: Jeroen Ooms
Fixes #3711
Closes #3874

In Curl_multissl_version() it was possible to overflow the passed in
buffer if the generated version string exceeded the size of the buffer.
Fix by inverting the logic, and also make sure to not exceed the local
buffer during the string generation.

Closes #3863
Reported-by: nevv on HackerOne/curl
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg

For consistency and to a avoid confusion.

Closes #3869

Reported-by: Joombalaya on github
Fixes #3818

I missed this one in commit 6b3dde7f.

Codacy/CppCheck warns about this. Consistently use parentheses as we
already do in some places to silence the warning.

Closes https://github.com/curl/curl/pull/3866

I broke it in d1b5cf83 and
97de97da.

Reported-by: Viktor Szakats
Ref: https://github.com/curl/curl/commit/97de97daefc2ed084c91eff34af2426f2e55e134#commitcomment-33499044
Closes https://github.com/curl/curl/pull/3868

Missed in f0bdd72c.

Closes #3867

Closes #3861

I missed these in commit d1b5cf83.

Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for
DOH resolves. This fix disables DOH for those.

Limitation added to KNOWN_BUGS.

Fixes #3850
Closes #3857

.. because we allow snprintf use in docs/examples.

Closes https://github.com/curl/curl/pull/3862

...and misalignment of these comments. From a78c61a4.

Closes #3860

This reverts commit b0972bc8.

- No longer show verbose output for the conncache closure handle.

The offending commit was added so that the conncache closure handle
would inherit verbose mode from the user's easy handle. (Note there is
no way for the user to set options for the closure handle which is why
that was necessary.) Other debug settings such as the debug function
were not also inherited since we determined that could lead to crashes
if the user's per-handle private data was used on an unexpected handle.

The reporter here says he has a debug function to capture the verbose
output, and does not expect or want any output to stderr; however
because the conncache closure handle does not inherit the debug function
the verbose output for that handle does go to stderr.

There are other plausible scenarios as well such as the user redirects
stderr on their handle, which is also not inherited since it could lead
to crashes when used on an unexpected handle.

Short of allowing the user to set options for the conncache closure
handle I don't think there's much we can safely do except no longer
inherit the verbose setting.

Bug: https://curl.haxx.se/mail/lib-2019-05/0021.html
Reported-by: Kristoffer Gleditsch

Ref: https://github.com/curl/curl/pull/3598
Ref: https://github.com/curl/curl/pull/3618

Closes https://github.com/curl/curl/pull/3856

From 6012fa5a.

Closes #3858