Follow-up from 8b987cc7

Reported-by: Tom van der Woerdt
Fixes #4018
Closes #4024

... to make it handle torture tests properly.

Reported-by: Marcel Raad
Fixes #4021
Closes #4022

Even though the variable was used in a DEBUGASSERT, GCC 8 warned in
debug mode:
krb5.c:324:17: error: unused variable 'maj' [-Werror=unused-variable]

Just suppress the warning and declare the variable unconditionally
instead of only for DEBUGBUILD (which also missed the check for
HAVE_ASSERT_H).

Closes https://github.com/curl/curl/pull/4020

Reported-by: Ben Voris
Fixes #4017
Closes #4019

- The transfer hashes weren't using the correct keys so removing entries
  failed.

- Simplified the iteration logic over transfers sharing the same socket and
  they now simply are set to expire and thus get handled in the "regular"
  timer loop instead.

Reported-by: Tom van der Woerdt
Fixes #4012
Closes #4014

Old connections are meant to expire from the connection cache after
CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x
that value. This occurs because a time value measured in milliseconds is
accidentally divided by 1M instead of by 1,000.

Closes https://github.com/curl/curl/pull/4013

between configure.ac and source code. They should be possible to switch
on/off in configure AND be used in source code.

It isn't used by code so stop providing the define.

Closes #4010

This reverts commit 36738cae.

Apparently several of the appveyor windows builds broke.

Reviewed-by: Jakub Zakrzewski
Closes #3770

... in http2-less builds as it served no use.

... actual support in the code for disabling these has already landed.

Closes #4009

follow-up from deb9462f

Moved away the callback explanation from curl_multi_socket_action.3 and
expanded it somewhat.

Closes #4006

follow-up from deb9462f

Closes #4007

Clarify the functionality when built to use Schannel and Secure
Transport and stop calling it the "recommended" or "preferred" way and
instead rather call it the default.

Removed the reference to the ssl comparison table as it isn't necessary.

Reported-by: Richard Alcock
Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
Closes #4005

Brief security policy description for use/display on github.

Commit 61faa0b4

 fixed the progress bar
width calculation to avoid integer overflow, but failed to account for
the fact that initial_size is initialized to -1 when the file size is
retrieved from the remote on an upload, causing another signed integer
overflow.  Fix by separately checking for this case before the width
calculation.

Closes #3984
Reported-by: Brian Carpenter (Geeknik Labs)
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson

Closes #3903

Reported-by: Alex Grebenschikov
Fixes #3993
Closes #4002

Since more than one socket can be used by each transfer at a given time,
each sockhash entry how has its own hash table with transfers using that
socket.

In addition, the sockhash entry can now be marked 'blocked = TRUE'"
which then makes the delete function just set 'removed = TRUE' instead
of removing it "for real", as a way to not rip out the carpet under the
feet of a parent function that iterates over the transfers of that same
sockhash entry.

Reported-by: Tom van der Woerdt
Fixes #3961
Fixes #3986
Fixes #3995
Fixes #4004
Closes #3997

Fixed-by: MrSorcus on github
Closes #4000

... so that timeouts or other state machine actions get going again
after a changing pause state. For example, if the last delivery was
paused there's no pending socket activity.

Reported-by: sstruchtrup on github
Fixes #3994
Closes #4001

I missed that in commit 99a49d66.

Closes https://github.com/curl/curl/pull/3999

Compilers and static analyzers warn about using C-style casts here.

Closes https://github.com/curl/curl/pull/3975

As want is size_t, (file->buffer_pos - want) is unsigned, so checking
if it's less than zero makes no sense.
Check if file->buffer_pos is less than want instead to avoid the
unsigned integer wraparound.

Closes https://github.com/curl/curl/pull/3975

Reduce variable scopes and remove redundant variable stores.

Closes https://github.com/curl/curl/pull/3975

Unused since commit 2f44e94e.

Closes https://github.com/curl/curl/pull/3975

These are for features that used to be openssl-only but were expanded
over time to support other SSL backends.

Closes #3985

Reported-by: Carlos ORyan

GetModuleFileName() returns a DWORD which is a typedef of an unsigned
long and not an int.

Closes #3980

Suggested-by: dkwolfe4 on github
Closes #3920

Missed in 04fd6755.

Closes #3978