"Explicit null dereferenced (FORWARD_NULL)"

Coverity CID 1317366

- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.

- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.

In the case of schemeless URLs libcurl will behave in this way:

When the option is used libcurl will use the supplied default.

When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.

... so improve the #ifdefs for using our local implementation.

Since boringssl brought back DES_set_odd_parity again, it cannot be used
to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define
seems better anyway.

URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
Original-patch-by: Bertrand Simonnet

Closes #393

... since boringssl moved the former ones and the check started to fail.

URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
Original-patch-by: Bertrand Simonnet

If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
doesn't present a certificate at all.

Closes #392

The multi state machine would otherwise go into the DO_MORE state after
DO, even for the case when the FTP state machine had already performed
those duties, which caused libcurl to get stuck in that state and fail
miserably. This occured for for active ftp uploads.

Reported-by: Patricia Muscalu

http://docs.travis-ci.com/user/migrating-from-legacy

Closes #388

Based-on-patch-by: Jim Hollinger

Closes #389
Closes #386

Visual Studio complains with a message box:

"Run-Time Check Failure #1 - A cast to a smaller data type has caused a
loss of data.  If this was intentional, you should mask the source of
the cast with the appropriate bitmask.

For example:
char c = (i & 0xFF);

Changing the code in this way will not affect the quality of the
resulting optimized code."

This is because only 'val' is cast to unsigned char, so the "& 0xff" has
no effect.

Closes #387

- Clarify that FILE and SCP are disabled by default since 7.19.4
- Add that SMB and SMBS are disabled by default since 7.40.0
- Add CURLPROTO_SMBS to the list of protocols

find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'

... and changed "oriented" to "related"

Closes #378

Acknowledge that SSLv3 is also widely considered to be insecure.

Also, provide references for people who want to know more about why it's
insecure.

Fix the check code to pass 5 arguments instead of 6.  This typo was
introduced by commit aebfd4cf (cmake: fix gethostby{addr,name}_r in
CurlTests, 2014-10-31).

Bug: https://github.com/bagder/curl/pull/379
Reported-by: Daniel Seither

Bug: http://curl.haxx.se/mail/lib-2015-08/0016.html
Reported-by: Eric Ridge

"can not" => "cannot"

closes #377

closes #376

Closes #375

Closes #374

Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the
SessionHandle. Apparently mod_h2 will sometimes send a frame for a
stream_id we're finished with.

Use nghttp2_session_get_stream_user_data and
nghttp2_session_set_stream_user_data to identify SessionHandles instead
of a hash.

Closes #372