Given the SSPI package info query indicates a token size of 2888 bytes,
and as with the Winbind code and commit 9008f3d5, use a dynamic buffer
for the Type-1 and Type-3 message generation rather than a fixed buffer
of 1024 bytes.

Just as with the SSPI implementations of Digest and Negotiate added a
package info query so that libcurl can a) return a more appropriate
error code when the NTLM package is not supported and b) it can be of
use later to allocate a dynamic buffer for the Type-1 and Type-3
output tokens rather than use a fixed buffer of 1024 bytes.

OPENSSL_config() is "strongly recommended" to use but unfortunately that
function makes an exit() call on wrongly formatted config files which
makes it hard to use in some situations. OPENSSL_config() itself calls
CONF_modules_load_file() and we use that instead and we ignore its
return code!

Reported-by: Jan Ehrhardt
Bug: http://curl.haxx.se/bug/view.cgi?id=1401

Test case numbers with four digits have been available for a
while now.

Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
Reported-by: Leonardo Rosati

If the server rejects our authentication attempt and curl hasn't
called CompleteAuthToken() then the status variable will be
SEC_I_CONTINUE_NEEDED and not SEC_E_OK.

As such the existing detection mechanism for determining whether or not
the authentication process has finished is not sufficient.

However, the WWW-Authenticate: Negotiate header line will not contain
any data when the server has exhausted the negotiation, so we can use
that coupled with the already allocated context pointer.

The GetDarwinVersionNumber() function uses strtok, which is not
thread-safe.

This seems to be the way it should work. Right now we can't build with
BoringSSL and try this out properly due to a minor API breakage.

LibreSSL is otherwise OpenSSL API compliant (so far)

To prevent infinite loop in readwrite_data() function when stream is
reset before any response body comes, reset closed flag to false once
it is evaluated to true.

"Expect: 100-continue", which was once deprecated in HTTP/2, is now
resurrected in HTTP/2 draft 14.  This change adds its support to
HTTP/2 code.  This change also includes stricter header field
checking.

Previously it only returned a CURLcode for errors, which is when it
returns a different size than what was passed in to it.

The http2 code only checked the curlcode and thus failed.

This function is available for every Windows version since Windows 95/NT.

reference:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx

... and has been so since 2005

Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.

It's an enum so a macro test won't work. The CyaSSL changelog doesn't
say exactly when this error code was introduced, but it's likely
to be 2.7.0.

Under these circumstances, the connection hasn't been fully established
and smtp_connect hasn't been called, yet smtp_done still calls the state
machine which dereferences the NULL conn pointer in struct pingpong.

... by defining Curl_ssl_random() properly

This now provides a weak random function since PolarSSL doesn't have a
quick and easy way to provide a good one. It does however provide the
framework to make one so it _can_ and _should_ be done...

I couldn't find any dedicated function in its API to get a "good" random
with.