- Try building a chain using issuers in the trusted store first to avoid
problems with server-sent legacy intermediates.

Prior to this change server-sent legacy intermediates with missing
legacy issuers would cause verification to fail even if the client's CA
bundle contained a valid replacement for the intermediate and an
alternate chain could be constructed that would verify successfully.

https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest

Stop linking to the curl.haxx.se anchor pages, they are usually only
themselves pointers to the real page so better point there directly
instead.

The protocol is named "HTTP/2" after all. It is an alias for the
existing CURL_HTTP_VERSION_2_0 enum.

ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore

Code for OpenSSL 0.9.4 serves no purpose anymore!

It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or
later.

The existing callback served no purpose.

Prior to this change any-domain cookies (cookies without a domain that
are sent to any domain) were exported with domain name "unknown".

Bug: https://github.com/bagder/curl/issues/292

Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198
Reported-by: Gisle Vanem

Follow-up to e8423f9c with discussionis in
https://github.com/bagder/curl/pull/258

This check scans for fopen() with a mode string without 'b' present, as
it may indicate that an FOPEN_* define should rather be used.

- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"

This change is to explicitly specify when we need to read/write text.
Unfortunately 't' is not part of POSIX fopen so we can't specify it
directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.

Prior to this change we had an issue on Windows if an application that
uses libcurl overrides the default file mode to binary. The default file
mode in Windows is normally text mode (translation mode) and that's what
libcurl expects.

Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
Reported-by: Orgad Shaneh

Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html
Reported-by: Rafayel Mkrtchyan

Bug: https://github.com/bagder/curl/issues/256

SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The
equivalent is TLS_client_method.

https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557

Document that if Set-Cookie is used without a domain then the cookie is
sent for any domain and will not be modified.

Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html
Reported-by: Alexander Dyagilev

Previously, after seeing upgrade to HTTP/2, we feed data followed by
upgrade response headers directly to nghttp2_session_mem_recv() in
Curl_http2_switched().  But it turns out that passed buffer, mem, is
part of stream->mem, and callbacks called by
nghttp2_session_mem_recv() will write stream specific data into
stream->mem, overwriting input data.  This will corrupt input, and
most likely frame length error is detected by nghttp2 library.  The
fix is first copy the passed data to HTTP/2 connection buffer,
httpc->inbuf, and call nghttp2_session_mem_recv().

The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the
outgoing request(s)." However there seems to be some user confusion
about cookie modification. Document that the cookies set by this option
are not modified by the cookie engine.

Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html
Reported-by: Alexander Dyagilev