Added 255 octet limit check as per Section 4. Paragraph 8 of RFC-5034.

Users using the Secure Transport (darwinssl) back-end can now use a
certificate and private key to authenticate with a site using TLS. Because
Apple's security system is based around the keychain and does not have any
non-public function to create a SecIdentityRef data structure from data
loaded outside of the Keychain, the certificate and private key have to be
loaded into the Keychain first (using the certtool command line tool or
the Security framework's C API) before we can find it and use it.

Since we're adding new stuff, the next release will bump the minor
version and we're looking forward to 7.31.0

Documented the the option in curl_easy_setopt() and added it to
symbols-in-versions.

Updated test903 and test904 following the addition of CURLOPT_SASL_IR
as the default behaviour of SMTP AUTH responses is now to not include
the initial response. New tests with --sasl-ir support to follow.

In addition to checking for the SASL-IR capability the user can override
the sending of the client's initial response in the AUTHENTICATION
command with the use of CURLOPT_SASL_IR should the server erroneously
not report SASL-IR when it does support it.

Updated the default behaviour of sending the client's initial response in the AUTH
command to not send it and added support for CURLOPT_SASL_IR to allow the user to
specify including the response.

Related Bug: http://curl.haxx.se/mail/lib-2012-03/0114.html
Reported-by: Gokhan Sengun

Allowed the user to specify whether to send the client's intial response
in the AUTH command via CURLOPT_SASL_IR.

By introducing an internal alternative to curl_multi_init() that accepts
parameters to set the hash sizes, easy handles will now use tiny socket
and connection hash tables since it will only ever add a single easy
handle to that multi handle.

This decreased the number mallocs in test 40 (which is a rather simple
and typical easy interface use case) from 1142 to 138. The maximum
amount of memory allocated used went down from 118969 to 78805.

An IMAP server should response with the BYE continuation response before
confirming the LOGOUT command was successful.

When connecting back to an FTP server after having sent PASV/EPSV,
libcurl sometimes didn't use the proxy properly even though the proxy
was used for the initial connect.

The function wrongly checked for the CURLOPT_PROXY variable to be set,
which made it act wrongly if the proxy information was set with an
environment variable.

Added test case 711 to verify (based on 707 which uses --socks5). Also
added test712 to verify another variation of setting the proxy: with
--proxy socks5://

Bug: http://curl.haxx.se/bug/view.cgi?id=1218
Reported-by: Zekun Ni

... in order to prevent an artificial timeout event based on stale
speed-check data from a previous network transfer.  This commit fixes
a regression caused by 9dd85bce.

Bug: https://bugzilla.redhat.com/906031

I couldn't figure out why the host key logic isn't working, but having
it set to yes prevents my SSH-based test cases to run. I also don't see
a strong need to use strict host key checking on this test server.

So I disabled it.

... to aid tracking down failures

...when mentioning login options. Additional minor clarification of
"Windows builds" to be "Windows builds with SSPI"as a way of enabling
NTLM as Windows builds may be built with OpenSSL to enable NTLM or
without NTLM support altogether.

Thanks to archive.org's wayback machine I updated this document with
some facts from the early httpget/urlget web page:

http://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html

Verifies the timecond fix in commit c49ed0b6

Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783


Reported-by: Ludovico Cavedon <cavedon@debian.org>

Commit 11332577 removed the length check that was performed by the
old scanf() code.

Fixed an issue in parse_proxy(), introduced in commit 11332577,
where an empty username or password (For example: http://:@example.com)
would cause a crash.