... to aid tracking down failures

...when mentioning login options. Additional minor clarification of
"Windows builds" to be "Windows builds with SSPI"as a way of enabling
NTLM as Windows builds may be built with OpenSSL to enable NTLM or
without NTLM support altogether.

Thanks to archive.org's wayback machine I updated this document with
some facts from the early httpget/urlget web page:

http://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html

Verifies the timecond fix in commit c49ed0b6

Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705783


Reported-by: Ludovico Cavedon <cavedon@debian.org>

Commit 11332577 removed the length check that was performed by the
old scanf() code.

Fixed an issue in parse_proxy(), introduced in commit 11332577,
where an empty username or password (For example: http://:@example.com)
would cause a crash.

Updated the naming convention of the login parameters to match those of
other functions.

Tidy up of variable names and comments in setstropt_userpwd() and
parse_login_details().

There is no need to perform separate clearing of data if a NULL option
pointer is passed in. Instead this operation can be performed by simply
not calling parse_login_details() and letting the rest of the code do
the work.

setstropt_userpwd() was calling setstropt() in commit fddb7b44 to
set each of the login details which would duplicate the strings and
subsequently cause a memory leak.

Fix to prevent the options from being displayed when curl requests the
user's password if the following command line is specified:

--user username;options

In addition to parsing the optional login options from the URL, added
support for parsing them from CURLOPT_USERPWD, to allow the following
supported command line:

--user username:password;options

Added bounds checking when searching for the separator characters within
the login string as this string may not be NULL terminated (For example
it is the login part of a URL). We do this in preference to allocating a
new string to copy the login details into which could then be passed to
parse_login_details() for performance reasons.

When cross-compiling we can't scan and detect existing files or paths.

Bug: http://curl.haxx.se/mail/lib-2013-04/0294.html

Relies on CURLOPT_SSL_CTX_FUNCTION, which is OpenSSL specific

signed and unsigned type in conditional expression

Separated the parsing of login details from the processing of them in
parse_url_login() ready for use by setstropt_userpwd().

Re-factored these functions to reflect their new behaviour following the
addition of login options.

Apparently the previous usage didn't work with that implementation,
while this updated version works with at least both Parallel BZIP2
v1.1.8 and regular bzip "Version 1.0.6, 6-Sept-2010".