The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
the code path in which they're referenced here is only ever used for
somewhat older GnuTLS versions. This caused undeclared identifier errors
when compiling against those.

This seems to have become necessary for SRP support to work starting
with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
before the function that takes this priority string, there should be no
issue with backward compatibility.

These tests have been broken since commit 1958fe57 in Oct. 2011

This makes the behaviour consistent with what happens if a date can
be extracted from the certificate but is expired.

... with a mention of *NOSIGNAL, based on talk in bug #1386

This showed itself on some systems with torture failures
in tests 1060 and 1061

... pointed out by MSVC2013

Bug: http://curl.haxx.se/bug/view.cgi?id=1391

Otherwise NSS could use an already freed item for another connection.

... and spell it as crl_der instead of crlDER

... that contains the declaration of PL_ArenaFinish()

This prevents valgrind from reporting still reachable memory allocated
by NSPR arenas (mainly the freelist).

Reported-by: Hubert Kario

Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html

When an error has been detected, skip the final forced call to the
progress callback by making sure to pass the current return code
variable in the Curl_done() call in the CURLM_STATE_DONE state.

This avoids the "extra" callback that could occur even if you returned
error from the progress callback.

Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html
Reported by: Jonathan Cardoso Machado

This prevents valgrind from reporting possibly lost memory that NSPR
uses for file descriptor cache and other globally allocated internal
data structures.

This feature was unintentionally disabled by commit ff92fcfb.

... due to calling SSL_VersionRangeGet() with NULL file descriptor

reported-by: upstream tests 305 and 404

mainly to improve how the web versions render

... by using the "\fIopt(3)\fP" syntax they will be linked properly when
the web version of the page is generated.

c-ares now does support IPv6;
avoid implying threaded resolver is Windows-only;
two referenced source files were renamed in 7de2f927

... to the always-copy-char *-argument.

And fix some minor mistakes.

With all the new individual option man pages created, this now refers to
each separate one instead of duplicaing the info. Also makes this page
easier to overview.