After the fixed cookie lock deadlock, this test now passes and it
detects double-locking and double-unlocking of mutexes.

... by removing the extra mutex locks around th call to
Curl_flush_cookies() which takes care of the locking itself already.

Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html

conversion to 'int' from 'long int' may alter its value

It's irrelevant to the test, and will change depending on which SSL
library is being used by libcurl.

Reported-by: David Woodhouse

Use ${host_alias}-krb5-config if available. This improves cross-
compilation support and fixes multilib on Gentoo (at least).

Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
didn't actually check IP addresses in SubjectAltName, even though it was
explicitly documented as doing so. So do it ourselves...

Reported-by: David Woodhouse

The old way using getpwuid could cause problems in programs that enable
reading from netrc files simultaneously in multiple threads.

Reported-by: David Woodhouse

This previously caused a fatal error (with a confusing error code, at
that).

Reported by: Glen A Johnson Jr.

Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html
Reported-by: David Woodhouse

The curl tool project files for VC7 to VC12 would override the default
setting with the output filename being the same as the linker PDB file.
As such the compiler file would be overwritten with the linker file
for all debug builds.

To avoid this overwrite and for consistency with the libcurl project
files, removed the setting to force the default filename to be used.

The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
the code path in which they're referenced here is only ever used for
somewhat older GnuTLS versions. This caused undeclared identifier errors
when compiling against those.

This seems to have become necessary for SRP support to work starting
with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
before the function that takes this priority string, there should be no
issue with backward compatibility.

These tests have been broken since commit 1958fe57 in Oct. 2011

This makes the behaviour consistent with what happens if a date can
be extracted from the certificate but is expired.

... with a mention of *NOSIGNAL, based on talk in bug #1386

This showed itself on some systems with torture failures
in tests 1060 and 1061

... pointed out by MSVC2013

Bug: http://curl.haxx.se/bug/view.cgi?id=1391

Otherwise NSS could use an already freed item for another connection.

... and spell it as crl_der instead of crlDER

... that contains the declaration of PL_ArenaFinish()

This prevents valgrind from reporting still reachable memory allocated
by NSPR arenas (mainly the freelist).

Reported-by: Hubert Kario