SSL_CTX_load_verify_locations by default (and if given non-Null
parameters) searches the CAfile first and falls back to CApath.  This
allows for CAfile to be a basis (e.g. installed by the package manager)
and CApath to be a user configured directory.

This wasn't reflected by the previous configure constraint which this
patch fixes.

Bug: https://github.com/bagder/curl/pull/139

Correctly check for memcmp() return value (it returns 0 if the strings match).

This is not really important, since curl is going to use http/1.1 anyway, but
it's still a bug I guess.

Correctly check for strncmp() return value (it returns 0 if the strings
match).

lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive

For consistency with other conditionally compiled code in openssl.c,
use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
not included.

Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.

Previously we don't ignore PUSH_PROMISE header fields in on_header
callback.  It makes header values mixed with following HEADERS,
resulting protocol error.

Prior to this change the options for exclusive SSL protocol versions did
not actually set the protocol exclusive.

http://curl.haxx.se/mail/lib-2015-01/0002.html
Reported-by: Dan Fandrich

Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.

The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!

Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html

The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5

Code-by: Alexander Peslyak

The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4

Code-by: Alexander Peslyak

Better use of 80 character line limit, comment corrections and line
spacing preferences.

curl_sasl.c:1506: warning: unused variable 'chlg'

curl_sasl.c:1317: warning: unused parameter 'conn'

Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.

Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.

Reported-by: Rich Burridge