It isn't easily solved, but with some thinking someone could probably
come up with a working approach?

Closes #1241

For example allow ranges like [1-1] and [a-a] etc.

Regression since 5ca96cb8.

Bug: https://github.com/curl/curl/issues/1238
Reported-by: R. Dennis Steed

Builds with axTLS 2.1.2. This then also breaks compatibility with axTLS
< 2.1.0 (the older API)

... and fix the session_id mixup brought in 04b4ee54

Fixes #1220

The warning message had a typo. The argument long form is --time-cond
not --timecond

Closes #1263

When the threaded resolver option is specified for configure the default
thread library is pthreads. This change makes it possible to
--disable-pthreads and then configure can fall back on Win32 threads for
native Windows builds.

Closes https://github.com/curl/curl/pull/1260

Reported-by:  <zelinchen@users.noreply.github.com>
Fixes #1229

When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to
the user explaining possible solutions such as --cacert and --insecure.

This change appends to that message similar options --proxy-cacert and
--proxy-insecure when there's a specified HTTPS proxy.

Closes https://github.com/curl/curl/issues/1258

Fixes #1252

- Document in --socks* opts they're still mutually exclusive of --proxy.

Partial revert of 423a93ce; I had misinterpreted the SOCKS proxy +
HTTP/HTTPS proxy combination.

- Document in --socks* opts that --preproxy can be used to specify a
  SOCKS proxy at the same time --proxy is used with an HTTP/HTTPS proxy.

If the NSS code was in the middle of a non-blocking handshake and it
was asked to finish the handshake in blocking mode, it unexpectedly
continued in the non-blocking mode, which caused a FTPS connection
over CONNECT to fail with "(81) Socket not ready for send/recv".

Bug: https://bugzilla.redhat.com/1420327

... instead of the OpenSSL mutex page.

Follow up to 7fe81ec2: make sure 'host' is either NULL or malloced.

Fixes #1255

Reported-by: Dan Fandrich
Bug: https://curl.haxx.se/mail/lib-2017-02/0032.html

When removing an easy handler from a multi before it completed its
transfer, and it had pushed streams, it would segfault due to the pushed
counted not being cleared.

Fixed-by:  <zelinchen@users.noreply.github.com>
Fixes #1249

Using sftp to delete a file with CURLOPT_NOBODY set with a reused
connection would fail as curl expected to get some data. Thus it would
retry the command again which fails as the file has already been
deleted.

Fixes #1243

Ref: https://github.com/curl/curl/pull/1245

Closes https://github.com/curl/curl/pull/1245

The information extracted from the server certificates in step 3 is only
used when in verbose mode, and there is no error handling or validation
performed as that has already been done. Only run the certificate
information extraction when in verbose mode and libcurl was built with
verbose strings.

Closes https://github.com/curl/curl/pull/1246

- Remove the SNI disabled when host verification disabled message
  since that is incorrect.

- Show a message for legacy versions of Windows <= XP that connections
  may fail since those versions of WinSSL lack SNI, algorithms, etc.

Bug: https://github.com/curl/curl/pull/1240

This is the previously manually edited changelog, not touched since Aug
2015. Still present in git for those who wants it.

Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/
Closes: https://github.com/curl/curl/pull/1247

- Document HTTPS proxy type.

- Document --write-out %{proxy_ssl_verify_result}.

- Document SOCKS proxy + HTTP/HTTPS proxy combination.

HTTPS proxy support was added in 7.52.0 for OpenSSL, GnuTLS and NSS.

Ref: https://github.com/curl/curl/commit/cb4e2be

- s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY
  Follow-up to 7907a2be and 845522ca.

- Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY.

- Add id for CURLOPT_ABSTRACT_UNIX_SOCKET.

Bug: https://github.com/curl/curl/issues/1237


Reported-by:  <jonrumsey@users.noreply.github.com>

- Test for and set HAVE_FSETXATTR when support for extended file
  attributes is present.

Closes https://github.com/curl/curl/pull/1176

SSL_CTX_add_extra_chain_cert takes ownership of the given certificate
while, despite the similar name, SSL_CTX_add_client_CA does not. Thus
it's best to call SSL_CTX_add_client_CA before
SSL_CTX_add_extra_chain_cert, while the code still has ownership of the
argument.

Closes https://github.com/curl/curl/pull/1236

closes #1227

... refer to the web site for the web versions.

Closes #1231