In case the first address in the tempaddr array is NULL,
the code would previously dereference an unchecked null pointer.

The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.

Added support for parsing query strings from the URL as defined by
RFC-5092.

Should a command return untagged responses that contained no data then
the imap_matchresp() function would not detect them as valid responses,
as it wasn't taking the CRLF characters into account at the end of each
line.

Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.

Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek

To avoid urldata.h being included from the header file or that the
source file has the correct include order as highlighted by one of
the auto builds recently.

warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'

warning: 'sasl_digest_get_key_value' defined but not used

* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer

When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.

Updated the docs to clarify and the code accordingly, with test 1528 to
verify:

When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.

Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.

Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal

Without request body there's no point in asking for 100-continue.

Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS

When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!

Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan

In addition to commit fe260b75 fixed the same issue for RFC-821 based
SMTP servers and allow the credientials to be given to curl even though
they are not used with the server.

Reported-by: Melissa