This caused segfaults on tests 823 869 907.

The static connection counter caused a race condition. Moving the
connection id counter into conncache solves it, as well as simplifying
the related logic.

This regression was introduced when *init was split into *init and
*setup...

They were added because of an older code path that used allocations and
should not have been left in the code. With this change the logic goes
back to how it was.

Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verify output.

Also, fake timestamp with CURL_FORCETIME set.

Only when built debug enabled of course.

Curl_ssl_random() was not used anymore so it has been
removed. Curl_rand() is enough.

create_digest_md5_message: generate base64 instead of hex string

curl_sasl: also fix memory leaks in some OOM situations

Added required "debug" feature, missed in commit 1c9aaa0b, as NTLMv2
calls Curl_rand() which can only be fixed to a specific entropy in
debug builds.

httpproxycode is not reset in Curl_initinfo, so a 407 is not reset even
if curl_easy_reset is called between transfers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1380

The method change is forbidden by the obsolete RFC2616, but libcurl did
it anyway for compatibility reasons. The new RFC7231 allows this
behaviour so there's no need for the scary "Violate RFC 2616/10.3.x"
notice. Also update the comments accordingly.

Regression of commit d39bbcfa when compiling against OpenSSL.

Bug: http://curl.haxx.se/bug/view.cgi?id=1378
Reported and Patched-by: Marcel Raad

Bug: http://curl.haxx.se/mail/lib-2014-06/0003.html
Reported-by: Дмитрий Фалько

The SASL/Digest previously used the current time's seconds +
microseconds to add randomness but it is much better to instead get more
data from Curl_rand().

It will also allow us to easier "fake" that for debug builds on demand
in a future.

Rather than use a short 8-byte hex string, extended the cnonce to be
32-bytes long, like Windows SSPI does.

Used a combination of random data as well as the current date and
time for the generation.

gcc spit out warning: variable 'x' might be clobbered by 'longjmp' or
'vfork' messages for a few variables.  These automatic variables were
expected to be changed between a setjmp/longjmp and hold their values,
so are now marked volatile.

As with commit 11397eb6, use $(TargetDir) and $(TargetName) for the
Import Library output rather than $(OutDir)\$(ProjectName)d.lib and
$(OutDir)\$(ProjectName).lib.

Like with the curl tool project files use $(TargetDir)$(TargetName).pdb
rather than $(OutDir)$(ProjectName)d.pdb for the Program Database File
output.

It might not be the most useful combo, but...

"Any two of the parameters, readfds, writefds, or exceptfds, can be
given as null. At least one must be non-null, and any non-null
descriptor set must contain at least one handle to a socket."

http://msdn.microsoft.com/en-ca/library/windows/desktop/ms740141(v=vs.85).aspx

When using select(), cURL doesn't adhere to this (WinSock-specific)
rule, and can ask to monitor empty fd_sets, which leads to select()
returning WSAEINVAL (i.e. EINVAL) and connections failing in mysterious
ways as a result (at least when using the curl_multi_socket_action()
interface).

Bug: http://curl.haxx.se/mail/lib-2014-05/0278.html

The previous #ifdef detection wasn't good enough.

Bug: http://curl.haxx.se/mail/lib-2014-05/0260.html
Reported-by: Chris Young

And clarify that age 3 means 7.16.1 or later.

PolarSSL added ALPN support in their 1.3.6 release.

See:
https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released

Make sure that the URL is reset and cleared.

Bug: http://curl.haxx.se/mail/lib-2014-05/0235.html
Reported-by: Jonathan Cardoso Machado