- If a CURLINFO option is unknown return CURLE_UNKNOWN_OPTION.

Prior to this change CURLE_BAD_FUNCTION_ARGUMENT was returned on
unknown. That return value is contradicted by the CURLINFO option
documentation which specifies a return of CURLE_UNKNOWN_OPTION on
unknown.

Closes https://github.com/bagder/curl/pull/471

Closes https://github.com/bagder/curl/pull/469

Closes #466

Because the 'not' operator has a very low precedence and as a result the
entire statement was erroneously negated and could never be true.

- Change algorithm init to happen after OpenSSL config load.

Additional algorithms may be available due to the user's config so we
initialize the algorithms after the user's config is loaded.

Bug: https://github.com/bagder/curl/issues/447
Reported-by: Denis Feklushkin

Closes https://github.com/bagder/curl/pull/459

For a single-stream download from localhost, we managed to increase
transfer speed from 1.6MB/sec to around 400MB/sec, mostly because of
this single fix.

... only call it when there is data arriving for another handle than the
one that is currently driving it.

Improves single-stream download performance quite a lot.

Thanks-to: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/mail/lib-2015-09/0097.html

... as otherwise a really fast pipe can "lock" one transfer for some
protocols, like with HTTP/2.

Closes #439

... don't try to increase the supposed file size on newlines if we don't
know what file size it is!

Patch-by: lzsiga

Closes #457

... for CURL_CHECK_OPTION_RT

Closes #456

...during header checks. Otherwise some following header tests
(incorrectly) fail.

Closes #436

"windows.h" includes "winsock.h" what causes many redefinition errors
if "winsock2.h" is included afterwards and can cause build to fail.

If GnuTLS fails to read the certificate then include whatever reason it
provides in the failure message reported to the client.

Signed-off-by: Mike Crowe <mac@mcrowe.com>

The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.

gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.

Signed-off-by: Mike Crowe <mac@mcrowe.com>

... even for those that don't support providing anything in the
'internals' struct member since it offers a convenient way for
applications to figure this out.

The easysrc generation is run only when --libcurl is initialized.

Ref: https://github.com/bagder/curl/issues/429

Closes #448

Closes #449

Like for example brotli, as being implemented in Firefox now.

- Review of 4d954916.

The author changed it so easysrc only initializes when --libcurl but did
not do the same for the call to easysrc cleanup.

Ref: https://github.com/bagder/curl/issues/429

closes #443

Closes #334

It is unreliable and causes CI problems on github

Closes #380

Code should only be generated when --libcurl is used.

Bug: https://github.com/bagder/curl/issues/429
Reported-by: @greafhe, Jay Satiro

Closes #429
Closes #442

- Change the designator name we use to show the base64 encoded sha256
hash of the server's public key from 'pinnedpubkey' to
'public key hash'.

Though the server's public key hash is only shown when comparing pinned
public key hashes, the server's hash may not match one of the pinned.

With NTLM a new connection will always require authentication.
Fixes #435