curl_sasl.c:1506: warning: unused variable 'chlg'

curl_sasl.c:1317: warning: unused parameter 'conn'

Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.

Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.

Reported-by: Rich Burridge

  Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.

Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.

Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.

Reported-by: John E. Malmberg

... as that is ancient history and not used.

Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.

HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.

Commit 7a8b2885 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.

packages/vms/gnv_link_curl.com was assuming only a single letter suffix
in the openssl version.  That assumption has been fixed for 7.40.

curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
                  variable

curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).