... there's already another function in the curl tool named
free_config_fields!

Commit 7c5837e7

 deprecated the option
making it a manual code-edit operation to turn it back on. The removal
process has thus started and is now documented in docs/DEPRECATE.md so
remove from the TODO to avoid anyone looking for something to pick up
spend cycles on an already in-progress entry.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>

EBADIOCTL doesn't exist on more recent Minix.
There have also been substantial changes to the network stack.
Fixes build on Minix 3.4rc

Closes https://github.com/curl/curl/pull/3323

- fix syntax error in FindGSS.cmake
- correct krb5 include directory. FindGSS exports
  "GSS_INCLUDE_DIR" variable.

Closes https://github.com/curl/curl/pull/3316

Because of issue #3315

Closes #3317

When compiling a collection of SSL libraries to link against (SSL_LIBS),
ensure all libraries are included. The call `--libs-only-l` can produce
only a subset of found in a `--libs` call (e.x. pthread may be excluded).
Adding `--libs-only-other` ensures other libraries are also included in
the list. This corrects select build environments compiling against a
static version of OpenSSL. Before the change, the following could be
observed:

    checking for openssl options with pkg-config... found
    configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
    configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
    configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
    checking for HMAC_Update in -lcrypto... no
    checking for HMAC_Init_ex in -lcrypto... no
    checking OpenSSL linking with -ldl... no
    checking OpenSSL linking with -ldl and -lpthread... no
    configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
    configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
    ...
    SSL support:      no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
    ...

And include the other libraries when compiling SSL_LIBS succeeds with:

    checking for openssl options with pkg-config... found
    configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
    configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
    configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
    checking for HMAC_Update in -lcrypto... yes
    checking for SSL_connect in -lssl... yes
    ...
    SSL support:      enabled (OpenSSL)
    ...

Signed-off-by: James Knight <james.d.knight@live.com>
Closes #3193

Reviewed-by: Daniel Stenberg <daniel@haxx.se>

The variable definition had a small typo making it declare another
variable then the intended.

Closes #3304
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

curl_multi_wait() was erroneously used from within
curl_easy_perform(). It could lead to it believing there was no socket
to wait for and then instead sleep for a while instead of monitoring the
socket and then miss acting on that activity as swiftly as it should
(causing an up to 1000 ms delay).

Reported-by: Antoni Villalonga
Fixes #3305
Closes #3306
Closes #3308

Important for when the file is going to be read again and thus must not
contain old contents!

Adds test 327 to verify.

Reported-by: daboul on github
Fixes #3299
Closes #3300

The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297

The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
eglibc-2.19 there is a memory leakage and invalid free bug which
surfaces in some special circumstances (PF_UNSPEC hint with invalid or
non-existent names). The valgrind runs in testing fail in these
situations.

As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
on the tests' command line.  This prevents the valgrind failures.

Delays stripping of trailing dots to after resolving the hostname.

Fixes #3022
Closes #3222

Closes #3295

Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a session ticket.

Use OpenSSL's "new session" callback to get the session information and put it
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
after the server has sent a session ticket.

The "new session" callback is invoked only if OpenSSL's session cache is
enabled, so enable it and use the "external storage" mode which lets curl manage
the contents of the session cache.

A pointer to the connection data and the sockindex are now saved as "SSL extra
data" to make them available to the callback.

This approach also works for old SSL/TLS versions and old OpenSSL versions.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Fixes #3202
Closes #3271

- ENGINE_cleanup() was used without including "openssl/engine.h"
- enable engine support for OpenSSL 0.9.7

Closes #3266

Since we're close to feature freeze, this change disables this feature
with an #ifdef. Define ALLOW_RENEG at build-time to enable.

This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
applications opt-in this.

Concern-raised-by: David Benjamin
Fixes #3283
Closes #3293

When using c-ares for asyn dns, the dns socket fd was silently closed
by c-ares without curl being aware. curl would then 'realize' the fd
has been removed at next call of Curl_resolver_getsock, and only then
notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
CURL_POLL_REMOVE. At this point the fd is already closed.

By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
patch allows curl to be notified that the fd is not longer needed
for neither for write nor read. At this point by calling
Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
before the fd is actually closed by ares.

In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
since it does not allow passing a different sock_state_cb_data

Closes #3238

lib/curl_ntlm.c had code that read as follows:

  #ifdef USE_OPENSSL
  # ifdef USE_OPENSSL
  # else
  # ..
  # endif
  #endif

Remove the redundant USE_OPENSSL along with #else (it's not possible to
reach it anyway). The removed construction is a leftover from when the
SSLeay support was removed.

Closes #3269
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Closes #3291

The license for the impacket package was not in our tree.

Imported now from upstream's
https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE

Reported-by: infinnovation-dev on github
Fixes #3276
Closes #3277

The partial struct initialization in 397664a0

 caused
a warning on uninitialized MODULEENTRY32 struct members:

  /src/tool_doswin.c:681:3: warning: missing initializer for field
  'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}'
  [-Wmissing-field-initializers]

This is sort of a bogus warning as the remaining members will be set
to zero by the compiler, as all omitted members are. Nevertheless,
remove the warning by omitting all members and setting the dwSize
members explicitly.

Closes #3254
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>

Commit 709cf76f

 deprecated USE_SSLEAY, as curl since long isn't
compatible with the SSLeay library. This removes the few leftovers that
were omitted in the less frequently used platform targets.

Closes #3270
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Fix HTTP POST using CURLAUTH_NEGOTIATE.

Closes #3275

Brought-by: bobmitchell1956 on github
Fixes #3278
Closes #3279

The SSL_CTX_set_msg_callback callback is not just called for the
Handshake or Alert protocols, but also for the raw record header
(SSL3_RT_HEADER) and the decrypted inner record type
(SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
excess debug spam when using `curl -v` against a TLSv1.3-enabled server:

    * TLSv1.3 (IN), TLS app data, [no content] (0):

(Following this message, another callback for the decrypted
handshake/alert messages will be be present anyway.)

Closes https://github.com/curl/curl/pull/3281

SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
but does not work together with SO_REUSEADDR being on.

The default changes were made with stunnel 5.34 and 5.35.

Closes #3262

Fixes #3261