GTLS.

  libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.

void *

passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.

  curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
  will make libcurl shutdown SSL/TLS after the authentication is done on a
  FTP-SSL operation.

They all now return ssize_t to Curl_write().

Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.

internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls

  inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted
  address which makes a different failure... Now I've modified the ipv4
  resolve code to use inet_pton() instead in an attempt to make these systems
  better detect this as a bad IP address rather than creating a toally bogus
  address that is then passed on and used.

  subjectAltNames when matching certs. This is apparently detailed in RFC2818
  as the right thing to do. I had to add configure checks for inet_pton() and
  our own (strictly speaking, code from BIND written by Paul Vixie) provided
  code for the function for platforms that miss it.

   If your system, such as Solaris 2.7, lacks the strtok_r() prototype in
   string.h, then you'll face a bunch of warnings on all instances
   where strtok_r() is used.

   There's not much we can do about it. Adding a prototype here screws
   everything up on other platforms! :-(