Updated the docs to clarify and the code accordingly, with test 1528 to
verify:

When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.

Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.

Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal

Without request body there's no point in asking for 100-continue.

Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS

When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!

Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan

In addition to commit fe260b75 fixed the same issue for RFC-821 based
SMTP servers and allow the credientials to be given to curl even though
they are not used with the server.

Reported-by: Melissa

Follow up to 9317eced makes test 1056 work again.

Remove a superfluous "negotiated http2" info line

We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.

Specifying user credentials when the SMTP server doesn't support
authentication would cause curl to display "No known authentication
mechanisms supported!" and return CURLE_LOGIN_DENIED.

Reported-by: Tom Sparrow
Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html

Reported-by: Richard Moore

There are server certificates used with IP address in the CN field, but
we MUST not allow wild cart certs for hostnames given as IP addresses
only. Therefore we must make Curl_cert_hostcheck() fail such attempts.

Bug: http://curl.haxx.se/docs/adv_20140326B.html
Reported-by: Richard Moore

In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.

Bug: http://curl.haxx.se/docs/adv_20140326A.html

The debug messages printed inside PolarSSL always seems to end with a
newline. So 'infof()' should not add one. Besides the trace 'line'
should be 'const'.

The parser skipped the initial letter, which presumably often is
whitespace but doesn't have to be.

Reported-by: Mike Hasselberg
Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html

It leads to the "next family" tries starting from the wrong point and thus
fails!

Bug: http://curl.haxx.se/bug/view.cgi?id=1337
Reported-by: ricker

Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.

In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.

Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.

API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
 * x509 certificate structure has been renamed to from x509_cert to
   x509_crt
 * new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
   ssl_set_own_cert is for generic keys
 * ssl_default_ciphersuites has been replaced by function
   ssl_list_ciphersuites()

This patch drops the use of the compatibly header.

Also fixed a function name change in the version requirement bump

Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.

... if built against a new enough version of NSS

... if built against a new enough version of NSS

... but allow them to be enabled/disabled explicitly.  The default
policy should be maintained at the NSS level.

... and use Curl_safefree() instead of free()

Patch-by: byte_bucket

Also, combined a couple of #ifdef sections