Removed the "netrc_debug" keyword replaced with --netrc-file additions.
Removed the debug code from Curl_parsenetrc as it is superseeded by
--netrc-file.

This enables people to specify a path to the netrc file to use.
The new option override --netrc if both are present. However it
does follow --netrc-optional if specified.

After a request times out, the connection wasn't properly closed and
prevented to get re-used, so subsequent transfers could still mistakenly
get to use the previously aborted connection.

When failing to connect the protocol during the CURLM_STATE_PROTOCONNECT
state, Curl_done() has to be called with the premature flag set TRUE as
for the pingpong protocols this can be important.

When Curl_done() is called with premature == TRUE, it needs to call
Curl_disconnect() with its 'dead_connection' argument set to TRUE as
well so that any protocol handler's disconnect function won't attempt to
use the (control) connection for anything.

This problem caused the pingpong protocols to fail to disconnect when
STARTTLS failed.

Reported by: Alona Rossen
Bug: http://curl.haxx.se/mail/lib-2011-02/0195.html

Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>

I forgot to sort it when I added the CURL_SOCKOPT_* symbols

Introducing a few CURL_SOCKOPT* defines for conveniance. The new
CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to
be treated as already connected and thus it will skip the connect()
call.

I went through all the names mentioned as authors and in commit messages
since 7.21.3, and this list inserted now is sorted on first name.

It turns out some systems rely on the gmtime or gmtime_r to be defined
already in the system headers and thus my "precaution" redefining of
them only caused trouble. They are now removed.

Since the feature requires support for TCP_KEEPIDLE and TCP_KEEPINTVL to
function as documented, it now warns if that support is missing when the
option is used.

The latter isn't available in older OpenSSL versions, and is
less useful since it returns the most recent error instead of
the first one encountered.

Unset the environment variable so that we can specify different
filenames in the unit test.

Moved some definitons into the header file so that we can reuse them.

On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
was only being raised when an internal error occurred while allocating
or setting the GnuTLS SRP client credentials struct. For TLS
authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
appropriate; its error string already includes "passwords" as a possible
cause. Having a separate TLS auth error code might also cause people to
think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack.

When the callback returns an error, this function must make sure to return
CURLE_ABORTED_BY_CALLBACK properly and not CURLE_OK as before to allow the
callback to properly abort the operation.

Reported by: Ian D Allen
Bug: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/714895

Forwarded to us by:

Reported by: Andreas Olsson
Bug: http://curl.haxx.se/bug/view.cgi?id=3175422

The main has not been updated from some time and is out of sync with
the code. The code is now tested by several test cases so no need for
a seperate code path.

The state should not be anonymous so that we can check if the values
are fine. Added 2 unreachables states to the switch as a result of this
change.

Document Curl_gmtime() and define away the old functions so that they
won't be used internally again by mistake.

Instead of polluting many places with #ifdefs, we create a single place
for this function, and also check return code properly so that a NULL
pointer returned won't cause problems.

The official Mozilla page at http://www.mozilla.org/projects/security/certs/
points out a new place as the "proper" place to get Mozilla's CA certs from
so this script is now updated to use that instead.

Reported by: Daniel Mentz

The official Mozilla page at
http://www.mozilla.org/projects/security/certs/ points out a new place
as the "proper" place to get Mozilla's CA certs from so this script is
now updated to use that instead.

Reported by: Daniel Mentz

"SSL: couldn't create a context" really isn't that helpful, now it'll
also extract an explanation from OpenSSL and append to the right.

The code in the toofast state needs to first recalculate the values
before it uses them again since it may have been a while since it last
did it when it reaches this point.