... instead of if() before the switch(), add a default to the switch so
that the compilers don't warn on "warning: enumeration value
'PLATFORM_DONT_CARE' not handled in switch" anymore.

- Disable ALPN on Wine.

- Don't pass input secbuffer when ALPN is disabled.

When ALPN support was added a change was made to pass an input secbuffer
to initialize the context. When ALPN is enabled the buffer contains the
ALPN information, and when it's disabled the buffer is empty. In either
case this input buffer caused problems with Wine and connections would
not complete.

Bug: https://github.com/curl/curl/issues/983
Reported-by: Christian Fillion

Serialise the call to PK11_FindSlotByName() to avoid spurious errors in
a multi-threaded environment. The underlying cause is a race condition
in nssSlot_IsTokenPresent().

Bug: https://bugzilla.mozilla.org/1297397

Closes #985

... when we are not asked to use a certificate from file

- unknown protocols probably won't send more headers (e.g. WebSocket)
- improved comments and moved them to the correct case statements

Closes #899

synced with OpenSSL git master commit cc06906707

.. also remove same from scp

When we're uploading using FTP and the server issues a tiny pause
between opening the connection to the client's secondary socket, the
client's initial poll() times out, which leads to second poll() which
does not wait for POLLIN on the secondary socket. So that poll() also
has to time out, creating a long (200ms) pause.

This patch adds the correct flag to the secondary socket, making the
second poll() correctly wait for the connection there too.

Signed-off-by: Ales Novak <alnovak@suse.cz>

Closes #978

Closes #820

Only choose the GSSAPI authentication mechanism when the user name
contains a Windows domain name or the user is a valid UPN.

Fixes #718

Completing commit 00417fd6 and 2708d425.

From commit 2708d425.

Instead of displaying the requested hostname the one returned
by the SOCKS5 proxy server is used in case of connection error.
The requested hostname is displayed earlier in the connection sequence.

The upper-value of the port is moved to a temporary variable and
replaced with a 0-byte to make sure the hostname is 0-terminated.

As of 7.25.0 and commit 54300072.

Replace custom string formatting with Curl_printable_address.
Add additional debug and error output in case of failures.

Calling sscanf is not required since the raw IPv4 address is
available and the protocol can be detected using ai_family.

Made by Visual Studio's auto-correct feature and missed by me in my own
code reviews!

Hooked up the HTTP authentication layer to query the new 'is mechanism
supported' functions when deciding what mechanism to use.

As per commit 00417fd6 existing functionality is maintained for now.

Hooked up the SASL authentication layer to query the new 'is mechanism
supported' functions when deciding what mechanism to use.

For now existing functionality is maintained.

As Windows SSPI authentication calls fail when a particular mechanism
isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
and Negotiate to allow both HTTP and SASL authentication the opportunity
to query support for a supported mechanism before selecting it.

For now each function returns TRUE to maintain compatability with the
existing code when called.

This allows for better memmory debugging and torture tests.

This reverts commit 113f04e6.

Follow up to a96319eb

I discovered some people have been using "https://example.com" style
strings as proxy and it "works" (curl doesn't complain) because curl
ignores unknown schemes and then assumes plain HTTP instead.

I think this misleads users into believing curl uses HTTPS to proxies
when it doesn't. Now curl rejects proxy strings using unsupported
schemes instead of just ignoring and defaulting to HTTP.

Third commit to fix issue #944 regarding SOCKS5 error handling.

Reported-by: David Kalnischkies

Second commit to fix issue #944 regarding SOCKS5 error handling.

Reported-by: David Kalnischkies

First commit to fix issue #944 regarding SOCKS5 error handling.

Reported-by: David Kalnischkies

Undo change introduced in d4643d6e which caused iPAddress match to be
ignored if dNSName was present but did not match.

Also, if iPAddress is present but does not match, and dNSName is not
present, fail as no-match. Prior to this change in such a case the CN
would be checked for a match.

Bug: https://github.com/curl/curl/issues/959


Reported-by:  <wmsch@users.noreply.github.com>

Follow-up to e577c43b to fix test case 569 brekage: stop the parser at
whitespace as well.

Help-by: Erik Janssen

Mark's new document about HTTP Retries
(https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I
spotted that we don't retry failed HEAD requests which seems totally
inconsistent and I can't see any reason for that separate treatment.

So, no separate treatment for HEAD starting now. A HTTP request sent
over a reused connection that gets cut off before a single byte is
received will be retried on a fresh connection.

Made-aware-by: Mark Nottingham

Makes libcurl work in communication with gstreamer-based RTSP
servers. The original code validates the session id to be in accordance
with the RFC. I think it is better not to do that:

- For curl the actual content is a don't care.

- The clarity of the RFC is debatable, is $ allowed or only as \$, that
  is imho not clear

- Gstreamer seems to url-encode the session id but % is not allowed by
the RFC

- less code

With this patch curl will correctly handle real-life lines like:
Session: biTN4Kc.8%2B1w-AF.; timeout=60

Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html

- Turn on USE_THREADS_WIN32 in Windows if ares isn't on

This change is similar to what we already do in the autotools build.

All compilers used by cmake in Windows should support large files.

- Add test SIZEOF_OFF_T
- Remove outdated test SIZEOF_CURL_OFF_T
- Turn on USE_WIN32_LARGE_FILES in Windows
- Check for 'Largefile' during the features output

Since the server can at any time send a HTTP/2 frame to us, we need to
wait for the socket to be readable during all transfers so that we can
act on incoming frames even when uploading etc.

Reminded-by: Tatsuhiro Tsujikawa

In order to make MBEDTLS_DEBUG work, the debug threshold must be unequal
to 0.  This patch also adds a comment how mbedtls must be compiled in
order to make debugging work, and explains the possible debug levels.