This makes it easier to spot the enum values from the variables.
Removed some unneeded DEBUGASSERT added in the previous commit.

While changing Curl_sec_read_msg to accept an enum protection_level
instead of an int, I went ahead and fixed the usage of the associated
fields.

Some code was assuming that prot_clear == 0. Fixed those to use the
proper value. Added assertions prior to any code that would set the
protection level.

This script is the start of a helper tool that scans a source code and
outputs the most recent libcurl version it finds symbols for. Meaning
that if there's no conditions in the code, that's the earliest libcurl
version the scanned code requires.

It is not added to the Makefile.am yet as it is still a bit crude, but
I'm committing it to keep it and allow us to work on it.

This is the advised way of checking for errors in the GSS-API RFC.
Also added some '\n' to the error message so that they are not mixed
with other outputs.

init is expecting app_data. Passing it the struct connecdata would make
us crash later.

This is a meta symbol. OR this value together with a single specific
auth value to force libcurl to probe for un-restricted auth and if not,
only that single auth algorithm is acceptable.

For example you can use CURLAUTH_DIGEST|CURLAUTH_ONLY to make libcurl
first probe for what method to use, but yet only consider Digest to be
acceptable.

Using _only_ CURLAUTH_DIGEST without the CURLAUTH_ONLY field, will make
libcurl explicitly use Digest right away and not do any probing.

The IP version choice was previously only in the UserDefined struct
within the SessionHandle, but since we sometimes alter that option
during a request we need to have it on a per-connection basis.

I also moved more "init conn" code into the allocate_conn() function
which is designed for that purpose more or less.

MAC OS X requires libtool version 1.5.26 or newer, otherwise
configure will mishandle *.dSYM directories when it runs.

curl mustn't try to use the control connection after the 421 is received

I found a bug in tftp_tx() in tftp.c. If a data resend is done after
reception of an ACK/OACK, the call to sendto is wrong.

Instead of reopening the downloaded file, fsetxattr uses the (already
open) file descriptor to attach extended attributes. This makes the
procedure more robust against errors caused by moved or deleted files.

Bug: https://bugzilla.redhat.com/650255
Reported by: Simon H.

I also documented the filtering logic in the symbol-scan.pl function to
clarify why not all CURL_* symbols are included.

... and do not send ABOR unless really necessary.

Bug: https://bugzilla.redhat.com/649347
Reported by: Simon H.

I also recounted and updated the command line and libcurl options.

My copy and paste job was a little too much copy and I missed to adjust
it properly to sys/xattr.h all over and this is a fix to cure that.

CURLOPT_RESOLVE is a new option that sends along a curl_slist with
name:port:address sets that will populate the DNS cache with entries so
that request can be "fooled" to use another host than what otherwise
would've been used. Previously we've encouraged the use of Host: for
that when dealing with HTTP, but this new feature has the added bonus
that it allows the name from the URL to be used for TLS SNI and server
certificate name checks as well.

This is a first change. Surely more will follow to make it decent.

Removed the code that was needed for libcurl before 7.19.0 which now is
more than two years old.

Simplified the top comment and corrected the URL.

If the query result has a binary attribute, the binary attribute is
base64 encoded. But all following non binary attributes are also base64
encoded which is wrong.

This is a test (LDAP server is public).

curl
ldap://x500.bund.de:389/o=Bund,c=DE?userCertificate,certificateSerialNumber?sub
?cn=*Woehleke*

setxattr is a glibc call to set extended attributes, so configure now
checks for it and the code is adapted to only build when the
functionality is present.