- If the server has provided another challenge use it as the replacement
  input token if stale=TRUE. Otherwise previous credentials have failed
  so return CURLE_LOGIN_DENIED.

Prior to this change the stale directive was ignored and if another
challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING.

Ref: https://tools.ietf.org/html/rfc2617#page-10

Bug: https://github.com/curl/curl/issues/928


Reported-by:  <tarek112@users.noreply.github.com>

Source: https://github.com/Microsoft/vcpkg/blob/7676b8780db1e1e591c4fc7eba4f96f73c428cb4/ports/curl/0002_fix_uwp.patch

Closes #1264

Since negative values are errors and not only -1. This makes SFTP upload
with --create-dirs work (again).

Closes #1269

- on the first invocation: keep security context returned by
  InitializeSecurityContext()

- on subsequent invocations: use MakeSignature() instead of
  InitializeSecurityContext() to generate HTTP digest response

Bug: https://github.com/curl/curl/issues/870
Reported-by: Andreas Roth

Closes https://github.com/curl/curl/pull/1251

Follow-up to 4b86113f

Fixes https://github.com/curl/curl/issues/793
Fixes https://github.com/curl/curl/issues/942

Properly resolve, convert and log the proxy host names.
Support the "--connect-to" feature for SOCKS proxies and for passive FTP
data transfers.

Follow-up to cb4e2be7

Reported-by: Jay Satiro
Fixes https://github.com/curl/curl/issues/1248

- While negotiating auth during PUT/POST if a user-specified
  Content-Length header is set send 'Content-Length: 0'.

This is what we do already in HTTPREQ_POST_FORM and what we did in the
HTTPREQ_POST case (regression since afd288b2).

Prior to this change no Content-Length header would be sent in such a
case.

Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html
Reported-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/1242

Closes #1265

It isn't easily solved, but with some thinking someone could probably
come up with a working approach?

Closes #1241

For example allow ranges like [1-1] and [a-a] etc.

Regression since 5ca96cb8.

Bug: https://github.com/curl/curl/issues/1238
Reported-by: R. Dennis Steed

Builds with axTLS 2.1.2. This then also breaks compatibility with axTLS
< 2.1.0 (the older API)

... and fix the session_id mixup brought in 04b4ee54

Fixes #1220

The warning message had a typo. The argument long form is --time-cond
not --timecond

Closes #1263

When the threaded resolver option is specified for configure the default
thread library is pthreads. This change makes it possible to
--disable-pthreads and then configure can fall back on Win32 threads for
native Windows builds.

Closes https://github.com/curl/curl/pull/1260

Reported-by:  <zelinchen@users.noreply.github.com>
Fixes #1229

When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to
the user explaining possible solutions such as --cacert and --insecure.

This change appends to that message similar options --proxy-cacert and
--proxy-insecure when there's a specified HTTPS proxy.

Closes https://github.com/curl/curl/issues/1258

Fixes #1252

- Document in --socks* opts they're still mutually exclusive of --proxy.

Partial revert of 423a93ce; I had misinterpreted the SOCKS proxy +
HTTP/HTTPS proxy combination.

- Document in --socks* opts that --preproxy can be used to specify a
  SOCKS proxy at the same time --proxy is used with an HTTP/HTTPS proxy.

If the NSS code was in the middle of a non-blocking handshake and it
was asked to finish the handshake in blocking mode, it unexpectedly
continued in the non-blocking mode, which caused a FTPS connection
over CONNECT to fail with "(81) Socket not ready for send/recv".

Bug: https://bugzilla.redhat.com/1420327

... instead of the OpenSSL mutex page.

Follow up to 7fe81ec2: make sure 'host' is either NULL or malloced.

Fixes #1255

Reported-by: Dan Fandrich
Bug: https://curl.haxx.se/mail/lib-2017-02/0032.html

When removing an easy handler from a multi before it completed its
transfer, and it had pushed streams, it would segfault due to the pushed
counted not being cleared.

Fixed-by:  <zelinchen@users.noreply.github.com>
Fixes #1249

Using sftp to delete a file with CURLOPT_NOBODY set with a reused
connection would fail as curl expected to get some data. Thus it would
retry the command again which fails as the file has already been
deleted.

Fixes #1243

Ref: https://github.com/curl/curl/pull/1245

Closes https://github.com/curl/curl/pull/1245