libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.

  OpenSSL, NSS and GnuTLS-built libcurls.

  OpenSSL, NSS and GnuTLS-built libcurls.

  better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.

http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.

function itself adds that. Fixed on 50 or something strings!

consistency

Previously it would fail if the ca bundle wasn't present, even if the code
ignored the verification results.

o It looks for the NSS database first in the environment variable SSL_DIR,
  then in /etc/pki/nssdb, then it initializes with no database if neither of
  those exist.

o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be
  loaded, including the ca-bundle. If it is not available then only
  certificates already in the NSS database are used.

o Tries to detect whether a file or nickname is being passed in so the right
  thing is done

o Added a bit of code to make the output more like the OpenSSL module,
  including displaying the certificate information when connecting in
  verbose mode

o Improved handling of certificate errors (expired, untrusted, etc)

The libnsspem.so PKCS#11 module is currently only available in Fedora
8/rawhide. Work will be done soon to upstream it. The NSS module will work
with or without it, all that changes is the source of the certificates and
keys.

and allow reuse by multiple protocols. Several unused error codes were
removed.  In all cases, macros were added to preserve source (and binary)
compatibility with the old names.  These macros are subject to removal at
a future date, but probably not before 2009.  An application can be
tested to see if it is using any obsolete code by compiling it with the
CURL_NO_OLDIES macro defined.

Documented some newer error codes in libcurl-error(3)

passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.

of a socket after it has been closed, when the FTP-SSL data connection is taken
down.

(http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel
Black identifying several FTP-SSL test cases fail when we build libcurl with
NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS.

since they're already included through "setup.h".

SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/