Allow openSSL without SSL2 to be used. This fix is inspired by the fix
provided by Cristian Rodrguez.

Reported by: Cristian Rodrguez

In case a client certificate is used, invalidate SSL session cache
at the end of a session.  This forces NSS to ask for a new client
certificate when connecting second time to the same host.

Bug: https://bugzilla.redhat.com/689031

When I decided to search for a potential error with the cacert bundle it
struck me I wanted to see the full source URL in the output...

* Rename the object object directory from 'objs' to 'BCC_obj'. I feel
 it should be named properly. Ref. Makefile.Watcom where it's called
 'WC_Win32.obj'.

* Turn off these warnings to keep the build totally silent (with CBuilder-6
 that is).
  -w-inl    8026 Functions X are not expanded inline.
  -w-pia   8060 Possibly incorrect assignment
  -w-pin  8061 Initialization is only partially bracketed

I'm sure the warnings could be fixed the "proper" way or with some added
"#pragma" statements. But that just clutters the sources IMHO.

* $(MKDIR) and $(RMDIR) have been replaced with the shell-commands 'md'
 and 'rd'. When having MingW/Msys programs 'mkdir.exe' and 'rmdir.exe' in
$PATH, this confuses Borland's make and the result (the cleaning etc.) would
 not be as expected.

* Added a ".path.int = $(OBJDIR)" to tell make where the $(PREPROCESSED)
 files are. Why we need the preprocess step in the fist place is beyond me
(Yang?). But I'll leave that for now.

Also add test case 584 for the same

Bug: http://curl.haxx.se/bug/view.cgi?id=3214223

Also, fixed Curl_proxyCONNECT() stub with HTTP disabled.

Stop the abuse of CURLE_FAILED_INIT as return code for things not being
init related by introducing two new return codes:

CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION

CURLE_NOT_BUILT_IN replaces return code 4 that has been obsoleted for
several years. It is used for returning error when something is
attempted to be used but the feature/option was not enabled or
explictitly disabled at build-time. Getting this error mostly means that
libcurl needs to be rebuilt.

CURLE_FAILED_INIT is now saved and used strictly for init
failures. Getting this problem means something went seriously wrong,
like a resource shortage or similar.

CURLE_UNKNOWN_OPTION is the option formerly known as
CURLE_UNKNOWN_TELNET_OPTION (and the old name is still present,
separately defined to be removed in a very distant future). This error
code is meant to be used to return when an option is given to libcurl
that isn't known. This problem would mostly indicate a problem in the
program that uses libcurl.

In my attempts to reduce #ifdefs in code, the SOCKS functions are now
macros when libcurl is built without proxy support and therefore the FTP
code could avoid some #ifs.

The new http_proxy.* files now host HTTP proxy specific code (500+ lines
moved out from http.c), and as a consequence there is a macro introduced
for the Curl_proxyCONNECT() function so that code can use it without
actually supporting proxy (or HTTP) in builds.

1 - make sure to #define macros for cookie functions in the cookie
header when cookies are disabled to avoid having to use #ifdefs in code
using those functions.

2 - move cookie-specific code to cookie.c and use the functio
conditionally as mentioned in (1).

net result: 6 #if lines removed, and 9 lines of code less

The bug was introduced in 806dbb02 (a wrong value was passed in as the
first argument to the default callback in our wrapper).

We keep them less than 80 columns

Within multi_socket when conn is used as a shorthand, data could be
changed and multi_runsingle could modify the connectdata struct to deal
with. This bug has not been included in a public release.

Using 'conn' like that turned out to be ugly. This change is a partial
revert of commit f1c6cd42.

Reported by: Miroslav Spousta
Bug: http://curl.haxx.se/bug/view.cgi?id=3265485

Posted to the list by Quanah Gibson-Mount [quanah zimbra.com].

If a new enough OpenSSL version is used, configure detects the TLS-SRP
support and enables it.

When asked to bind the local end of a connection when doing a request,
the code will now disqualify other existing connections from re-use even
if they are connected to the correct remote host.

This will also affect which connections that can be used for pipelining,
so that only connections that aren't bound or bound to the same
device/port you're asking for will be considered.

The RTSP-specific function for checking for "dead" connection is better
located in rtsp.c. The code using this is now written without #ifdefs as
the function call is instead turned into a macro (in rtsp.h) when RTSP
is disabled.

Move ipv6-functional-probe into a single function that is used from all
places that need to know.

Make the probe function store the result in a static variable so that
subsequent invokes just returns the previous result and won't have to
probe again.

Curl_posttransfer is called too soon to add the final new line.
Moved the new line logic to pgrsDone as there is no more call to
update the progress status after this call.

Reported by: Dmitri Shubin <sbn_at_tbricks.com>
http://curl.haxx.se/mail/lib-2010-12/0162.html

When libcurl sends a HTTP request on a re-used connection and detects it
being closed (ie no data at all was read from it), it is important to
rewind if any data in the request was sent using the read callback or
was read from file, as otherwise the retried request will be broken.

Reported by: Chris Smowton
Bug: http://curl.haxx.se/bug/view.cgi?id=3195205

Tiny tweak after Daniel's refactoring of the protocol handlers.

We have an array with the state names only built and used when built
debug enabled and this need to list all the states from the .h

Added tests for a number of POP3 LIST operations, including one
that shows a curl problem when listing no messages, so is
disabled.

Value stored to 'len' is never read

Use (void)[variable] to inhibit unused argument/variables warnings.

Use Curl_ssl_connect_nonblocking() when upgrading the connection to
TLS/SSL while using the multi interface.

When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580