Follow-up to 570008c9 as it gets link errors.

Reported-by: Michael Kaufmann
Closes #3068

Noticed a typo reading through the docs.

Closes #3069

The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version
of HTTP for use with DoH".

Reported-by: Marcel Raad
Closes #3066

Reported-by: Marcel Raad
Fixes #3064
Closes #3065

... a missing multi_done() call.

Credit to OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728
Closes #3063

Due to an issue with travis
(https://github.com/travis-ci/travis-ci/issues/9956) we've been using
Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as
an alternative and as it builds curl+darwinssl fine that seems like a
better choice.

Closes #3062

Enabled Console VT support (if running OS supports VT) in tool_main.c.

Fixes #3008
Closes #3011

Follow-up to #3044 - fix a leak OSS-Fuzz detected
Closes #3057

Changes in commit 7867aaa9 (cmake: link curl to the OpenSSL targets
instead of lib absolute paths, 2018-07-17) and commit f826b4ce (cmake:
bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix
issue #2746.  This broke support for users on older versions of CMake
even if they just want to build curl and do not care whether transitive
dependencies work.

Backport the logic to work with CMake 3.0 again by implementing the
fix only when the version of CMake is at least 3.4.

Classic MinGW still has _beginthreadex's return type as unsigned long
instead of uintptr_t [0]. uintptr_t is not even defined because of [1].

[0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167
[1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90

Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807
Closes https://github.com/curl/curl/pull/3051

fix a few leftovers

Fixes #3006
Closes #3049

Closes #3050

Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
early failures.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
Closes #3046

If the rewind would fail, a strdup() would not get freed.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
Closes #3044

The value in question is coming directly from `gnutls-serv`, so it cannot
be modified freely.

Reported-by: Marcel Raad
Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
Closes #3042

Regression since 38203f15

Reported-by: Jean Fabrice
Fixes #3023
Closes #3040

OpenSSL 1.1.1 requires clients to opt-in for post-handshake
authentication.

Fixes: https://github.com/curl/curl/issues/3026


Signed-off-by: Christian Heimes <christian@python.org>

Closes https://github.com/curl/curl/pull/3027

This fixes potential out-of-buffer access on "file:./" URL

$ valgrind curl "file:./"
==24516== Memcheck, a memory error detector
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==24516== Command: /home/even/install-curl-git/bin/curl file:./
==24516==
==24516== Conditional jump or move depends on uninitialised value(s)
==24516==    at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24516==    by 0x4EBB315: seturl (urlapi.c:801)
==24516==    by 0x4EBB568: parseurl (urlapi.c:861)
==24516==    by 0x4EBC509: curl_url_set (urlapi.c:1199)
==24516==    by 0x4E644C6: parseurlandfillconn (url.c:2044)
==24516==    by 0x4E67AEF: create_conn (url.c:3613)
==24516==    by 0x4E68A4F: Curl_connect (url.c:4119)
==24516==    by 0x4E7F0A4: multi_runsingle (multi.c:1440)
==24516==    by 0x4E808E5: curl_multi_perform (multi.c:2173)
==24516==    by 0x4E7558C: easy_transfer (easy.c:686)
==24516==    by 0x4E75801: easy_perform (easy.c:779)
==24516==    by 0x4E75868: curl_easy_perform (easy.c:798)

Was originally spotted by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
Credit to OSS-Fuzz

Closes #3039

- and one in docs/MANUAL as well

Closes https://github.com/curl/curl/pull/3038

- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
  in manual examples

Closes https://github.com/curl/curl/pull/3037

Detected by Coverity. CID 1439610.

Follow-up from 46e16406

Closes #3034

Detected by Coverity. CID 1439611.

Follow-up from 46e16406

Fixes #2987
Closes #3035

- also update two URLs outside of docs/examples
- fix spelling of filename persistant.c
- fix three long lines that started failing checksrc.pl

Closes https://github.com/curl/curl/pull/3036

also:
- fix two warnings in synctime.c (one of them Windows-specific)
- upgrade URLs in synctime.c and remove a broken one

Closes https://github.com/curl/curl/pull/3033

Closes #3030

Closes #3032

... to make it a truly unified URL parser.

Closes #3017

Closes https://github.com/curl/curl/pull/3031

When trying to detect pthreads use on HPUX the checks will succeed
without the correct -l option but then end up failing at run-time.

Reported-by: Eason-Yu on github
Fixes #2697
Closes #3025

Closes #3029

Closes #3024

Closes #2971

Removed DoH.

Closes #2734

- Treat CURL_SSLVERSION_MAX_NONE the same as
  CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use
  the minimum version also as the maximum.

This is a follow-up to 6015cefb which changed the behavior of setting
the SSL version so that the requested version would only be the minimum
and not the maximum. It appears it was (mostly) implemented in OpenSSL
but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to
mean use just TLS v1.0 and now it means use TLS v1.0 *or later*.

- Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL.

Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was
erroneously treated as always TLS 1.3, and would cause an error if
OpenSSL was built without TLS 1.3 support.

Co-authored-by: Daniel Gustafsson

Fixes https://github.com/curl/curl/issues/2969
Closes https://github.com/curl/curl/pull/3012

As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

Closes #3014