If curl_multi_fdset() sets maxfd to -1, the socket detection
loop is skipped and thus !found_new_socket is no cause for alarm.

Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html

It makes no difference from curl's point of view but
makes it more convenient to use the tests with a
lws-normalizing proxy between curl and the test server.

They currently only work for 127.0.0.1 which
is hardcoded and can't be easily changed.

.. and add a precheck to skip the test otherwise.

This makes it easier to skip it automatically when
the test suite is used with external proxies.

Trailing spaces were left unmodifed, assuming they were intentional.

Consistently use CRLF instead. The mixed endings weren't
documented so I assume they were unintentional.

This change doesn't matter for curl itself but makes using
the tests with a proxy between curl and the test server
more convenient.

Tests that consistently use no carriage returns were
left unmodified as one can easily work around this.

DNS cache entries populated with CURLOPT_RESOLVE were not properly freed
again when done using the multi interface.

Test case 1502 added to verify.

Bug: http://curl.haxx.se/bug/view.cgi?id=3575448
Reported by: Alex Gruz

4 more bug fixes and 4 more contributors

If we use memory functions (malloc, free, strdup etc) in C sources in
libcurl and we fail to include curl_memory.h or memdebug.h we either
fail to properly support user-provided memory callbacks or the memory
leak system of the test suite fails.

After Ajit's report of a failure in the first category in http_proxy.c,
I spotted a few in the second category as well. These problems are now
tested for by test 1132 which runs a perl program that scans for and
attempts to check that we use the correct include files if a memory
related function is used in the source code.

Reported by: Ajit Dhumale
Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html

Fixed checksrc warnings

They broke the NTLM tests from 2023 to 2031.

Re-send ACK for block X in case we receive block X data again while
waiting for block X+1.

Based on an earlier patch by Marcin Adamski.

When nothing is told to configure, we should not enforce switching off
debug options with -g0 (or similar). We instead don't use -g at all in
that situaion and therefore allow the user's CFLAGS settings possibly
dictate what to do.

And fix some newlines to be proper CRLF

Bug: http://curl.haxx.se/bug/view.cgi?id=3586741

It either causes increased memory usage or exposes users
to the "CRIME attack" (CVE-2012-4929)

The {MD5,SHA1,SHA256}_Init functions from OpenSSL are called directly
without any wrappers and they return 1 for success, 0 otherwise.  Hence,
we have to use the same approach in all the wrapper functions that are
used for the other crypto libraries.

This commit fixes a regression introduced in commit dca8ae5f.

Bug: http://curl.haxx.se/bug/view.cgi?id=3586338

When using only 1 second precision, curl doesn't create new cnonce
values quickly enough for all uses.

For example, issuing the following command multiple times to a recent
Tomcat causes authentication failures:

curl --digest -utest:test http://tomcat.test.com:8080/manager/list

This is because curl uses the same cnonce for several seconds, but
doesn't increment the nonce counter.  Tomcat correctly interprets
this as a replay attack and rejects the request.

When microsecond-precision is available, this commit causes curl to
change cnonce values much more frequently.

With microsecond resolution, increasing the nounce length used in the
headers to 32 was made to further reduce the risk of duplication.

Instead of relying on the generic CURLE error for SCP or SFTP send
failures, try passing back a more suitable error if possible.

Fixes bug #3578163:
http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976

... to release resources allocated at global scope

and make local function static

axTLS:

This will make the axTLS backend perform the RFC2818 checks, honoring
the VERIFYHOST setting similar to the OpenSSL backend.

Generic for OpenSSL and axTLS:

Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
files to make them genericly available for both the OpenSSL, axTLS and
other SSL backends. They are now in the new lib/hostcheck.c file.

CyaSSL:

CyaSSL now also has the RFC2818 checks enabled by default. There is a
limitation that the verifyhost can not be enabled exclusively on the
Subject CN field comparison. This SSL backend will thus behave like the
NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
too.

Schannel:

Updated the schannel information messages: Split the IP address usage
message from the verifyhost setting and changed the message about
disabling SNI (Server Name Indication, used in HTTP virtual hosting)
into a message stating that the Subject Alternative Names checks are
being disabled when verifyhost is set to 0 or 1. As a side effect of
switching off the RFC2818 related servername checks with
SCH_CRED_NO_SERVERNAME_CHECK
(http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
is being disabled. This effect is not documented in MSDN, but Wireshark
output clearly shows the effect (details on the libcurl maillist).

PolarSSL:

Fix the prototype change in PolarSSL of ssl_set_session() and the move
of the peer_cert from the ssl_context to the ssl_session. Found this
change in the PolarSSL SVN between r1316 and r1317 where the
POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
PolarSSL version 1.1.4 the check is to discriminate between lower then
PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
trunk jumped from version 1.1.1 to 1.2.0.

Generic:

All the SSL backends are fixed and checked to work with the
ssl.verifyhost as a boolean, which is an internal API change.

Since we added the curl_multi_wait function, the VERSIONINFO needed
updating.

Reported by: Patrick Monnerat