... previously it only used the max setting if a TLS version was also
explicitly asked for.

Reported-by: byte_bucket
Fixes #2571
Closes #2572

The warning flag leads e.g. Sun Studio compiler to bail out.

Closes #2576

.. because original MinGW and old compilers do not have the Windows API
definitions needed to support manual verification.

Original MinGW targets Windows 2000 by default, which lacks some APIs and
definitions for this feature. Disable it if these APIs are not available.

Closes https://github.com/curl/curl/pull/2522

The HTML files are long gone from the dist, now remove the last HTML
file pointing to those missing files.

d

Closes #2570

Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2569

Fixes gcc-8 picky compiler warnings
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2568

... and remove the github markdown syntax so that it renders better on
the web site. Also, don't use back-ticks inlined to allow the CSS to
highlight source code better.

Closes #2561

When there's an upload in progress, make sure to wait for the socket to
become writable.

Detected-by: steini2000 on github
Bug: #2520
Closes #2567

Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.

Reported-by: Dario Weisser
CVE: CVE-2018-1000300
Bug: https://curl.haxx.se/docs/adv_2018-82c2.html

... leaving the k->str could lead to buffer over-reads later on.

CVE: CVE-2018-1000301
Assisted-by: Max Dymond

Detected by OSS-Fuzz.
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105

RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0d.
Also explicitly check proper syntax of cookie name/value pair.

New test 1155 checks that cookie names are not reserved words.

Reported-By: anshnd at github
Fixes #2564
Closes #2566

Assisted-by: Max Dymond

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245

Detected by Coverity; CID 1435559.  Follow-up to f8d608f3. It would
index the array with -1 if neither index was a socket.

Closes #2558

To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
handling is causing problems. This fix changes the OpenSSL backend code
to use BIO functions instead of FILE I/O functions to circumvent those
problems.

Closes #2512

Assisted-by: Dan Fandrich

Closes #2528

This file wasn't included in commit 4af40b36 which updated all
haxx.se http urls to https. The file was committed prior to that update,
but may have been merged after it and hence didn't get updated.

Closes #2550

follow-up to e66cca04

... instead of previous separate struct fields, to make it easier to
extend and change individual backends without having to modify them all.

closes #2547

Curl_setup_transfer() can be called to setup a new individual transfer
over a multiplexed connection so it shouldn't unset writesockfd.

Bug: #2520
Closes #2549

They are removed from the compiler flags.

This ensures that make dependency tracking will force a rebuild whenever
configure --enable-debug or --enable-curldebug changes.

Closes #2548

It triggers an assert.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144
Closes #2546

Closes #2531