OpenSSL passes out and outlen variable uninitialized to
select_next_proto_cb callback function.  If the callback function
returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled
values in out and outlen and processes as such.  Previously, if there
is no overlap in protocol lists, curl code does not fill any values in
these variables and returns SSL_TLSEXT_ERR_OK, which means we are
triggering undefined behavior.  valgrind warns this.

This patch fixes this issue by fallback to HTTP/1.1 if there is no
overlap.

There is an implicit conversion from "unsigned long" to "long"

Fixed a copy / paste error from my 2011 project files.

Security Framework on OS X makes it possible to supply extra anchor (CA)
certificates via the Certificate, Key, and Trust Services API. This
commit makes the '--cacert' option work using this API.

More information:

https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html

The HTTPS tests now pass on OS X except 314, which requires the '--crl'
option to work.

warning: suggest braces around empty body in an 'else' statement

warning: implicit declaration of function 'connclose'

Make all code use connclose() and connkeep() when changing the "close
state" for a connection. These two macros take a string argument with an
explanation, and debug builds of curl will include that in the debug
output. Helps tracking connection re-use/close issues.

Renamed the CURLX_ONES file list definition in order to a) try and be
consistent with other file lists and b) to allow for the addition of
the curlx header files, which will assist with Visual Studio project
files generation rather than hard coding those files.

Possibly the final update before release...

Added a couple of outstanding tasks to the TODO section that we didn't
get time to do before the release.

Http2 connections would wrongly get closed after each individual
request.

Co-authored-by: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/bug/view.cgi?id=1374

According to https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-05
it is "http/1.1" and not "http/1.0".

Added a default source directory so the user doesn't have to specify
one - the same as that, which the Visual Studio project files expect
the OpenSSL dependencies to be in.

To use an up to date download link as well as remove duplicate
information.

In order to try and be consistent between curl and libcurl renamed the
recently introduced LIB_* makefile file variables.

grrr, missed them in my previous fix

Follow-up to commit 121bcfee. curl-config --features now lists
GSS-API but it is not a listed feature in curl -V. This should probably
be synchronized.

Verifies that the change in 68f0166a works as intended and that
different HTTP auth credentials to the same host still re-uses the
connection properly.

To get the VC project files generated before packaging!