When receiving REFUSED_STREAM, mark the connection for close and retry
streams accordingly on another/fresh connection.

Reported-by: Terry Wu
Fixes #2416
Fixes #1618
Closes #2510

This fixes the notorious "httpc->drain_total >= data->state.drain"
assert.

Reported-by: Anders Bakken

Fixes #1680
Closes #2509

It's not strictly clear if the API contract allows us to call strstr()
on a string that isn't zero terminated even when we know it will find
the substring, and clang's ASAN check dislikes us for it.

Also added a check of the return code in case it fails, even if I can't
think of a situation how that can trigger.

Detected by OSS-Fuzz
Closes #2513
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760

Curl_cert_hostcheck operates with the host character set, therefore the
ASCII subjectAltName string retrieved with OpenSSL must be converted to
the host encoding before comparison.

Closes #2493

- Support handling verbose-mode trace messages of type
  SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS,
  SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO,
  SSL3_MT_MESSAGE_HASH

Reported-by:  <iz8mbw@users.noreply.github.com>

Fixes https://github.com/curl/curl/issues/2403

Regression from f786d1f1

Reported-by: wncboy on github
Fixes #2445
Closes #2508

This triggered an assert if called more than once in debug mode (and a
memory leak if not debug build). With the right sequence of HTTP/2
headers incoming it can happen.

Detected by OSS-Fuzz

Closes #2507
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764

- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not...

- Fix warning 'integer from pointer without a cast' on 3rd arg in
  CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer
  type of the same size.

Follow-up to e35b0256.

Caught by Marc's CI builds.

Closes https://github.com/curl/curl/pull/2503

- Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2,
  OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH,
  NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH.

- Use lib.exe for making the static library instead of link.exe /lib.
  The latter is undocumented and could cause problems as noted in the
  comments.

- Remove a dangling URL that no longer worked. (I was not able to find
  the IDN download at MSDN/microsoft.com, so it seems to be removed.)

- Remove custom override for release-ssh2-ssl-dll-zlib configuration.
  Nobody knows why it was there and as far as we can see is unnecessary.

Closes https://github.com/curl/curl/pull/2474

Closes #2484

Users can now specify a client certificate in system certificates store
explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"`

Closes #2376

If you pass empty user/pass asking curl to use Windows Credential
Storage (as stated in the docs) and it has valid credentials for the
domain, e.g.
curl -v -u : --ntlm example.com
currently authentication fails.
This change fixes it by providing proper SPN string to the SSPI API
calls.

Fixes https://github.com/curl/curl/issues/1622
Closes https://github.com/curl/curl/pull/1660

... only set it when we actually have to run tests to reduce its impact
on for example build commands etc.

Fixes #2490
Closes #2492

Reported-by: Dmitry Mikhirev

The ifdefs have become quite long. Also, the condition for the
definition of CURLOPT_SERVICE_NAME and for setting it from
CURLOPT_SERVICE_NAME have diverged. We will soon also need the two
options for NTLM, at least when using SSPI, for
https://github.com/curl/curl/pull/1660.
Just make the definitions unconditional to make that easier.

Closes https://github.com/curl/curl/pull/2479

Fixes #2446
Closes #2488

Closes #2500

Address various spellings of "credentials".

Closes https://github.com/curl/curl/pull/2496

With specific compiler options selecting the arch like -xarch=sparc on
newer compilers like Oracle Studio 12.4 there is no definition of
__sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the
32ÎíÎñbit subset defined by the V8plus ISA specification, without the
Visual Instruction Set (VIS), and without other implementation-specific
ISA extensions. So it should be the same as __sparcv8.

Closes https://github.com/curl/curl/pull/2491

Fix typo in "semicolon" spelling and remove stray tab character.

Closes https://github.com/curl/curl/pull/2498

When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.

Closes https://github.com/curl/curl/pull/2497

Verified in test 1502 now

Fixes #2485
Closes #2486
Reported-by: Ernst Sjöstrand

... to aid debugging etc as it sometimes isn't immediately obvious why
curl uses or doesn't use a proxy.

Inspired by #2477

Closes #2480

closes #2471

Extra-eye-on-this-by: Marcel Raad

Closes #2478

This works now and precise is in the process of being decommissioned.

Closes https://github.com/curl/curl/pull/2476

In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings
when dereferencing pointers after DEBUGASSERT-ing that they are not
NULL.
Fix this by removing the DEBUGASSERTs.

Suggested-by: Daniel Stenberg
Ref: https://github.com/curl/curl/pull/2463

Follow up on https://github.com/curl/curl/pull/2472.
Now using en-us instead of nl-nl as language code in the URL.

Closes https://github.com/curl/curl/pull/2475

The setenv command no longer exists and visual studio build prompts got
changed. Used Visual Studio 2015/2017 as reference.

Closes #2472

unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a
cast from integer to pointer is a GNU extension

Reported-by: Rikard Falkeborn

Fixes #2466
Closes #2468

- Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows.

- Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print
  curl_off_t.

Caught by Marc's CI builds.

... and use this type instead of 'sa_family_t' in the code since several
platforms don't have it.

Closes #2463

Only treat response code as FTP response codes in case the
protocol type is FTP.

This fixes an issue where an HTTP download was treated as FTP
in case libcurl returned with 33. This happens when the
download has already finished and the server responses 416:
  HTTP/1.1 416 Requested Range Not Satisfiable

This should not be treated as an FTP error.

Fixes #2464
Closes #2465