- Removed sec_prot_internal as it is now inlined in the function (this removed
  a redundant check).
- Changed the prototype to return an error code.
- Updated the method to use the new ftp_send_command function.
- Added a level_to_char helper method to avoid relying on the compiler's
  bound checks. This default to the maximum security we have in case of a
  wrong input.

security.c: factored the logic from Curl_sec_login into a dedicated method that better reflect its intent.

Introduced a helper method ftp_send_command that synchronously send
an FTP query.

Tighten the type of the |data| parameter to avoid a cast. Also made
it const as we should not modify it.

Added a DEBUGASSERT on the size to be written while changing it.

While doing so, renamed it to socket_write to better match its
function.

To do so, made block_read call Curl_read_plain instead of read.

While changing them renamed block_read to socket_read and sec_get_data
to read_data to better match their function.

Also fixed a potential memory leak in block_read.

... for example when LDAP is not compiled.

Fixed the logic to match the rest of the options' message that is we
update the default message only if the option is not disabled after the
different checks.

Reported by: Guenter Knauf

Obviously, browsers ignore a colon without a following port number. Both
Firefox and Chrome just removes the colon for such URLs. This change
does not remove the colon for URLs sent over a HTTP proxy, so we should
consider doing that change as well.

Reported by: github user 'kreshano'

curl_easy_duphandle() was not properly duping the ares channel. The
ares_dup() function was introduced in c-ares 1.6.0 so by starting to use
this function we also raise the bar and require c-ares >= 1.6.0
(released Dec 9, 2008) for such builds.

Reported by: Ning Dong
Bug: http://curl.haxx.se/mail/lib-2010-08/0318.html

1) PPC64 appears to be an 10.5 only supported architecture, so I
forced 10.5 for 64bit if there is a need for PPC64, else 64bit only
does x86_64

2) proper "make clean" after every ./configure. fixes a bug where
subsequent runs the 32bit do not get compiled

3) Added a version numbering curl-$VERSION} rather than the "stock standard" A

Removed the duplicate entry of Kamil in the credits.

librtmp is often statically linked and using sub dependencies like
OpenSSL, so we need to make sure we can actually link with it properly
before enabling it. Otherwise we easily end up trying to link with a
RTMP lib that fails.

We must not assume gcrypt just because of GnuTLS

1 - libcurl assumes that there are gcrypt functions available when
GnuTLS is.

2 - GnuTLS can be built to use libnettle instead as crypto library,
which breaks assumption (1)

This change makes configure make sure that if GnuTLS is requested and
detected, it also makes sure that gcrypt is present or it errors
out. This is mostly a way to make the user more aware of this flaw, the
correct fix would be to detect which crypto layer that is in use and
adapt our code to use that instead of blindly assuming gcrypt.

Reported by: Michal Gorny
Bug: http://curl.haxx.se/bug/view.cgi?id=3071038

When it returns 0 it means no timeout. Only a negative value means that
we're out of time.

If built without HTTP or proxy support it would cause a compiler warning
due to the unused variable. I moved the declaration of it into the only
scope it is used.

bool_false is the internal name used in the setup_once.h definition
we fall back to for non-C99 non-stdbool systems, it's not the actual
name to use in assignments (we use bool_false, bool_true there to
avoid global namespace problems, see comment in setup_once.h).
The correct C99 value to use is 'false', but let's use FALSE as
used elsewhere when assigning to bits.close. FALSE is set equal
to 'false' in setup_once.h when possible.

This fixes a build problem on C99 targets.

As of curl-7.21.1 tunnelling ldap queries through HTTP Proxies is not
supported. Actually if --proxytunnel command-line option (or equivalent
CURLOPT_HTTPPROXYTUNNEL) is used for ldap queries like
ldap://ldap.my.server.com/... You are unable to successfully execute the
query. In facts ldap_*_bind is executed directly against the ldap server
and proxy is totally ignored. This is true for both openLDAP and
Microsoft LDAP API.

Step to reproduce the error:
Just launch "curl --proxytunnel --proxy 192.168.1.1:8080
ldap://ldap.my.server.com/dc=... "

This fix adds an invocation to Curl_proxyCONNECT against the provided
proxy address and on successful "CONNECT" it tunnels ldap query to the
final ldap server through the HTTP proxy. As far as I know Microsoft
LDAP APIs don't permit tunnelling in any way so the patch provided is
for OpenLDAP only.  The patch has been developed against OpenLDAP 2.4.23
and has been tested with Microsoft ISA Server 2006 and works properly
with basic, digest and NTLM authentication.

Rodric provide an awesome recipe that proved libcurl didn't timeout at
the requested time - it instead often timed out at [connect time] +
[timeout time] instead of the documented and intended [timeout time]
only. This bug was due to the code using the wrong base offset when
comparing against "now". I could also take the oppurtinity to simplify
the code by properly using of the generic help function for this:
Curl_timeleft.

Reported by: Rodric Glaser
Bug: http://curl.haxx.se/bug/view.cgi?id=3061535

As this function uses return code 0 to mean that there is no timeout, it
needs to check that it doesn't return a time left value that is exactly
zero. It could lead to libcurl doing an extra 1000 ms select() call and
thus not timing out as accurately as it should.

I fell over this bug when working on the bug 3061535 but this fix does
not correct that problem alone, although this is a problem that needs to
be fixed.

Reported by: Rodric Glaser
Bug: http://curl.haxx.se/bug/view.cgi?id=3061535

if ( => if(
while ( => while(

and some other changes in the similar spirit, trying to make the
whole file use the same style

1. Remove the comment warning that it's "not been verified to work". It
   works with no problems in my testing.

2. Remove 2 unnecessary includes.

3. Remove the myrealloc(). Initialize chunk.memory with malloc() instead
   of NULL. The comments for these two parts contradicted each other.

4. Handle out of memory from realloc() instead of continuing.

5. Print a brief status message at the end.

The timeout is set for the connect phase already at the start of the
request so we should not add a new one, and we MUST not set expire to 0
as that will remove any other potentially existing timeouts.

When curl calls a function from that library then it needs to
explicitly link to the library instead of piggybacking on
libcurl's own dependency.  Without this, GNU ld with the
--no-add-needed flag fails when linking (which Fedora now does
by default).

Reported by: Quanah Gibson-Mount
Bug: http://curl.haxx.se/mail/lib-2010-09/0085.html

Use %HOSTIP:%HTTPPORT instead of 127.0.0.1:8990 so that
verification works if the baseport change option is used
when executing runtests.pl.

Clarified as it isn't used with a -D option for them.

Reported by: Artfunkel
Bug: http://curl.haxx.se/bug/view.cgi?id=3060381