Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.

CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
CyaSSL. This reference causes build errors when compiling with
NO_FILESYSTEM.

Prior to this change some Release configurations had an active
configuration assignment to their Debug counterpart.

This fixes a build failure where openssl and libmetalink are used
together and the system linker does not do implicit linking (e.g.
Fedora 13 and later releases). The MD5 functions required for
metalink support must be pulled in from the openssl crypto library.

This is similar to commit c6e7cbb9,
which fixes the same sort of problem for NSS builds.

... even if they don't have an associated connection anymore. It could
leave the waiting transfers pending with no active one on the
connection.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak

In function glob_range, the number of urls was multiplied by (max - min
+ 1), regardless of step. The correct formula is (max - min) / step + 1

The glob_range function used wrong offset (3 instead of 4) for parsing
integer step inside character range specification, which led to 'bad
range' error when using character ranges with explicitly specified step
(such as '[a-z:2]')

and simplify code by changing if-elses to a switch()

CID 1291706: Logically dead code. Execution cannot reach this statement

"unreachable: Since the loop increment is unreachable, the loop body
will never execute more than once."

Coverity CID 1291707

... since the funciton can fail on OOM. Check this return code.

Coverity CID 1291705.

(cyassl_connect_step1)
- Use TLS 1.0-1.2 by default when available.

CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade
version.

cyassl/cyassl@322f79f

Support for notes has been in place for a while, but it required
being added to the setup file manually.

This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.

I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.

URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
Reported-by: Alessandro Ghedini

This is a strange combination of options, but is allowed.

--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241

By making sure Curl_getconnectinfo() uses the correct connection cache
to find the last connection.

... it would otherwise lead to memory leakage if we never actually do
the switch.

This conflicted with a WolfSSL typedef.

It seems that some systems (e.g. fairly consistently in some recent
Solaris autobuilds) would manage to get to the connect phase before the
progress callback was called, resulting in a CURLE_COULDNT_CONNECT
error. Reworked the test to point at a test server that never returns a
full result so the progress callback always gets a chance to be called
before the transfer can complete in some other way.

TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.

Coverity CID 1291167 pointed out that 'rc' was received but never used when
gnutls_credentials_set() was used. Added return code check now.

Coverity CID 1291165 pointed out 'chainp' could be dereferenced when
NULL if gnutls_certificate_get_peers() had previously failed.

Coverity CID 1291166 pointed out that we could read this variable
uninitialized.