Coverity pointed out several of these.

Coverity CID 982331.

Coverify CID 1157776. Removed a superfluous if() that always evaluated
true (and an else clause that never ran), and then re-indented the
function accordingly.

Coverity CID 1215284. The server name is extracted with
Curl_copy_header_value() and passed in to this function, and
copy_header_value can actually can fail and return NULL.

For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa

Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.

For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.

Coverity CID 1202836. If the proxy environment variable returned an empty
string, it would be leaked. While an empty string is not really a proxy, other
logic in this function already allows a blank string to be returned so allow
that here to avoid the leak.

Coverity CID 1202837. There's a potential risk that 'newurl' gets
overwritten when it was already pointing to allocated memory.

Coverity CID 1215287. There's a potential risk for a memory leak in
here, and moving the free call to be unconditional seems like a cheap
price to remove the risk.

Coverity CID 1215296. There's a potential risk for a memory leak in
here, and moving the free call to be unconditional seems like a cheap
price to remove the risk.

Coverity detected this. CID 1241954. When Curl_poll() returns a negative value
'mcode' was uninitialized. Pretty harmless since this is debug code only and
would at worst cause an error to _not_ be returned...

and separate the example URLs with newlines

This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that
sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL
appears to require the same pointer on a write that follows a retry
(CURLE_AGAIN) as discussed here:

http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr

Mostly because we use C strings and they end at a binary zero so we know
we can't open a file name using an embedded binary zero.

Reported-by:  <research@g0blin.co.uk>

The switch to using Curl_expire_latest() in commit cacdc27f was a
mistake and was against the advice even mentioned in that commit. The
comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
Curl_expire() the suitable function to use.

Bug: http://curl.haxx.se/bug/view.cgi?id=1426
Reported-By: graysky

Added initial support for WinIDN build configurations to the VC10+
project files.

As we weren't using the correct phonetic description and doing it correctly
involves funny letters that I'm sure will cause problems for people in a text
document so I instead rephrased it and link to a WAV file with a person
actually saying 'curl'.

Reported-By: Dimitar Boevski

Reported-By: Jonathan Cardoso Machado
URL: http://curl.haxx.se/mail/lib-2014-09/0102.html

... to further remove specific TLS backend knowledge from url.c

Missed this in af45542c

.

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

Previously we did not handle EOF from underlying transport socket and
wrongly just returned error code CURL_AGAIN from http2_recv, which
caused busy loop since socket has been closed.  This patch adds the
code to handle EOF situation and tells the upper layer that we got
EOF.

Bug: http://curl.haxx.se/bug/view.cgi?id=1422
Verified-by: Steve Holme

The former link was turned into a 404 at some point.

Reported-By: Askar Safin

... to support a list of names provided in a commit message.