Reported-by: Chris Young

There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when.  It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements.  If the OS one ends up
getting defined, this causes a timing calculation error in curl.

It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.

... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.

Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay

For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.

Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.

Carrying on from commit 037cd0d9, removed the following unimplemented
instances of curlssl_close_all():

Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()

Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.

Fixed the following warning and error from commit 3af90a6e when SSL
is not being used:

url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
            assuming extern returning int

error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
               referenced in function Curl_setopt

Use the same variable name as other areas of SSPI code.

Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.

Missed Curl_read64_be() in commit bb12d444 :(

This enables the CURLOPT_SSL_VERIFYSTATUS functionality.

Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires NSS 3.15 or higher.

Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.

This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.

Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg

Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html