Reviewed-by: Nick Zitzmann
Closes #1173

Reviewed-by: Nick Zitzmann
Fixes #1172

The <netinet/tcp.h> is a leftover from the past when TCP socket options
were set in this file. This include causes build issues on AIX 4.3.

Reported-by: Kim Minjoong

Closes #1178

Fixed an old leftover use of the USE_SSLEAY define which would make a
socket get removed from the applications sockets to monitor when the
multi_socket API was used, leading to timeouts.

Bug: #1174

... as the former ones always go stale!

... and regenerated curl.1

... which the help text already implied since we switched to libidn2
from libidn in commit 9c91ec77 back in October 2016.

Reported-by: Christian Weisgerber
Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html

To avoid dereferencing a NULL pointer.

Reported-by: Daniel Romero

wolfSSL configure script relevant changes from 3.9 to 3.10:

- DES3 no longer enabled by default
- Shamir no longer enabled by default
- Extended master secret enabled by default
- RSA and ECC timing protections enabled by default

For backwards compatibility I enabled DES3 and ECC shamir config options
(ie no change from 3.9), and the other changes are included.

... it only confuses people.

and fail appropriately if it returns error

Since several compilers had problems with the previous one

Reported-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2016-12/0098.html

Old legacy parsing that 1) hid problems for us and 2) probably isn't
needed anymore.

... just like we already do in src/ and lib/

This file is riddled with them...

Visual C++ complained:
warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data
warning C4701: potentially uninitialized local variable 'path' used

CID 1397391 (#1 of 1): Unchecked return value (CHECKED_RETURN)

Follow-up to d00f2a8f

- Check for pending data before waiting on the socket.

Bug: https://github.com/curl/curl/issues/1156
Reported-by: Adam Langley

Fixes a few issues in manual wildcard cert name validation in
schannel support code for Win32 CE:
- when comparing the wildcard name to the hostname, the wildcard
  character was removed from the cert name and the hostname
  was checked to see if it ended with the modified cert name.
  This allowed cert names like *.com to match the connection
  hostname. This violates recommendations from RFC 6125.
- when the wildcard name in the certificate is longer than the
  connection hostname, a buffer overread of the connection
  hostname buffer would occur during the comparison of the
  certificate name and the connection hostname.

... and add a bunch of floating point printf tests

and regenerated curl.1

Reported-by: Gisle Vanem