Old connections are meant to expire from the connection cache after
CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x
that value. This occurs because a time value measured in milliseconds is
accidentally divided by 1M instead of by 1,000.

Closes https://github.com/curl/curl/pull/4013

between configure.ac and source code. They should be possible to switch
on/off in configure AND be used in source code.

It isn't used by code so stop providing the define.

Closes #4010

This reverts commit 36738cae.

Apparently several of the appveyor windows builds broke.

Reviewed-by: Jakub Zakrzewski
Closes #3770

... in http2-less builds as it served no use.

... actual support in the code for disabling these has already landed.

Closes #4009

follow-up from deb9462f

Moved away the callback explanation from curl_multi_socket_action.3 and
expanded it somewhat.

Closes #4006

follow-up from deb9462f

Closes #4007

Clarify the functionality when built to use Schannel and Secure
Transport and stop calling it the "recommended" or "preferred" way and
instead rather call it the default.

Removed the reference to the ssl comparison table as it isn't necessary.

Reported-by: Richard Alcock
Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
Closes #4005

Brief security policy description for use/display on github.

Commit 61faa0b4

 fixed the progress bar
width calculation to avoid integer overflow, but failed to account for
the fact that initial_size is initialized to -1 when the file size is
retrieved from the remote on an upload, causing another signed integer
overflow.  Fix by separately checking for this case before the width
calculation.

Closes #3984
Reported-by: Brian Carpenter (Geeknik Labs)
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson

Closes #3903

Reported-by: Alex Grebenschikov
Fixes #3993
Closes #4002

Since more than one socket can be used by each transfer at a given time,
each sockhash entry how has its own hash table with transfers using that
socket.

In addition, the sockhash entry can now be marked 'blocked = TRUE'"
which then makes the delete function just set 'removed = TRUE' instead
of removing it "for real", as a way to not rip out the carpet under the
feet of a parent function that iterates over the transfers of that same
sockhash entry.

Reported-by: Tom van der Woerdt
Fixes #3961
Fixes #3986
Fixes #3995
Fixes #4004
Closes #3997

Fixed-by: MrSorcus on github
Closes #4000

... so that timeouts or other state machine actions get going again
after a changing pause state. For example, if the last delivery was
paused there's no pending socket activity.

Reported-by: sstruchtrup on github
Fixes #3994
Closes #4001

I missed that in commit 99a49d66.

Closes https://github.com/curl/curl/pull/3999

Compilers and static analyzers warn about using C-style casts here.

Closes https://github.com/curl/curl/pull/3975

As want is size_t, (file->buffer_pos - want) is unsigned, so checking
if it's less than zero makes no sense.
Check if file->buffer_pos is less than want instead to avoid the
unsigned integer wraparound.

Closes https://github.com/curl/curl/pull/3975

Reduce variable scopes and remove redundant variable stores.

Closes https://github.com/curl/curl/pull/3975

Unused since commit 2f44e94e.

Closes https://github.com/curl/curl/pull/3975

These are for features that used to be openssl-only but were expanded
over time to support other SSL backends.

Closes #3985

Reported-by: Carlos ORyan

GetModuleFileName() returns a DWORD which is a typedef of an unsigned
long and not an int.

Closes #3980

Suggested-by: dkwolfe4 on github
Closes #3920

Missed in 04fd6755.

Closes #3978

Follow-up to 8144ba38.

Detected by Coverity CID 1445663
Closes #3976

Closes #3972

Verifies that a bodyless response don't parse this content-related
header.

Responses with status codes 1xx, 204 or 304 don't have a response body. For
these, don't parse these headers:

- Content-Encoding
- Content-Length
- Content-Range
- Last-Modified
- Transfer-Encoding

This change ensures that HTTP/2 upgrades work even if a
"Content-Length: 0" or a "Transfer-Encoding: chunked" header is present.

Co-authored-by: Daniel Stenberg
Closes #3702
Fixes #3968
Closes #3977

Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946

Reported-by: wesinator at github
Fixes #3964
Closes #3974