get a fresh one downloaded and created with 'make ca-bundle' or you can get
  one from here => http://curl.haxx.se/docs/caextract.html if you want a fresh
  new one extracted from Mozilla's recent list of ca certs.

  The configure option --with-ca-bundle now lets you specify what file to use
  as default ca bundle for your build. If not specified, the configure script
  will check a few known standard places for a global ca cert to use.

  connection by force when it was called before the entire request is
  completed, simply because we can't know if the connection really can be
  re-used safely at that point.

DONE before the entire request operation is complete and thus we can't know in
what state it is for re-using, so we're forced to close it. In a perfect world
we can add code that keep track of if we really must close it here or not, but
currently we have no such detail knowledge.

Jerome Muffat-Meridol helped us work this out.

premature set TRUE, which means it was done before the request comleted. It
could then very well not have received any data.

removed unsused ldap module dependency since the module didnt autounload from protected address space.

  verification is requested. Previously it would even return failure if gnutls
  failed to get the server cert even though no verification was asked for.

- Fix my Curl_timeleft() leftover mistake in the gnutls code

  http request and then you'd reuse the handle and replace the Accept: header,
  as then libcurl would send two Accept: headers!

moved info block up before help block so that it can also be displayed before help option; trial to add a version number.

when verifying the https and ftps servers

timeout passed to startnew, when this happens startnew completes without being
able to read the pidfile and consequently returns a zero pid2.

To fix the above posibility the server pid is recovered from the verification
stage which will actually return the server pid when verification is valid.

Feb 7 that didn't abort properly on timeouts. These are actually old
problems but now they should be fixed.

added -t switch to make text info of CAs optional;
added -q switch to be really quiet.

out and provides test program that demonstrates that libcurl might not set
error description message for error CURLE_COULDNT_RESOLVE_HOST for Windows
threaded name resolver builds. Fixed now.

Make sure that the sftp client tool uses the ssh client binary that we have
used to generate the configuration files, otherwise sftp might be using one
located in the preferred path compiled into sftp.

make use of mv's backup feature so that calling the ca-bundle target more than once will never fail; ignore error which can occure if for whatever reason there's no orignial ca-bundle.crt to rename.