Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.

Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.

Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.

Reported-by: John E. Malmberg

... as that is ancient history and not used.

Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.

HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.

Commit 7a8b2885 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.

packages/vms/gnv_link_curl.com was assuming only a single letter suffix
in the openssl version.  That assumption has been fixed for 7.40.

curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
                  variable

curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).

Reported-by: Chris Young

There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when.  It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements.  If the OS one ends up
getting defined, this causes a timing calculation error in curl.

It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.

... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.

Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay

For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.

Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.

Carrying on from commit 037cd0d9, removed the following unimplemented
instances of curlssl_close_all():

Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()

Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.

Fixed the following warning and error from commit 3af90a6e when SSL
is not being used:

url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
            assuming extern returning int

error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
               referenced in function Curl_setopt

Use the same variable name as other areas of SSPI code.