Changes in 7.36.0 - March 26 2014

Changes:

• ntlm: Added support for NTLMv2
• tool: Added support for URL specific options
• openssl: add ALPN support
• gtls: add ALPN support
• nss: add ALPN and NPN support
• added CURLOPT_EXPECT_100_TIMEOUT_MS
• tool: add --no-alpn and --no-npn
• added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
• winssl: enable TLSv1.1 and TLSv1.2 by default
• winssl: TLSv1.2 disables certificate signatures using MD5 hash
• winssl: enable hostname verification of IP address using SAN or CN
• darwinssl: Don't omit CN verification when an IP address is used
• http2: build with current nghttp2 version
• polarssl: dropped support for PolarSSL < 1.3.0
• openssl: info message with SSL version used

Bugfixes:

• SECURITY ADVISORY: wrong re-use of connections
• SECURITY ADVISORY: IP address wildcard certificate validation
• SECURITY ADVISORY: not verifying certs for TLS to IP address / Darwinssl
• SECURITY ADVISORY: not verifying certs for TLS to IP address / Winssl
• nss: allow to use ECC ciphers if NSS implements them
• netrc: Fixed a memory leak in an OOM condition
• ftp: fixed a memory leak on wildcard error path
• pipeline: Fixed a NULL pointer dereference on OOM
• nss: prefer highest available TLS version
• 100-continue: fix timeout condition
• ssh: Fixed a NULL pointer dereference on OOM condition
• formpost: use semicolon in multipart/mixaed
• --help: add missing --tlsv1.x options
• formdata: Fixed memory leak on OOM condition
• ConnectionExists: reusing possible HTTP+NTLM connections better
• mingw32: fix compilation
• chunked decoder: track overflows correctly
• curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
• dict: fix memory leak in OOM exit path
• valgrind: added suppression on optimized code
• curl: output protocol headers using binary mode
• tool: Added URL index to password prompt for multiple operations
• ConnectionExists: re-use non-NTLM connections better
• axtls: call ssl_read repeatedly
• multi: make MAXCONNECTS default 4 x number of easy handles function
• configure: Fix the --disable-crypto-auth option
• multi: ignore SIGPIPE internally
• curl.1: update the description of --tlsv1
• SFTP: skip reading the dir when NOBODY=1
• easy: Fixed a memory leak on OOM condition
• tool: Fixed incorrect return code when setting HTTP request fails
• configure: Tiny fix to honor POSIX
• tool: Do not output libcurl source for the information only parameters
• Rework Open Watcom make files to use standard Wmake features
• x509asn: moved out Curl_verifyhost from NSS builds
• configure: call it GSS-API
• hostcheck: Curl_cert_hostcheck is not used by NSS builds
• multi_runsingle: move timestamp into INIT
• remote_port: allow connect to port 0
• parse_remote_port: error out on illegal port numbers better
• ssh: Pass errors from libssh2_sftp_read up the stack
• docs: remove documentation on setting up krb4 support
• polarssl: build fixes to work with PolarSSL 1.3.x
• polarssl: fix possible handshake timeout issue in multi
• nss: allow to enable/disable cipher-suites better
• ssh: prevent a logic error that could result in an infinite loop
• http2: free resources on disconnect
• polarssl: avoid extra newlines in debug messages
• rtsp: parse "Session:" header properly
• trynextip: don't store 'ai' on failed connects
• Curl_cert_hostcheck: strip trailing dots in hostname and wildcard

Further