H curl-hackers,

following the comment at the beginning of security.c I gave a try at
rewriting the file. The diff against trunk is attached along with the
new implementation. It passes all the tests on my machine but the
compilation has not been tested outside a Linux/32bit machine.
The diff is pretty big and can be split upon demand to ease review.

Also I tried to get some legal advice whether such work would be
considered a proper rewrite and did not get an answer so this must be
reviewed by someone with more OSS / legal experience.

List of changes:
- removed out_buffer from struct connectdata as it was never filled,
removed dead code that dealt with it
- fixed the #if header guard to match the other files
- splitted some of the code in specialized functions
(ftp_send_command, choose_mech)
- added tons of comments (both for the methods and in the code)
- renamed some of the methods to better match the usage
- added lots of FIXME's
- fixed a potential memory leak in sec_get_data
- tried to remove some implicit conversion int -> size_t in the code
- removed usage of read replaced by Curl_read_plain
- removed usage of write replaced by Curl_write_plain
- globally extended the usage of CURLcode in the internal code
- removed notice in README

Comments are welcome!

Regards,
Julien

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html