axtls: removed

As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194

13 files changed, 9 insertions, 66 deletions

diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md
index 3ca7ee99e..bb3c05fe1 100644
--- a/docs/DEPRECATE.md
+++ b/docs/DEPRECATE.md
@@ -5,32 +5,6 @@ email the curl-library mailing list as soon as possible and explain to us why
 this is a problem for you and how your use case can't be satisfied properly
 using a work around.
 
-## axTLS backend
-
-Here are some complaints on axTLS.
-
- - home page without HTTPS
- - [doesn't support modern TLS features like SNI](https://github.com/dsheets/axtls/issues/2)
- - [lacks support for modern ciphers](https://github.com/micropython/micropython/issues/3198)
- - [doesn't allow for outside bug report submissions](https://sourceforge.net/p/axtls/bugs/)
- - there's virtually no discussion about it in its [forum](https://sourceforge.net/p/axtls/discussion/)
-   nor [mailing list](https://sourceforge.net/p/axtls/mailman/axtls-general/)
-
-Combined, this list hints that this is not a library and project we should
-recommend to users.
-
-### State
-
-Since June 1st, 2018 (curl 7.61.0) axTLS support is disabled in code and
-requires a small code change to build without errors. [See
-PR](https://github.com/curl/curl/pull/2628)
-
-### Removal
-
-Remove all axTLS related code from curl on December 1st, exactly six months
-after previously mentioned commit. To be shipped on December 26, 2018
-(possibly called version 7.64.0)
-
 ## HTTP pipelining
 
 HTTP pipelining is badly supported by curl in the sense that we have bugs and
diff --git a/docs/FAQ b/docs/FAQ
index 98de7b6ae..eeee6aac7 100644
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -447,7 +447,7 @@ FAQ
   backends.
 
   curl can be built to use one of the following SSL alternatives: OpenSSL,
-  GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),
+  GnuTLS, yassl, NSS, PolarSSL, MesaLink, Secure Transport (native iOS/OS X),
   WinSSL (native Windows) or GSKit (native IBM i). They all have their pros
   and cons, and we try to maintain a comparison of them here:
   https://curl.haxx.se/docs/ssl-compared.html
diff --git a/docs/FEATURES b/docs/FEATURES
index 39ac39040..68d38fc27 100644
--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -183,8 +183,7 @@ IMAPS (*1)
 FOOTNOTES
 =========
 
-  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native
-       Windows), Secure Transport (native iOS/OS X) or GSKit (native IBM i)
+  *1 = requires a TLS library
   *2 = requires OpenLDAP or WinLDAP
   *3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or
        SSPI (native Windows)
@@ -197,8 +196,7 @@ FOOTNOTES
   *8 = requires libssh2
   *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI
        (native Windows)
-  *10 = requires any of the SSL libraries in (*1) above other than axTLS, which
-        does not support SSLv3
+  *10 = requires an SSL library that supports SSLv3
   *11 = requires libidn or Windows
   *12 = requires libz
   *13 = requires libmetalink, and either an Apple or Microsoft operating
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 7d365576e..e732c1cdc 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -105,7 +105,6 @@ libressl.
  - NSS: `--without-ssl --with-nss`
  - PolarSSL: `--without-ssl --with-polarssl`
  - mbedTLS: `--without-ssl --with-mbedtls`
- - axTLS: `--without-ssl --with-axtls`
  - schannel: `--without-ssl --with-winssl`
  - secure transport: `--without-ssl --with-darwinssl`
  - MesaLink: `--without-ssl --with-mesalink`
diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md
index d1c4c62b0..8058b36d0 100644
--- a/docs/INTERNALS.md
+++ b/docs/INTERNALS.md
@@ -88,7 +88,6 @@ Dependencies
  - MIT Kerberos 1.2.4
  - GSKit        V5R3M0
  - NSS          3.14.x
- - axTLS        2.1.0
  - PolarSSL     1.3.0
  - Heimdal      ?
  - nghttp2      1.0.0
diff --git a/docs/LICENSE-MIXING.md b/docs/LICENSE-MIXING.md
index 5376bdb70..e4f6759e4 100644
--- a/docs/LICENSE-MIXING.md
+++ b/docs/LICENSE-MIXING.md
@@ -57,10 +57,6 @@ not have the announcement clause that collides with GPL.
  different obligations. You should select the license that best meets your
  needs.
 
-## axTLS
-
- (May be used for SSL/TLS support) Uses a Modified BSD-style license.
-
 ## mbedTLS
 
  (May be used for SSL/TLS support) Uses the [Apache 2.0
diff --git a/docs/examples/Makefile.netware b/docs/examples/Makefile.netware
index 9b6c69b8f..1f50a9266 100644
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -27,11 +27,6 @@ ifndef LIBSSH2_PATH
 LIBSSH2_PATH = ../../../libssh2-1.5.0
 endif
 
-# Edit the path below to point to the base of your axTLS package.
-ifndef AXTLS_PATH
-AXTLS_PATH = ../../../axTLS-1.2.7
-endif
-
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../../libidn-1.32
@@ -197,14 +192,9 @@ WITH_SSH2 = 1
 WITH_SSL = 1
 WITH_ZLIB = 1
 endif
-ifeq ($(findstring -axtls,$(CFG)),-axtls)
-WITH_AXTLS = 1
-WITH_SSL =
-else
 ifeq ($(findstring -ssl,$(CFG)),-ssl)
 WITH_SSL = 1
 endif
-endif
 ifeq ($(findstring -zlib,$(CFG)),-zlib)
 WITH_ZLIB = 1
 endif
@@ -245,15 +235,6 @@ ifdef WITH_SSL
   LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
   IMPORTS += GetProcessSwitchCount RunningProcess
 else
-ifdef WITH_AXTLS
-  INCLUDES += -I$(AXTLS_PATH)/inc
-ifdef LINK_STATIC
-  LDLIBS += $(AXTLS_PATH)/lib/libaxtls.$(LIBEXT)
-else
-  MODULES += libaxtls.nlm
-  IMPORTS += $(AXTLS_PATH)/lib/libaxtls.imp
-endif
-endif
 endif
 ifdef WITH_ZLIB
   # INCLUDES += -I$(ZLIB_PATH)
diff --git a/docs/libcurl/curl_global_sslset.3 b/docs/libcurl/curl_global_sslset.3
index b17e8ea58..22d95065d 100644
--- a/docs/libcurl/curl_global_sslset.3
+++ b/docs/libcurl/curl_global_sslset.3
@@ -41,7 +41,7 @@ typedef enum {
   CURLSSLBACKEND_WOLFSSL = 7,
   CURLSSLBACKEND_SCHANNEL = 8,
   CURLSSLBACKEND_DARWINSSL = 9,
-  CURLSSLBACKEND_AXTLS = 10,
+  CURLSSLBACKEND_AXTLS = 10, /* deprecated */
   CURLSSLBACKEND_MBEDTLS = 11,
   CURLSSLBACKEND_MESALINK = 12
 } curl_sslbackend;
diff --git a/docs/libcurl/libcurl-thread.3 b/docs/libcurl/libcurl-thread.3
index 1433f63ff..1692b0fda 100644
--- a/docs/libcurl/libcurl-thread.3
+++ b/docs/libcurl/libcurl-thread.3
@@ -60,8 +60,6 @@ thread-safe already without anything required.
 Required actions unknown.
 .IP yassl
 Required actions unknown.
-.IP axTLS
-Required actions unknown.
 .IP Secure-Transport
 The engine is used by libcurl in a way that is fully thread-safe.
 .IP WinSSL
diff --git a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
index a0fe2099c..c60e9c653 100644
--- a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
+++ b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
@@ -54,7 +54,7 @@ struct curl_tlssessioninfo {
 
 The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_*
 series: CURLSSLBACKEND_NONE (when built without TLS support),
-CURLSSLBACKEND_AXTLS, CURLSSLBACKEND_CYASSL, CURLSSLBACKEND_DARWINSSL,
+CURLSSLBACKEND_CYASSL, CURLSSLBACKEND_DARWINSSL,
 CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_MBEDTLS,
 CURLSSLBACKEND_NSS, CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_POLARSSL,
 CURLSSLBACKEND_SCHANNEL or CURLSSLBACKEND_MESALINK. (Note that the OpenSSL
@@ -77,8 +77,6 @@ CURLINFO_TLS_SSL_PTR: SSL *
 Since 7.48.0 the \fIinternals\fP member can point to these other SSL backends
 as well:
 .RS
-.IP axTLS
-SSL *
 .IP mbedTLS
 mbedtls_ssl_context *
 .IP PolarSSL
diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
index 15e92878d..9dc69959c 100644
--- a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -50,7 +50,7 @@ TLSv1.3
 The maximum TLS version can be set by using \fIone\fP of the
 CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
 CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
-The MAX macros are not supported for SSL backends axTLS or wolfSSL.
+The MAX macros are not supported for WolfSSL.
 .RS
 .IP CURL_SSLVERSION_MAX_DEFAULT
 The flag defines the maximum supported TLS version as TLSv1.2, or the default
diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
index 96afa86f1..42ef20abc 100644
--- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3
+++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3
@@ -59,7 +59,7 @@ TLS v1.3 or later (Added in 7.52.0)
 The maximum TLS version can be set by using \fIone\fP of the
 CURL_SSLVERSION_MAX_ macros below. It is also possible to OR \fIone\fP of the
 CURL_SSLVERSION_ macros with \fIone\fP of the CURL_SSLVERSION_MAX_ macros.
-The MAX macros are not supported for SSL backends axTLS or wolfSSL.
+The MAX macros are not supported for WolfSSL.
 .RS
 .IP CURL_SSLVERSION_MAX_DEFAULT
 The flag defines the maximum supported TLS version by libcurl, or the default
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index fa0d6f710..26f24c9f2 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -700,7 +700,7 @@ CURLSSH_AUTH_KEYBOARD           7.16.1
 CURLSSH_AUTH_NONE               7.16.1
 CURLSSH_AUTH_PASSWORD           7.16.1
 CURLSSH_AUTH_PUBLICKEY          7.16.1
-CURLSSLBACKEND_AXTLS            7.38.0
+CURLSSLBACKEND_AXTLS            7.38.0       7.61.0
 CURLSSLBACKEND_BORINGSSL        7.49.0
 CURLSSLBACKEND_CYASSL           7.34.0
 CURLSSLBACKEND_DARWINSSL        7.34.0