Fix of rbtree lookup on hash collisions.

Previous code incorrectly assumed that nodes with identical keys are linked
together.  This might not be true after tree rebalance.

Patch by Lanshun Zhou.

Fixed error handling in ngx_event_connect_peer().

Previously if ngx_add_event() failed a connection was freed two times (once
in the ngx_event_connect_peer(), and again by a caller) as pc->connection was
left set.  Fix is to always use ngx_close_connection() to close connection
properly and set pc->connection to NULL on errors.

Patch by Piotr Sikora.

SSL changes:

*) Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.

   Support for TLSv1.1 and TLSv1.2 protocols was introduced in
   OpenSSL 1.0.1 (-beta1 was recently released).  This change makes it
   possible to disable these protocols and/or enable them without other
   protocols.

*) Removed ENGINE_load_builtin_engines() call.

   It's already called by OPENSSL_config().  Calling it again causes
   some openssl engines (notably GOST) to corrupt memory, as they don't
   expect to be created more than once.

Protection from stale write events in epoll.

Stale write event may happen if epoll_wait() reported both read and write
events, and processing of the read event closed descriptor.

Various fixes related to error messages:

*) Removed old warning that suggested to use "server_name_in_redirect off"
   (now the default) in place of no longer supported "server_name *".

*) Fixing directive name in error message if types hash size is not enough.

*) Replaced "can not" with "cannot" and "could not" in a bunch of places.
   Fixed nearby grammar errors.

*) Overhauled error messages.

SSL related fixes:

*) Better handling of various per-server ssl options with SNI.

   SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
   structure, it only changes certificates (at least as of now, OpenSSL
   1.0.0d and earlier).

   As a result settings like ssl_verify_client, ssl_verify_depth,
   ssl_prefer_server_ciphers are only configurable on per-socket basis while
   with SNI it should be possible to specify them different for two servers
   listening on the same socket.

   Workaround is to explicitly re-apply settings we care about from context
   to ssl connection in servername callback.

   Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
   with older versions it is not possible to clear ssl_prefer_server_ciphers
   option if it's set in default server for a socket.

*) Disabling SSL compression. This saves about 300K per SSL connection.
   The SSL_OP_NO_COMPRESSION option is available since OpenSSL 1.0.0.

*) Releasing memory of idle SSL connection. This saves about 34K per SSL
   connection. The SSL_MODE_RELEASE_BUFFERS option is available since
   OpenSSL 1.0.0d.

*) Decrease of log level of some SSL handshake errors.

*) Fixed segfault on configuration testing with ssl (ticket #37).

   The following config caused segmentation fault due to conf->file not
   being properly set if "ssl on" was inherited from the http level:

   http {
       ssl on;
       server {
       }
   }

*) Silently ignoring a stale global SSL error left after disabled renegotiation.

Proxy related fixes:

*) Fixing cpu hog with all upstream servers marked "down".

The following configuration causes nginx to hog cpu due to infinite loop
in ngx_http_upstream_get_peer():

    upstream backend {
        server 127.0.0.1:8080 down;
        server 127.0.0.1:8080 down;
    }

    server {
       ...
       location / {
           proxy_pass http://backend;
       }
    }

Make sure we don't loop infinitely in ngx_http_upstream_get_peer() but stop
after resetting peer weights once.

Return 0 if we are stuck.  This is guaranteed to work as peer 0 always exists,
and eventually ngx_http_upstream_get_round_robin_peer() will do the right
thing falling back to backup servers or returning NGX_BUSY.

*) Upstream: properly allocate memory for tried flags.

Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-May/026531.html

*) Fix of cpu hog in event pipe.

If client closed connection in ngx_event_pipe_write_to_downstream(), buffers
in the "out" chain were lost.  This caused cpu hog if all available buffers
were in the "out" chain.  Fix is to call ngx_chain_update_chains() before
checking return code of output filter to avoid loosing buffers in the "out"
chain.

Note that this situation (all available buffers in the "out" chain) isn't
normal, it should be prevented by busy buffers limit.  Though right now it
may happen with complex protocols like fastcgi.  This should be addressed
separately.

Linux AIO related fixes:

*) Fixing Linux AIO syscalls return value handling:
syscall(2) uses usual libc convention, it returns -1 on error and
sets errno. Obsolete _syscall(2) returns negative value of error.

*) Fixing Linux AIO initiatialization: AIO operations are disabled
if kernel does not support them.  Previously worker just exited.

*) The "worker_aio_requests" directive.

The default value is 32 AIO simultaneous requests per worker. Previously
they were hardcoded to 1024, and it was too large, since Linux allocated
them early on io_setup(), but not on request itself. So with default value
of /proc/sys/fs/aio-max-nr equal to 65536 only 64 worker processes could
be run simultaneously. 32 AIO requests are enough for modern disks even if
server runs only 1 worker.