Per dcf:
> As for the TODO, my plan was was to expose a "utls" SOCKS arg
> to make it configurable per bridge, and just reuse the utls
> Client Hello ID names:
>	utls=HelloChrome_Auto

This adds support for all currently supported utls ClientHello IDs
with the following caveats/differences:

 * `none` - Disables using utls entirely, forces `crypto/tls`.
 * `HelloGolang` - Alias of `none`, since using utls is pointless.
 * `HelloCustom` - Omitted as pointless.

There's still some interesting oddities depending on remote server and
what fingerprint is chosen, but I can watch videos online with the
chosen settings and the TBB Azure bridge.

Note: Despite what people are claiming in the Tor Browser bug tracker
it isn't all that hard to use the built in http client with utls.  And
yes, the `transport.go` code does negotiate correctly in a standalone
test case (apart from compatibility related oddities).

 * Properly close the response body on HTTP error.
 * Cleanup close signaling.
 * Write() should return faster on closed connections.

Thanks to @SudoHenk on github for pointing out the issue long ago.

Mostly but not entirely discarding error return values of things that
can not possibly fail despite the API returning errors.

This is to silence some of the static analysis tools used in
development.  Despite `http.Client` and `http.Transport` being
suggested as an alternative, there is no way to accomplish current
functionality with either suggested replacement.

See: https://github.com/golang/go/issues/8285

This commit changes the upstream repo location to:
  https://gitlab.com/yawning/obfs4.git

Additionally all the non-`main` sub-packages now have an import
comment annotation.  As a matter of courtesy, I will continue to
push to both the existing github.com and git.torproject.org repos
for the foreseeable future, though I reserve the right to stop
doing so at any time.

The biggest win is that we now declare what versions of each dependency
we require to build. This way, building a certain version of obfs4 will
always use the same source code, independent of the master branch of
each dependency.

This is necessary for reproducible builds. On top of that, go.sum
contains checksums of all the transitive dependencies and their modules,
so the build system will also recognise when the source code has been
changed.

Updated the build instructions accordingly. We don't drop support for
earlier Go versions, but those won't get the benefit of reproducible
builds unless we start vendoring the dependencies too.

https://gitweb.torproject.org/pluggable-transports/meek.git/commit/?h=0.28&id=0ea861efe5873b517fbd08c4bc48027e4db16a95

Apparently I didn't test the "connect via HTTP(s)" proxy with
authentication at all when I added that functionality, so it has been
broken for years.

This should fix it now.

It's supposed to use the one derived from the client's handshake
(assuming the clock skew is within acceptable limits), but it was using
the one based off the current system time.

It used to be that all of the bridge side parameters needed to be
manually specified together.  This was somewhat nonsensical, and the IAT
mode can now be set as the only obfs4 option in a `ServerTransportOptions`
torrc directive.

Thanks to dcf for reporting the issue.

Bug introduced in e52258ed, not in any
released version of obfs4proxy.

when obfs4 connection create failed,conn variable is
set to nil already.

This dramatically improves bulk upload performance, from totally shit
to just shit.

This is a meek client only implementation, with the following
differences with dcf's `meek-client`:

 - It is named `meek_lite` to differentiate it from the real thing.
 - It does not support using an external helper to normalize TLS
   signatures, so adversaries can look for someone using the Go
   TLS library to do HTTP.
 - It does the right thing with TOR_PT_PROXY, even when a helper is
   not present.

Most of the credit goes to dcf, who's code I librerally cribbed and
stole.  It is intended primarily as a "better than nothina" option
for enviornments that do not or can not presently use an external
Firefox helper.

ClientFactories now have a Dial() method instead of a WrapConn()
method, so that it is possible to write something like meek-client
using the obfs4proxy framework.

This breaks the external interface if anyone is using obfs4proxy as
a library, but the new way of doing things is a trivial modification,
to a single routine that shouldn't have been very large to begin with.

Differences from my goptlib branch:
 * Instead of exposing a net.Listener, just expose a Handshake() routine
   that takes an existing net.Conn. (#14135 is irrelevant to this socks
   server.
 * There's an extra routine for sending back sensible errors on Dial
   failure instead of "General failure".
 * The code is slightly cleaner (IMO).

Gotchas:
 * If the goptlib pt.Args datatype or external interface changes,
   args.go will need to be updated.

Tested with obfs3 and obfs4, including IPv6.

Unless you have very good reason to do so, there should be no reason to
actually call these ever, since the log messages are only generated if
they will result in output being written to a log file.

Implements feature #15576.

If the relevant enviornment variable is set, treat read errors from
Stdin as a SIGTERM.

This combines the old signal processing code with the parent monitor,
into a new termination monitor structure, which also now handles keeping
track of outstanding sessions.

The ideal solution here would be to implement #15435, but till then
use one of several kludges:
 * Linux - prctl() so that the kernel SIGTERMs on parent exit.
 * Other U*ix - Poll the parent process id once a second, and SIGTERM
   ourself/exit if it changes.  Former is better since all the normal
   cleanup if any gets done.
 * Windows - Log a warning.