Skip to content
Snippets Groups Projects
TODO 20.3 KiB
Newer Older
  • Learn to ignore specific revisions
  • Yang Tse's avatar
     
    Yang Tse committed
                                      _   _ ____  _
                                  ___| | | |  _ \| |
                                 / __| | | | |_) | |
                                | (__| |_| |  _ <| |___
    
                                 \___|\___/|_| \_\_____|
    
    
                    Things that could be nice to do in the future
    
     Things to do in project cURL. Please tell us what you think, contribute and
    
    Daniel Stenberg's avatar
    Daniel Stenberg committed
     All bugs documented in the KNOWN_BUGS document are subject for fixing!
    
    
     1. libcurl
     1.2 More data sharing
     1.3 struct lifreq
    
     1.5 get rid of PATH_MAX
    
     1.6 progress callback without doubles
    
     1.7 Happy Eyeball dual stack connect
    
    
     2. libcurl - multi interface
     2.1 More non-blocking
    
     2.4 Fix HTTP Pipelining for PUT
    
     4.2 Alter passive/active on failure and retry
     4.3 Earlier bad letter detection
     4.4 REST for large files
     4.5 FTP proxy support
    
     5.1 Better persistency for HTTP 1.0
     5.2 support FF3 sqlite cookie files
    
     5.3 Rearrange request header order
    
    
     6. TELNET
     6.1 ditch stdin
     6.2 ditch telnet-specific select
    
     6.3 feature negotiation debug data
     6.4 send data in chunks
    
     7.3 Evaluate SSL patches
     7.4 Cache OpenSSL contexts
     7.5 Export session ids
     7.6 Provide callback for cert verification
     7.7 Support other SSL libraries
     7.9 improve configure --with-ssl
    
     8.4 non-gcrypt
    
     9.1 Other authentication mechanisms
    
     9.2 Specify the preferred authentication mechanism
     9.3 Initial response
     9.4 Pipelining
     
    
     10.1 APOP Authentication
    
     10.2 Other authentication mechanisms
    
     10.3 auth= in URLs
     
     11. Other protocols
    
     12. New protocols
     12.1 RSYNC
    
     13. Client
     13.1 sync
     13.2 glob posts
     13.3 prevent file overwriting
     13.4 simultaneous parallel transfers
     13.5 provide formpost headers
     13.6 url-specific options
     13.7 metalink support
     13.8 warning when setting an option
     13.9 IPv6 addresses with globbing
    
     14. Build
     14.1 roffit
    
     15. Test suite
     15.1 SSL tunnel
     15.2 nicer lacking perl message
     15.3 more protocols supported
     15.4 more platforms supported
    
     16. Next SONAME bump
     16.1 http-style HEAD output for ftp
     16.2 combine error codes
     16.3 extend CURLOPT_SOCKOPTFUNCTION prototype
    
     17. Next major release
     17.1 cleanup return codes
     17.2 remove obsolete defines
     17.3 size_t
     17.4 remove several functions
     17.5 remove CURLOPT_FAILONERROR
     17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
     17.7 remove progress meter from libcurl
     17.8 remove 'curl_httppost' from public
     17.9 have form functions use CURL handle argument
    
    ==============================================================================
    
     curl_share_* functions already exist and work, and they can be extended to
     share more. For example, enable sharing of the ares channel and the
     connection cache.
    
     Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
     SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete.
     To support ipv6 interface addresses for network interfaces properly.
    
    
     libcurl built without an asynchronous resolver library uses alarm() to time
     out DNS lookups. When a timeout occurs, this causes libcurl to jump from the
    
    Yang Tse's avatar
     
    Yang Tse committed
     signal handler back into the library with a sigsetjmp, which effectively
    
     causes libcurl to continue running within the signal handler. This is
     non-portable and could cause problems on some platforms. A discussion on the
     problem is available at http://curl.haxx.se/mail/lib-2008-09/0197.html
    
     Also, alarm() provides timeout resolution only to the nearest second. alarm
     ought to be replaced by setitimer on systems that support it.
    
    
    1.5 get rid of PATH_MAX
    
     Having code use and rely on PATH_MAX is not nice:
     http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html
    
     Currently the SSH based code uses it a bit, but to remove PATH_MAX from there
     we need libssh2 to properly tell us when we pass in a too small buffer and
     its current API (as of libssh2 1.2.7) doesn't.
    
    
    1.6 progress callback without doubles
    
     The progress callback was introduced way back in the days and the choice to
     use doubles in the arguments was possibly good at the time. Today the doubles
     only confuse users and make the amounts less precise. We should introduce
     another progress callback option that take precedence over the old one and
     have both co-exist for a forseeable time until we can remove the double-using
     one.
    
    
    1.7 Happy Eyeball dual stack connect
    
     In order to make alternative technologies not suffer when transitioning, like
     when introducing IPv6 as an alternative to IPv4 and there are more than one
     option existing simultaneously there are reasons to reconsider internal
     choices.
    
     To make libcurl do blazing fast IPv6 in a dual-stack configuration, this needs
     to be addressed:
    
    
        http://tools.ietf.org/html/rfc6555
    
     Make sure we don't ever loop because of non-blocking sockets returning
    
     EWOULDBLOCK or similar. Blocking cases include:
    
     - Name resolves on non-windows unless c-ares is used
     - NSS SSL connections
     - HTTP proxy CONNECT operations
     - SOCKS proxy handshakes
     - file:// transfers
     - TELNET transfers
     - The "DONE" operation (post transfer protocol-specific actions) for the
       protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task.
    
     Make curl_easy_perform() a wrapper-function that simply creates a multi
     handle, adds the easy handle to it, runs curl_multi_perform() until the
     transfer is done, then detach the easy handle, destroy the multi handle and
     return the easy handle's return code. This will thus make everything
     internally use and assume the multi interface. The select()-loop should use
     curl_multi_socket().
    
    2.4 Fix HTTP Pipelining for PUT
    
     HTTP Pipelining can be a way to greatly enhance performance for multiple
     serial requests and currently libcurl only supports that for HEAD and GET
     requests but it should also be possible for PUT.
    
    
     HOST is a suggested command in the works for a client to tell which host name
     to use, to offer FTP servers named-based virtual hosting:
    
     http://tools.ietf.org/html/draft-hethmon-mcmurray-ftp-hosts-11
    
    4.2 Alter passive/active on failure and retry
    
     When trying to connect passively to a server which only supports active
     connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the
     connection. There could be a way to fallback to an active connection (and
     vice versa). http://curl.haxx.se/bug/feature.cgi?id=1754793
    
    4.3 Earlier bad letter detection
    
     Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in the
     process to avoid doing a resolve and connect in vain.
    
    4.4 REST for large files
    
     REST fix for servers not behaving well on >2GB requests. This should fail if
     the server doesn't set the pointer to the requested index. The tricky
     (impossible?) part is to figure out if the server did the right thing or not.
    
    4.5 FTP proxy support
    
     Support the most common FTP proxies, Philip Newton provided a list allegedly
     from ncftp. This is not a subject without debate, and is probably not really
     suitable for libcurl.  http://curl.haxx.se/mail/archive-2003-04/0126.html
    
    
    
     FTP ASCII transfers do not follow RFC959. They don't convert the data
     accordingly.
    
    5. HTTP
    
    
    
     "Better" support for persistent connections over HTTP 1.0
     http://curl.haxx.se/bug/feature.cgi?id=1089001
    
    
    
     Firefox 3 is changing from its former format to a a sqlite database instead.
     We should consider how (lib)curl can/should support this.
     http://curl.haxx.se/bug/feature.cgi?id=1871388
    
    
    5.3 Rearrange request header order
    
    
     Server implementors often make an effort to detect browser and to reject
     clients it can detect to not match. One of the last details we cannot yet
     control in libcurl's HTTP requests, which also can be exploited to detect
     that libcurl is in fact used even when it tries to impersonate a browser, is
     the order of the request headers. I propose that we introduce a new option in
     which you give headers a value, and then when the HTTP request is built it
     sorts the headers based on that number. We could then have internally created
     headers use a default value so only headers that need to be moved have to be
     specified.
    
    
    
    6. TELNET
    
    6.1 ditch stdin
    
    Reading input (to send to the remote server) on stdin is a crappy solution for
    library purposes. We need to invent a good way for the application to be able
    to provide the data to send.
    
    6.2 ditch telnet-specific select
    
     Move the telnet support's network select() loop go away and merge the code
     into the main transfer loop. Until this is done, the multi interface won't
     work for telnet.
    
    
    6.3 feature negotiation debug data
    
      Add telnet feature negotiation data to the debug callback as header data.
    
    6.4 send data in chunks
    
      Currently, telnet sends data one byte at a time.  This is fine for interactive
      use, but inefficient for any other.  Sent data should be sent in larger
      chunks.
    
    
    7. SSL
    
    7.1 Disable specific versions
    
     Provide an option that allows for disabling specific SSL versions, such as
     SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
    
    
    
     Provide a libcurl API for setting mutex callbacks in the underlying SSL
     library, so that the same application code can use mutex-locking
     independently of OpenSSL or GnutTLS being used.
    
    
    
     Evaluate/apply Gertjan van Wingerde's SSL patches:
     http://curl.haxx.se/mail/lib-2004-03/0087.html
    
    
    
     "Look at SSL cafile - quick traces look to me like these are done on every
     request as well, when they should only be necessary once per ssl context (or
     once per handle)". The major improvement we can rather easily do is to make
     sure we don't create and kill a new SSL "context" for every request, but
     instead make one for every connection and re-use that SSL context in the same
     style connections are re-used. It will make us use slightly more memory but
     it will libcurl do less creations and deletions of SSL contexts.
    
    
    
     Add an interface to libcurl that enables "session IDs" to get
     exported/imported. Cris Bailiff said: "OpenSSL has functions which can
     serialise the current SSL state to a buffer of your choice, and recover/reset
     the state from such a buffer at a later date - this is used by mod_ssl for
     apache to implement and SSL session ID cache".
    
    
    7.6 Provide callback for cert verification
    
    
     OpenSSL supports a callback for customised verification of the peer
     certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
     it be? There's so much that could be done if it were!
    
    
    
     Make curl's SSL layer capable of using other free SSL libraries.  Such as
     MatrixSSL (http://www.matrixssl.org/).
    
    
    
     make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
     then NSS...
    
    
    
     Add a way to check if the connection seems to be alive, to correspond to the
     SSL_peak() way we use with OpenSSL.
    
    
    8.4 non-gcrypt
    
     libcurl assumes that there are gcrypt functions available when
     GnuTLS is.
    
     GnuTLS can be built to use libnettle instead as crypto library,
     which breaks the previously mentioned assumption
    
     The correct fix would be to detect which crypto layer that is in use and
     adapt our code to use that instead of blindly assuming gcrypt.
    
    
    9.1 Other authentication mechanisms
    
    9.2 Specify the preferred authentication mechanism
    
     Add the ability to specify the preferred authentication mechanism or a list
    
     of mechanisms that should be used. Not only that, but the order that is
    
     returned by the server during the EHLO response should be honored by curl.
     
    9.3 Initial response
    
     Add the ability for the user to specify whether the initial response is
     included in the AUTH command. Some email servers, such as Microsoft
     Exchange, can work with either whilst others need to have the initial
     response sent separately:
     
     http://curl.haxx.se/mail/lib-2012-03/0114.html
     
    9.4 Pipelining
    
     Add support for pipelining emails.
    
    
    10.1 APOP Authentication
    
     Add support for the APOP command rather than using plain text authentication
     (USER and PASS) as this is very week security wise. Note: The APOP command
     is specified as "APOP <username> <md5 password>", however, it isn't
     supported by all mail servers.
     
    
    10.2 Other authentication mechanisms
    
    
     SASL offers support for additional authentication mechanisms via the AUTH
     command. Detection of an email server's support for SASL authentication
     can be detected via the CAPA command whilst a list of supported mechanisms
     can be retrieved with an empty AUTH command.
     
    10.3 auth= in URLs
    
     Being able to specify the preferred authentication mechanim in the URL as
     per RFC-2384 (http://tools.ietf.org/html/rfc2384).
     
    11. Other protocols
    
    12. New protocols
    
    12.1 RSYNC
    
     There's no RFC for the protocol or an URI/URL format.  An implementation
     should most probably use an existing rsync library, such as librsync.
    
    13. Client
    
    13.1 sync
    
    
     "curl --sync http://example.com/feed[1-100].rss" or
     "curl --sync http://example.net/{index,calendar,history}.html"
    
     Downloads a range or set of URLs using the remote name, but only if the
     remote file is newer than the local file. A Last-Modified HTTP date header
     should also be used to set the mod date on the downloaded file.
    
    
    13.2 glob posts
    
    
     Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
     This is easily scripted though.
    
    
    13.3 prevent file overwriting
    
    
     Add an option that prevents cURL from overwriting existing local files. When
     used, and there already is an existing file with the target file name
     (either -O or -o), a number should be appended (and increased if already
     existing). So that index.html becomes first index.html.1 and then
     index.html.2 etc.
    
    
    13.4 simultaneous parallel transfers
    
    
     The client could be told to use maximum N simultaneous parallel transfers and
     then just make sure that happens. It should of course not make more than one
     connection to the same remote host. This would require the client to use the
     multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
    
    
    13.5 provide formpost headers
    
    
     Extending the capabilities of the multipart formposting. How about leaving
     the ';type=foo' syntax as it is and adding an extra tag (headers) which
     works like this: curl -F "coolfiles=@fil1.txt;headers=@fil1.hdr" where
     fil1.hdr contains extra headers like
    
       Content-Type: text/plain; charset=KOI8-R"
       Content-Transfer-Encoding: base64
       X-User-Comment: Please don't use browser specific HTML code
    
     which should overwrite the program reasonable defaults (plain/text,
     8bit...)
    
    
    13.6 url-specific options
    
    
     Provide a way to make options bound to a specific URL among several on the
     command line. Possibly by letting ':' separate options between URLs,
     similar to this:
    
        curl --data foo --url url.com : \
            --url url2.com : \
            --url url3.com --data foo3
    
     (More details: http://curl.haxx.se/mail/archive-2004-07/0133.html)
    
     The example would do a POST-GET-POST combination on a single command line.
    
    13.7 metalink support
    
    
     Add metalink support to curl (http://www.metalinker.org/). This is most useful
     with simultaneous parallel transfers (11.6) but not necessary.
    
    
    13.8 warning when setting an option
    
    
      Display a warning when libcurl returns an error when setting an option.
      This can be useful to tell when support for a particular feature hasn't been
      compiled into the library.
    
    
    13.9 IPv6 addresses with globbing
    
    
      Currently the command line client needs to get url globbing disabled (with
      -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
      that should be corrected. It probably involves a smarter detection of the
      '[' and ']' letters.
    
    
    Daniel Stenberg's avatar
    Daniel Stenberg committed
    
    
     Consider extending 'roffit' to produce decent ASCII output, and use that
     instead of (g)nroff when building src/hugehelp.c
    
    Daniel Stenberg's avatar
    Daniel Stenberg committed
    
    
    15. Test suite
    
    15.1 SSL tunnel
    
     Make our own version of stunnel for simple port forwarding to enable HTTPS
     and FTP-SSL tests without the stunnel dependency, and it could allow us to
     provide test tools built with either OpenSSL or GnuTLS
    
    15.2 nicer lacking perl message
    
     If perl wasn't found by the configure script, don't attempt to run the tests
     but explain something nice why it doesn't.
    
    15.3 more protocols supported
    
     Extend the test suite to include more protocols. The telnet could just do ftp
     or http operations (for which we have test servers).
    
    15.4 more platforms supported
    
    Daniel Stenberg's avatar
    Daniel Stenberg committed
    
    
     Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
     fork()s and it should become even more portable.
    
    16. Next SONAME bump
    
    16.1 http-style HEAD output for ftp
    
     #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
     from being output in NOBODY requests over ftp
    
    16.2 combine error codes
    
     Combine some of the error codes to remove duplicates.  The original
     numbering should not be changed, and the old identifiers would be
     macroed to the new ones in an CURL_NO_OLDIES section to help with
     backward compatibility.
    
    Daniel Stenberg's avatar
    Daniel Stenberg committed
    
    
     Candidates for removal and their replacements:
    
        CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND
        CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND
        CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR
        CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT
        CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT
        CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL
        CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
        CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED
    
    16.3 extend CURLOPT_SOCKOPTFUNCTION prototype
    
    
     The current prototype only provides 'purpose' that tells what the
     connection/socket is for, but not any protocol or similar. It makes it hard
     for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
     similar.
    
    
    17. Next major release
    
    17.1 cleanup return codes
    
     curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
     CURLMcode. These should be changed to be the same.
    
    17.2 remove obsolete defines
    
     remove obsolete defines from curl/curl.h
    
     make several functions use size_t instead of int in their APIs
    
    17.4 remove several functions
    
     remove the following functions from the public API:
    
    Daniel Stenberg's avatar
    Daniel Stenberg committed
    
    
     They will instead become curlx_ - alternatives. That makes the curl app
    
     still capable of using them, by building with them from source.
    
     These functions have no purpose anymore:
    
     curl_multi_socket
    
     curl_multi_socket_all
    
    Daniel Stenberg's avatar
    Daniel Stenberg committed
    
    
    17.5 remove CURLOPT_FAILONERROR
    
     Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
     internally. Let the app judge success or not for itself.
    
    17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
    
    
     Remove support for a global DNS cache. Anything global is silly, and we
     already offer the share interface for the same functionality but done
     "right".
    
    17.7 remove progress meter from libcurl
    
    
     The internally provided progress meter output doesn't belong in the library.
     Basically no application wants it (apart from curl) but instead applications
     can and should do their own progress meters using the progress callback.
    
     The progress callback should then be bumped as well to get proper 64bit
     variable types passed to it instead of doubles so that big files work
     correctly.
    
    17.8 remove 'curl_httppost' from public
    
    
     curl_formadd() was made to fill in a public struct, but the fact that the
     struct is public is never really used by application for their own advantage
     but instead often restricts how the form functions can or can't be modified.
    
     Changing them to return a private handle will benefit the implementation and
     allow us much greater freedoms while still maintining a solid API and ABI.
    
    17.9 have form functions use CURL handle argument
    
    
     curl_formadd() and curl_formget() both currently have no CURL handle
     argument, but both can use a callback that is set in the easy handle, and
     thus curl_formget() with callback cannot function without first having
     curl_easy_perform() (or similar) called - which is hard to grasp and a design
     mistake.