| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| TODO |
| |
| Things to do in project cURL. Please tell me what you think, contribute and |
| send me patches that improve things! Also check the http://curl.haxx.se/dev |
| web section for various development notes. |
| |
| To do in a future release (random order): |
| |
| * FTP ASCII upload does not follow RFC959 section 3.1.1.1: |
| "The sender converts the data from an internal character representation to |
| the standard 8-bit NVT-ASCII representation (see the Telnet |
| specification). The receiver will convert the data from the standard form |
| to his own internal form." |
| |
| * Make the connect non-blocking so that timeouts work for connect in |
| multi-threaded programs |
| |
| * Add an interface that enables a user to select prefered SSL ciphers to use. |
| |
| * Make curl deal with cookies better. libcurl should be able to maintain a |
| "cookie jar". Updating it with cookies that is received, and using it to |
| pass cookies to the servers that have matching cookies in the jar. |
| http://curl.haxx.se/dev/cookie-jar.txt |
| |
| * Consider an interface to libcurl that allows applications to easier get to |
| know what cookies that are sent back in the response headers. |
| |
| * Make SSL session ids get used if multiple HTTPS documents from the same |
| host is requested. http://curl.haxx.se/dev/SSL_session_id.txt |
| |
| * HTTP PUT for files passed on stdin. Requires libcurl to send the file |
| with chunked content encoding. http://curl.haxx.se/dev/HTTP-PUT-stdin.txt |
| |
| * Introduce another callback interface for upload/download that makes one |
| less copy of data and thus a faster operation. |
| http://curl.haxx.se/dev/no_copy_callbacks.txt |
| |
| * An option to only download remote FTP files if they're newer than the local |
| one is a good idea, and it would fit right into the same syntax as the |
| already working http dito works. It of course requires that 'MDTM' works, |
| and it isn't a standard FTP command. |
| |
| * Suggested on the mailing list: CURLOPT_FTP_MKDIR...! |
| |
| * Add configure options that disables certain protocols in libcurl to |
| decrease footprint. '--disable-[protocol]' where protocol is http, ftp, |
| telnet, ldap, dict or file. |
| |
| * Extend the test suite to include telnet. The telnet could just do ftp or |
| http operations (for which we have test servers). |
| |
| * Make TELNET work on windows! |
| |
| * Add a command line option that allows the output file to get the same time |
| stamp as the remote file. libcurl already is capable of fetching the remote |
| file's date. |
| |
| * Make curl's SSL layer option capable of using other free SSL libraries. |
| Such as the Mozilla Security Services |
| (http://www.mozilla.org/projects/security/pki/nss/) and GNUTLS |
| (http://gnutls.hellug.gr/) |
| |
| * Add asynchronous name resolving, as this enables full timeout support for |
| fork() systems. http://curl.haxx.se/dev/async-resolver.txt |
| |
| * Move non-URL related functions that are used by both the lib and the curl |
| application to a separate "portability lib". |
| |
| * Add libcurl support/interfaces for more languages. C++ wrapper perhaps? |
| |
| * "Content-Encoding: compress/gzip/zlib" HTTP 1.1 clearly defines how to get |
| and decode compressed documents. There is the zlib that is pretty good at |
| decompressing stuff. This work was started in October 1999 but halted again |
| since it proved more work than we thought. It is still a good idea to |
| implement though. |
| |
| * Authentication: NTLM. Support for that MS crap called NTLM |
| authentication. MS proxies and servers sometime require that. Since that |
| protocol is a proprietary one, it involves reverse engineering and network |
| sniffing. This should however be a library-based functionality. There are a |
| few different efforts "out there" to make open source HTTP clients support |
| this and it should be possible to take advantage of other people's hard |
| work. http://modntlm.sourceforge.net/ is one. There's a web page at |
| http://www.innovation.ch/java/ntlm.html that contains detailed reverse- |
| engineered info. |
| |
| * RFC2617 compliance, "Digest Access Authentication" |
| A valid test page seem to exist at: |
| http://hopf.math.nwu.edu/testpage/digest/ |
| And some friendly person's server source code is available at |
| http://hopf.math.nwu.edu/digestauth/index.html |
| Then there's the Apache mod_digest source code too of course. It seems as |
| if Netscape doesn't support this, and not many servers do. Although this is |
| a lot better authentication method than the more common "Basic". Basic |
| sends the password in cleartext over the network, this "Digest" method uses |
| a challange-response protocol which increases security quite a lot. |
| |
| * Other proxies |
| Ftp-kind proxy, Socks5, whatever kind of proxies are there? |
| |
| * Full IPv6 Awareness and support. (This is partly done.) RFC 2428 "FTP |
| Extensions for IPv6 and NATs" is interesting. PORT should be replaced with |
| EPRT for IPv6 (done), and EPSV instead of PASV. |
| |