| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| TODO |
| |
| Things to do in project cURL. Please tell me what you think, contribute and |
| send me patches that improve things! |
| |
| To do in a future release (random order): |
| |
| * Make SSL session ids get used if multiple HTTPS documents from the same |
| host is requested. Note: is this really prioritized now with the persistent |
| connections? |
| |
| * Suggested on the mailing list: CURLOPT_FTP_MKDIR...! |
| |
| * Rewrite parts of the test suite. Make a (XML?) format to store all |
| test-data in a single for a single test case. The current system makes far |
| too many separate files. We also need to have the test suite support |
| different behaviors, like when libcurl is compiled for IPv6 support and |
| thus performs a different set of FTP commands. |
| |
| * Add configure options that disables certain protocols in libcurl to |
| decrease footprint. '--disable-[protocol]' where protocol is http, ftp, |
| telnet, ldap, dict or file. |
| |
| * Extend the test suite to include telnet. The telnet could just do ftp or |
| http operations (for which we have test servers). |
| |
| * Add a command line option that allows the output file to get the same time |
| stamp as the remote file. libcurl already is capable of fetching the remote |
| file's date. |
| |
| * Make curl's SSL layer option capable of using other free SSL libraries. |
| Such as the Mozilla Security Services |
| (http://www.mozilla.org/projects/security/pki/nss/) and GNUTLS |
| (http://gnutls.hellug.gr/) |
| |
| * Add asynchronous name resolving, as this enables full timeout support for |
| fork() systems. |
| |
| * Move non-URL related functions that are used by both the lib and the curl |
| application to a separate "portability lib". |
| |
| * Add libcurl support/interfaces for more languages. C++ wrapper perhaps? |
| |
| * "Content-Encoding: compress/gzip/zlib" HTTP 1.1 clearly defines how to get |
| and decode compressed documents. There is the zlib that is pretty good at |
| decompressing stuff. This work was started in October 1999 but halted again |
| since it proved more work than we thought. It is still a good idea to |
| implement though. |
| |
| * Authentication: NTLM. Support for that MS crap called NTLM |
| authentication. MS proxies and servers sometime require that. Since that |
| protocol is a proprietary one, it involves reverse engineering and network |
| sniffing. This should however be a library-based functionality. There are a |
| few different efforts "out there" to make open source HTTP clients support |
| this and it should be possible to take advantage of other people's hard |
| work. http://modntlm.sourceforge.net/ is one. There's a web page at |
| http://www.innovation.ch/java/ntlm.html that contains detailed reverse- |
| engineered info. |
| |
| * RFC2617 compliance, "Digest Access Authentication" |
| A valid test page seem to exist at: |
| http://hopf.math.nwu.edu/testpage/digest/ |
| And some friendly person's server source code is available at |
| http://hopf.math.nwu.edu/digestauth/index.html |
| Then there's the Apache mod_digest source code too of course. It seems as |
| if Netscape doesn't support this, and not many servers do. Although this is |
| a lot better authentication method than the more common "Basic". Basic |
| sends the password in cleartext over the network, this "Digest" method uses |
| a challange-response protocol which increases security quite a lot. |
| |
| * Other proxies |
| Ftp-kind proxy, Socks5, whatever kind of proxies are there? |
| |
| * Full IPv6 Awareness and support. (This is partly done.) RFC 2428 "FTP |
| Extensions for IPv6 and NATs" is interesting. PORT should be replaced with |
| EPRT for IPv6 (done), and EPSV instead of PASV. |
| |