docs/TODO - third_party/curl - Git at Google

                                   _   _ ____  _
                               ___| | | |  _ \| |
                              / __| | | | |_) | |
                             | (__| |_| |  _ <| |___
                              \___|\___/|_| \_\_____|

 TODO

  Things to do in project cURL. Please tell me what you think, contribute and
  send me patches that improve things! Also check the http://curl.haxx.se/dev
  web section for various development notes.

 To do in a future release (random order):

  * FTP ASCII upload does not follow RFC959 section 3.1.1.1:
     "The sender converts the data from an internal character representation to
     the standard 8-bit NVT-ASCII representation (see the Telnet
     specification).  The receiver will convert the data from the standard form
     to his own internal form."

  * Make the connect non-blocking so that timeouts work for connect in
    multi-threaded programs

  * Consider an interface to libcurl that allows applications to easier get to
    know what cookies that are sent back in the response headers.

  * HTTP PUT for files passed on stdin *OR* when the --crlf option is
    used. Requires libcurl to send the file with chunked content
    encoding. http://curl.haxx.se/dev/HTTP-PUT-stdin.txt

  * Introduce another callback interface for upload/download that makes one
    less copy of data and thus a faster operation.
    http://curl.haxx.se/dev/no_copy_callbacks.txt

  * An option to only download remote FTP files if they're newer than the local
    one is a good idea, and it would fit right into the same syntax as the
    already working http dito works. It of course requires that 'MDTM' works,
    and it isn't a standard FTP command.

  * Suggested on the mailing list: CURLOPT_FTP_MKDIR...!

  * Add configure options that disables certain protocols in libcurl to
    decrease footprint.  '--disable-[protocol]' where protocol is http, ftp,
    telnet, ldap, dict or file.

  * Extend the test suite to include telnet. The telnet could just do ftp or
    http operations (for which we have test servers).

  * Make TELNET work on windows!

  * Make curl's SSL layer option capable of using other free SSL libraries.
    Such as the Mozilla Security Services
    (http://www.mozilla.org/projects/security/pki/nss/) and GNUTLS
    (http://gnutls.hellug.gr/)

  * Add asynchronous name resolving, as this enables full timeout support for
    fork() systems. http://curl.haxx.se/dev/async-resolver.txt

  * Move non-URL related functions that are used by both the lib and the curl
    application to a separate "portability lib".

  * Add libcurl support/interfaces for more languages. C++ wrapper perhaps?

  * "Content-Encoding: compress/gzip/zlib" HTTP 1.1 clearly defines how to get
    and decode compressed documents. There is the zlib that is pretty good at
    decompressing stuff. This work was started in October 1999 but halted again
    since it proved more work than we thought. It is still a good idea to
    implement though.

  * Authentication: NTLM. Support for that MS crap called NTLM
    authentication. MS proxies and servers sometime require that. Since that
    protocol is a proprietary one, it involves reverse engineering and network
    sniffing. This should however be a library-based functionality. There are a
    few different efforts "out there" to make open source HTTP clients support
    this and it should be possible to take advantage of other people's hard
    work. http://modntlm.sourceforge.net/ is one. There's a web page at
    http://www.innovation.ch/java/ntlm.html that contains detailed reverse-
    engineered info.

  * RFC2617 compliance, "Digest Access Authentication"
    A valid test page seem to exist at:
    http://hopf.math.nwu.edu/testpage/digest/
    And some friendly person's server source code is available at
    http://hopf.math.nwu.edu/digestauth/index.html
    Then there's the Apache mod_digest source code too of course.  It seems as
    if Netscape doesn't support this, and not many servers do. Although this is
    a lot better authentication method than the more common "Basic". Basic
    sends the password in cleartext over the network, this "Digest" method uses
    a challange-response protocol which increases security quite a lot.

  * Other proxies
    Ftp-kind proxy, Socks5, whatever kind of proxies are there?

  * Full IPv6 Awareness and support. (This is partly done.)  RFC 2428 "FTP
    Extensions for IPv6 and NATs" is interesting. PORT should be replaced with
    EPRT for IPv6 (done), and EPSV instead of PASV.
	_ _ ____ _
	___\| \| \| \| _ \\| \|
	/ __\| \| \| \| \|_) \| \|
	\| (__\| \|_\| \| _ <\| \|___
	\___\|\___/\|_\| \_\_____\|

	TODO

	Things to do in project cURL. Please tell me what you think, contribute and
	send me patches that improve things! Also check the http://curl.haxx.se/dev
	web section for various development notes.

	To do in a future release (random order):

	* FTP ASCII upload does not follow RFC959 section 3.1.1.1:
	"The sender converts the data from an internal character representation to
	the standard 8-bit NVT-ASCII representation (see the Telnet
	specification). The receiver will convert the data from the standard form
	to his own internal form."

	* Make the connect non-blocking so that timeouts work for connect in
	multi-threaded programs

	* Consider an interface to libcurl that allows applications to easier get to
	know what cookies that are sent back in the response headers.

	* HTTP PUT for files passed on stdin OR when the --crlf option is
	used. Requires libcurl to send the file with chunked content
	encoding. http://curl.haxx.se/dev/HTTP-PUT-stdin.txt

	* Introduce another callback interface for upload/download that makes one
	less copy of data and thus a faster operation.
	http://curl.haxx.se/dev/no_copy_callbacks.txt

	* An option to only download remote FTP files if they're newer than the local
	one is a good idea, and it would fit right into the same syntax as the
	already working http dito works. It of course requires that 'MDTM' works,
	and it isn't a standard FTP command.

	* Suggested on the mailing list: CURLOPT_FTP_MKDIR...!

	* Add configure options that disables certain protocols in libcurl to
	decrease footprint. '--disable-[protocol]' where protocol is http, ftp,
	telnet, ldap, dict or file.

	* Extend the test suite to include telnet. The telnet could just do ftp or
	http operations (for which we have test servers).

	* Make TELNET work on windows!

	* Make curl's SSL layer option capable of using other free SSL libraries.
	Such as the Mozilla Security Services
	(http://www.mozilla.org/projects/security/pki/nss/) and GNUTLS
	(http://gnutls.hellug.gr/)

	* Add asynchronous name resolving, as this enables full timeout support for
	fork() systems. http://curl.haxx.se/dev/async-resolver.txt

	* Move non-URL related functions that are used by both the lib and the curl
	application to a separate "portability lib".

	* Add libcurl support/interfaces for more languages. C++ wrapper perhaps?

	* "Content-Encoding: compress/gzip/zlib" HTTP 1.1 clearly defines how to get
	and decode compressed documents. There is the zlib that is pretty good at
	decompressing stuff. This work was started in October 1999 but halted again
	since it proved more work than we thought. It is still a good idea to
	implement though.

	* Authentication: NTLM. Support for that MS crap called NTLM
	authentication. MS proxies and servers sometime require that. Since that
	protocol is a proprietary one, it involves reverse engineering and network
	sniffing. This should however be a library-based functionality. There are a
	few different efforts "out there" to make open source HTTP clients support
	this and it should be possible to take advantage of other people's hard
	work. http://modntlm.sourceforge.net/ is one. There's a web page at
	http://www.innovation.ch/java/ntlm.html that contains detailed reverse-
	engineered info.

	* RFC2617 compliance, "Digest Access Authentication"
	A valid test page seem to exist at:
	http://hopf.math.nwu.edu/testpage/digest/
	And some friendly person's server source code is available at
	http://hopf.math.nwu.edu/digestauth/index.html
	Then there's the Apache mod_digest source code too of course. It seems as
	if Netscape doesn't support this, and not many servers do. Although this is
	a lot better authentication method than the more common "Basic". Basic
	sends the password in cleartext over the network, this "Digest" method uses
	a challange-response protocol which increases security quite a lot.

	* Other proxies
	Ftp-kind proxy, Socks5, whatever kind of proxies are there?

	* Full IPv6 Awareness and support. (This is partly done.) RFC 2428 "FTP
	Extensions for IPv6 and NATs" is interesting. PORT should be replaced with
	EPRT for IPv6 (done), and EPSV instead of PASV.