1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
TODO
Things to do in project cURL. Please tell me what you think, contribute and
send me patches that improve things! Also check the http://curl.haxx.se/dev
web section for various development notes.
To do in a future release (random order):
* Using FILE * in the libcurl API introduces a serious limitation since (at
least in the *nix falvours I know) you can fopen only the first 256
files. This means, that an application that first opens or fopens 256 files
has no chance to use libcurl. Using open and file descriptors instead of
FILE * would solve the problem. This implies a minor API
change/enhancement. ck1 <ck1@swissonline.ch>
* It would be nice to be able to use "-d" (or something similar) to attach
parameters of EITHER the GET or POST type... It would either require
another curl argument to specify "GET" (obviously the default should remain
POST), or it would require a new curl argument (perhaps -G/--get-data).
I know we're running out of letters, but it somehow feels a little
"cleaner" to just tag on each of your HTTP "parameters" (data-items) one by
one and let curl put them together, rather than having to put them together
myself and include them in the URL.
* Add an interface that enables a user to select prefered SSL ciphers to use.
* Make curl deal with cookies better. libcurl should be able to maintain a
"cookie jar". Updating it with cookies that is received, and using it to
pass cookies to the servers that have matching cookies in the jar.
http://curl.haxx.se/dev/cookie-jar.txt
* Consider an interface to libcurl that allows applications to easier get to
know what cookies that are sent back in the response headers.
* Make SSL session ids get used if multiple HTTPS documents from the same
host is requested. http://curl.haxx.se/dev/SSL_session_id.txt
* HTTP PUT for files passed on stdin. Requires libcurl to send the file
with chunked content encoding. http://curl.haxx.se/dev/HTTP-PUT-stdin.txt
* Introduce another callback interface for upload/download that makes one
less copy of data and thus a faster operation.
http://curl.haxx.se/dev/no_copy_callbacks.txt
* Suggested on the mailing list: CURLOPT_FTP_MKDIR...!
* Add configure options that disables certain protocols in libcurl to
decrease footprint. '--disable-[protocol]' where protocol is http, ftp,
telnet, ldap, dict or file.
* Extend the test suite to include telnet. The telnet could just do ftp or
http operations (for which we have test servers).
* Make TELNET work on windows!
* Add a command line option that allows the output file to get the same time
stamp as the remote file. libcurl already is capable of fetching the remote
file's date.
* Make curl's SSL layer option capable of using other free SSL libraries.
Such as the Mozilla Security Services
(http://www.mozilla.org/projects/security/pki/nss/) and GNUTLS
(http://gnutls.hellug.gr/)
* Add asynchronous name resolving, as this enables full timeout support for
fork() systems. http://curl.haxx.se/dev/async-resolver.txt
* Move non-URL related functions that are used by both the lib and the curl
application to a separate "portability lib".
* Add libcurl support/interfaces for more languages. C++ wrapper perhaps?
* "Content-Encoding: compress/gzip/zlib" HTTP 1.1 clearly defines how to get
and decode compressed documents. There is the zlib that is pretty good at
decompressing stuff. This work was started in October 1999 but halted again
since it proved more work than we thought. It is still a good idea to
implement though.
* Authentication: NTLM. Support for that MS crap called NTLM
authentication. MS proxies and servers sometime require that. Since that
protocol is a proprietary one, it involves reverse engineering and network
sniffing. This should however be a library-based functionality. There are a
few different efforts "out there" to make open source HTTP clients support
this and it should be possible to take advantage of other people's hard
work. http://modntlm.sourceforge.net/ is one. There's a web page at
http://www.innovation.ch/java/ntlm.html that contains detailed reverse-
engineered info.
* RFC2617 compliance, "Digest Access Authentication"
A valid test page seem to exist at:
http://hopf.math.nwu.edu/testpage/digest/
And some friendly person's server source code is available at
http://hopf.math.nwu.edu/digestauth/index.html
Then there's the Apache mod_digest source code too of course. It seems as
if Netscape doesn't support this, and not many servers do. Although this is
a lot better authentication method than the more common "Basic". Basic
sends the password in cleartext over the network, this "Digest" method uses
a challange-response protocol which increases security quite a lot.
* Other proxies
Ftp-kind proxy, Socks5, whatever kind of proxies are there?
* Full IPv6 Awareness and support. (This is partly done.) RFC 2428 "FTP
Extensions for IPv6 and NATs" is interesting. PORT should be replaced with
EPRT for IPv6 (done), and EPSV instead of PASV.
|