1.3 struct lifreq
1.4 signal-based resolver timeouts
1.5 get rid of PATH_MAX
- 1.6 progress callback without doubles
- 1.7 Happy Eyeball dual stack connect
+ 1.6 Modified buffer size approach
+ 1.7 Detect when called from within callbacks
+ 1.8 Allow SSL (HTTPS) to proxy
+ 1.9 Cache negative name resolves
2. libcurl - multi interface
2.1 More non-blocking
- 2.2 Remove easy interface internally
- 2.4 Fix HTTP Pipelining for PUT
+ 2.2 Fix HTTP Pipelining for PUT
+ 2.3 Better support for same name resolves
3. Documentation
- 3.1 More and better
+ 3.1 Update date and version in man pages
4. FTP
4.1 HOST
4.2 Alter passive/active on failure and retry
4.3 Earlier bad letter detection
4.4 REST for large files
- 4.5 FTP proxy support
- 4.6 ASCII support
+ 4.5 ASCII support
+ 4.6 GSSAPI via Windows SSPI
+ 4.7 STAT for LIST without data connection
5. HTTP
5.1 Better persistency for HTTP 1.0
5.2 support FF3 sqlite cookie files
5.3 Rearrange request header order
+ 5.4 SPDY
+ 5.5 auth= in URLs
6. TELNET
6.1 ditch stdin
6.3 feature negotiation debug data
6.4 send data in chunks
- 7. SSL
- 7.1 Disable specific versions
- 7.2 Provide mutex locking API
- 7.3 Evaluate SSL patches
- 7.4 Cache OpenSSL contexts
- 7.5 Export session ids
- 7.6 Provide callback for cert verification
- 7.7 Support other SSL libraries
- 7.9 improve configure --with-ssl
- 7.10 Support DANE
-
- 8. GnuTLS
- 8.1 SSL engine stuff
- 8.3 check connection
-
- 9. SMTP
- 9.1 Specify the preferred authentication mechanism
- 9.2 Initial response
- 9.3 Pipelining
+ 7. SMTP
+ 7.1 Pipelining
+ 7.2 Enhanced capability support
- 10. POP3
- 10.1 auth= in URLs
+ 8. POP3
+ 8.1 Pipelining
+ 8.2 Enhanced capability support
- 11. IMAP
- 11.1 SASL based authentication mechanisms
+ 9. IMAP
+ 9.1 Enhanced capability support
- 12. LDAP
- 12.1 SASL based authentication mechanisms
+ 10. LDAP
+ 10.1 SASL based authentication mechanisms
- 13. Other protocols
-
- 14. New protocols
- 14.1 RSYNC
+ 11. SMB
+ 11.1 File listing support
+ 11.2 Honor file timestamps
+ 11.3 Use NTLMv2
+
+ 12. New protocols
+ 12.1 RSYNC
+
+ 13. SSL
+ 13.1 Disable specific versions
+ 13.2 Provide mutex locking API
+ 13.3 Evaluate SSL patches
+ 13.4 Cache OpenSSL contexts
+ 13.5 Export session ids
+ 13.6 Provide callback for cert verification
+ 13.7 improve configure --with-ssl
+ 13.8 Support DANE
+
+ 14. GnuTLS
+ 14.1 SSL engine stuff
+ 14.2 check connection
15. SASL
15.1 Other authentication mechanisms
+ 15.2 Add QOP support to GSSAPI authentication
16. Client
16.1 sync
16.3 prevent file overwriting
16.4 simultaneous parallel transfers
16.5 provide formpost headers
- 16.6 url-specific options
- 16.7 warning when setting an option
- 16.8 IPv6 addresses with globbing
+ 16.6 warning when setting an option
17. Build
17.1 roffit
18.2 nicer lacking perl message
18.3 more protocols supported
18.4 more platforms supported
+ 18.5 Add support for concurrent connections
19. Next SONAME bump
- 19.1 http-style HEAD output for ftp
+ 19.1 http-style HEAD output for FTP
19.2 combine error codes
19.3 extend CURLOPT_SOCKOPTFUNCTION prototype
Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete.
- To support ipv6 interface addresses for network interfaces properly.
+ To support IPv6 interface addresses for network interfaces properly.
1.4 signal-based resolver timeouts
we need libssh2 to properly tell us when we pass in a too small buffer and
its current API (as of libssh2 1.2.7) doesn't.
-1.6 progress callback without doubles
+1.6 Modified buffer size approach
+
+ Current libcurl allocates a fixed 16K size buffer for download and an
+ additional 16K for upload. They are always unconditionally part of the easy
+ handle. If CRLF translations are requested, an additional 32K "scratch
+ buffer" is allocated. A total of 64K transfer buffers in the worst case.
+
+ First, while the handles are not actually in use these buffers could be freed
+ so that lingering handles just kept in queues or whatever waste less memory.
+
+ Secondly, SFTP is a protocol that needs to handle many ~30K blocks at once
+ since each need to be individually acked and therefore libssh2 must be
+ allowed to send (or receive) many separate ones in parallel to achieve high
+ transfer speeds. A current libcurl build with a 16K buffer makes that
+ impossible, but one with a 512K buffer will reach MUCH faster transfers. But
+ allocating 512K unconditionally for all buffers just in case they would like
+ to do fast SFTP transfers at some point is not a good solution either.
+
+ Dynamically allocate buffer size depending on protocol in use in combination
+ with freeing it after each individual transfer? Other suggestions?
+
+1.7 Detect when called from within callbacks
- The progress callback was introduced way back in the days and the choice to
- use doubles in the arguments was possibly good at the time. Today the doubles
- only confuse users and make the amounts less precise. We should introduce
- another progress callback option that take precedence over the old one and
- have both co-exist for a forseeable time until we can remove the double-using
- one.
+ We should set a state variable before calling callbacks, so that we
+ subsequently can add code within libcurl that returns error if called within
+ callbacks for when that's not supported.
-1.7 Happy Eyeball dual stack connect
+1.8 Allow SSL (HTTPS) to proxy
- In order to make alternative technologies not suffer when transitioning, like
- when introducing IPv6 as an alternative to IPv4 and there are more than one
- option existing simultaneously there are reasons to reconsider internal
- choices.
+ To prevent local users from snooping on your traffic to the proxy. Supported
+ by Chrome already:
+ http://www.chromium.org/developers/design-documents/secure-web-proxy
- To make libcurl do blazing fast IPv6 in a dual-stack configuration, this needs
- to be addressed:
+ ...and by Firefox soon:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=378637
- http://tools.ietf.org/html/rfc6555
+1.9 Cache negative name resolves
+
+ A name resolve that has failed is likely to fail when made again within a
+ short period of time. Currently we only cache positive responses.
2. libcurl - multi interface
- The "DONE" operation (post transfer protocol-specific actions) for the
protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task.
-2.2 Remove easy interface internally
-
- Make curl_easy_perform() a wrapper-function that simply creates a multi
- handle, adds the easy handle to it, runs curl_multi_perform() until the
- transfer is done, then detach the easy handle, destroy the multi handle and
- return the easy handle's return code. This will thus make everything
- internally use and assume the multi interface. The select()-loop should use
- curl_multi_socket().
-
-2.4 Fix HTTP Pipelining for PUT
+2.2 Fix HTTP Pipelining for PUT
HTTP Pipelining can be a way to greatly enhance performance for multiple
serial requests and currently libcurl only supports that for HEAD and GET
requests but it should also be possible for PUT.
+2.3 Better support for same name resolves
+
+ If a name resolve has been initiated for name NN and a second easy handle
+ wants to resolve that name as well, make it wait for the first resolve to end
+ up in the cache instead of doing a second separate resolve. This is
+ especially needed when adding many simultaneous handles using the same host
+ name when the DNS resolver can get flooded.
+
+
3. Documentation
-3.1 More and better
+3.1 Update date and version in man pages
- Exactly
+ 'maketgz' or another suitable script could update the .TH sections of the man
+ pages at release time to use the current date and curl/libcurl version
+ number.
4. FTP
4.1 HOST
- HOST is a suggested command in the works for a client to tell which host name
- to use, to offer FTP servers named-based virtual hosting:
+ HOST is a command for a client to tell which host name to use, to offer FTP
+ servers named-based virtual hosting:
- http://tools.ietf.org/html/draft-hethmon-mcmurray-ftp-hosts-11
+ http://tools.ietf.org/html/rfc7151
4.2 Alter passive/active on failure and retry
4.3 Earlier bad letter detection
- Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in the
+ Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the
process to avoid doing a resolve and connect in vain.
4.4 REST for large files
the server doesn't set the pointer to the requested index. The tricky
(impossible?) part is to figure out if the server did the right thing or not.
-4.5 FTP proxy support
-
- Support the most common FTP proxies, Philip Newton provided a list allegedly
- from ncftp. This is not a subject without debate, and is probably not really
- suitable for libcurl. http://curl.haxx.se/mail/archive-2003-04/0126.html
-
-4.6 ASCII support
+4.5 ASCII support
FTP ASCII transfers do not follow RFC959. They don't convert the data
accordingly.
+4.6 GSSAPI via Windows SSPI
+
+In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5)
+via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add
+support for GSSAPI authentication via Windows SSPI.
+
+4.7 STAT for LIST without data connection
+
+Some FTP servers allow STAT for listing directories instead of using LIST, and
+the response is then sent over the control connection instead of as the
+otherwise usedw data connection: http://www.nsftools.com/tips/RawFTP.htm#STAT
+
+This is not detailed in any FTP specification.
+
5. HTTP
5.1 Better persistency for HTTP 1.0
headers use a default value so only headers that need to be moved have to be
specified.
+5.4 SPDY
+
+ Chrome and Firefox already support SPDY and lots of web services do. There's
+ a library for us to use for this (spdylay) that has a similar API and the
+ same author as nghttp2.
+
+ spdylay: https://github.com/tatsuhiro-t/spdylay
+
+5.5 auth= in URLs
+
+ Add the ability to specify the preferred authentication mechanism to use by
+ using ;auth=<mech> in the login part of the URL.
+
+ For example:
+
+ http://test:pass;auth=NTLM@example.com would be equivalent to specifying --user
+ test:pass;auth=NTLM or --user test:pass --ntlm from the command line.
+
+ Additionally this should be implemented for proxy base URLs as well.
6. TELNET
use, but inefficient for any other. Sent data should be sent in larger
chunks.
-7. SSL
+7. SMTP
+
+7.1 Pipelining
+
+ Add support for pipelining emails.
+
+7.2 Enhanced capability support
+
+ Add the ability, for an application that uses libcurl, to obtain the list of
+ capabilities returned from the EHLO command.
+
+8. POP3
+
+8.1 Pipelining
+
+ Add support for pipelining commands.
+
+8.2 Enhanced capability support
+
+ Add the ability, for an application that uses libcurl, to obtain the list of
+ capabilities returned from the CAPA command.
+
+9. IMAP
+
+9.1 Enhanced capability support
+
+ Add the ability, for an application that uses libcurl, to obtain the list of
+ capabilities returned from the CAPABILITY command.
+
+10. LDAP
+
+10.1 SASL based authentication mechanisms
+
+ Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
+ to an LDAP server. However, this function sends username and password details
+ using the simple authentication mechanism (as clear text). However, it should
+ be possible to use ldap_bind_s() instead specifying the security context
+ information ourselves.
+
+11. SMB
+
+11.1 File listing support
+
+Add support for listing the contents of a SMB share. The output should probably
+be the same as/similar to FTP.
+
+11.2 Honor file timestamps
+
+The timestamp of the transfered file should reflect that of the original file.
-7.1 Disable specific versions
+11.3 Use NTLMv2
+
+Currently the SMB authentication uses NTLMv1.
+
+12. New protocols
+
+12.1 RSYNC
+
+ There's no RFC for the protocol or an URI/URL format. An implementation
+ should most probably use an existing rsync library, such as librsync.
+
+13. SSL
+
+13.1 Disable specific versions
Provide an option that allows for disabling specific SSL versions, such as
SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
-7.2 Provide mutex locking API
+13.2 Provide mutex locking API
Provide a libcurl API for setting mutex callbacks in the underlying SSL
library, so that the same application code can use mutex-locking
independently of OpenSSL or GnutTLS being used.
-7.3 Evaluate SSL patches
+13.3 Evaluate SSL patches
Evaluate/apply Gertjan van Wingerde's SSL patches:
http://curl.haxx.se/mail/lib-2004-03/0087.html
-7.4 Cache OpenSSL contexts
+13.4 Cache OpenSSL contexts
"Look at SSL cafile - quick traces look to me like these are done on every
- request as well, when they should only be necessary once per ssl context (or
+ request as well, when they should only be necessary once per SSL context (or
once per handle)". The major improvement we can rather easily do is to make
sure we don't create and kill a new SSL "context" for every request, but
instead make one for every connection and re-use that SSL context in the same
style connections are re-used. It will make us use slightly more memory but
it will libcurl do less creations and deletions of SSL contexts.
-7.5 Export session ids
+13.5 Export session ids
Add an interface to libcurl that enables "session IDs" to get
exported/imported. Cris Bailiff said: "OpenSSL has functions which can
the state from such a buffer at a later date - this is used by mod_ssl for
apache to implement and SSL session ID cache".
-7.6 Provide callback for cert verification
+13.6 Provide callback for cert verification
OpenSSL supports a callback for customised verification of the peer
certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
it be? There's so much that could be done if it were!
-7.7 Support other SSL libraries
-
- Make curl's SSL layer capable of using other free SSL libraries. Such as
- MatrixSSL (http://www.matrixssl.org/).
-
-7.9 improve configure --with-ssl
+13.7 improve configure --with-ssl
make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
then NSS...
-7.10 Support DANE
+13.8 Support DANE
DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
keys and certs over DNS using DNSSEC as an alternative to the CA model.
http://www.rfc-editor.org/rfc/rfc6698.txt
+ An initial patch was posted by Suresh Krishnaswamy on March 7th 2013
+ (http://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple
+ approach. See Daniel's comments:
+ http://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the
+ correct library to base this development on.
-8. GnuTLS
+14. GnuTLS
-8.1 SSL engine stuff
+14.1 SSL engine stuff
Is this even possible?
-8.3 check connection
+14.2 check connection
Add a way to check if the connection seems to be alive, to correspond to the
SSL_peak() way we use with OpenSSL.
-
-9. SMTP
-
-9.1 Specify the preferred authentication mechanism
-
- Add the ability to specify the preferred authentication mechanism or a list
- of mechanisms that should be used. Not only that, but the order that is
- returned by the server during the EHLO response should be honored by curl.
-
-9.2 Initial response
-
- Add the ability for the user to specify whether the initial response is
- included in the AUTH command. Some email servers, such as Microsoft
- Exchange, can work with either whilst others need to have the initial
- response sent separately:
-
- http://curl.haxx.se/mail/lib-2012-03/0114.html
-
-9.3 Pipelining
-
- Add support for pipelining emails.
-
-10. POP3
-
-10.1 auth= in URLs
-
- Being able to specify the preferred authentication mechanism in the URL as
- per RFC2384.
-
-11. IMAP
-
-11.1 SASL based authentication mechanisms
-
- Curl currently sends usernames and passwords as clear text whilst SASL based
- authentication mechanisms can be more secure. As such, support should be
- added to support these authentication mechanisms.
-
-12. LDAP
-
-12.1 SASL based authentication mechansims
-
- Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
- to an LDAP server. However, this function sends username and password details
- using the simple authentication mechanism (as clear text). However, it should
- be possible to use ldap_bind_s() instead specifing the security context
- information ourselves.
-
-13. Other protocols
-
-14. New protocols
-
-14.1 RSYNC
-
- There's no RFC for the protocol or an URI/URL format. An implementation
- should most probably use an existing rsync library, such as librsync.
-
15. SASL
15.1 Other authentication mechanisms
- Add support for gssapi to SMTP and POP3.
+ Add support for other authentication mechanisms such as EXTERNAL, OLP,
+ GSS-SPNEGO and others.
+
+15.2 Add QOP support to GSSAPI authentication
+
+ Currently the GSSAPI authentication only supports the default QOP of auth
+ (Authentication), whilst Kerberos V5 supports both auth-int (Authentication
+ with integrity protection) and auth-conf (Authentication with integrity and
+ privacy protection).
16. Client
which should overwrite the program reasonable defaults (plain/text,
8bit...)
-16.6 url-specific options
-
- Provide a way to make options bound to a specific URL among several on the
- command line. Possibly by letting ':' separate options between URLs,
- similar to this:
-
- curl --data foo --url url.com : \
- --url url2.com : \
- --url url3.com --data foo3
-
- (More details: http://curl.haxx.se/mail/archive-2004-07/0133.html)
-
- The example would do a POST-GET-POST combination on a single command line.
-
-16.7 warning when setting an option
+16.6 warning when setting an option
Display a warning when libcurl returns an error when setting an option.
This can be useful to tell when support for a particular feature hasn't been
compiled into the library.
-16.8 IPv6 addresses with globbing
-
- Currently the command line client needs to get url globbing disabled (with
- -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
- that should be corrected. It probably involves a smarter detection of the
- '[' and ']' letters.
-
17. Build
17.1 roffit
Consider extending 'roffit' to produce decent ASCII output, and use that
- instead of (g)nroff when building src/hugehelp.c
+ instead of (g)nroff when building src/tool_hugehelp.c
18. Test suite
18.3 more protocols supported
- Extend the test suite to include more protocols. The telnet could just do ftp
+ Extend the test suite to include more protocols. The telnet could just do FTP
or http operations (for which we have test servers).
18.4 more platforms supported
Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
fork()s and it should become even more portable.
+18.5 Add support for concurrent connections
+
+ Tests 836, 882 and 938 were designed to verify that separate connections aren't
+ used when using different login credentials in protocols that shouldn't re-use
+ a connection under such circumstances.
+
+ Unfortunately, ftpserver.pl doesn't appear to support multiple concurrent
+ connections. The read while() loop seems to loop until it receives a disconnect
+ from the client, where it then enters the waiting for connections loop. When
+ the client opens a second connection to the server, the first connection hasn't
+ been dropped (unless it has been forced - which we shouldn't do in these tests)
+ and thus the wait for connections loop is never entered to receive the second
+ connection.
+
19. Next SONAME bump
-19.1 http-style HEAD output for ftp
+19.1 http-style HEAD output for FTP
#undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
- from being output in NOBODY requests over ftp
+ from being output in NOBODY requests over FTP
19.2 combine error codes
but instead often restricts how the form functions can or can't be modified.
Changing them to return a private handle will benefit the implementation and
- allow us much greater freedoms while still maintining a solid API and ABI.
+ allow us much greater freedoms while still maintaining a solid API and ABI.
20.9 have form functions use CURL handle argument
Rather than use the URL to specify the mail client string to present in the
HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
- specifing this data as the URL is non-standard and to be honest a bit of a
+ specifying this data as the URL is non-standard and to be honest a bit of a
hack ;-)
Please see the following thread for more information:
http://curl.haxx.se/mail/lib-2012-05/0178.html
-
\ No newline at end of file
+
projects / platform / upstream / curl.git / blobdiff