TODO 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561
  1. _ _ ____ _
  2. ___| | | | _ \| |
  3. / __| | | | |_) | |
  4. | (__| |_| | _ <| |___
  5. \___|\___/|_| \_\_____|
  6. Things that could be nice to do in the future
  7. Things to do in project cURL. Please tell us what you think, contribute and
  8. send us patches that improve things!
  9. All bugs documented in the KNOWN_BUGS document are subject for fixing!
  10. 1. libcurl
  11. 1.2 More data sharing
  12. 1.3 struct lifreq
  13. 1.4 signal-based resolver timeouts
  14. 1.5 get rid of PATH_MAX
  15. 1.6 progress callback without doubles
  16. 2. libcurl - multi interface
  17. 2.1 More non-blocking
  18. 2.2 Remove easy interface internally
  19. 2.4 Fix HTTP Pipelining for PUT
  20. 3. Documentation
  21. 3.1 More and better
  22. 4. FTP
  23. 4.1 HOST
  24. 4.2 Alter passive/active on failure and retry
  25. 4.3 Earlier bad letter detection
  26. 4.4 REST for large files
  27. 4.5 FTP proxy support
  28. 4.6 ASCII support
  29. 5. HTTP
  30. 5.1 Better persistency for HTTP 1.0
  31. 5.2 support FF3 sqlite cookie files
  32. 5.3 Rearrange request header order
  33. 6. TELNET
  34. 6.1 ditch stdin
  35. 6.2 ditch telnet-specific select
  36. 6.3 feature negotiation debug data
  37. 6.4 send data in chunks
  38. 7. SSL
  39. 7.1 Disable specific versions
  40. 7.2 Provide mutex locking API
  41. 7.3 Evaluate SSL patches
  42. 7.4 Cache OpenSSL contexts
  43. 7.5 Export session ids
  44. 7.6 Provide callback for cert verification
  45. 7.7 Support other SSL libraries
  46. 7.9 improve configure --with-ssl
  47. 8. GnuTLS
  48. 8.1 SSL engine stuff
  49. 8.3 check connection
  50. 8.4 non-gcrypt
  51. 9. Other protocols
  52. 10. New protocols
  53. 10.1 RSYNC
  54. 11. Client
  55. 11.1 sync
  56. 11.2 glob posts
  57. 11.3 prevent file overwriting
  58. 11.4 simultaneous parallel transfers
  59. 11.5 provide formpost headers
  60. 11.6 url-specific options
  61. 11.7 metalink support
  62. 11.8 warning when setting an option
  63. 11.9 IPv6 addresses with globbing
  64. 12. Build
  65. 12.1 roffit
  66. 13. Test suite
  67. 13.1 SSL tunnel
  68. 13.2 nicer lacking perl message
  69. 13.3 more protocols supported
  70. 13.4 more platforms supported
  71. 14. Next SONAME bump
  72. 14.1 http-style HEAD output for ftp
  73. 14.2 combine error codes
  74. 14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
  75. 15. Next major release
  76. 15.1 cleanup return codes
  77. 15.2 remove obsolete defines
  78. 15.3 size_t
  79. 15.4 remove several functions
  80. 15.5 remove CURLOPT_FAILONERROR
  81. 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
  82. 15.7 remove progress meter from libcurl
  83. 15.8 remove 'curl_httppost' from public
  84. ==============================================================================
  85. 1. libcurl
  86. 1.2 More data sharing
  87. curl_share_* functions already exist and work, and they can be extended to
  88. share more. For example, enable sharing of the ares channel and the
  89. connection cache.
  90. 1.3 struct lifreq
  91. Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
  92. SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete.
  93. To support ipv6 interface addresses for network interfaces properly.
  94. 1.4 signal-based resolver timeouts
  95. libcurl built without an asynchronous resolver library uses alarm() to time
  96. out DNS lookups. When a timeout occurs, this causes libcurl to jump from the
  97. signal handler back into the library with a sigsetjmp, which effectively
  98. causes libcurl to continue running within the signal handler. This is
  99. non-portable and could cause problems on some platforms. A discussion on the
  100. problem is available at http://curl.haxx.se/mail/lib-2008-09/0197.html
  101. Also, alarm() provides timeout resolution only to the nearest second. alarm
  102. ought to be replaced by setitimer on systems that support it.
  103. 1.5 get rid of PATH_MAX
  104. Having code use and rely on PATH_MAX is not nice:
  105. http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html
  106. Currently the SSH based code uses it a bit, but to remove PATH_MAX from there
  107. we need libssh2 to properly tell us when we pass in a too small buffer and
  108. its current API (as of libssh2 1.2.7) doesn't.
  109. 1.6 progress callback without doubles
  110. The progress callback was introduced way back in the days and the choice to
  111. use doubles in the arguments was possibly good at the time. Today the doubles
  112. only confuse users and make the amounts less precise. We should introduce
  113. another progress callback option that take precedence over the old one and
  114. have both co-exist for a forseeable time until we can remove the double-using
  115. one.
  116. 2. libcurl - multi interface
  117. 2.1 More non-blocking
  118. Make sure we don't ever loop because of non-blocking sockets returning
  119. EWOULDBLOCK or similar. Blocking cases include:
  120. - Name resolves on non-windows unless c-ares is used
  121. - NSS SSL connections
  122. - Active FTP connections
  123. - HTTP proxy CONNECT operations
  124. - SOCKS proxy handshakes
  125. - file:// transfers
  126. - TELNET transfers
  127. - The "DONE" operation (post transfer protocol-specific actions) for the
  128. protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task.
  129. 2.2 Remove easy interface internally
  130. Make curl_easy_perform() a wrapper-function that simply creates a multi
  131. handle, adds the easy handle to it, runs curl_multi_perform() until the
  132. transfer is done, then detach the easy handle, destroy the multi handle and
  133. return the easy handle's return code. This will thus make everything
  134. internally use and assume the multi interface. The select()-loop should use
  135. curl_multi_socket().
  136. 2.4 Fix HTTP Pipelining for PUT
  137. HTTP Pipelining can be a way to greatly enhance performance for multiple
  138. serial requests and currently libcurl only supports that for HEAD and GET
  139. requests but it should also be possible for PUT.
  140. 3. Documentation
  141. 3.1 More and better
  142. Exactly
  143. 4. FTP
  144. 4.1 HOST
  145. HOST is a suggested command in the works for a client to tell which host name
  146. to use, to offer FTP servers named-based virtual hosting:
  147. http://tools.ietf.org/html/draft-hethmon-mcmurray-ftp-hosts-11
  148. 4.2 Alter passive/active on failure and retry
  149. When trying to connect passively to a server which only supports active
  150. connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the
  151. connection. There could be a way to fallback to an active connection (and
  152. vice versa). http://curl.haxx.se/bug/feature.cgi?id=1754793
  153. 4.3 Earlier bad letter detection
  154. Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in the
  155. process to avoid doing a resolve and connect in vain.
  156. 4.4 REST for large files
  157. REST fix for servers not behaving well on >2GB requests. This should fail if
  158. the server doesn't set the pointer to the requested index. The tricky
  159. (impossible?) part is to figure out if the server did the right thing or not.
  160. 4.5 FTP proxy support
  161. Support the most common FTP proxies, Philip Newton provided a list allegedly
  162. from ncftp. This is not a subject without debate, and is probably not really
  163. suitable for libcurl. http://curl.haxx.se/mail/archive-2003-04/0126.html
  164. 4.6 ASCII support
  165. FTP ASCII transfers do not follow RFC959. They don't convert the data
  166. accordingly.
  167. 5. HTTP
  168. 5.1 Better persistency for HTTP 1.0
  169. "Better" support for persistent connections over HTTP 1.0
  170. http://curl.haxx.se/bug/feature.cgi?id=1089001
  171. 5.2 support FF3 sqlite cookie files
  172. Firefox 3 is changing from its former format to a a sqlite database instead.
  173. We should consider how (lib)curl can/should support this.
  174. http://curl.haxx.se/bug/feature.cgi?id=1871388
  175. 5.3 Rearrange request header order
  176. Server implementors often make an effort to detect browser and to reject
  177. clients it can detect to not match. One of the last details we cannot yet
  178. control in libcurl's HTTP requests, which also can be exploited to detect
  179. that libcurl is in fact used even when it tries to impersonate a browser, is
  180. the order of the request headers. I propose that we introduce a new option in
  181. which you give headers a value, and then when the HTTP request is built it
  182. sorts the headers based on that number. We could then have internally created
  183. headers use a default value so only headers that need to be moved have to be
  184. specified.
  185. 6. TELNET
  186. 6.1 ditch stdin
  187. Reading input (to send to the remote server) on stdin is a crappy solution for
  188. library purposes. We need to invent a good way for the application to be able
  189. to provide the data to send.
  190. 6.2 ditch telnet-specific select
  191. Move the telnet support's network select() loop go away and merge the code
  192. into the main transfer loop. Until this is done, the multi interface won't
  193. work for telnet.
  194. 6.3 feature negotiation debug data
  195. Add telnet feature negotiation data to the debug callback as header data.
  196. 6.4 send data in chunks
  197. Currently, telnet sends data one byte at a time. This is fine for interactive
  198. use, but inefficient for any other. Sent data should be sent in larger
  199. chunks.
  200. 7. SSL
  201. 7.1 Disable specific versions
  202. Provide an option that allows for disabling specific SSL versions, such as
  203. SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
  204. 7.2 Provide mutex locking API
  205. Provide a libcurl API for setting mutex callbacks in the underlying SSL
  206. library, so that the same application code can use mutex-locking
  207. independently of OpenSSL or GnutTLS being used.
  208. 7.3 Evaluate SSL patches
  209. Evaluate/apply Gertjan van Wingerde's SSL patches:
  210. http://curl.haxx.se/mail/lib-2004-03/0087.html
  211. 7.4 Cache OpenSSL contexts
  212. "Look at SSL cafile - quick traces look to me like these are done on every
  213. request as well, when they should only be necessary once per ssl context (or
  214. once per handle)". The major improvement we can rather easily do is to make
  215. sure we don't create and kill a new SSL "context" for every request, but
  216. instead make one for every connection and re-use that SSL context in the same
  217. style connections are re-used. It will make us use slightly more memory but
  218. it will libcurl do less creations and deletions of SSL contexts.
  219. 7.5 Export session ids
  220. Add an interface to libcurl that enables "session IDs" to get
  221. exported/imported. Cris Bailiff said: "OpenSSL has functions which can
  222. serialise the current SSL state to a buffer of your choice, and recover/reset
  223. the state from such a buffer at a later date - this is used by mod_ssl for
  224. apache to implement and SSL session ID cache".
  225. 7.6 Provide callback for cert verification
  226. OpenSSL supports a callback for customised verification of the peer
  227. certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
  228. it be? There's so much that could be done if it were!
  229. 7.7 Support other SSL libraries
  230. Make curl's SSL layer capable of using other free SSL libraries. Such as
  231. MatrixSSL (http://www.matrixssl.org/).
  232. 7.9 improve configure --with-ssl
  233. make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
  234. then NSS...
  235. 8. GnuTLS
  236. 8.1 SSL engine stuff
  237. Is this even possible?
  238. 8.3 check connection
  239. Add a way to check if the connection seems to be alive, to correspond to the
  240. SSL_peak() way we use with OpenSSL.
  241. 8.4 non-gcrypt
  242. libcurl assumes that there are gcrypt functions available when
  243. GnuTLS is.
  244. GnuTLS can be built to use libnettle instead as crypto library,
  245. which breaks the previously mentioned assumption
  246. The correct fix would be to detect which crypto layer that is in use and
  247. adapt our code to use that instead of blindly assuming gcrypt.
  248. 9. Other protocols
  249. 10. New protocols
  250. 10.1 RSYNC
  251. There's no RFC for protocol nor URI/URL format. An implementation should
  252. most probably use an existing rsync library, such as librsync.
  253. 11. Client
  254. 11.1 sync
  255. "curl --sync http://example.com/feed[1-100].rss" or
  256. "curl --sync http://example.net/{index,calendar,history}.html"
  257. Downloads a range or set of URLs using the remote name, but only if the
  258. remote file is newer than the local file. A Last-Modified HTTP date header
  259. should also be used to set the mod date on the downloaded file.
  260. 11.2 glob posts
  261. Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
  262. This is easily scripted though.
  263. 11.3 prevent file overwriting
  264. Add an option that prevents cURL from overwriting existing local files. When
  265. used, and there already is an existing file with the target file name
  266. (either -O or -o), a number should be appended (and increased if already
  267. existing). So that index.html becomes first index.html.1 and then
  268. index.html.2 etc.
  269. 11.4 simultaneous parallel transfers
  270. The client could be told to use maximum N simultaneous parallel transfers and
  271. then just make sure that happens. It should of course not make more than one
  272. connection to the same remote host. This would require the client to use the
  273. multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
  274. 11.5 provide formpost headers
  275. Extending the capabilities of the multipart formposting. How about leaving
  276. the ';type=foo' syntax as it is and adding an extra tag (headers) which
  277. works like this: curl -F "coolfiles=@fil1.txt;headers=@fil1.hdr" where
  278. fil1.hdr contains extra headers like
  279. Content-Type: text/plain; charset=KOI8-R"
  280. Content-Transfer-Encoding: base64
  281. X-User-Comment: Please don't use browser specific HTML code
  282. which should overwrite the program reasonable defaults (plain/text,
  283. 8bit...)
  284. 11.6 url-specific options
  285. Provide a way to make options bound to a specific URL among several on the
  286. command line. Possibly by letting ':' separate options between URLs,
  287. similar to this:
  288. curl --data foo --url url.com : \
  289. --url url2.com : \
  290. --url url3.com --data foo3
  291. (More details: http://curl.haxx.se/mail/archive-2004-07/0133.html)
  292. The example would do a POST-GET-POST combination on a single command line.
  293. 11.7 metalink support
  294. Add metalink support to curl (http://www.metalinker.org/). This is most useful
  295. with simultaneous parallel transfers (11.6) but not necessary.
  296. 11.8 warning when setting an option
  297. Display a warning when libcurl returns an error when setting an option.
  298. This can be useful to tell when support for a particular feature hasn't been
  299. compiled into the library.
  300. 11.9 IPv6 addresses with globbing
  301. Currently the command line client needs to get url globbing disabled (with
  302. -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
  303. that should be corrected. It probably involves a smarter detection of the
  304. '[' and ']' letters.
  305. 12. Build
  306. 12.1 roffit
  307. Consider extending 'roffit' to produce decent ASCII output, and use that
  308. instead of (g)nroff when building src/hugehelp.c
  309. 13. Test suite
  310. 13.1 SSL tunnel
  311. Make our own version of stunnel for simple port forwarding to enable HTTPS
  312. and FTP-SSL tests without the stunnel dependency, and it could allow us to
  313. provide test tools built with either OpenSSL or GnuTLS
  314. 13.2 nicer lacking perl message
  315. If perl wasn't found by the configure script, don't attempt to run the tests
  316. but explain something nice why it doesn't.
  317. 13.3 more protocols supported
  318. Extend the test suite to include more protocols. The telnet could just do ftp
  319. or http operations (for which we have test servers).
  320. 13.4 more platforms supported
  321. Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
  322. fork()s and it should become even more portable.
  323. 14. Next SONAME bump
  324. 14.1 http-style HEAD output for ftp
  325. #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
  326. from being output in NOBODY requests over ftp
  327. 14.2 combine error codes
  328. Combine some of the error codes to remove duplicates. The original
  329. numbering should not be changed, and the old identifiers would be
  330. macroed to the new ones in an CURL_NO_OLDIES section to help with
  331. backward compatibility.
  332. Candidates for removal and their replacements:
  333. CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND
  334. CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND
  335. CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR
  336. CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT
  337. CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT
  338. CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL
  339. CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
  340. CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED
  341. 14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
  342. The current prototype only provides 'purpose' that tells what the
  343. connection/socket is for, but not any protocol or similar. It makes it hard
  344. for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
  345. similar.
  346. 15. Next major release
  347. 15.1 cleanup return codes
  348. curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
  349. CURLMcode. These should be changed to be the same.
  350. 15.2 remove obsolete defines
  351. remove obsolete defines from curl/curl.h
  352. 15.3 size_t
  353. make several functions use size_t instead of int in their APIs
  354. 15.4 remove several functions
  355. remove the following functions from the public API:
  356. curl_getenv
  357. curl_mprintf (and variations)
  358. curl_strequal
  359. curl_strnequal
  360. They will instead become curlx_ - alternatives. That makes the curl app
  361. still capable of using them, by building with them from source.
  362. These functions have no purpose anymore:
  363. curl_multi_socket
  364. curl_multi_socket_all
  365. 15.5 remove CURLOPT_FAILONERROR
  366. Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
  367. internally. Let the app judge success or not for itself.
  368. 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
  369. Remove support for a global DNS cache. Anything global is silly, and we
  370. already offer the share interface for the same functionality but done
  371. "right".
  372. 15.7 remove progress meter from libcurl
  373. The internally provided progress meter output doesn't belong in the library.
  374. Basically no application wants it (apart from curl) but instead applications
  375. can and should do their own progress meters using the progress callback.
  376. The progress callback should then be bumped as well to get proper 64bit
  377. variable types passed to it instead of doubles so that big files work
  378. correctly.
  379. 15.8 remove 'curl_httppost' from public
  380. curl_formadd() was made to fill in a public struct, but the fact that the
  381. struct is public is never really used by application for their own advantage
  382. but instead often restricts how the form functions can or can't be modified.
  383. Changing them to return a private handle will benefit the implementation and
  384. allow us much greater freedoms while still maintining a solid API and ABI.