| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Things that could be nice to do in the future |
| |
| Things to do in project cURL. Please tell us what you think, contribute and |
| send us patches that improve things! |
| |
| All bugs documented in the KNOWN_BUGS document are subject for fixing! |
| |
| 1. libcurl |
| 1.2 More data sharing |
| 1.3 struct lifreq |
| 1.4 signal-based resolver timeouts |
| 1.5 get rid of PATH_MAX |
| 1.6 progress callback without doubles |
| 1.7 Happy Eyeball dual stack connect |
| |
| 2. libcurl - multi interface |
| 2.1 More non-blocking |
| 2.2 Remove easy interface internally |
| 2.4 Fix HTTP Pipelining for PUT |
| |
| 3. Documentation |
| 3.1 More and better |
| |
| 4. FTP |
| 4.1 HOST |
| 4.2 Alter passive/active on failure and retry |
| 4.3 Earlier bad letter detection |
| 4.4 REST for large files |
| 4.5 FTP proxy support |
| 4.6 ASCII support |
| |
| 5. HTTP |
| 5.1 Better persistency for HTTP 1.0 |
| 5.2 support FF3 sqlite cookie files |
| 5.3 Rearrange request header order |
| |
| 6. TELNET |
| 6.1 ditch stdin |
| 6.2 ditch telnet-specific select |
| 6.3 feature negotiation debug data |
| 6.4 send data in chunks |
| |
| 7. SSL |
| 7.1 Disable specific versions |
| 7.2 Provide mutex locking API |
| 7.3 Evaluate SSL patches |
| 7.4 Cache OpenSSL contexts |
| 7.5 Export session ids |
| 7.6 Provide callback for cert verification |
| 7.7 Support other SSL libraries |
| 7.9 improve configure --with-ssl |
| |
| 8. GnuTLS |
| 8.1 SSL engine stuff |
| 8.3 check connection |
| 8.4 non-gcrypt |
| |
| 9. Other protocols |
| |
| 10. New protocols |
| 10.1 RSYNC |
| |
| 11. Client |
| 11.1 sync |
| 11.2 glob posts |
| 11.3 prevent file overwriting |
| 11.4 simultaneous parallel transfers |
| 11.5 provide formpost headers |
| 11.6 url-specific options |
| 11.7 metalink support |
| 11.8 warning when setting an option |
| 11.9 IPv6 addresses with globbing |
| |
| 12. Build |
| 12.1 roffit |
| |
| 13. Test suite |
| 13.1 SSL tunnel |
| 13.2 nicer lacking perl message |
| 13.3 more protocols supported |
| 13.4 more platforms supported |
| |
| 14. Next SONAME bump |
| 14.1 http-style HEAD output for ftp |
| 14.2 combine error codes |
| 14.3 extend CURLOPT_SOCKOPTFUNCTION prototype |
| |
| 15. Next major release |
| 15.1 cleanup return codes |
| 15.2 remove obsolete defines |
| 15.3 size_t |
| 15.4 remove several functions |
| 15.5 remove CURLOPT_FAILONERROR |
| 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE |
| 15.7 remove progress meter from libcurl |
| 15.8 remove 'curl_httppost' from public |
| 15.9 have form functions use CURL handle argument |
| |
| ============================================================================== |
| |
| 1. libcurl |
| |
| 1.2 More data sharing |
| |
| curl_share_* functions already exist and work, and they can be extended to |
| share more. For example, enable sharing of the ares channel and the |
| connection cache. |
| |
| 1.3 struct lifreq |
| |
| Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and |
| SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete. |
| To support ipv6 interface addresses for network interfaces properly. |
| |
| 1.4 signal-based resolver timeouts |
| |
| libcurl built without an asynchronous resolver library uses alarm() to time |
| out DNS lookups. When a timeout occurs, this causes libcurl to jump from the |
| signal handler back into the library with a sigsetjmp, which effectively |
| causes libcurl to continue running within the signal handler. This is |
| non-portable and could cause problems on some platforms. A discussion on the |
| problem is available at http://curl.haxx.se/mail/lib-2008-09/0197.html |
| |
| Also, alarm() provides timeout resolution only to the nearest second. alarm |
| ought to be replaced by setitimer on systems that support it. |
| |
| 1.5 get rid of PATH_MAX |
| |
| Having code use and rely on PATH_MAX is not nice: |
| http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html |
| |
| Currently the SSH based code uses it a bit, but to remove PATH_MAX from there |
| we need libssh2 to properly tell us when we pass in a too small buffer and |
| its current API (as of libssh2 1.2.7) doesn't. |
| |
| 1.6 progress callback without doubles |
| |
| The progress callback was introduced way back in the days and the choice to |
| use doubles in the arguments was possibly good at the time. Today the doubles |
| only confuse users and make the amounts less precise. We should introduce |
| another progress callback option that take precedence over the old one and |
| have both co-exist for a forseeable time until we can remove the double-using |
| one. |
| |
| 1.7 Happy Eyeball dual stack connect |
| |
| In order to make alternative technologies not suffer when transitioning, like |
| when introducing IPv6 as an alternative to IPv4 and there are more than one |
| option existing simultaneously there are reasons to reconsider internal |
| choices. |
| |
| To make libcurl do blazing fast IPv6 in a dual-stack configuration, this needs |
| to be addressed: |
| |
| http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs-07 |
| |
| |
| 2. libcurl - multi interface |
| |
| 2.1 More non-blocking |
| |
| Make sure we don't ever loop because of non-blocking sockets returning |
| EWOULDBLOCK or similar. Blocking cases include: |
| |
| - Name resolves on non-windows unless c-ares is used |
| - NSS SSL connections |
| - HTTP proxy CONNECT operations |
| - SOCKS proxy handshakes |
| - file:// transfers |
| - TELNET transfers |
| - The "DONE" operation (post transfer protocol-specific actions) for the |
| protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task. |
| |
| 2.2 Remove easy interface internally |
| |
| Make curl_easy_perform() a wrapper-function that simply creates a multi |
| handle, adds the easy handle to it, runs curl_multi_perform() until the |
| transfer is done, then detach the easy handle, destroy the multi handle and |
| return the easy handle's return code. This will thus make everything |
| internally use and assume the multi interface. The select()-loop should use |
| curl_multi_socket(). |
| |
| 2.4 Fix HTTP Pipelining for PUT |
| |
| HTTP Pipelining can be a way to greatly enhance performance for multiple |
| serial requests and currently libcurl only supports that for HEAD and GET |
| requests but it should also be possible for PUT. |
| |
| 3. Documentation |
| |
| 3.1 More and better |
| |
| Exactly |
| |
| 4. FTP |
| |
| 4.1 HOST |
| |
| HOST is a suggested command in the works for a client to tell which host name |
| to use, to offer FTP servers named-based virtual hosting: |
| |
| http://tools.ietf.org/html/draft-hethmon-mcmurray-ftp-hosts-11 |
| |
| 4.2 Alter passive/active on failure and retry |
| |
| When trying to connect passively to a server which only supports active |
| connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the |
| connection. There could be a way to fallback to an active connection (and |
| vice versa). http://curl.haxx.se/bug/feature.cgi?id=1754793 |
| |
| 4.3 Earlier bad letter detection |
| |
| Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in the |
| process to avoid doing a resolve and connect in vain. |
| |
| 4.4 REST for large files |
| |
| REST fix for servers not behaving well on >2GB requests. This should fail if |
| the server doesn't set the pointer to the requested index. The tricky |
| (impossible?) part is to figure out if the server did the right thing or not. |
| |
| 4.5 FTP proxy support |
| |
| Support the most common FTP proxies, Philip Newton provided a list allegedly |
| from ncftp. This is not a subject without debate, and is probably not really |
| suitable for libcurl. http://curl.haxx.se/mail/archive-2003-04/0126.html |
| |
| 4.6 ASCII support |
| |
| FTP ASCII transfers do not follow RFC959. They don't convert the data |
| accordingly. |
| |
| 5. HTTP |
| |
| 5.1 Better persistency for HTTP 1.0 |
| |
| "Better" support for persistent connections over HTTP 1.0 |
| http://curl.haxx.se/bug/feature.cgi?id=1089001 |
| |
| 5.2 support FF3 sqlite cookie files |
| |
| Firefox 3 is changing from its former format to a a sqlite database instead. |
| We should consider how (lib)curl can/should support this. |
| http://curl.haxx.se/bug/feature.cgi?id=1871388 |
| |
| 5.3 Rearrange request header order |
| |
| Server implementors often make an effort to detect browser and to reject |
| clients it can detect to not match. One of the last details we cannot yet |
| control in libcurl's HTTP requests, which also can be exploited to detect |
| that libcurl is in fact used even when it tries to impersonate a browser, is |
| the order of the request headers. I propose that we introduce a new option in |
| which you give headers a value, and then when the HTTP request is built it |
| sorts the headers based on that number. We could then have internally created |
| headers use a default value so only headers that need to be moved have to be |
| specified. |
| |
| |
| 6. TELNET |
| |
| 6.1 ditch stdin |
| |
| Reading input (to send to the remote server) on stdin is a crappy solution for |
| library purposes. We need to invent a good way for the application to be able |
| to provide the data to send. |
| |
| 6.2 ditch telnet-specific select |
| |
| Move the telnet support's network select() loop go away and merge the code |
| into the main transfer loop. Until this is done, the multi interface won't |
| work for telnet. |
| |
| 6.3 feature negotiation debug data |
| |
| Add telnet feature negotiation data to the debug callback as header data. |
| |
| 6.4 send data in chunks |
| |
| Currently, telnet sends data one byte at a time. This is fine for interactive |
| use, but inefficient for any other. Sent data should be sent in larger |
| chunks. |
| |
| 7. SSL |
| |
| 7.1 Disable specific versions |
| |
| Provide an option that allows for disabling specific SSL versions, such as |
| SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276 |
| |
| 7.2 Provide mutex locking API |
| |
| Provide a libcurl API for setting mutex callbacks in the underlying SSL |
| library, so that the same application code can use mutex-locking |
| independently of OpenSSL or GnutTLS being used. |
| |
| 7.3 Evaluate SSL patches |
| |
| Evaluate/apply Gertjan van Wingerde's SSL patches: |
| http://curl.haxx.se/mail/lib-2004-03/0087.html |
| |
| 7.4 Cache OpenSSL contexts |
| |
| "Look at SSL cafile - quick traces look to me like these are done on every |
| request as well, when they should only be necessary once per ssl context (or |
| once per handle)". The major improvement we can rather easily do is to make |
| sure we don't create and kill a new SSL "context" for every request, but |
| instead make one for every connection and re-use that SSL context in the same |
| style connections are re-used. It will make us use slightly more memory but |
| it will libcurl do less creations and deletions of SSL contexts. |
| |
| 7.5 Export session ids |
| |
| Add an interface to libcurl that enables "session IDs" to get |
| exported/imported. Cris Bailiff said: "OpenSSL has functions which can |
| serialise the current SSL state to a buffer of your choice, and recover/reset |
| the state from such a buffer at a later date - this is used by mod_ssl for |
| apache to implement and SSL session ID cache". |
| |
| 7.6 Provide callback for cert verification |
| |
| OpenSSL supports a callback for customised verification of the peer |
| certificate, but this doesn't seem to be exposed in the libcurl APIs. Could |
| it be? There's so much that could be done if it were! |
| |
| 7.7 Support other SSL libraries |
| |
| Make curl's SSL layer capable of using other free SSL libraries. Such as |
| MatrixSSL (http://www.matrixssl.org/). |
| |
| 7.9 improve configure --with-ssl |
| |
| make the configure --with-ssl option first check for OpenSSL, then GnuTLS, |
| then NSS... |
| |
| 8. GnuTLS |
| |
| 8.1 SSL engine stuff |
| |
| Is this even possible? |
| |
| 8.3 check connection |
| |
| Add a way to check if the connection seems to be alive, to correspond to the |
| SSL_peak() way we use with OpenSSL. |
| |
| 8.4 non-gcrypt |
| |
| libcurl assumes that there are gcrypt functions available when |
| GnuTLS is. |
| |
| GnuTLS can be built to use libnettle instead as crypto library, |
| which breaks the previously mentioned assumption |
| |
| The correct fix would be to detect which crypto layer that is in use and |
| adapt our code to use that instead of blindly assuming gcrypt. |
| |
| 9. Other protocols |
| |
| 10. New protocols |
| |
| 10.1 RSYNC |
| |
| There's no RFC for protocol nor URI/URL format. An implementation should |
| most probably use an existing rsync library, such as librsync. |
| |
| 11. Client |
| |
| 11.1 sync |
| |
| "curl --sync http://example.com/feed[1-100].rss" or |
| "curl --sync http://example.net/{index,calendar,history}.html" |
| |
| Downloads a range or set of URLs using the remote name, but only if the |
| remote file is newer than the local file. A Last-Modified HTTP date header |
| should also be used to set the mod date on the downloaded file. |
| |
| 11.2 glob posts |
| |
| Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. |
| This is easily scripted though. |
| |
| 11.3 prevent file overwriting |
| |
| Add an option that prevents cURL from overwriting existing local files. When |
| used, and there already is an existing file with the target file name |
| (either -O or -o), a number should be appended (and increased if already |
| existing). So that index.html becomes first index.html.1 and then |
| index.html.2 etc. |
| |
| 11.4 simultaneous parallel transfers |
| |
| The client could be told to use maximum N simultaneous parallel transfers and |
| then just make sure that happens. It should of course not make more than one |
| connection to the same remote host. This would require the client to use the |
| multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595 |
| |
| 11.5 provide formpost headers |
| |
| Extending the capabilities of the multipart formposting. How about leaving |
| the ';type=foo' syntax as it is and adding an extra tag (headers) which |
| works like this: curl -F "coolfiles=@fil1.txt;headers=@fil1.hdr" where |
| fil1.hdr contains extra headers like |
| |
| Content-Type: text/plain; charset=KOI8-R" |
| Content-Transfer-Encoding: base64 |
| X-User-Comment: Please don't use browser specific HTML code |
| |
| which should overwrite the program reasonable defaults (plain/text, |
| 8bit...) |
| |
| 11.6 url-specific options |
| |
| Provide a way to make options bound to a specific URL among several on the |
| command line. Possibly by letting ':' separate options between URLs, |
| similar to this: |
| |
| curl --data foo --url url.com : \ |
| --url url2.com : \ |
| --url url3.com --data foo3 |
| |
| (More details: http://curl.haxx.se/mail/archive-2004-07/0133.html) |
| |
| The example would do a POST-GET-POST combination on a single command line. |
| |
| 11.7 metalink support |
| |
| Add metalink support to curl (http://www.metalinker.org/). This is most useful |
| with simultaneous parallel transfers (11.6) but not necessary. |
| |
| 11.8 warning when setting an option |
| |
| Display a warning when libcurl returns an error when setting an option. |
| This can be useful to tell when support for a particular feature hasn't been |
| compiled into the library. |
| |
| 11.9 IPv6 addresses with globbing |
| |
| Currently the command line client needs to get url globbing disabled (with |
| -g) for it to support IPv6 numerical addresses. This is a rather silly flaw |
| that should be corrected. It probably involves a smarter detection of the |
| '[' and ']' letters. |
| |
| 12. Build |
| |
| 12.1 roffit |
| |
| Consider extending 'roffit' to produce decent ASCII output, and use that |
| instead of (g)nroff when building src/hugehelp.c |
| |
| 13. Test suite |
| |
| 13.1 SSL tunnel |
| |
| Make our own version of stunnel for simple port forwarding to enable HTTPS |
| and FTP-SSL tests without the stunnel dependency, and it could allow us to |
| provide test tools built with either OpenSSL or GnuTLS |
| |
| 13.2 nicer lacking perl message |
| |
| If perl wasn't found by the configure script, don't attempt to run the tests |
| but explain something nice why it doesn't. |
| |
| 13.3 more protocols supported |
| |
| Extend the test suite to include more protocols. The telnet could just do ftp |
| or http operations (for which we have test servers). |
| |
| 13.4 more platforms supported |
| |
| Make the test suite work on more platforms. OpenBSD and Mac OS. Remove |
| fork()s and it should become even more portable. |
| |
| 14. Next SONAME bump |
| |
| 14.1 http-style HEAD output for ftp |
| |
| #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers |
| from being output in NOBODY requests over ftp |
| |
| 14.2 combine error codes |
| |
| Combine some of the error codes to remove duplicates. The original |
| numbering should not be changed, and the old identifiers would be |
| macroed to the new ones in an CURL_NO_OLDIES section to help with |
| backward compatibility. |
| |
| Candidates for removal and their replacements: |
| |
| CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND |
| CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND |
| CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR |
| CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT |
| CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT |
| CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL |
| CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND |
| CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED |
| |
| 14.3 extend CURLOPT_SOCKOPTFUNCTION prototype |
| |
| The current prototype only provides 'purpose' that tells what the |
| connection/socket is for, but not any protocol or similar. It makes it hard |
| for applications to differentiate on TCP vs UDP and even HTTP vs FTP and |
| similar. |
| |
| 15. Next major release |
| |
| 15.1 cleanup return codes |
| |
| curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a |
| CURLMcode. These should be changed to be the same. |
| |
| 15.2 remove obsolete defines |
| |
| remove obsolete defines from curl/curl.h |
| |
| 15.3 size_t |
| |
| make several functions use size_t instead of int in their APIs |
| |
| 15.4 remove several functions |
| |
| remove the following functions from the public API: |
| |
| curl_getenv |
| |
| curl_mprintf (and variations) |
| |
| curl_strequal |
| |
| curl_strnequal |
| |
| They will instead become curlx_ - alternatives. That makes the curl app |
| still capable of using them, by building with them from source. |
| |
| These functions have no purpose anymore: |
| |
| curl_multi_socket |
| |
| curl_multi_socket_all |
| |
| 15.5 remove CURLOPT_FAILONERROR |
| |
| Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird |
| internally. Let the app judge success or not for itself. |
| |
| 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE |
| |
| Remove support for a global DNS cache. Anything global is silly, and we |
| already offer the share interface for the same functionality but done |
| "right". |
| |
| 15.7 remove progress meter from libcurl |
| |
| The internally provided progress meter output doesn't belong in the library. |
| Basically no application wants it (apart from curl) but instead applications |
| can and should do their own progress meters using the progress callback. |
| |
| The progress callback should then be bumped as well to get proper 64bit |
| variable types passed to it instead of doubles so that big files work |
| correctly. |
| |
| 15.8 remove 'curl_httppost' from public |
| |
| curl_formadd() was made to fill in a public struct, but the fact that the |
| struct is public is never really used by application for their own advantage |
| but instead often restricts how the form functions can or can't be modified. |
| |
| Changing them to return a private handle will benefit the implementation and |
| allow us much greater freedoms while still maintining a solid API and ABI. |
| |
| 15.9 have form functions use CURL handle argument |
| |
| curl_formadd() and curl_formget() both currently have no CURL handle |
| argument, but both can use a callback that is set in the easy handle, and |
| thus curl_formget() with callback cannot function without first having |
| curl_easy_perform() (or similar) called - which is hard to grasp and a design |
| mistake. |