1 _ _ ____ _ 2 ___| | | | _ \| | 3 / __| | | | |_) | | 4 | (__| |_| | _ <| |___ 5 \___|\___/|_| \_\_____| 6 7 Things that could be nice to do in the future 8 9 Things to do in project curl. Please tell us what you think, contribute and 10 send us patches that improve things! 11 12 Be aware that these are things that we could do, or have once been considered 13 things we could do. If you want to work on any of these areas, please 14 consider bringing it up for discussions first on the mailing list so that we 15 all agree it is still a good idea for the project! 16 17 All bugs documented in the KNOWN_BUGS document are subject for fixing! 18 19 1. libcurl 20 1.1 TFO support on Windows 21 1.2 More data sharing 22 1.3 struct lifreq 23 1.4 signal-based resolver timeouts 24 1.5 get rid of PATH_MAX 25 1.6 Modified buffer size approach 26 1.7 Support HTTP/2 for HTTP(S) proxies 27 1.8 CURLOPT_RESOLVE for any port number 28 1.9 Cache negative name resolves 29 1.10 auto-detect proxy 30 1.11 minimize dependencies with dynamically loaded modules 31 1.12 updated DNS server while running 32 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION 33 1.14 Typesafe curl_easy_setopt() 34 1.15 Monitor connections in the connection pool 35 1.16 Try to URL encode given URL 36 1.17 Add support for IRIs 37 1.18 try next proxy if one doesn't work 38 1.19 Timeout idle connections from the pool 39 1.20 SRV and URI DNS records 40 1.21 Have the URL API offer IDN decoding 41 1.22 CURLINFO_PAUSE_STATE 42 1.23 Offer API to flush the connection pool 43 1.24 TCP Fast Open for windows 44 1.25 Expose tried IP addresses that failed 45 1.26 CURL_REFUSE_CLEARTEXT 46 1.27 hardcode the "localhost" addresses 47 1.28 FD_CLOEXEC 48 1.29 Upgrade to websockets 49 1.30 config file parsing 50 51 2. libcurl - multi interface 52 2.1 More non-blocking 53 2.2 Better support for same name resolves 54 2.3 Non-blocking curl_multi_remove_handle() 55 2.4 Split connect and authentication process 56 2.5 Edge-triggered sockets should work 57 2.6 multi upkeep 58 59 3. Documentation 60 3.2 Provide cmake config-file 61 62 4. FTP 63 4.1 HOST 64 4.2 Alter passive/active on failure and retry 65 4.3 Earlier bad letter detection 66 4.4 REST for large files 67 4.5 ASCII support 68 4.6 GSSAPI via Windows SSPI 69 4.7 STAT for LIST without data connection 70 4.8 Option to ignore private IP addresses in PASV response 71 72 5. HTTP 73 5.1 Better persistency for HTTP 1.0 74 5.2 support FF3 sqlite cookie files 75 5.3 Rearrange request header order 76 5.4 Allow SAN names in HTTP/2 server push 77 5.5 auth= in URLs 78 5.6 Refuse "downgrade" redirects 79 5.7 QUIC 80 81 6. TELNET 82 6.1 ditch stdin 83 6.2 ditch telnet-specific select 84 6.3 feature negotiation debug data 85 86 7. SMTP 87 7.1 Pipelining 88 7.2 Enhanced capability support 89 7.3 Add CURLOPT_MAIL_CLIENT option 90 91 8. POP3 92 8.1 Pipelining 93 8.2 Enhanced capability support 94 95 9. IMAP 96 9.1 Enhanced capability support 97 98 10. LDAP 99 10.1 SASL based authentication mechanisms 100 101 11. SMB 102 11.1 File listing support 103 11.2 Honor file timestamps 104 11.3 Use NTLMv2 105 11.4 Create remote directories 106 107 12. New protocols 108 12.1 RSYNC 109 110 13. SSL 111 13.1 Disable specific versions 112 13.2 Provide mutex locking API 113 13.3 Support in-memory certs/ca certs/keys 114 13.4 Cache/share OpenSSL contexts 115 13.5 Export session ids 116 13.6 Provide callback for cert verification 117 13.7 improve configure --with-ssl 118 13.8 Support DANE 119 13.9 Configurable loading of OpenSSL configuration file 120 13.10 Support Authority Information Access certificate extension (AIA) 121 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 122 13.12 Support HSTS 123 13.13 Support HPKP 124 13.14 Support the clienthello extension 125 126 14. GnuTLS 127 14.1 SSL engine stuff 128 14.2 check connection 129 130 15. WinSSL/SChannel 131 15.1 Add support for client certificate authentication 132 15.3 Add support for the --ciphers option 133 15.4 Add option to disable client certificate auto-send 134 135 16. SASL 136 16.1 Other authentication mechanisms 137 16.2 Add QOP support to GSSAPI authentication 138 16.3 Support binary messages (i.e.: non-base64) 139 140 17. SSH protocols 141 17.1 Multiplexing 142 17.2 SFTP performance 143 17.3 Support better than MD5 hostkey hash 144 17.4 Support CURLOPT_PREQUOTE 145 146 18. Command line tool 147 18.1 sync 148 18.2 glob posts 149 18.3 prevent file overwriting 150 18.4 simultaneous parallel transfers 151 18.5 UTF-8 filenames in Content-Disposition 152 18.6 warning when setting an option 153 18.7 warning if curl version is not in sync with libcurl version 154 18.8 offer color-coded HTTP header output 155 18.9 Choose the name of file in braces for complex URLs 156 18.10 improve how curl works in a windows console window 157 18.11 Windows: set attribute 'archive' for completed downloads 158 18.12 keep running, read instructions from pipe/socket 159 18.13 support metalink in http headers 160 18.14 --fail without --location should treat 3xx as a failure 161 18.15 --retry should resume 162 18.16 send only part of --data 163 18.17 consider file name from the redirected URL with -O ? 164 18.18 retry on network is unreachable 165 18.19 expand ~/ in config files 166 18.20 host name sections in config files 167 168 19. Build 169 19.1 roffit 170 19.2 Enable PIE and RELRO by default 171 19.3 cmake test suite improvements 172 173 20. Test suite 174 20.1 SSL tunnel 175 20.2 nicer lacking perl message 176 20.3 more protocols supported 177 20.4 more platforms supported 178 20.5 Add support for concurrent connections 179 20.6 Use the RFC6265 test suite 180 20.7 Support LD_PRELOAD on macOS 181 182 21. Next SONAME bump 183 21.1 http-style HEAD output for FTP 184 21.2 combine error codes 185 21.3 extend CURLOPT_SOCKOPTFUNCTION prototype 186 187 22. Next major release 188 22.1 cleanup return codes 189 22.2 remove obsolete defines 190 22.3 size_t 191 22.4 remove several functions 192 22.5 remove CURLOPT_FAILONERROR 193 22.7 remove progress meter from libcurl 194 22.8 remove 'curl_httppost' from public 195 196 ============================================================================== 197 198 1. libcurl 199 200 1.1 TFO support on Windows 201 202 TCP Fast Open is supported on several platforms but not on Windows. Work on 203 this was once started but never finished. 204 205 See https://github.com/curl/curl/pull/3378 206 207 1.2 More data sharing 208 209 curl_share_* functions already exist and work, and they can be extended to 210 share more. For example, enable sharing of the ares channel. 211 212 1.3 struct lifreq 213 214 Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and 215 SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete. 216 To support IPv6 interface addresses for network interfaces properly. 217 218 1.4 signal-based resolver timeouts 219 220 libcurl built without an asynchronous resolver library uses alarm() to time 221 out DNS lookups. When a timeout occurs, this causes libcurl to jump from the 222 signal handler back into the library with a sigsetjmp, which effectively 223 causes libcurl to continue running within the signal handler. This is 224 non-portable and could cause problems on some platforms. A discussion on the 225 problem is available at https://curl.haxx.se/mail/lib-2008-09/0197.html 226 227 Also, alarm() provides timeout resolution only to the nearest second. alarm 228 ought to be replaced by setitimer on systems that support it. 229 230 1.5 get rid of PATH_MAX 231 232 Having code use and rely on PATH_MAX is not nice: 233 https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html 234 235 Currently the SSH based code uses it a bit, but to remove PATH_MAX from there 236 we need libssh2 to properly tell us when we pass in a too small buffer and 237 its current API (as of libssh2 1.2.7) doesn't. 238 239 1.6 Modified buffer size approach 240 241 Current libcurl allocates a fixed 16K size buffer for download and an 242 additional 16K for upload. They are always unconditionally part of the easy 243 handle. If CRLF translations are requested, an additional 32K "scratch 244 buffer" is allocated. A total of 64K transfer buffers in the worst case. 245 246 First, while the handles are not actually in use these buffers could be freed 247 so that lingering handles just kept in queues or whatever waste less memory. 248 249 Secondly, SFTP is a protocol that needs to handle many ~30K blocks at once 250 since each need to be individually acked and therefore libssh2 must be 251 allowed to send (or receive) many separate ones in parallel to achieve high 252 transfer speeds. A current libcurl build with a 16K buffer makes that 253 impossible, but one with a 512K buffer will reach MUCH faster transfers. But 254 allocating 512K unconditionally for all buffers just in case they would like 255 to do fast SFTP transfers at some point is not a good solution either. 256 257 Dynamically allocate buffer size depending on protocol in use in combination 258 with freeing it after each individual transfer? Other suggestions? 259 260 1.7 Support HTTP/2 for HTTP(S) proxies 261 262 Support for doing HTTP/2 to HTTP and HTTPS proxies is still missing. 263 264 1.8 CURLOPT_RESOLVE for any port number 265 266 This option allows applications to set a replacement IP address for a given 267 host + port pair. Consider making support for providing a replacement address 268 for the host name on all port numbers. 269 270 See https://github.com/curl/curl/issues/1264 271 272 1.9 Cache negative name resolves 273 274 A name resolve that has failed is likely to fail when made again within a 275 short period of time. Currently we only cache positive responses. 276 277 1.10 auto-detect proxy 278 279 libcurl could be made to detect the system proxy setup automatically and use 280 that. On Windows, macOS and Linux desktops for example. 281 282 The pull-request to use libproxy for this was deferred due to doubts on the 283 reliability of the dependency and how to use it: 284 https://github.com/curl/curl/pull/977 285 286 libdetectproxy is a (C++) library for detecting the proxy on Windows 287 https://github.com/paulharris/libdetectproxy 288 289 1.11 minimize dependencies with dynamically loaded modules 290 291 We can create a system with loadable modules/plug-ins, where these modules 292 would be the ones that link to 3rd party libs. That would allow us to avoid 293 having to load ALL dependencies since only the necessary ones for this 294 app/invoke/used protocols would be necessary to load. See 295 https://github.com/curl/curl/issues/349 296 297 1.12 updated DNS server while running 298 299 If /etc/resolv.conf gets updated while a program using libcurl is running, it 300 is may cause name resolves to fail unless res_init() is called. We should 301 consider calling res_init() + retry once unconditionally on all name resolve 302 failures to mitigate against this. Firefox works like that. Note that Windows 303 doesn't have res_init() or an alternative. 304 305 https://github.com/curl/curl/issues/2251 306 307 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION 308 309 curl will create most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and 310 close them with the CURLOPT_CLOSESOCKETFUNCTION callback. However, c-ares 311 does not use those functions and instead opens and closes the sockets 312 itself. This means that when curl passes the c-ares socket to the 313 CURLMOPT_SOCKETFUNCTION it isn't owned by the application like other sockets. 314 315 See https://github.com/curl/curl/issues/2734 316 317 1.14 Typesafe curl_easy_setopt() 318 319 One of the most common problems in libcurl using applications is the lack of 320 type checks for curl_easy_setopt() which happens because it accepts varargs 321 and thus can take any type. 322 323 One possible solution to this is to introduce a few different versions of the 324 setopt version for the different kinds of data you can set. 325 326 curl_easy_set_num() - sets a long value 327 328 curl_easy_set_large() - sets a curl_off_t value 329 330 curl_easy_set_ptr() - sets a pointer 331 332 curl_easy_set_cb() - sets a callback PLUS its callback data 333 334 1.15 Monitor connections in the connection pool 335 336 libcurl's connection cache or pool holds a number of open connections for the 337 purpose of possible subsequent connection reuse. It may contain a few up to a 338 significant amount of connections. Currently, libcurl leaves all connections 339 as they are and first when a connection is iterated over for matching or 340 reuse purpose it is verified that it is still alive. 341 342 Those connections may get closed by the server side for idleness or they may 343 get a HTTP/2 ping from the peer to verify that they're still alive. By adding 344 monitoring of the connections while in the pool, libcurl can detect dead 345 connections (and close them) better and earlier, and it can handle HTTP/2 346 pings to keep such ones alive even when not actively doing transfers on them. 347 348 1.16 Try to URL encode given URL 349 350 Given a URL that for example contains spaces, libcurl could have an option 351 that would try somewhat harder than it does now and convert spaces to %20 and 352 perhaps URL encoded byte values over 128 etc (basically do what the redirect 353 following code already does). 354 355 https://github.com/curl/curl/issues/514 356 357 1.17 Add support for IRIs 358 359 IRIs (RFC 3987) allow localized, non-ascii, names in the URL. To properly 360 support this, curl/libcurl would need to translate/encode the given input 361 from the input string encoding into percent encoded output "over the wire". 362 363 To make that work smoothly for curl users even on Windows, curl would 364 probably need to be able to convert from several input encodings. 365 366 1.18 try next proxy if one doesn't work 367 368 Allow an application to specify a list of proxies to try, and failing to 369 connect to the first go on and try the next instead until the list is 370 exhausted. Browsers support this feature at least when they specify proxies 371 using PACs. 372 373 https://github.com/curl/curl/issues/896 374 375 1.19 Timeout idle connections from the pool 376 377 libcurl currently keeps connections in its connection pool for an indefinite 378 period of time, until it either gets reused, gets noticed that it has been 379 closed by the server or gets pruned to make room for a new connection. 380 381 To reduce overhead (especially for when we add monitoring of the connections 382 in the pool), we should introduce a timeout so that connections that have 383 been idle for N seconds get closed. 384 385 1.20 SRV and URI DNS records 386 387 Offer support for resolving SRV and URI DNS records for libcurl to know which 388 server to connect to for various protocols (including HTTP!). 389 390 1.21 Have the URL API offer IDN decoding 391 392 Similar to how URL decoding/encoding is done, we could have URL functions to 393 convert IDN host names to punycode (probably not the reverse). 394 https://github.com/curl/curl/issues/3232 395 396 1.22 CURLINFO_PAUSE_STATE 397 398 Return information about the transfer's current pause state, in both 399 directions. https://github.com/curl/curl/issues/2588 400 401 1.23 Offer API to flush the connection pool 402 403 Sometimes applications want to flush all the existing connections kept alive. 404 An API could allow a forced flush or just a forced loop that would properly 405 close all connections that have been closed by the server already. 406 407 1.24 TCP Fast Open for windows 408 409 libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and 410 Mac OS. Windows supports TCP Fast Open starting with Windows 10, version 1607 411 and we should add support for it. 412 413 1.25 Expose tried IP addresses that failed 414 415 When libcurl fails to connect to a host, it should be able to offer the 416 application the list of IP addresses that were used in the attempt. 417 418 https://github.com/curl/curl/issues/2126 419 420 1.26 CURL_REFUSE_CLEARTEXT 421 422 An environment variable that when set will make libcurl refuse to use any 423 cleartext network protocol. That's all non-encrypted ones (FTP, HTTP, Gopher, 424 etc). By adding the check to libcurl and not just curl, this environment 425 variable can then help users to block all libcurl-using programs from 426 accessing the network using unsafe protocols. 427 428 The variable could be given some sort of syntax or different levels and be 429 used to also allow for example users to refuse libcurl to do transfers with 430 HTTPS certificate checks disabled. 431 432 It could also automatically refuse usernames in URLs when set 433 (see CURLOPT_DISALLOW_USERNAME_IN_URL) 434 435 1.27 hardcode the "localhost" addresses 436 437 There's this new spec getting adopted that says "localhost" should always and 438 unconditionally be a local address and not get resolved by a DNS server. A 439 fine way for curl to fix this would be to simply hard-code the response to 440 127.0.0.1 and/or ::1 (depending on what IP versions that are requested). This 441 is what the browsers probably will do with this hostname. 442 443 https://bugzilla.mozilla.org/show_bug.cgi?id=1220810 444 445 https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02 446 447 1.28 FD_CLOEXEC 448 449 It sets the close-on-exec flag for the file descriptor, which causes the file 450 descriptor to be automatically (and atomically) closed when any of the 451 exec-family functions succeed. Should probably be set by default? 452 453 https://github.com/curl/curl/issues/2252 454 455 1.29 Upgrade to websockets 456 457 libcurl could offer a smoother path to get to a websocket connection. 458 See https://github.com/curl/curl/issues/3523 459 460 Michael Kaufmann suggestion here: 461 https://curl.haxx.se/video/curlup-2017/2017-03-19_05_Michael_Kaufmann_Websocket_support_for_curl.mp4 462 463 1.30 config file parsing 464 465 Consider providing an API, possibly in a separate companion library, for 466 parsing a config file like curl's -K/--config option to allow applications to 467 get the same ability to read curl options from files. 468 469 See https://github.com/curl/curl/issues/3698 470 471 2. libcurl - multi interface 472 473 2.1 More non-blocking 474 475 Make sure we don't ever loop because of non-blocking sockets returning 476 EWOULDBLOCK or similar. Blocking cases include: 477 478 - Name resolves on non-windows unless c-ares or the threaded resolver is used 479 - SOCKS proxy handshakes 480 - file:// transfers 481 - TELNET transfers 482 - The "DONE" operation (post transfer protocol-specific actions) for the 483 protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task. 484 485 2.2 Better support for same name resolves 486 487 If a name resolve has been initiated for name NN and a second easy handle 488 wants to resolve that name as well, make it wait for the first resolve to end 489 up in the cache instead of doing a second separate resolve. This is 490 especially needed when adding many simultaneous handles using the same host 491 name when the DNS resolver can get flooded. 492 493 2.3 Non-blocking curl_multi_remove_handle() 494 495 The multi interface has a few API calls that assume a blocking behavior, like 496 add_handle() and remove_handle() which limits what we can do internally. The 497 multi API need to be moved even more into a single function that "drives" 498 everything in a non-blocking manner and signals when something is done. A 499 remove or add would then only ask for the action to get started and then 500 multi_perform() etc still be called until the add/remove is completed. 501 502 2.4 Split connect and authentication process 503 504 The multi interface treats the authentication process as part of the connect 505 phase. As such any failures during authentication won't trigger the relevant 506 QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. 507 508 2.5 Edge-triggered sockets should work 509 510 The multi_socket API should work with edge-triggered socket events. One of 511 the internal actions that need to be improved for this to work perfectly is 512 the 'maxloops' handling in transfer.c:readwrite_data(). 513 514 2.6 multi upkeep 515 516 In libcurl 7.62.0 we introduced curl_easy_upkeep. It unfortunately only works 517 on easy handles. We should introduces a version of that for the multi handle, 518 and also consider doing "upkeep" automatically on connections in the 519 connection pool when the multi handle is in used. 520 521 See https://github.com/curl/curl/issues/3199 522 523 3. Documentation 524 525 3.2 Provide cmake config-file 526 527 A config-file package is a set of files provided by us to allow applications 528 to write cmake scripts to find and use libcurl easier. See 529 https://github.com/curl/curl/issues/885 530 531 4. FTP 532 533 4.1 HOST 534 535 HOST is a command for a client to tell which host name to use, to offer FTP 536 servers named-based virtual hosting: 537 538 https://tools.ietf.org/html/rfc7151 539 540 4.2 Alter passive/active on failure and retry 541 542 When trying to connect passively to a server which only supports active 543 connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the 544 connection. There could be a way to fallback to an active connection (and 545 vice versa). https://curl.haxx.se/bug/feature.cgi?id=1754793 546 547 4.3 Earlier bad letter detection 548 549 Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the 550 process to avoid doing a resolve and connect in vain. 551 552 4.4 REST for large files 553 554 REST fix for servers not behaving well on >2GB requests. This should fail if 555 the server doesn't set the pointer to the requested index. The tricky 556 (impossible?) part is to figure out if the server did the right thing or not. 557 558 4.5 ASCII support 559 560 FTP ASCII transfers do not follow RFC959. They don't convert the data 561 accordingly. 562 563 4.6 GSSAPI via Windows SSPI 564 565 In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) 566 via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add 567 support for GSSAPI authentication via Windows SSPI. 568 569 4.7 STAT for LIST without data connection 570 571 Some FTP servers allow STAT for listing directories instead of using LIST, 572 and the response is then sent over the control connection instead of as the 573 otherwise usedw data connection: https://www.nsftools.com/tips/RawFTP.htm#STAT 574 575 This is not detailed in any FTP specification. 576 577 4.8 Option to ignore private IP addresses in PASV response 578 579 Some servers respond with and some other FTP client implementations can 580 ignore private (RFC 1918 style) IP addresses when received in PASV responses. 581 To consider for libcurl as well. See https://github.com/curl/curl/issues/1455 582 583 5. HTTP 584 585 5.1 Better persistency for HTTP 1.0 586 587 "Better" support for persistent connections over HTTP 1.0 588 https://curl.haxx.se/bug/feature.cgi?id=1089001 589 590 5.2 support FF3 sqlite cookie files 591 592 Firefox 3 is changing from its former format to a a sqlite database instead. 593 We should consider how (lib)curl can/should support this. 594 https://curl.haxx.se/bug/feature.cgi?id=1871388 595 596 5.3 Rearrange request header order 597 598 Server implementors often make an effort to detect browser and to reject 599 clients it can detect to not match. One of the last details we cannot yet 600 control in libcurl's HTTP requests, which also can be exploited to detect 601 that libcurl is in fact used even when it tries to impersonate a browser, is 602 the order of the request headers. I propose that we introduce a new option in 603 which you give headers a value, and then when the HTTP request is built it 604 sorts the headers based on that number. We could then have internally created 605 headers use a default value so only headers that need to be moved have to be 606 specified. 607 608 5.4 Allow SAN names in HTTP/2 server push 609 610 curl only allows HTTP/2 push promise if the provided :autority header value 611 exactly matches the host name given in the URL. It could be extended to allow 612 any name that would match the Subject Alternative Names in the server's TLS 613 certificate. 614 615 See https://github.com/curl/curl/pull/3581 616 617 5.5 auth= in URLs 618 619 Add the ability to specify the preferred authentication mechanism to use by 620 using ;auth=<mech> in the login part of the URL. 621 622 For example: 623 624 http://test:pass;auth=NTLM@example.com would be equivalent to specifying --user 625 test:pass;auth=NTLM or --user test:pass --ntlm from the command line. 626 627 Additionally this should be implemented for proxy base URLs as well. 628 629 5.6 Refuse "downgrade" redirects 630 631 See https://github.com/curl/curl/issues/226 632 633 Consider a way to tell curl to refuse to "downgrade" protocol with a redirect 634 and/or possibly a bit that refuses redirect to change protocol completely. 635 636 5.7 QUIC 637 638 The standardization process of QUIC has been taken to the IETF and can be 639 followed on the [IETF QUIC Mailing 640 list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the 641 bandwagon. Ideally, this would be done with a separate library/project to 642 handle the binary/framing layer in a similar fashion to how HTTP/2 is 643 implemented. This, to allow other projects to benefit from the work and to 644 thus broaden the interest and chance of others to participate. 645 646 647 6. TELNET 648 649 6.1 ditch stdin 650 651 Reading input (to send to the remote server) on stdin is a crappy solution for 652 library purposes. We need to invent a good way for the application to be able 653 to provide the data to send. 654 655 6.2 ditch telnet-specific select 656 657 Move the telnet support's network select() loop go away and merge the code 658 into the main transfer loop. Until this is done, the multi interface won't 659 work for telnet. 660 661 6.3 feature negotiation debug data 662 663 Add telnet feature negotiation data to the debug callback as header data. 664 665 666 7. SMTP 667 668 7.1 Pipelining 669 670 Add support for pipelining emails. 671 672 7.2 Enhanced capability support 673 674 Add the ability, for an application that uses libcurl, to obtain the list of 675 capabilities returned from the EHLO command. 676 677 7.3 Add CURLOPT_MAIL_CLIENT option 678 679 Rather than use the URL to specify the mail client string to present in the 680 HELO and EHLO commands, libcurl should support a new CURLOPT specifically for 681 specifying this data as the URL is non-standard and to be honest a bit of a 682 hack ;-) 683 684 Please see the following thread for more information: 685 https://curl.haxx.se/mail/lib-2012-05/0178.html 686 687 688 8. POP3 689 690 8.1 Pipelining 691 692 Add support for pipelining commands. 693 694 8.2 Enhanced capability support 695 696 Add the ability, for an application that uses libcurl, to obtain the list of 697 capabilities returned from the CAPA command. 698 699 9. IMAP 700 701 9.1 Enhanced capability support 702 703 Add the ability, for an application that uses libcurl, to obtain the list of 704 capabilities returned from the CAPABILITY command. 705 706 10. LDAP 707 708 10.1 SASL based authentication mechanisms 709 710 Currently the LDAP module only supports ldap_simple_bind_s() in order to bind 711 to an LDAP server. However, this function sends username and password details 712 using the simple authentication mechanism (as clear text). However, it should 713 be possible to use ldap_bind_s() instead specifying the security context 714 information ourselves. 715 716 11. SMB 717 718 11.1 File listing support 719 720 Add support for listing the contents of a SMB share. The output should probably 721 be the same as/similar to FTP. 722 723 11.2 Honor file timestamps 724 725 The timestamp of the transferred file should reflect that of the original file. 726 727 11.3 Use NTLMv2 728 729 Currently the SMB authentication uses NTLMv1. 730 731 11.4 Create remote directories 732 733 Support for creating remote directories when uploading a file to a directory 734 that doesn't exist on the server, just like --ftp-create-dirs. 735 736 12. New protocols 737 738 12.1 RSYNC 739 740 There's no RFC for the protocol or an URI/URL format. An implementation 741 should most probably use an existing rsync library, such as librsync. 742 743 13. SSL 744 745 13.1 Disable specific versions 746 747 Provide an option that allows for disabling specific SSL versions, such as 748 SSLv2 https://curl.haxx.se/bug/feature.cgi?id=1767276 749 750 13.2 Provide mutex locking API 751 752 Provide a libcurl API for setting mutex callbacks in the underlying SSL 753 library, so that the same application code can use mutex-locking 754 independently of OpenSSL or GnutTLS being used. 755 756 13.3 Support in-memory certs/ca certs/keys 757 758 You can specify the private and public keys for SSH/SSL as file paths. Some 759 programs want to avoid using files and instead just pass them as in-memory 760 data blobs. There's probably a challenge to make this work across the 761 plethory of different TLS and SSH backends that curl supports. 762 https://github.com/curl/curl/issues/2310 763 764 13.4 Cache/share OpenSSL contexts 765 766 "Look at SSL cafile - quick traces look to me like these are done on every 767 request as well, when they should only be necessary once per SSL context (or 768 once per handle)". The major improvement we can rather easily do is to make 769 sure we don't create and kill a new SSL "context" for every request, but 770 instead make one for every connection and re-use that SSL context in the same 771 style connections are re-used. It will make us use slightly more memory but 772 it will libcurl do less creations and deletions of SSL contexts. 773 774 Technically, the "caching" is probably best implemented by getting added to 775 the share interface so that easy handles who want to and can reuse the 776 context specify that by sharing with the right properties set. 777 778 https://github.com/curl/curl/issues/1110 779 780 13.5 Export session ids 781 782 Add an interface to libcurl that enables "session IDs" to get 783 exported/imported. Cris Bailiff said: "OpenSSL has functions which can 784 serialise the current SSL state to a buffer of your choice, and recover/reset 785 the state from such a buffer at a later date - this is used by mod_ssl for 786 apache to implement and SSL session ID cache". 787 788 13.6 Provide callback for cert verification 789 790 OpenSSL supports a callback for customised verification of the peer 791 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could 792 it be? There's so much that could be done if it were! 793 794 13.7 improve configure --with-ssl 795 796 make the configure --with-ssl option first check for OpenSSL, then GnuTLS, 797 then NSS... 798 799 13.8 Support DANE 800 801 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL 802 keys and certs over DNS using DNSSEC as an alternative to the CA model. 803 https://www.rfc-editor.org/rfc/rfc6698.txt 804 805 An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 806 (https://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple 807 approach. See Daniel's comments: 808 https://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the 809 correct library to base this development on. 810 811 Bjrn Stenberg wrote a separate initial take on DANE that was never 812 completed. 813 814 13.9 Configurable loading of OpenSSL configuration file 815 816 libcurl calls the OpenSSL function CONF_modules_load_file() in openssl.c, 817 Curl_ossl_init(). "We regard any changes in the OpenSSL configuration as a 818 security risk or at least as unnecessary." 819 820 Please add a configuration switch or something similar to disable the 821 CONF_modules_load_file() call. 822 823 See https://github.com/curl/curl/issues/2724 824 825 13.10 Support Authority Information Access certificate extension (AIA) 826 827 AIA can provide various things like CRLs but more importantly information 828 about intermediate CA certificates that can allow validation path to be 829 fulfilled when the HTTPS server doesn't itself provide them. 830 831 Since AIA is about downloading certs on demand to complete a TLS handshake, 832 it is probably a bit tricky to get done right. 833 834 See https://github.com/curl/curl/issues/2793 835 836 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 837 838 CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root 839 certificates when comparing the pinned keys. Therefore it is not compatible 840 with "HTTP Public Key Pinning" as there also intermediate and root certificates 841 can be pinned. This is very useful as it prevents webadmins from "locking 842 themself out of their servers". 843 844 Adding this feature would make curls pinning 100% compatible to HPKP and allow 845 more flexible pinning. 846 847 13.12 Support HSTS 848 849 "HTTP Strict Transport Security" is TOFU (trust on first use), time-based 850 features indicated by a HTTP header send by the webserver. It is widely used 851 in browsers and it's purpose is to prevent insecure HTTP connections after 852 a previous HTTPS connection. It protects against SSLStripping attacks. 853 854 Doc: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security 855 RFC 6797: https://tools.ietf.org/html/rfc6797 856 857 13.13 Support HPKP 858 859 "HTTP Public Key Pinning" is TOFU (trust on first use), time-based 860 features indicated by a HTTP header send by the webserver. It's purpose is 861 to prevent Man-in-the-middle attacks by trusted CAs by allowing webadmins 862 to specify which CAs/certificates/public keys to trust when connection to 863 their websites. 864 865 It can be build based on PINNEDPUBLICKEY. 866 867 Wikipedia: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning 868 OWASP: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning 869 Doc: https://developer.mozilla.org/de/docs/Web/Security/Public_Key_Pinning 870 RFC: https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21 871 872 13.14 Support the clienthello extension 873 874 Certain stupid networks and middle boxes have a problem with SSL handshake 875 pakets that are within a certain size range because how that sets some bits 876 that previously (in older TLS version) were not set. The clienthello 877 extension adds padding to avoid that size range. 878 879 https://tools.ietf.org/html/rfc7685 880 https://github.com/curl/curl/issues/2299 881 882 14. GnuTLS 883 884 14.1 SSL engine stuff 885 886 Is this even possible? 887 888 14.2 check connection 889 890 Add a way to check if the connection seems to be alive, to correspond to the 891 SSL_peak() way we use with OpenSSL. 892 893 15. WinSSL/SChannel 894 895 15.1 Add support for client certificate authentication 896 897 WinSSL/SChannel currently makes use of the OS-level system and user 898 certificate and private key stores. This does not allow the application 899 or the user to supply a custom client certificate using curl or libcurl. 900 901 Therefore support for the existing -E/--cert and --key options should be 902 implemented by supplying a custom certificate to the SChannel APIs, see: 903 - Getting a Certificate for Schannel 904 https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx 905 906 15.3 Add support for the --ciphers option 907 908 The cipher suites used by WinSSL/SChannel are configured on an OS-level 909 instead of an application-level. This does not allow the application or 910 the user to customize the configured cipher suites using curl or libcurl. 911 912 Therefore support for the existing --ciphers option should be implemented 913 by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see 914 - Specifying Schannel Ciphers and Cipher Strengths 915 https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx 916 917 15.4 Add option to disable client certificate auto-send 918 919 Microsoft says "By default, Schannel will, with no notification to the client, 920 attempt to locate a client certificate and send it to the server." That could 921 be considered a privacy violation and unexpected. 922 923 Some Windows users have come to expect that default behavior and to change the 924 default to make it consistent with other SSL backends would be a breaking 925 change. An option should be added that can be used to disable the default 926 Schannel auto-send behavior. 927 928 https://github.com/curl/curl/issues/2262 929 930 16. SASL 931 932 16.1 Other authentication mechanisms 933 934 Add support for other authentication mechanisms such as OLP, 935 GSS-SPNEGO and others. 936 937 16.2 Add QOP support to GSSAPI authentication 938 939 Currently the GSSAPI authentication only supports the default QOP of auth 940 (Authentication), whilst Kerberos V5 supports both auth-int (Authentication 941 with integrity protection) and auth-conf (Authentication with integrity and 942 privacy protection). 943 944 16.3 Support binary messages (i.e.: non-base64) 945 946 Mandatory to support LDAP SASL authentication. 947 948 949 17. SSH protocols 950 951 17.1 Multiplexing 952 953 SSH is a perfectly fine multiplexed protocols which would allow libcurl to do 954 multiple parallel transfers from the same host using the same connection, 955 much in the same spirit as HTTP/2 does. libcurl however does not take 956 advantage of that ability but will instead always create a new connection for 957 new transfers even if an existing connection already exists to the host. 958 959 To fix this, libcurl would have to detect an existing connection and "attach" 960 the new transfer to the existing one. 961 962 17.2 SFTP performance 963 964 libcurl's SFTP transfer performance is sub par and can be improved, mostly by 965 the approach mentioned in "1.6 Modified buffer size approach". 966 967 17.3 Support better than MD5 hostkey hash 968 969 libcurl offers the CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 option for verifying the 970 server's key. MD5 is generally being deprecated so we should implement 971 support for stronger hashing algorithms. libssh2 itself is what provides this 972 underlying functionality and it supports at least SHA-1 as an alternative. 973 SHA-1 is also being deprecated these days so we should consider working with 974 libssh2 to instead offer support for SHA-256 or similar. 975 976 17.4 Support CURLOPT_PREQUOTE 977 978 The two other QUOTE options are supported for SFTP, but this was left out for 979 unknown reasons! 980 981 18. Command line tool 982 983 18.1 sync 984 985 "curl --sync http://example.com/feed[1-100].rss" or 986 "curl --sync http://example.net/{index,calendar,history}.html" 987 988 Downloads a range or set of URLs using the remote name, but only if the 989 remote file is newer than the local file. A Last-Modified HTTP date header 990 should also be used to set the mod date on the downloaded file. 991 992 18.2 glob posts 993 994 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. 995 This is easily scripted though. 996 997 18.3 prevent file overwriting 998 999 Add an option that prevents curl from overwriting existing local files. When 1000 used, and there already is an existing file with the target file name 1001 (either -O or -o), a number should be appended (and increased if already 1002 existing). So that index.html becomes first index.html.1 and then 1003 index.html.2 etc. 1004 1005 18.4 simultaneous parallel transfers 1006 1007 The client could be told to use maximum N simultaneous parallel transfers and 1008 then just make sure that happens. It should of course not make more than one 1009 connection to the same remote host. This would require the client to use the 1010 multi interface. https://curl.haxx.se/bug/feature.cgi?id=1558595 1011 1012 Using the multi interface would also allow properly using parallel transfers 1013 with HTTP/2 and supporting HTTP/2 server push from the command line. 1014 1015 18.5 UTF-8 filenames in Content-Disposition 1016 1017 RFC 6266 documents how UTF-8 names can be passed to a client in the 1018 Content-Disposition header, and curl does not support this. 1019 1020 https://github.com/curl/curl/issues/1888 1021 1022 18.6 warning when setting an option 1023 1024 Display a warning when libcurl returns an error when setting an option. 1025 This can be useful to tell when support for a particular feature hasn't been 1026 compiled into the library. 1027 1028 18.7 warning if curl version is not in sync with libcurl version 1029 1030 This is usually a sign of a funny, weird or unexpected install situations 1031 that aren't always quickly nor easily detected by users. curl and libcurl are 1032 always released in sync and should use the same version numbers unless very 1033 special situations. 1034 1035 18.8 offer color-coded HTTP header output 1036 1037 By offering different color output on the header name and the header 1038 contents, they could be made more readable and thus help users working on 1039 HTTP services. 1040 1041 18.9 Choose the name of file in braces for complex URLs 1042 1043 When using braces to download a list of URLs and you use complicated names 1044 in the list of alternatives, it could be handy to allow curl to use other 1045 names when saving. 1046 1047 Consider a way to offer that. Possibly like 1048 {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the 1049 colon is the output name. 1050 1051 See https://github.com/curl/curl/issues/221 1052 1053 18.10 improve how curl works in a windows console window 1054 1055 If you pull the scrollbar when transferring with curl in a Windows console 1056 window, the transfer is interrupted and can get disconnected. This can 1057 probably be improved. See https://github.com/curl/curl/issues/322 1058 1059 18.11 Windows: set attribute 'archive' for completed downloads 1060 1061 The archive bit (FILE_ATTRIBUTE_ARCHIVE, 0x20) separates files that shall be 1062 backed up from those that are either not ready or have not changed. 1063 1064 Downloads in progress are neither ready to be backed up, nor should they be 1065 opened by a different process. Only after a download has been completed it's 1066 sensible to include it in any integer snapshot or backup of the system. 1067 1068 See https://github.com/curl/curl/issues/3354 1069 1070 18.12 keep running, read instructions from pipe/socket 1071 1072 Provide an option that makes curl not exit after the last URL (or even work 1073 without a given URL), and then make it read instructions passed on a pipe or 1074 over a socket to make further instructions so that a second subsequent curl 1075 invoke can talk to the still running instance and ask for transfers to get 1076 done, and thus maintain its connection pool, DNS cache and more. 1077 1078 18.13 support metalink in http headers 1079 1080 Curl has support for downloading a metalink xml file, processing it, and then 1081 downloading the target of the metalink. This is done via the --metalink option. 1082 It would be nice if metalink also supported downloading via metalink 1083 information that is stored in HTTP headers (RFC 6249). Theoretically this could 1084 also be supported with the --metalink option. 1085 1086 See https://tools.ietf.org/html/rfc6249 1087 1088 See also https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00034.html for 1089 an implematation of this in wget. 1090 1091 18.14 --fail without --location should treat 3xx as a failure 1092 1093 To allow a command line like this to detect a redirect and consider it a 1094 failure: 1095 1096 curl -v --fail -O https://example.com/curl-7.48.0.tar.gz 1097 1098 ... --fail must treat 3xx responses as failures too. The least problematic 1099 way to implement this is probably to add that new logic in the command line 1100 tool only and not in the underlying CURLOPT_FAILONERROR logic. 1101 1102 18.15 --retry should resume 1103 1104 When --retry is used and curl actually retries transfer, it should use the 1105 already transferred data and do a resumed transfer for the rest (when 1106 possible) so that it doesn't have to transfer the same data again that was 1107 already transferred before the retry. 1108 1109 See https://github.com/curl/curl/issues/1084 1110 1111 18.16 send only part of --data 1112 1113 When the user only wants to send a small piece of the data provided with 1114 --data or --data-binary, like when that data is a huge file, consider a way 1115 to specify that curl should only send a piece of that. One suggested syntax 1116 would be: "--data-binary @largefile.zip!1073741823-2147483647". 1117 1118 See https://github.com/curl/curl/issues/1200 1119 1120 18.17 consider file name from the redirected URL with -O ? 1121 1122 When a user gives a URL and uses -O, and curl follows a redirect to a new 1123 URL, the file name is not extracted and used from the newly redirected-to URL 1124 even if the new URL may have a much more sensible file name. 1125 1126 This is clearly documented and helps for security since there's no surprise 1127 to users which file name that might get overwritten. But maybe a new option 1128 could allow for this or maybe -J should imply such a treatment as well as -J 1129 already allows for the server to decide what file name to use so it already 1130 provides the "may overwrite any file" risk. 1131 1132 This is extra tricky if the original URL has no file name part at all since 1133 then the current code path will error out with an error message, and we can't 1134 *know* already at that point if curl will be redirected to a URL that has a 1135 file name... 1136 1137 See https://github.com/curl/curl/issues/1241 1138 1139 18.18 retry on network is unreachable 1140 1141 The --retry option retries transfers on "transient failures". We later added 1142 --retry-connrefused to also retry for "connection refused" errors. 1143 1144 Suggestions have been brought to also allow retry on "network is unreachable" 1145 errors and while totally reasonable, maybe we should consider a way to make 1146 this more configurable than to add a new option for every new error people 1147 want to retry for? 1148 1149 https://github.com/curl/curl/issues/1603 1150 1151 18.19 expand ~/ in config files 1152 1153 For example .curlrc could benefit from being able to do this. 1154 1155 See https://github.com/curl/curl/issues/2317 1156 1157 18.20 host name sections in config files 1158 1159 config files would be more powerful if they could set different 1160 configurations depending on used URLs, host name or possibly origin. Then a 1161 default .curlrc could a specific user-agent only when doing requests against 1162 a certain site. 1163 1164 1165 19. Build 1166 1167 19.1 roffit 1168 1169 Consider extending 'roffit' to produce decent ASCII output, and use that 1170 instead of (g)nroff when building src/tool_hugehelp.c 1171 1172 19.2 Enable PIE and RELRO by default 1173 1174 Especially when having programs that execute curl via the command line, PIE 1175 renders the exploitation of memory corruption vulnerabilities a lot more 1176 difficult. This can be attributed to the additional information leaks being 1177 required to conduct a successful attack. RELRO, on the other hand, masks 1178 different binary sections like the GOT as read-only and thus kills a handful 1179 of techniques that come in handy when attackers are able to arbitrarily 1180 overwrite memory. A few tests showed that enabling these features had close 1181 to no impact, neither on the performance nor on the general functionality of 1182 curl. 1183 1184 19.3 cmake test suite improvements 1185 1186 The cmake build doesn't support 'make show' so it doesn't know which tests 1187 are in the makefile or not (making appveyor builds do many false warnings 1188 about it) nor does it support running the test suite if building out-of-tree. 1189 1190 See https://github.com/curl/curl/issues/3109 1191 1192 20. Test suite 1193 1194 20.1 SSL tunnel 1195 1196 Make our own version of stunnel for simple port forwarding to enable HTTPS 1197 and FTP-SSL tests without the stunnel dependency, and it could allow us to 1198 provide test tools built with either OpenSSL or GnuTLS 1199 1200 20.2 nicer lacking perl message 1201 1202 If perl wasn't found by the configure script, don't attempt to run the tests 1203 but explain something nice why it doesn't. 1204 1205 20.3 more protocols supported 1206 1207 Extend the test suite to include more protocols. The telnet could just do FTP 1208 or http operations (for which we have test servers). 1209 1210 20.4 more platforms supported 1211 1212 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove 1213 fork()s and it should become even more portable. 1214 1215 20.5 Add support for concurrent connections 1216 1217 Tests 836, 882 and 938 were designed to verify that separate connections aren't 1218 used when using different login credentials in protocols that shouldn't re-use 1219 a connection under such circumstances. 1220 1221 Unfortunately, ftpserver.pl doesn't appear to support multiple concurrent 1222 connections. The read while() loop seems to loop until it receives a disconnect 1223 from the client, where it then enters the waiting for connections loop. When 1224 the client opens a second connection to the server, the first connection hasn't 1225 been dropped (unless it has been forced - which we shouldn't do in these tests) 1226 and thus the wait for connections loop is never entered to receive the second 1227 connection. 1228 1229 20.6 Use the RFC6265 test suite 1230 1231 A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at 1232 https://github.com/abarth/http-state/tree/master/tests 1233 1234 It'd be really awesome if someone would write a script/setup that would run 1235 curl with that test suite and detect deviances. Ideally, that would even be 1236 incorporated into our regular test suite. 1237 1238 20.7 Support LD_PRELOAD on macOS 1239 1240 LD_RELOAD doesn't work on macOS, but there are tests which require it to run 1241 properly. Look into making the preload support in runtests.pl portable such 1242 that it uses DYLD_INSERT_LIBRARIES on macOS. 1243 1244 21. Next SONAME bump 1245 1246 21.1 http-style HEAD output for FTP 1247 1248 #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers 1249 from being output in NOBODY requests over FTP 1250 1251 21.2 combine error codes 1252 1253 Combine some of the error codes to remove duplicates. The original 1254 numbering should not be changed, and the old identifiers would be 1255 macroed to the new ones in an CURL_NO_OLDIES section to help with 1256 backward compatibility. 1257 1258 Candidates for removal and their replacements: 1259 1260 CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND 1261 1262 CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND 1263 1264 CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR 1265 1266 CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT 1267 1268 CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT 1269 1270 CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL 1271 1272 CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND 1273 1274 CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED 1275 1276 21.3 extend CURLOPT_SOCKOPTFUNCTION prototype 1277 1278 The current prototype only provides 'purpose' that tells what the 1279 connection/socket is for, but not any protocol or similar. It makes it hard 1280 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and 1281 similar. 1282 1283 22. Next major release 1284 1285 22.1 cleanup return codes 1286 1287 curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a 1288 CURLMcode. These should be changed to be the same. 1289 1290 22.2 remove obsolete defines 1291 1292 remove obsolete defines from curl/curl.h 1293 1294 22.3 size_t 1295 1296 make several functions use size_t instead of int in their APIs 1297 1298 22.4 remove several functions 1299 1300 remove the following functions from the public API: 1301 1302 curl_getenv 1303 1304 curl_mprintf (and variations) 1305 1306 curl_strequal 1307 1308 curl_strnequal 1309 1310 They will instead become curlx_ - alternatives. That makes the curl app 1311 still capable of using them, by building with them from source. 1312 1313 These functions have no purpose anymore: 1314 1315 curl_multi_socket 1316 1317 curl_multi_socket_all 1318 1319 22.5 remove CURLOPT_FAILONERROR 1320 1321 Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird 1322 internally. Let the app judge success or not for itself. 1323 1324 22.7 remove progress meter from libcurl 1325 1326 The internally provided progress meter output doesn't belong in the library. 1327 Basically no application wants it (apart from curl) but instead applications 1328 can and should do their own progress meters using the progress callback. 1329 1330 The progress callback should then be bumped as well to get proper 64bit 1331 variable types passed to it instead of doubles so that big files work 1332 correctly. 1333 1334 22.8 remove 'curl_httppost' from public 1335 1336 curl_formadd() was made to fill in a public struct, but the fact that the 1337 struct is public is never really used by application for their own advantage 1338 but instead often restricts how the form functions can or can't be modified. 1339 1340 Changing them to return a private handle will benefit the implementation and 1341 allow us much greater freedoms while still maintaining a solid API and ABI. 1342
