TODO: moved WinSSL/SChannel todo items into docs
This commit is contained in:
Родитель
04f246f8c7
Коммит
4161624e94
172
docs/TODO
172
docs/TODO
|
@ -87,44 +87,49 @@
|
|||
14.1 SSL engine stuff
|
||||
14.2 check connection
|
||||
|
||||
15. SASL
|
||||
15.1 Other authentication mechanisms
|
||||
15.2 Add QOP support to GSSAPI authentication
|
||||
15. WinSSL/SChannel
|
||||
15.1 Add support for client certificate authentication
|
||||
15.2 Add support for custom server certificate validation
|
||||
15.3 Add support for the --ciphers option
|
||||
|
||||
16. Client
|
||||
16.1 sync
|
||||
16.2 glob posts
|
||||
16.3 prevent file overwriting
|
||||
16.4 simultaneous parallel transfers
|
||||
16.5 provide formpost headers
|
||||
16.6 warning when setting an option
|
||||
16. SASL
|
||||
16.1 Other authentication mechanisms
|
||||
16.2 Add QOP support to GSSAPI authentication
|
||||
|
||||
17. Build
|
||||
17.1 roffit
|
||||
17. Client
|
||||
17.1 sync
|
||||
17.2 glob posts
|
||||
17.3 prevent file overwriting
|
||||
17.4 simultaneous parallel transfers
|
||||
17.5 provide formpost headers
|
||||
17.6 warning when setting an option
|
||||
|
||||
18. Test suite
|
||||
18.1 SSL tunnel
|
||||
18.2 nicer lacking perl message
|
||||
18.3 more protocols supported
|
||||
18.4 more platforms supported
|
||||
18.5 Add support for concurrent connections
|
||||
18. Build
|
||||
18.1 roffit
|
||||
|
||||
19. Next SONAME bump
|
||||
19.1 http-style HEAD output for FTP
|
||||
19.2 combine error codes
|
||||
19.3 extend CURLOPT_SOCKOPTFUNCTION prototype
|
||||
19. Test suite
|
||||
19.1 SSL tunnel
|
||||
19.2 nicer lacking perl message
|
||||
19.3 more protocols supported
|
||||
19.4 more platforms supported
|
||||
19.5 Add support for concurrent connections
|
||||
|
||||
20. Next major release
|
||||
20.1 cleanup return codes
|
||||
20.2 remove obsolete defines
|
||||
20.3 size_t
|
||||
20.4 remove several functions
|
||||
20.5 remove CURLOPT_FAILONERROR
|
||||
20.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
|
||||
20.7 remove progress meter from libcurl
|
||||
20.8 remove 'curl_httppost' from public
|
||||
20.9 have form functions use CURL handle argument
|
||||
20.10 Add CURLOPT_MAIL_CLIENT option
|
||||
20. Next SONAME bump
|
||||
20.1 http-style HEAD output for FTP
|
||||
20.2 combine error codes
|
||||
20.3 extend CURLOPT_SOCKOPTFUNCTION prototype
|
||||
|
||||
21. Next major release
|
||||
21.1 cleanup return codes
|
||||
21.2 remove obsolete defines
|
||||
21.3 size_t
|
||||
21.4 remove several functions
|
||||
21.5 remove CURLOPT_FAILONERROR
|
||||
21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
|
||||
21.7 remove progress meter from libcurl
|
||||
21.8 remove 'curl_httppost' from public
|
||||
21.9 have form functions use CURL handle argument
|
||||
21.10 Add CURLOPT_MAIL_CLIENT option
|
||||
|
||||
==============================================================================
|
||||
|
||||
|
@ -490,23 +495,58 @@ Currently the SMB authentication uses NTLMv1.
|
|||
Add a way to check if the connection seems to be alive, to correspond to the
|
||||
SSL_peak() way we use with OpenSSL.
|
||||
|
||||
15. SASL
|
||||
15. WinSSL/SChannel
|
||||
|
||||
15.1 Other authentication mechanisms
|
||||
15.1 Add support for client certificate authentication
|
||||
|
||||
WinSSL/SChannel currently makes use of the OS-level system and user
|
||||
certificate and private key stores. This does not allow the application
|
||||
or the user to supply a custom client certificate using curl or libcurl.
|
||||
|
||||
Therefore support for the existing -E/--cert and --key options should be
|
||||
implemented by supplying a custom certificate to the SChannel APIs, see:
|
||||
- Getting a Certificate for Schannel
|
||||
http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
|
||||
|
||||
15.2 Add support for custom server certificate validation
|
||||
|
||||
WinSSL/SChannel currently makes use of the OS-level system and user
|
||||
certificate trust store. This does not allow the application or user to
|
||||
customize the server certificate validation process using curl or libcurl.
|
||||
|
||||
Therefore support for the existing --cacert or --capath options should be
|
||||
implemented by supplying a custom certificate to the SChannel APIs, see:
|
||||
- Getting a Certificate for Schannel
|
||||
http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
|
||||
|
||||
15.3 Add support for the --ciphers option
|
||||
|
||||
The cipher suites used by WinSSL/SChannel are configured on an OS-level
|
||||
instead of an application-level. This does not allow the application or
|
||||
the user to customize the configured cipher suites using curl or libcurl.
|
||||
|
||||
Therefore support for the existing --ciphers option should be implemented
|
||||
by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see
|
||||
- Specifying Schannel Ciphers and Cipher Strengths
|
||||
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
|
||||
|
||||
16. SASL
|
||||
|
||||
16.1 Other authentication mechanisms
|
||||
|
||||
Add support for other authentication mechanisms such as OLP,
|
||||
GSS-SPNEGO and others.
|
||||
|
||||
15.2 Add QOP support to GSSAPI authentication
|
||||
16.2 Add QOP support to GSSAPI authentication
|
||||
|
||||
Currently the GSSAPI authentication only supports the default QOP of auth
|
||||
(Authentication), whilst Kerberos V5 supports both auth-int (Authentication
|
||||
with integrity protection) and auth-conf (Authentication with integrity and
|
||||
privacy protection).
|
||||
|
||||
16. Client
|
||||
17. Client
|
||||
|
||||
16.1 sync
|
||||
17.1 sync
|
||||
|
||||
"curl --sync http://example.com/feed[1-100].rss" or
|
||||
"curl --sync http://example.net/{index,calendar,history}.html"
|
||||
|
@ -515,12 +555,12 @@ Currently the SMB authentication uses NTLMv1.
|
|||
remote file is newer than the local file. A Last-Modified HTTP date header
|
||||
should also be used to set the mod date on the downloaded file.
|
||||
|
||||
16.2 glob posts
|
||||
17.2 glob posts
|
||||
|
||||
Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
|
||||
This is easily scripted though.
|
||||
|
||||
16.3 prevent file overwriting
|
||||
17.3 prevent file overwriting
|
||||
|
||||
Add an option that prevents cURL from overwriting existing local files. When
|
||||
used, and there already is an existing file with the target file name
|
||||
|
@ -528,14 +568,14 @@ Currently the SMB authentication uses NTLMv1.
|
|||
existing). So that index.html becomes first index.html.1 and then
|
||||
index.html.2 etc.
|
||||
|
||||
16.4 simultaneous parallel transfers
|
||||
17.4 simultaneous parallel transfers
|
||||
|
||||
The client could be told to use maximum N simultaneous parallel transfers and
|
||||
then just make sure that happens. It should of course not make more than one
|
||||
connection to the same remote host. This would require the client to use the
|
||||
multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
|
||||
|
||||
16.5 provide formpost headers
|
||||
17.5 provide formpost headers
|
||||
|
||||
Extending the capabilities of the multipart formposting. How about leaving
|
||||
the ';type=foo' syntax as it is and adding an extra tag (headers) which
|
||||
|
@ -549,43 +589,43 @@ Currently the SMB authentication uses NTLMv1.
|
|||
which should overwrite the program reasonable defaults (plain/text,
|
||||
8bit...)
|
||||
|
||||
16.6 warning when setting an option
|
||||
17.6 warning when setting an option
|
||||
|
||||
Display a warning when libcurl returns an error when setting an option.
|
||||
This can be useful to tell when support for a particular feature hasn't been
|
||||
compiled into the library.
|
||||
|
||||
17. Build
|
||||
18. Build
|
||||
|
||||
17.1 roffit
|
||||
18.1 roffit
|
||||
|
||||
Consider extending 'roffit' to produce decent ASCII output, and use that
|
||||
instead of (g)nroff when building src/tool_hugehelp.c
|
||||
|
||||
18. Test suite
|
||||
19. Test suite
|
||||
|
||||
18.1 SSL tunnel
|
||||
19.1 SSL tunnel
|
||||
|
||||
Make our own version of stunnel for simple port forwarding to enable HTTPS
|
||||
and FTP-SSL tests without the stunnel dependency, and it could allow us to
|
||||
provide test tools built with either OpenSSL or GnuTLS
|
||||
|
||||
18.2 nicer lacking perl message
|
||||
19.2 nicer lacking perl message
|
||||
|
||||
If perl wasn't found by the configure script, don't attempt to run the tests
|
||||
but explain something nice why it doesn't.
|
||||
|
||||
18.3 more protocols supported
|
||||
19.3 more protocols supported
|
||||
|
||||
Extend the test suite to include more protocols. The telnet could just do FTP
|
||||
or http operations (for which we have test servers).
|
||||
|
||||
18.4 more platforms supported
|
||||
19.4 more platforms supported
|
||||
|
||||
Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
|
||||
fork()s and it should become even more portable.
|
||||
|
||||
18.5 Add support for concurrent connections
|
||||
19.5 Add support for concurrent connections
|
||||
|
||||
Tests 836, 882 and 938 were designed to verify that separate connections aren't
|
||||
used when using different login credentials in protocols that shouldn't re-use
|
||||
|
@ -599,14 +639,14 @@ Currently the SMB authentication uses NTLMv1.
|
|||
and thus the wait for connections loop is never entered to receive the second
|
||||
connection.
|
||||
|
||||
19. Next SONAME bump
|
||||
20. Next SONAME bump
|
||||
|
||||
19.1 http-style HEAD output for FTP
|
||||
20.1 http-style HEAD output for FTP
|
||||
|
||||
#undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
|
||||
from being output in NOBODY requests over FTP
|
||||
|
||||
19.2 combine error codes
|
||||
20.2 combine error codes
|
||||
|
||||
Combine some of the error codes to remove duplicates. The original
|
||||
numbering should not be changed, and the old identifiers would be
|
||||
|
@ -631,29 +671,29 @@ Currently the SMB authentication uses NTLMv1.
|
|||
|
||||
CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED
|
||||
|
||||
19.3 extend CURLOPT_SOCKOPTFUNCTION prototype
|
||||
20.3 extend CURLOPT_SOCKOPTFUNCTION prototype
|
||||
|
||||
The current prototype only provides 'purpose' that tells what the
|
||||
connection/socket is for, but not any protocol or similar. It makes it hard
|
||||
for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
|
||||
similar.
|
||||
|
||||
20. Next major release
|
||||
21. Next major release
|
||||
|
||||
20.1 cleanup return codes
|
||||
21.1 cleanup return codes
|
||||
|
||||
curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
|
||||
CURLMcode. These should be changed to be the same.
|
||||
|
||||
20.2 remove obsolete defines
|
||||
21.2 remove obsolete defines
|
||||
|
||||
remove obsolete defines from curl/curl.h
|
||||
|
||||
20.3 size_t
|
||||
21.3 size_t
|
||||
|
||||
make several functions use size_t instead of int in their APIs
|
||||
|
||||
20.4 remove several functions
|
||||
21.4 remove several functions
|
||||
|
||||
remove the following functions from the public API:
|
||||
|
||||
|
@ -674,18 +714,18 @@ Currently the SMB authentication uses NTLMv1.
|
|||
|
||||
curl_multi_socket_all
|
||||
|
||||
20.5 remove CURLOPT_FAILONERROR
|
||||
21.5 remove CURLOPT_FAILONERROR
|
||||
|
||||
Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
|
||||
internally. Let the app judge success or not for itself.
|
||||
|
||||
20.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
|
||||
21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
|
||||
|
||||
Remove support for a global DNS cache. Anything global is silly, and we
|
||||
already offer the share interface for the same functionality but done
|
||||
"right".
|
||||
|
||||
20.7 remove progress meter from libcurl
|
||||
21.7 remove progress meter from libcurl
|
||||
|
||||
The internally provided progress meter output doesn't belong in the library.
|
||||
Basically no application wants it (apart from curl) but instead applications
|
||||
|
@ -695,7 +735,7 @@ Currently the SMB authentication uses NTLMv1.
|
|||
variable types passed to it instead of doubles so that big files work
|
||||
correctly.
|
||||
|
||||
20.8 remove 'curl_httppost' from public
|
||||
21.8 remove 'curl_httppost' from public
|
||||
|
||||
curl_formadd() was made to fill in a public struct, but the fact that the
|
||||
struct is public is never really used by application for their own advantage
|
||||
|
@ -704,7 +744,7 @@ Currently the SMB authentication uses NTLMv1.
|
|||
Changing them to return a private handle will benefit the implementation and
|
||||
allow us much greater freedoms while still maintaining a solid API and ABI.
|
||||
|
||||
20.9 have form functions use CURL handle argument
|
||||
21.9 have form functions use CURL handle argument
|
||||
|
||||
curl_formadd() and curl_formget() both currently have no CURL handle
|
||||
argument, but both can use a callback that is set in the easy handle, and
|
||||
|
@ -712,7 +752,7 @@ Currently the SMB authentication uses NTLMv1.
|
|||
curl_easy_perform() (or similar) called - which is hard to grasp and a design
|
||||
mistake.
|
||||
|
||||
20.10 Add CURLOPT_MAIL_CLIENT option
|
||||
21.10 Add CURLOPT_MAIL_CLIENT option
|
||||
|
||||
Rather than use the URL to specify the mail client string to present in the
|
||||
HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
|
||||
|
|
|
@ -38,19 +38,6 @@
|
|||
* Thanks for code and inspiration!
|
||||
*/
|
||||
|
||||
/*
|
||||
* TODO list for TLS/SSL implementation:
|
||||
* - implement client certificate authentication
|
||||
* - implement custom server certificate validation
|
||||
* - implement cipher/algorithm option
|
||||
*
|
||||
* Related articles on MSDN:
|
||||
* - Getting a Certificate for Schannel
|
||||
* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
|
||||
* - Specifying Schannel Ciphers and Cipher Strengths
|
||||
* http://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
|
||||
*/
|
||||
|
||||
#include "curl_setup.h"
|
||||
|
||||
#ifdef USE_SCHANNEL
|
||||
|
|
Загрузка…
Ссылка в новой задаче