xref: /curl/docs/TODO (revision ec68fb5a) 
1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                Things that could be nice to do in the future
8
9 Things to do in project curl. Please tell us what you think, contribute and
10 send us patches that improve things.
11
12 Be aware that these are things that we could do, or have once been considered
13 things we could do. If you want to work on any of these areas, please
14 consider bringing it up for discussions first on the mailing list so that we
15 all agree it is still a good idea for the project.
16
17 All bugs documented in the KNOWN_BUGS document are subject for fixing.
18
19 1. libcurl
20 1.1 TFO support on Windows
21 1.2 Consult %APPDATA% also for .netrc
22 1.3 struct lifreq
23 1.4 alt-svc sharing
24 1.5 get rid of PATH_MAX
25 1.6 thread-safe sharing
26 1.8 CURLOPT_RESOLVE for any port number
27 1.9 Cache negative name resolves
28 1.10 auto-detect proxy
29 1.11 minimize dependencies with dynamically loaded modules
30 1.12 updated DNS server while running
31 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION
32 1.14 connect to multiple IPs in parallel
33 1.15 Monitor connections in the connection pool
34 1.16 Try to URL encode given URL
35 1.17 Add support for IRIs
36 1.18 try next proxy if one does not work
37 1.19 provide timing info for each redirect
38 1.20 SRV and URI DNS records
39 1.21 netrc caching and sharing
40 1.22 CURLINFO_PAUSE_STATE
41 1.23 Offer API to flush the connection pool
42 1.25 Expose tried IP addresses that failed
43 1.28 FD_CLOEXEC
44 1.29 WebSocket read callback
45 1.30 config file parsing
46 1.31 erase secrets from heap/stack after use
47 1.32 add asynch getaddrinfo support
48 1.33 make DoH inherit more transfer properties
49
50 2. libcurl - multi interface
51 2.1 More non-blocking
52 2.2 Better support for same name resolves
53 2.3 Non-blocking curl_multi_remove_handle()
54 2.4 Split connect and authentication process
55 2.5 Edge-triggered sockets should work
56 2.6 multi upkeep
57 2.7 Virtual external sockets
58 2.8 dynamically decide to use socketpair
59
60 3. Documentation
61 3.1 Improve documentation about fork safety
62
63 4. FTP
64 4.1 HOST
65 4.4 Support CURLOPT_PREQUOTE for directories listings
66 4.6 GSSAPI via Windows SSPI
67 4.7 STAT for LIST without data connection
68 4.8 Passive transfer could try other IP addresses
69
70 5. HTTP
71 5.1 Provide the error body from a CONNECT response
72 5.2 Obey Retry-After in redirects
73 5.3 Rearrange request header order
74 5.4 Allow SAN names in HTTP/2 server push
75 5.5 auth= in URLs
76 5.6 alt-svc should fallback if alt-svc does not work
77 5.7 Require HTTP version X or higher
78
79 6. TELNET
80 6.1 ditch stdin
81 6.2 ditch telnet-specific select
82 6.3 feature negotiation debug data
83 6.4 exit immediately upon connection if stdin is /dev/null
84
85 7. SMTP
86 7.1 Passing NOTIFY option to CURLOPT_MAIL_RCPT
87 7.2 Enhanced capability support
88 7.3 Add CURLOPT_MAIL_CLIENT option
89
90 8. POP3
91 8.2 Enhanced capability support
92
93 9. IMAP
94 9.1 Enhanced capability support
95 9.2 upload unread
96
97 10. LDAP
98 10.1 SASL based authentication mechanisms
99 10.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS
100 10.3 Paged searches on LDAP server
101 10.4 Certificate-Based Authentication
102
103 11. SMB
104 11.1 File listing support
105 11.2 Honor file timestamps
106 11.3 Use NTLMv2
107 11.4 Create remote directories
108
109 12. FILE
110 12.1 Directory listing on non-POSIX
111
112 13. TLS
113 13.1 TLS-PSK with OpenSSL
114 13.2 TLS channel binding
115 13.3 Defeat TLS fingerprinting
116 13.5 Export session ids
117 13.6 Provide callback for cert verification
118 13.7 Less memory massaging with Schannel
119 13.8 Support DANE
120 13.9 TLS record padding
121 13.10 Support Authority Information Access certificate extension (AIA)
122 13.11 Some TLS options are not offered for HTTPS proxies
123 13.13 Make sure we forbid TLS 1.3 post-handshake authentication
124 13.14 Support the clienthello extension
125 13.15 Select signature algorithms
126 13.16 Share the CA cache
127 13.17 Add missing features to TLS backends
128
129 15. Schannel
130 15.1 Extend support for client certificate authentication
131 15.2 Extend support for the --ciphers option
132 15.4 Add option to allow abrupt server closure
133
134 16. SASL
135 16.1 Other authentication mechanisms
136 16.2 Add QOP support to GSSAPI authentication
137
138 17. SSH protocols
139 17.1 Multiplexing
140 17.2 Handle growing SFTP files
141 17.3 Read keys from ~/.ssh/id_ecdsa, id_ed25519
142 17.4 Support CURLOPT_PREQUOTE
143 17.5 SSH over HTTPS proxy with more backends
144 17.6 SFTP with SCP://
145
146 18. Command line tool
147 18.1 sync
148 18.2 glob posts
149 18.4 --proxycommand
150 18.5 UTF-8 filenames in Content-Disposition
151 18.6 Option to make -Z merge lined based outputs on stdout
152 18.7 specify which response codes that make -f/--fail return error
153 18.9 Choose the name of file in braces for complex URLs
154 18.10 improve how curl works in a Windows console window
155 18.11 Windows: set attribute 'archive' for completed downloads
156 18.12 keep running, read instructions from pipe/socket
157 18.13 Acknowledge Ratelimit headers
158 18.14 --dry-run
159 18.15 --retry should resume
160 18.16 send only part of --data
161 18.17 consider filename from the redirected URL with -O ?
162 18.18 retry on network is unreachable
163 18.19 expand ~/ in config files
164 18.20 hostname sections in config files
165 18.21 retry on the redirected-to URL
166 18.23 Set the modification date on an uploaded file
167 18.24 Use multiple parallel transfers for a single download
168 18.25 Prevent terminal injection when writing to terminal
169 18.26 Custom progress meter update interval
170 18.27 -J and -O with %-encoded filenames
171 18.28 -J with -C -
172 18.29 --retry and transfer timeouts
173
174 19. Build
175 19.2 Enable PIE and RELRO by default
176 19.3 Do not use GNU libtool on OpenBSD
177 19.4 Package curl for Windows in a signed installer
178 19.5 make configure use --cache-file more and better
179
180 20. Test suite
181 20.1 SSL tunnel
182 20.2 nicer lacking perl message
183 20.3 more protocols supported
184 20.4 more platforms supported
185 20.6 Use the RFC 6265 test suite
186 20.8 Run web-platform-tests URL tests
187
188 21. MQTT
189 21.1 Support rate-limiting
190 21.2 Support MQTTS
191 21.3 Handle network blocks
192
193 22. TFTP
194 22.1 TFTP does not convert LF to CRLF for mode=netascii
195
196 23. Gopher
197 23.1 Handle network blocks
198
199==============================================================================
200
2011. libcurl
202
2031.1 TFO support on Windows
204
205 libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and
206 macOS. Windows supports TCP Fast Open starting with Windows 10, version 1607
207 and we should add support for it.
208
209 TCP Fast Open is supported on several platforms but not on Windows. Work on
210 this was once started but never finished.
211
212 See https://github.com/curl/curl/pull/3378
213
2141.2 Consult %APPDATA% also for .netrc
215
216 %APPDATA%\.netrc is not considered when running on Windows. should not it?
217
218 See https://github.com/curl/curl/issues/4016
219
2201.3 struct lifreq
221
222 Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
223 SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete.
224 To support IPv6 interface addresses for network interfaces properly.
225
2261.4 alt-svc sharing
227
228 The share interface could benefit from allowing the alt-svc cache to be
229 possible to share between easy handles.
230
231 See https://github.com/curl/curl/issues/4476
232
233 The share interface offers CURL_LOCK_DATA_CONNECT to have multiple easy
234 handle share a connection cache, but due to how connections are used they are
235 still not thread-safe when used shared.
236
237 See https://github.com/curl/curl/issues/4915 and lib1541.c
238
239 The share interface offers CURL_LOCK_DATA_HSTS to have multiple easy handle
240 share a HSTS cache, but this is not thread-safe.
241
2421.5 get rid of PATH_MAX
243
244 Having code use and rely on PATH_MAX is not nice:
245 https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html
246
247 Currently the libssh2 SSH based code uses it, but to remove PATH_MAX from
248 there we need libssh2 to properly tell us when we pass in a too small buffer
249 and its current API (as of libssh2 1.2.7) does not.
250
2511.6 thread-safe sharing
252
253 Using the share interface users can share some data between easy handles but
254 several of the sharing options are documented as not safe and supported to
255 share between multiple concurrent threads. Fixing this would enable more
256 users to share data in more powerful ways.
257
2581.8 CURLOPT_RESOLVE for any port number
259
260 This option allows applications to set a replacement IP address for a given
261 host + port pair. Consider making support for providing a replacement address
262 for the hostname on all port numbers.
263
264 See https://github.com/curl/curl/issues/1264
265
2661.9 Cache negative name resolves
267
268 A name resolve that has failed is likely to fail when made again within a
269 short period of time. Currently we only cache positive responses.
270
2711.10 auto-detect proxy
272
273 libcurl could be made to detect the system proxy setup automatically and use
274 that. On Windows, macOS and Linux desktops for example.
275
276 The pull-request to use libproxy for this was deferred due to doubts on the
277 reliability of the dependency and how to use it:
278 https://github.com/curl/curl/pull/977
279
280 libdetectproxy is a (C++) library for detecting the proxy on Windows
281 https://github.com/paulharris/libdetectproxy
282
2831.11 minimize dependencies with dynamically loaded modules
284
285 We can create a system with loadable modules/plug-ins, where these modules
286 would be the ones that link to 3rd party libs. That would allow us to avoid
287 having to load ALL dependencies since only the necessary ones for this
288 app/invoke/used protocols would be necessary to load. See
289 https://github.com/curl/curl/issues/349
290
2911.12 updated DNS server while running
292
293 If /etc/resolv.conf gets updated while a program using libcurl is running, it
294 is may cause name resolves to fail unless res_init() is called. We should
295 consider calling res_init() + retry once unconditionally on all name resolve
296 failures to mitigate against this. Firefox works like that. Note that Windows
297 does not have res_init() or an alternative.
298
299 https://github.com/curl/curl/issues/2251
300
3011.13 c-ares and CURLOPT_OPENSOCKETFUNCTION
302
303 curl creates most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and
304 close them with the CURLOPT_CLOSESOCKETFUNCTION callback. However, c-ares
305 does not use those functions and instead opens and closes the sockets itself.
306 This means that when curl passes the c-ares socket to the
307 CURLMOPT_SOCKETFUNCTION it is not owned by the application like other
308 sockets.
309
310 See https://github.com/curl/curl/issues/2734
311
3121.14 connect to multiple IPs in parallel
313
314 curl currently implements the happy eyeball algorithm for connecting to the
315 IPv4 and IPv6 alternatives for a host in parallel, sticking with the
316 connection that "wins". We could implement a similar algorithm per individual
317 IP family as well when there are multiple available addresses: start with the
318 first address, then start a second attempt N milliseconds after and then a
319 third another N milliseconds later. That way there would be less waiting when
320 the first IP has problems. It also improves the connection timeout value
321 handling for multiple address situations.
322
3231.15 Monitor connections in the connection pool
324
325 libcurl's connection cache or pool holds a number of open connections for the
326 purpose of possible subsequent connection reuse. It may contain a few up to a
327 significant amount of connections. Currently, libcurl leaves all connections
328 as they are and first when a connection is iterated over for matching or
329 reuse purpose it is verified that it is still alive.
330
331 Those connections may get closed by the server side for idleness or they may
332 get an HTTP/2 ping from the peer to verify that they are still alive. By
333 adding monitoring of the connections while in the pool, libcurl can detect
334 dead connections (and close them) better and earlier, and it can handle
335 HTTP/2 pings to keep such ones alive even when not actively doing transfers
336 on them.
337
3381.16 Try to URL encode given URL
339
340 Given a URL that for example contains spaces, libcurl could have an option
341 that would try somewhat harder than it does now and convert spaces to %20 and
342 perhaps URL encoded byte values over 128 etc (basically do what the redirect
343 following code already does).
344
345 https://github.com/curl/curl/issues/514
346
3471.17 Add support for IRIs
348
349 IRIs (RFC 3987) allow localized, non-ASCII, names in the URL. To properly
350 support this, curl/libcurl would need to translate/encode the given input
351 from the input string encoding into percent encoded output "over the wire".
352
353 To make that work smoothly for curl users even on Windows, curl would
354 probably need to be able to convert from several input encodings.
355
3561.18 try next proxy if one does not work
357
358 Allow an application to specify a list of proxies to try, and failing to
359 connect to the first go on and try the next instead until the list is
360 exhausted. Browsers support this feature at least when they specify proxies
361 using PACs.
362
363 https://github.com/curl/curl/issues/896
364
3651.19 provide timing info for each redirect
366
367 curl and libcurl provide timing information via a set of different
368 time-stamps (CURLINFO_*_TIME). When curl is following redirects, those
369 returned time value are the accumulated sums. An improvement could be to
370 offer separate timings for each redirect.
371
372 https://github.com/curl/curl/issues/6743
373
3741.20 SRV and URI DNS records
375
376 Offer support for resolving SRV and URI DNS records for libcurl to know which
377 server to connect to for various protocols (including HTTP).
378
3791.21 netrc caching and sharing
380
381 The netrc file is read and parsed each time a connection is setup, which
382 means that if a transfer needs multiple connections for authentication or
383 redirects, the file might be reread (and parsed) multiple times. This makes
384 it impossible to provide the file as a pipe.
385
3861.22 CURLINFO_PAUSE_STATE
387
388 Return information about the transfer's current pause state, in both
389 directions. https://github.com/curl/curl/issues/2588
390
3911.23 Offer API to flush the connection pool
392
393 Sometimes applications want to flush all the existing connections kept alive.
394 An API could allow a forced flush or just a forced loop that would properly
395 close all connections that have been closed by the server already.
396
3971.25 Expose tried IP addresses that failed
398
399 When libcurl fails to connect to a host, it could offer the application the
400 addresses that were used in the attempt. Source + dest IP, source + dest port
401 and protocol (UDP or TCP) for each failure. Possibly as a callback. Perhaps
402 also provide "reason".
403
404 https://github.com/curl/curl/issues/2126
405
4061.28 FD_CLOEXEC
407
408 It sets the close-on-exec flag for the file descriptor, which causes the file
409 descriptor to be automatically (and atomically) closed when any of the
410 exec-family functions succeed. Should probably be set by default?
411
412 https://github.com/curl/curl/issues/2252
413
4141.29 WebSocket read callback
415
416 Call the read callback once the connection is established to allow sending
417 the first message in the connection.
418
419 https://github.com/curl/curl/issues/11402
420
4211.30 config file parsing
422
423 Consider providing an API, possibly in a separate companion library, for
424 parsing a config file like curl's -K/--config option to allow applications to
425 get the same ability to read curl options from files.
426
427 See https://github.com/curl/curl/issues/3698
428
4291.31 erase secrets from heap/stack after use
430
431 Introducing a concept and system to erase secrets from memory after use, it
432 could help mitigate and lessen the impact of (future) security problems etc.
433 However: most secrets are passed to libcurl as clear text from the
434 application and then clearing them within the library adds nothing...
435
436 https://github.com/curl/curl/issues/7268
437
4381.32 add asynch getaddrinfo support
439
440 Use getaddrinfo_a() to provide an asynch name resolver backend to libcurl
441 that does not use threads and does not depend on c-ares. The getaddrinfo_a
442 function is (probably?) glibc specific but that is a widely used libc among
443 our users.
444
445 https://github.com/curl/curl/pull/6746
446
4471.33 make DoH inherit more transfer properties
448
449 Some options are not inherited because they are not relevant for the DoH SSL
450 connections, or inheriting the option may result in unexpected behavior. For
451 example the user's debug function callback is not inherited because it would
452 be unexpected for internal handles (ie DoH handles) to be passed to that
453 callback.
454
455 If an option is not inherited then it is not possible to set it separately
456 for DoH without a DoH-specific option. For example:
457 CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and
458 CURLOPT_DOH_SSL_VERIFYSTATUS.
459
460 See https://github.com/curl/curl/issues/6605
461
4622. libcurl - multi interface
463
4642.1 More non-blocking
465
466 Make sure we do not ever loop because of non-blocking sockets returning
467 EWOULDBLOCK or similar. Blocking cases include:
468
469 - Name resolves on non-Windows unless c-ares or the threaded resolver is used.
470
471 - The threaded resolver may block on cleanup:
472 https://github.com/curl/curl/issues/4852
473
474 - file:// transfers
475
476 - TELNET transfers
477
478 - GSSAPI authentication for FTP transfers
479
480 - The "DONE" operation (post transfer protocol-specific actions) for the
481 protocols SFTP, SMTP, FTP. Fixing multi_done() for this is a worthy task.
482
483 - curl_multi_remove_handle for any of the above. See section 2.3.
484
485 - Calling curl_ws_send() from a callback
486
4872.2 Better support for same name resolves
488
489 If a name resolve has been initiated for name NN and a second easy handle
490 wants to resolve that name as well, make it wait for the first resolve to end
491 up in the cache instead of doing a second separate resolve. This is
492 especially needed when adding many simultaneous handles using the same host
493 name when the DNS resolver can get flooded.
494
4952.3 Non-blocking curl_multi_remove_handle()
496
497 The multi interface has a few API calls that assume a blocking behavior, like
498 add_handle() and remove_handle() which limits what we can do internally. The
499 multi API need to be moved even more into a single function that "drives"
500 everything in a non-blocking manner and signals when something is done. A
501 remove or add would then only ask for the action to get started and then
502 multi_perform() etc still be called until the add/remove is completed.
503
5042.4 Split connect and authentication process
505
506 The multi interface treats the authentication process as part of the connect
507 phase. As such any failures during authentication does not trigger the
508 relevant QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP.
509
5102.5 Edge-triggered sockets should work
511
512 The multi_socket API should work with edge-triggered socket events. One of
513 the internal actions that need to be improved for this to work perfectly is
514 the 'maxloops' handling in transfer.c:readwrite_data().
515
5162.6 multi upkeep
517
518 In libcurl 7.62.0 we introduced curl_easy_upkeep. It unfortunately only works
519 on easy handles. We should introduces a version of that for the multi handle,
520 and also consider doing "upkeep" automatically on connections in the
521 connection pool when the multi handle is in used.
522
523 See https://github.com/curl/curl/issues/3199
524
5252.7 Virtual external sockets
526
527 libcurl performs operations on the given file descriptor that presumes it is
528 a socket and an application cannot replace them at the moment. Allowing an
529 application to fully replace those would allow a larger degree of freedom and
530 flexibility.
531
532 See https://github.com/curl/curl/issues/5835
533
5342.8 dynamically decide to use socketpair
535
536 For users who do not use curl_multi_wait() or do not care for
537 curl_multi_wakeup(), we could introduce a way to make libcurl NOT
538 create a socketpair in the multi handle.
539
540 See https://github.com/curl/curl/issues/4829
541
5423. Documentation
543
5443.1 Improve documentation about fork safety
545
546 See https://github.com/curl/curl/issues/6968
547
5484. FTP
549
5504.1 HOST
551
552 HOST is a command for a client to tell which hostname to use, to offer FTP
553 servers named-based virtual hosting:
554
555 https://datatracker.ietf.org/doc/html/rfc7151
556
5574.4 Support CURLOPT_PREQUOTE for directions listings
558
559 The lack of support is mostly an oversight and requires the FTP state machine
560 to get updated to get fixed.
561
562 https://github.com/curl/curl/issues/8602
563
5644.6 GSSAPI via Windows SSPI
565
566 In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5)
567 via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add
568 support for GSSAPI authentication via Windows SSPI.
569
5704.7 STAT for LIST without data connection
571
572 Some FTP servers allow STAT for listing directories instead of using LIST,
573 and the response is then sent over the control connection instead of as the
574 otherwise usedw data connection: https://www.nsftools.com/tips/RawFTP.htm#STAT
575
576 This is not detailed in any FTP specification.
577
5784.8 Passive transfer could try other IP addresses
579
580 When doing FTP operations through a proxy at localhost, the reported spotted
581 that curl only tried to connect once to the proxy, while it had multiple
582 addresses and a failed connect on one address should make it try the next.
583
584 After switching to passive mode (EPSV), curl could try all IP addresses for
585 "localhost". Currently it tries ::1, but it should also try 127.0.0.1.
586
587 See https://github.com/curl/curl/issues/1508
588
5895. HTTP
590
5915.1 Provide the error body from a CONNECT response
592
593 When curl receives a body response from a CONNECT request to a proxy, it
594 always just reads and ignores it. It would make some users happy if curl
595 instead optionally would be able to make that responsible available. Via a
596 new callback? Through some other means?
597
598 See https://github.com/curl/curl/issues/9513
599
6005.2 Obey Retry-After in redirects
601
602 The Retry-After is said to dicate "the minimum time that the user agent is
603 asked to wait before issuing the redirected request" and libcurl does not
604 obey this.
605
606 See https://github.com/curl/curl/issues/11447
607
6085.3 Rearrange request header order
609
610 Server implementers often make an effort to detect browser and to reject
611 clients it can detect to not match. One of the last details we cannot yet
612 control in libcurl's HTTP requests, which also can be exploited to detect
613 that libcurl is in fact used even when it tries to impersonate a browser, is
614 the order of the request headers. I propose that we introduce a new option in
615 which you give headers a value, and then when the HTTP request is built it
616 sorts the headers based on that number. We could then have internally created
617 headers use a default value so only headers that need to be moved have to be
618 specified.
619
6205.4 Allow SAN names in HTTP/2 server push
621
622 curl only allows HTTP/2 push promise if the provided :authority header value
623 exactly matches the hostname given in the URL. It could be extended to allow
624 any name that would match the Subject Alternative Names in the server's TLS
625 certificate.
626
627 See https://github.com/curl/curl/pull/3581
628
6295.5 auth= in URLs
630
631 Add the ability to specify the preferred authentication mechanism to use by
632 using ;auth=<mech> in the login part of the URL.
633
634 For example:
635
636 http://test:pass;auth=NTLM@example.com would be equivalent to specifying
637 --user test:pass;auth=NTLM or --user test:pass --ntlm from the command line.
638
639 Additionally this should be implemented for proxy base URLs as well.
640
6415.6 alt-svc should fallback if alt-svc does not work
642
643 The alt-svc: header provides a set of alternative services for curl to use
644 instead of the original. If the first attempted one fails, it should try the
645 next etc and if all alternatives fail go back to the original.
646
647 See https://github.com/curl/curl/issues/4908
648
6495.7 Require HTTP version X or higher
650
651 curl and libcurl provide options for trying higher HTTP versions (for example
652 HTTP/2) but then still allows the server to pick version 1.1. We could
653 consider adding a way to require a minimum version.
654
655 See https://github.com/curl/curl/issues/7980
656
6576. TELNET
658
6596.1 ditch stdin
660
661 Reading input (to send to the remote server) on stdin is a crappy solution
662 for library purposes. We need to invent a good way for the application to be
663 able to provide the data to send.
664
6656.2 ditch telnet-specific select
666
667 Move the telnet support's network select() loop go away and merge the code
668 into the main transfer loop. Until this is done, the multi interface does not
669 work for telnet.
670
6716.3 feature negotiation debug data
672
673 Add telnet feature negotiation data to the debug callback as header data.
674
6756.4 exit immediately upon connection if stdin is /dev/null
676
677 If it did, curl could be used to probe if there is an server there listening
678 on a specific port. That is, the following command would exit immediately
679 after the connection is established with exit code 0:
680
681    curl -s --connect-timeout 2 telnet://example.com:80 </dev/null
682
6837. SMTP
684
6857.1 Passing NOTIFY option to CURLOPT_MAIL_RCPT
686
687 Is there a way to pass the NOTIFY option to the CURLOPT_MAIL_RCPT option ?  I
688 set a string that already contains a bracket. For instance something like
689 that: curl_slist_append( recipients, "<foo@bar> NOTIFY=SUCCESS,FAILURE" );
690
691 https://github.com/curl/curl/issues/8232
692
6937.2 Enhanced capability support
694
695 Add the ability, for an application that uses libcurl, to obtain the list of
696 capabilities returned from the EHLO command.
697
6987.3 Add CURLOPT_MAIL_CLIENT option
699
700 Rather than use the URL to specify the mail client string to present in the
701 HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
702 specifying this data as the URL is non-standard and to be honest a bit of a
703 hack ;-)
704
705 Please see the following thread for more information:
706 https://curl.se/mail/lib-2012-05/0178.html
707
708
7098. POP3
710
7118.2 Enhanced capability support
712
713 Add the ability, for an application that uses libcurl, to obtain the list of
714 capabilities returned from the CAPA command.
715
7169. IMAP
717
7189.1 Enhanced capability support
719
720 Add the ability, for an application that uses libcurl, to obtain the list of
721 capabilities returned from the CAPABILITY command.
722
7239.2 upload unread
724
725 Uploads over IMAP currently always set the email as "read" (or "seen"). It
726 would be good to offer a way for users to select for uploads to remain
727 unread.
728
72910. LDAP
730
73110.1 SASL based authentication mechanisms
732
733 Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
734 to an LDAP server. However, this function sends username and password details
735 using the simple authentication mechanism (as clear text). However, it should
736 be possible to use ldap_bind_s() instead specifying the security context
737 information ourselves.
738
73910.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS
740
741 CURLOPT_SSL_CTX_FUNCTION works perfectly for HTTPS and email protocols, but
742 it has no effect for LDAPS connections.
743
744 https://github.com/curl/curl/issues/4108
745
74610.3 Paged searches on LDAP server
747
748 https://github.com/curl/curl/issues/4452
749
75010.4 Certificate-Based Authentication
751
752 LDAPS not possible with macOS and Windows with Certificate-Based Authentication
753
754 https://github.com/curl/curl/issues/9641
755
75611. SMB
757
75811.1 File listing support
759
760 Add support for listing the contents of a SMB share. The output should
761 probably be the same as/similar to FTP.
762
76311.2 Honor file timestamps
764
765 The timestamp of the transferred file should reflect that of the original
766 file.
767
76811.3 Use NTLMv2
769
770 Currently the SMB authentication uses NTLMv1.
771
77211.4 Create remote directories
773
774 Support for creating remote directories when uploading a file to a directory
775 that does not exist on the server, just like --ftp-create-dirs.
776
777
77812. FILE
779
78012.1 Directory listing on non-POSIX
781
782 Listing the contents of a directory accessed with FILE only works on
783 platforms with opendir. Support could be added for more systems, like
784 Windows.
785
78613. TLS
787
78813.1 TLS-PSK with OpenSSL
789
790 Transport Layer Security pre-shared key ciphersuites (TLS-PSK) is a set of
791 cryptographic protocols that provide secure communication based on pre-shared
792 keys (PSKs). These pre-shared keys are symmetric keys shared in advance among
793 the communicating parties.
794
795 https://github.com/curl/curl/issues/5081
796
79713.2 TLS channel binding
798
799 TLS 1.2 and 1.3 provide the ability to extract some secret data from the TLS
800 connection and use it in the client request (usually in some sort of
801 authentication) to ensure that the data sent is bound to the specific TLS
802 connection and cannot be successfully intercepted by a proxy. This
803 functionality can be used in a standard authentication mechanism such as
804 GSS-API or SCRAM, or in custom approaches like custom HTTP Authentication
805 headers.
806
807 For TLS 1.2, the binding type is usually tls-unique, and for TLS 1.3 it is
808 tls-exporter.
809
810 https://datatracker.ietf.org/doc/html/rfc5929
811 https://datatracker.ietf.org/doc/html/rfc9266
812 https://github.com/curl/curl/issues/9226
813
81413.3 Defeat TLS fingerprinting
815
816 By changing the order of TLS extensions provided in the TLS handshake, it is
817 sometimes possible to circumvent TLS fingerprinting by servers. The TLS
818 extension order is of course not the only way to fingerprint a client.
819
82013.5 Export session ids
821
822 Add an interface to libcurl that enables "session IDs" to get
823 exported/imported. Cris Bailiff said: "OpenSSL has functions which can
824 serialise the current SSL state to a buffer of your choice, and recover/reset
825 the state from such a buffer at a later date - this is used by mod_ssl for
826 apache to implement and SSL session ID cache".
827
82813.6 Provide callback for cert verification
829
830 OpenSSL supports a callback for customised verification of the peer
831 certificate, but this does not seem to be exposed in the libcurl APIs. Could
832 it be? There is so much that could be done if it were.
833
83413.7 Less memory massaging with Schannel
835
836 The Schannel backend does a lot of custom memory management we would rather
837 avoid: the repeated alloc + free in sends and the custom memory + realloc
838 system for encrypted and decrypted data. That should be avoided and reduced
839 for 1) efficiency and 2) safety.
840
84113.8 Support DANE
842
843 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
844 keys and certs over DNS using DNSSEC as an alternative to the CA model.
845 https://www.rfc-editor.org/rfc/rfc6698.txt
846
847 An initial patch was posted by Suresh Krishnaswamy on March 7th 2013
848 (https://curl.se/mail/lib-2013-03/0075.html) but it was a too simple
849 approach. See Daniel's comments:
850 https://curl.se/mail/lib-2013-03/0103.html . libunbound may be the
851 correct library to base this development on.
852
853 Björn Stenberg wrote a separate initial take on DANE that was never
854 completed.
855
85613.9 TLS record padding
857
858 TLS (1.3) offers optional record padding and OpenSSL provides an API for it.
859 I could make sense for libcurl to offer this ability to applications to make
860 traffic patterns harder to figure out by network traffic observers.
861
862 See https://github.com/curl/curl/issues/5398
863
86413.10 Support Authority Information Access certificate extension (AIA)
865
866 AIA can provide various things like CRLs but more importantly information
867 about intermediate CA certificates that can allow validation path to be
868 fulfilled when the HTTPS server does not itself provide them.
869
870 Since AIA is about downloading certs on demand to complete a TLS handshake,
871 it is probably a bit tricky to get done right.
872
873 See https://github.com/curl/curl/issues/2793
874
87513.11 Some TLS options are not offered for HTTPS proxies
876
877 Some TLS related options to the command line tool and libcurl are only
878 provided for the server and not for HTTPS proxies. --proxy-tls-max,
879 --proxy-tlsv1.3, --proxy-curves and a few more.
880 For more Documentation on this see:
881 https://curl.se/libcurl/c/tls-options.html
882
883 https://github.com/curl/curl/issues/12286
884
88513.13 Make sure we forbid TLS 1.3 post-handshake authentication
886
887 RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3
888 post-handshake authentication. We should make sure to live up to that.
889
890 See https://github.com/curl/curl/issues/5396
891
89213.14 Support the clienthello extension
893
894 Certain stupid networks and middle boxes have a problem with SSL handshake
895 packets that are within a certain size range because how that sets some bits
896 that previously (in older TLS version) were not set. The clienthello
897 extension adds padding to avoid that size range.
898
899 https://datatracker.ietf.org/doc/html/rfc7685
900 https://github.com/curl/curl/issues/2299
901
90213.15 Select signature algorithms
903
904 Consider adding an option or a way for users to select TLS signature
905 algorithm. The signature algorithms set by a client are used directly in the
906 supported signature algorithm in the client hello message.
907
908 https://github.com/curl/curl/issues/12982
909
91013.16 Share the CA cache
911
912 For TLS backends that supports CA caching, it makes sense to allow the share
913 object to be used to store the CA cache as well via the share API. Would
914 allow multiple easy handles to reuse the CA cache and save themselves from a
915 lot of extra processing overhead.
916
91713.17 Add missing features to TLS backends
918
919 The feature matrix at https://curl.se/libcurl/c/tls-options.html shows which
920 features are supported by which TLS backends, and thus also where there are
921 feature gaps.
922
92315. Schannel
924
92515.1 Extend support for client certificate authentication
926
927 The existing support for the -E/--cert and --key options could be
928 extended by supplying a custom certificate and key in PEM format, see:
929 - Getting a Certificate for Schannel
930   https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
931
93215.2 Extend support for the --ciphers option
933
934 The existing support for the --ciphers option could be extended
935 by mapping the OpenSSL/GnuTLS cipher suites to the Schannel APIs, see
936 - Specifying Schannel Ciphers and Cipher Strengths
937   https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
938
93915.4 Add option to allow abrupt server closure
940
941 libcurl with Schannel errors without a known termination point from the server
942 (such as length of transfer, or SSL "close notify" alert) to prevent against
943 a truncation attack. Really old servers may neglect to send any termination
944 point. An option could be added to ignore such abrupt closures.
945
946 https://github.com/curl/curl/issues/4427
947
94816. SASL
949
95016.1 Other authentication mechanisms
951
952 Add support for other authentication mechanisms such as OLP,
953 GSS-SPNEGO and others.
954
95516.2 Add QOP support to GSSAPI authentication
956
957 Currently the GSSAPI authentication only supports the default QOP of auth
958 (Authentication), whilst Kerberos V5 supports both auth-int (Authentication
959 with integrity protection) and auth-conf (Authentication with integrity and
960 privacy protection).
961
962
96317. SSH protocols
964
96517.1 Multiplexing
966
967 SSH is a perfectly fine multiplexed protocols which would allow libcurl to do
968 multiple parallel transfers from the same host using the same connection,
969 much in the same spirit as HTTP/2 does. libcurl however does not take
970 advantage of that ability but does instead always create a new connection for
971 new transfers even if an existing connection already exists to the host.
972
973 To fix this, libcurl would have to detect an existing connection and "attach"
974 the new transfer to the existing one.
975
97617.2 Handle growing SFTP files
977
978 The SFTP code in libcurl checks the file size *before* a transfer starts and
979 then proceeds to transfer exactly that amount of data. If the remote file
980 grows while the transfer is in progress libcurl does not notice and does not
981 adapt. The OpenSSH SFTP command line tool does and libcurl could also just
982 attempt to download more to see if there is more to get...
983
984 https://github.com/curl/curl/issues/4344
985
98617.3 Read keys from ~/.ssh/id_ecdsa, id_ed25519
987
988 The libssh2 backend in curl is limited to only reading keys from id_rsa and
989 id_dsa, which makes it fail connecting to servers that use more modern key
990 types.
991
992 https://github.com/curl/curl/issues/8586
993
99417.4 Support CURLOPT_PREQUOTE
995
996 The two other QUOTE options are supported for SFTP, but this was left out for
997 unknown reasons.
998
99917.5 SSH over HTTPS proxy with more backends
1000
1001 The SSH based protocols SFTP and SCP did not work over HTTPS proxy at
1002 all until PR https://github.com/curl/curl/pull/6021 brought the
1003 functionality with the libssh2 backend. Presumably, this support
1004 can/could be added for the other backends as well.
1005
100617.6 SFTP with SCP://
1007
1008 OpenSSH 9 switched their 'scp' tool to speak SFTP under the hood. Going
1009 forward it might be worth having curl or libcurl attempt SFTP if SCP fails to
1010 follow suite.
1011
101218. Command line tool
1013
101418.1 sync
1015
1016 "curl --sync http://example.com/feed[1-100].rss" or
1017 "curl --sync http://example.net/{index,calendar,history}.html"
1018
1019 Downloads a range or set of URLs using the remote name, but only if the
1020 remote file is newer than the local file. A Last-Modified HTTP date header
1021 should also be used to set the mod date on the downloaded file.
1022
102318.2 glob posts
1024
1025 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
1026 This is easily scripted though.
1027
102818.4 --proxycommand
1029
1030 Allow the user to make curl run a command and use its stdio to make requests
1031 and not do any network connection by itself. Example:
1032
1033   curl --proxycommand 'ssh pi@raspberrypi.local -W 10.1.1.75 80' \
1034        http://some/otherwise/unavailable/service.php
1035
1036 See https://github.com/curl/curl/issues/4941
1037
103818.5 UTF-8 filenames in Content-Disposition
1039
1040 RFC 6266 documents how UTF-8 names can be passed to a client in the
1041 Content-Disposition header, and curl does not support this.
1042
1043 https://github.com/curl/curl/issues/1888
1044
104518.6 Option to make -Z merge lined based outputs on stdout
1046
1047 When a user requests multiple lined based files using -Z and sends them to
1048 stdout, curl does not "merge" and send complete lines fine but may send
1049 partial lines from several sources.
1050
1051 https://github.com/curl/curl/issues/5175
1052
105318.7 specify which response codes that make -f/--fail return error
1054
1055 Allows a user to better specify exactly which error code(s) that are fine
1056 and which are errors for their specific uses cases
1057
105818.9 Choose the name of file in braces for complex URLs
1059
1060 When using braces to download a list of URLs and you use complicated names
1061 in the list of alternatives, it could be handy to allow curl to use other
1062 names when saving.
1063
1064 Consider a way to offer that. Possibly like
1065 {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the
1066 colon is the output name.
1067
1068 See https://github.com/curl/curl/issues/221
1069
107018.10 improve how curl works in a Windows console window
1071
1072 If you pull the scrollbar when transferring with curl in a Windows console
1073 window, the transfer is interrupted and can get disconnected. This can
1074 probably be improved. See https://github.com/curl/curl/issues/322
1075
107618.11 Windows: set attribute 'archive' for completed downloads
1077
1078 The archive bit (FILE_ATTRIBUTE_ARCHIVE, 0x20) separates files that shall be
1079 backed up from those that are either not ready or have not changed.
1080
1081 Downloads in progress are neither ready to be backed up, nor should they be
1082 opened by a different process. Only after a download has been completed it is
1083 sensible to include it in any integer snapshot or backup of the system.
1084
1085 See https://github.com/curl/curl/issues/3354
1086
108718.12 keep running, read instructions from pipe/socket
1088
1089 Provide an option that makes curl not exit after the last URL (or even work
1090 without a given URL), and then make it read instructions passed on a pipe or
1091 over a socket to make further instructions so that a second subsequent curl
1092 invoke can talk to the still running instance and ask for transfers to get
1093 done, and thus maintain its connection pool, DNS cache and more.
1094
109518.13 Acknowledge Ratelimit headers
1096
1097 Consider a command line option that can make curl do multiple serial requests
1098 while acknowledging server specified rate limits:
1099 https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/
1100
1101 See https://github.com/curl/curl/issues/5406
1102
110318.14 --dry-run
1104
1105 A command line option that makes curl show exactly what it would do and send
1106 if it would run for real.
1107
1108 See https://github.com/curl/curl/issues/5426
1109
111018.15 --retry should resume
1111
1112 When --retry is used and curl actually retries transfer, it should use the
1113 already transferred data and do a resumed transfer for the rest (when
1114 possible) so that it does not have to transfer the same data again that was
1115 already transferred before the retry.
1116
1117 See https://github.com/curl/curl/issues/1084
1118
111918.16 send only part of --data
1120
1121 When the user only wants to send a small piece of the data provided with
1122 --data or --data-binary, like when that data is a huge file, consider a way
1123 to specify that curl should only send a piece of that. One suggested syntax
1124 would be: "--data-binary @largefile.zip!1073741823-2147483647".
1125
1126 See https://github.com/curl/curl/issues/1200
1127
112818.17 consider filename from the redirected URL with -O ?
1129
1130 When a user gives a URL and uses -O, and curl follows a redirect to a new
1131 URL, the filename is not extracted and used from the newly redirected-to URL
1132 even if the new URL may have a much more sensible filename.
1133
1134 This is clearly documented and helps for security since there is no surprise
1135 to users which filename that might get overwritten, but maybe a new option
1136 could allow for this or maybe -J should imply such a treatment as well as -J
1137 already allows for the server to decide what filename to use so it already
1138 provides the "may overwrite any file" risk.
1139
1140 This is extra tricky if the original URL has no filename part at all since
1141 then the current code path does error out with an error message, and we
1142 cannot *know* already at that point if curl is redirected to a URL that has a
1143 filename...
1144
1145 See https://github.com/curl/curl/issues/1241
1146
114718.18 retry on network is unreachable
1148
1149 The --retry option retries transfers on "transient failures". We later added
1150 --retry-connrefused to also retry for "connection refused" errors.
1151
1152 Suggestions have been brought to also allow retry on "network is unreachable"
1153 errors and while totally reasonable, maybe we should consider a way to make
1154 this more configurable than to add a new option for every new error people
1155 want to retry for?
1156
1157 https://github.com/curl/curl/issues/1603
1158
115918.19 expand ~/ in config files
1160
1161 For example .curlrc could benefit from being able to do this.
1162
1163 See https://github.com/curl/curl/issues/2317
1164
116518.20 hostname sections in config files
1166
1167 config files would be more powerful if they could set different
1168 configurations depending on used URLs, hostname or possibly origin. Then a
1169 default .curlrc could a specific user-agent only when doing requests against
1170 a certain site.
1171
117218.21 retry on the redirected-to URL
1173
1174 When curl is told to --retry a failed transfer and follows redirects, it
1175 might get an HTTP 429 response from the redirected-to URL and not the
1176 original one, which then could make curl decide to rather retry the transfer
1177 on that URL only instead of the original operation to the original URL.
1178
1179 Perhaps extra emphasized if the original transfer is a large POST that
1180 redirects to a separate GET, and that GET is what gets the 529
1181
1182 See https://github.com/curl/curl/issues/5462
1183
118418.23 Set the modification date on an uploaded file
1185
1186 For SFTP and possibly FTP, curl could offer an option to set the
1187 modification time for the uploaded file.
1188
1189 See https://github.com/curl/curl/issues/5768
1190
119118.24 Use multiple parallel transfers for a single download
1192
1193 To enhance transfer speed, downloading a single URL can be split up into
1194 multiple separate range downloads that get combined into a single final
1195 result.
1196
1197 An ideal implementation would not use a specified number of parallel
1198 transfers, but curl could:
1199 - First start getting the full file as transfer A
1200 - If after N seconds have passed and the transfer is expected to continue for
1201   M seconds or more, add a new transfer (B) that asks for the second half of
1202   A's content (and stop A at the middle).
1203 - If splitting up the work improves the transfer rate, it could then be done
1204   again. Then again, etc up to a limit.
1205
1206 This way, if transfer B fails (because Range: is not supported) it lets
1207 transfer A remain the single one. N and M could be set to some sensible
1208 defaults.
1209
1210 See https://github.com/curl/curl/issues/5774
1211
121218.25 Prevent terminal injection when writing to terminal
1213
1214 curl could offer an option to make escape sequence either non-functional or
1215 avoid cursor moves or similar to reduce the risk of a user getting tricked by
1216 clever tricks.
1217
1218 See https://github.com/curl/curl/issues/6150
1219
122018.26 Custom progress meter update interval
1221
1222 Users who are for example doing large downloads in CI or remote setups might
1223 want the occasional progress meter update to see that the transfer is
1224 progressing and has not stuck, but they may not appreciate the
1225 many-times-a-second frequency curl can end up doing it with now.
1226
122718.27 -J and -O with %-encoded filenames
1228
1229 -J/--remote-header-name does not decode %-encoded filenames. RFC 6266 details
1230 how it should be done. The can of worm is basically that we have no charset
1231 handling in curl and ASCII >=128 is a challenge for us. Not to mention that
1232 decoding also means that we need to check for nastiness that is attempted,
1233 like "../" sequences and the like. Probably everything to the left of any
1234 embedded slashes should be cut off.
1235 https://curl.se/bug/view.cgi?id=1294
1236
1237 -O also does not decode %-encoded names, and while it has even less
1238 information about the charset involved the process is similar to the -J case.
1239
1240 Note that we do not decode -O without the user asking for it with some other
1241 means, since -O has always been documented to use the name exactly as
1242 specified in the URL.
1243
124418.28 -J with -C -
1245
1246 When using -J (with -O), automatically resumed downloading together with "-C
1247 -" fails. Without -J the same command line works. This happens because the
1248 resume logic is worked out before the target filename (and thus its
1249 pre-transfer size) has been figured out. This can be improved.
1250
1251 https://curl.se/bug/view.cgi?id=1169
1252
125318.29 --retry and transfer timeouts
1254
1255 If using --retry and the transfer timeouts (possibly due to using -m or
1256 -y/-Y) the next attempt does not resume the transfer properly from what was
1257 downloaded in the previous attempt but truncates and restarts at the original
1258 position where it was at before the previous failed attempt. See
1259 https://curl.se/mail/lib-2008-01/0080.html and Mandriva bug report
1260 https://qa.mandriva.com/show_bug.cgi?id=22565
1261
1262
126319. Build
1264
126519.2 Enable PIE and RELRO by default
1266
1267 Especially when having programs that execute curl via the command line, PIE
1268 renders the exploitation of memory corruption vulnerabilities a lot more
1269 difficult. This can be attributed to the additional information leaks being
1270 required to conduct a successful attack. RELRO, on the other hand, masks
1271 different binary sections like the GOT as read-only and thus kills a handful
1272 of techniques that come in handy when attackers are able to arbitrarily
1273 overwrite memory. A few tests showed that enabling these features had close
1274 to no impact, neither on the performance nor on the general functionality of
1275 curl.
1276
127719.3 Do not use GNU libtool on OpenBSD
1278
1279 When compiling curl on OpenBSD with "--enable-debug" it gives linking errors
1280 when you use GNU libtool. This can be fixed by using the libtool provided by
1281 OpenBSD itself. However for this the user always needs to invoke make with
1282 "LIBTOOL=/usr/bin/libtool". It would be nice if the script could have some
1283 magic to detect if this system is an OpenBSD host and then use the OpenBSD
1284 libtool instead.
1285
1286 See https://github.com/curl/curl/issues/5862
1287
128819.4 Package curl for Windows in a signed installer
1289
1290 See https://github.com/curl/curl/issues/5424
1291
129219.5 make configure use --cache-file more and better
1293
1294 The configure script can be improved to cache more values so that repeated
1295 invokes run much faster.
1296
1297 See https://github.com/curl/curl/issues/7753
1298
129920. Test suite
1300
130120.1 SSL tunnel
1302
1303 Make our own version of stunnel for simple port forwarding to enable HTTPS
1304 and FTP-SSL tests without the stunnel dependency, and it could allow us to
1305 provide test tools built with either OpenSSL or GnuTLS
1306
130720.2 nicer lacking perl message
1308
1309 If perl was not found by the configure script, do not attempt to run the tests
1310 but explain something nice why it does not.
1311
131220.3 more protocols supported
1313
1314 Extend the test suite to include more protocols. The telnet could just do FTP
1315 or http operations (for which we have test servers).
1316
131720.4 more platforms supported
1318
1319 Make the test suite work on more platforms. OpenBSD and macOS. Remove
1320 fork()s and it should become even more portable.
1321
132220.6 Use the RFC 6265 test suite
1323
1324 A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at
1325 https://github.com/abarth/http-state/tree/master/tests
1326
1327 It would be good if someone would write a script/setup that would run curl
1328 with that test suite and detect deviances. Ideally, that would even be
1329 incorporated into our regular test suite.
1330
133120.8 Run web-platform-tests URL tests
1332
1333 Run web-platform-tests URL tests and compare results with browsers on wpt.fyi
1334
1335 It would help us find issues to fix and help us document where our parser
1336 differs from the WHATWG URL spec parsers.
1337
1338 See https://github.com/curl/curl/issues/4477
1339
134021. MQTT
1341
134221.1 Support rate-limiting
1343
1344 The rate-limiting logic is done in the PERFORMING state in multi.c but MQTT
1345 is not (yet) implemented to use that.
1346
134721.2 Support MQTTS
1348
134921.3 Handle network blocks
1350
1351  Running test suite with
1352  `CURL_DBG_SOCK_WBLOCK=90 ./runtests.pl -a mqtt` makes several
1353  MQTT test cases fail where they should not.
1354
135522. TFTP
1356
135722.1 TFTP does not convert LF to CRLF for mode=netascii
1358
1359 RFC 3617 defines that an TFTP transfer can be done using "netascii"
1360 mode. curl does not support extracting that mode from the URL nor does it treat
1361 such transfers specifically. It should probably do LF to CRLF translations
1362 for them.
1363
1364 See https://github.com/curl/curl/issues/12655
1365
136623. Gopher
1367
136823.1 Handle network blocks
1369
1370  Running test suite with
1371  `CURL_DBG_SOCK_WBLOCK=90 ./runtests.pl -a 1200 to 1300` makes several
1372  Gopher test cases fail where they should not.
1373