updated with minor edits

2025-02-28 09:21:50 -05:00 · 2004-08-27 07:17:52 +00:00 · 2004-08-27 07:17:52 +00:00 · 9432bfe90c
commit 9432bfe90c
parent 37bf6da9c8
1 changed files with 16 additions and 14 deletions
--- a/docs/TODO
+++ b/docs/TODO
@ -116,21 +116,19 @@ TODO
 * Evaluate/apply Gertjan van Wingerde's SSL patches:
   http://curl.haxx.se/mail/lib-2004-03/0087.html

- * If you really want to improve the SSL situation, you should probably have a
-   look at SSL cafile loading as well - quick traces look to me like these are
-   done on every request as well, when they should only be necessary once per
-   ssl context (or once per handle). Even better would be to support the SSL
-   CAdir option - instead of loading all of the root CA certs for every
-   request, this option allows you to only read the CA chain that is actually
-   required (into the cache)...
+ * "Look at SSL cafile - quick traces look to me like these are done on every
+   request as well, when they should only be necessary once per ssl context
+   (or once per handle)". The major improvement we can rather easily do is to
+   make sure we don't create and kill a new SSL "context" for every request,
+   but instead make one for every connection and re-use that SSL context in
+   the same style connections are re-used. It will make us use slightly more
+   memory but it will libcurl do less creations and deletions of SSL contexts.

 * Add an interface to libcurl that enables "session IDs" to get
   exported/imported. Cris Bailiff said: "OpenSSL has functions which can
   serialise the current SSL state to a buffer of your choice, and
   recover/reset the state from such a buffer at a later date - this is used
-   by mod_ssl for apache to implement and SSL session ID cache". This whole
-   idea might become moot if we enable the 'data sharing' as mentioned in the
-   LIBCURL label above.
+   by mod_ssl for apache to implement and SSL session ID cache".

 * OpenSSL supports a callback for customised verification of the peer
   certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
@ -139,8 +137,12 @@ TODO

 * Make curl's SSL layer option capable of using other free SSL libraries.
   Such as the Mozilla Security Services
-   (http://www.mozilla.org/projects/security/pki/nss/) and GNUTLS
-   (http://gnutls.hellug.gr/)
+   (http://www.mozilla.org/projects/security/pki/nss/) and GnuTLS
+   (http://www.gnu.org/software/gnutls/) This subject has been brought up
+   again recently since GPL-licensed applications that link with libcurl MAY
+   NOT distribute binaries that use OpenSSL without adding an exception clause
+   to the GPL license. See the LICENSE-MIXING document and this:
+   http://www.gnome.org/~markmc/openssl-and-the-gpl.html

 LDAP

@ -151,7 +153,7 @@ TODO
 CLIENT

 * Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
-   Requested by Dane Jensen and others.
+   Requested by Dane Jensen and others. This is easily scripted though.

 * Add an option that prevents cURL from overwiting existing local files. When
   used, and there already is an existing file with the target file name
@ -190,7 +192,7 @@ TODO
   command line. Possibly by letting ':' separate options between URLs,
   similar to this:

-      curl --data foo --url url.com :
+      curl --data foo --url url.com : \
          --url url2.com : \
          --url url3.com --data foo3