head	1.5;
access;
symbols
	neon-0_26_0:1.5
	neon-0_25_5:1.4
	pjones-sparse-experiment:1.3.0.2
	neon-20050105:1.3
	neon-0_24_7:1.2.0.2
	rpm-4_3_1-start:1.1.1.19
	rpm-4_3:1.1.1.19.0.2
	postmerge-neon-0_23_9:1.1.1.19
	premerge-neon-0_23_9:1.1.1.19
	neon-0_23_9:1.1.1.19
	pre-neon-0_23_9:1.1.1.19
	postmerge-neon-0_23_8:1.1.1.19
	premerge-neon-0_23_8:1.1.1.19
	neon-0_23_8:1.1.1.19
	pre-neon-0_23_8:1.1.1.19
	postmerge-neon-0_23_7:1.1.1.19
	premerge-neon-0_23_7:1.1.1.19
	neon-0_23_7:1.1.1.19
	pre-neon-0_23_7:1.1.1.19
	postmerge-neon-0_23_6:1.1.1.19
	premerge-neon-0_23_6:1.1.1.19
	neon-0_23_6:1.1.1.19
	pre-neon-0_23_6:1.1.1.19
	postmerge-neon-0_23_5:1.1.1.19
	premerge-neon-0_23_5:1.1.1.19
	neon-0_23_5:1.1.1.19
	pre-neon-0_23_5:1.1.1.19
	postmerge-neon-0_23_4:1.1.1.19
	premerge-neon-0_23_4:1.1.1.19
	neon-0_23_4:1.1.1.19
	pre-neon-0_23_4:1.1.1.19
	postmerge-neon-0_23_3:1.1.1.19
	premerge-neon-0_23_3:1.1.1.19
	neon-0_23_3:1.1.1.19
	pre-neon-0_23_3:1.1.1.19
	postmerge-neon-0_23_2:1.1.1.19
	premerge-neon-0_23_2:1.1.1.19
	neon-0_23_2:1.1.1.19
	pre-neon-0_23_2:1.1.1.19
	postmerge-neon-0_23_1:1.1.1.19
	premerge-neon-0_23_1:1.1.1.19
	neon-0_23_1:1.1.1.19
	pre-neon-0_23_1:1.1.1.19
	postmerge-neon-0_23_0:1.1.1.19
	premerge-neon-0_23_0:1.1.1.19
	neon-0_23_0:1.1.1.19
	pre-neon-0_23_0:1.1.1.19
	postmerge-neon-0_22_0:1.1.1.19
	premerge-neon-0_22_0:1.1.1.19
	neon-0_22_0:1.1.1.19
	pre-neon-0_22_0:1.1.1.18
	postmerge-neon-0_21_3:1.1.1.18
	premerge-neon-0_21_3:1.1.1.18
	neon-0_21_3:1.1.1.18
	pre-neon-0_21_3:1.1.1.18
	postmerge-neon-0_21_2:1.1.1.18
	premerge-neon-0_21_2:1.1.1.18
	neon-0_21_2:1.1.1.18
	pre-neon-0_21_2:1.1.1.18
	postmerge-neon-0_21_1:1.1.1.18
	premerge-neon-0_21_1:1.1.1.18
	neon-0_21_1:1.1.1.18
	pre-neon-0_21_1:1.1.1.18
	postmerge-neon-0_21_0:1.1.1.18
	premerge-neon-0_21_0:1.1.1.18
	neon-0_21_0:1.1.1.18
	pre-neon-0_21_0:1.1.1.17
	postmerge-neon-0_20_0:1.1.1.17
	premerge-neon-0_20_0:1.1.1.17
	neon-0_20_0:1.1.1.17
	pre-neon-0_20_0:1.1.1.16
	postmerge-neon-0_19_4:1.1.1.16
	premerge-neon-0_19_4:1.1.1.16
	neon-0_19_4:1.1.1.16
	pre-neon-0_19_4:1.1.1.16
	postmerge-neon-0_19_3:1.1.1.16
	premerge-neon-0_19_3:1.1.1.16
	neon-0_19_3:1.1.1.16
	pre-neon-0_19_3:1.1.1.15
	postmerge-neon-0_19_2:1.1.1.15
	premerge-neon-0_19_2:1.1.1.15
	neon-0_19_2:1.1.1.15
	pre-neon-0_19_2:1.1.1.15
	postmerge-neon-0_19_1:1.1.1.15
	premerge-neon-0_19_1:1.1.1.15
	neon-0_19_1:1.1.1.15
	pre-neon-0_19_1:1.1.1.15
	postmerge-neon-0_19_0:1.1.1.15
	premerge-neon-0_19_0:1.1.1.15
	neon-0_19_0:1.1.1.15
	pre-neon-0_19_0:1.1.1.14
	postmerge-neon-0_18_5:1.1.1.14
	premerge-neon-0_18_5:1.1.1.14
	neon-0_18_5:1.1.1.14
	pre-neon-0_18_5:1.1.1.14
	postmerge-neon-0_18_4:1.1.1.14
	premerge-neon-0_18_4:1.1.1.14
	neon-0_18_4:1.1.1.14
	pre-neon-0_18_4:1.1.1.13
	postmerge-neon-0_18_3:1.1.1.13
	premerge-neon-0_18_3:1.1.1.13
	neon-0_18_3:1.1.1.13
	pre-neon-0_18_3:1.1.1.13
	postmerge-neon-0_18_2:1.1.1.13
	premerge-neon-0_18_2:1.1.1.13
	neon-0_18_2:1.1.1.13
	pre-neon-0_18_2:1.1.1.13
	postmerge-neon-0_18_1:1.1.1.13
	premerge-neon-0_18_1:1.1.1.13
	neon-0_18_1:1.1.1.13
	pre-neon-0_18_1:1.1.1.13
	postmerge-neon-0_18_0:1.1.1.13
	premerge-neon-0_18_0:1.1.1.13
	neon-0_18_0:1.1.1.13
	pre-neon-0_18_0:1.1.1.12
	postmerge-neon-0_17_2:1.1.1.12
	premerge-neon-0_17_2:1.1.1.12
	neon-0_17_2:1.1.1.12
	pre-neon-0_17_2:1.1.1.12
	postmerge-neon-0_17_1:1.1.1.12
	premerge-neon-0_17_1:1.1.1.12
	neon-0_17_1:1.1.1.12
	pre-neon-0_17_1:1.1.1.12
	postmerge-neon-0_17_0:1.1.1.12
	premerge-neon-0_17_0:1.1.1.12
	neon-0_17_0:1.1.1.12
	pre-neon-0_17_0:1.1.1.11
	postmerge-neon-0_16_1:1.1.1.11
	premerge-neon-0_16_1:1.1.1.11
	neon-0_16_1:1.1.1.11
	pre-neon-0_16_1:1.1.1.11
	postmerge-neon-0_16_0:1.1.1.11
	premerge-neon-0_16_0:1.1.1.11
	neon-0_16_0:1.1.1.11
	pre-neon-0_16_0:1.1.1.11
	postmerge-neon-0_15_3:1.1.1.11
	premerge-neon-0_15_3:1.1.1.11
	neon-0_15_3:1.1.1.11
	pre-neon-0_15_3:1.1.1.11
	postmerge-neon-0_15_2:1.1.1.11
	premerge-neon-0_15_2:1.1.1.11
	neon-0_15_2:1.1.1.11
	pre-neon-0_15_2:1.1.1.11
	postmerge-neon-0_15_1:1.1.1.11
	premerge-neon-0_15_1:1.1.1.11
	neon-0_15_1:1.1.1.11
	pre-neon-0_15_1:1.1.1.11
	postmerge-neon-0_15_0:1.1.1.11
	premerge-neon-0_15_0:1.1.1.11
	neon-0_15_0:1.1.1.11
	pre-neon-0_15_0:1.1.1.11
	postmerge-neon-0_14_0:1.1.1.11
	premerge-neon-0_14_0:1.1.1.11
	neon-0_14_0:1.1.1.11
	pre-neon-0_14_0:1.1.1.10
	postmerge-neon-0_13_0:1.1.1.10
	premerge-neon-0_13_0:1.1.1.10
	neon-0_13_0:1.1.1.10
	pre-neon-0_13_0:1.1.1.9
	postmerge-neon-0_12_0:1.1.1.9
	premerge-neon-0_12_0:1.1.1.9
	neon-0_12_0:1.1.1.9
	pre-neon-0_12_0:1.1.1.9
	postmerge-neon-0_11_0:1.1.1.9
	premerge-neon-0_11_0:1.1.1.9
	neon-0_11_0:1.1.1.9
	pre-neon-0_11_0:1.1.1.8
	postmerge-neon-0_10_0:1.1.1.8
	premerge-neon-0_10_0:1.1.1.8
	neon-0_10_0:1.1.1.8
	pre-neon-0_10_0:1.1.1.7
	postmerge-neon-0_9_1:1.1.1.7
	premerge-neon-0_9_1:1.1.1.7
	neon-0_9_1:1.1.1.7
	pre-neon-0_9_1:1.1.1.7
	postmerge-neon-0_9_0:1.1.1.7
	premerge-neon-0_9_0:1.1.1.7
	neon-0_9_0:1.1.1.7
	pre-neon-0_9_0:1.1.1.7
	postmerge-neon-0_8_1:1.1.1.7
	premerge-neon-0_8_1:1.1.1.7
	neon-0_8_1:1.1.1.7
	pre-neon-0_8_1:1.1.1.7
	postmerge-neon-0_8_0:1.1.1.7
	premerge-neon-0_8_0:1.1.1.7
	neon-0_8_0:1.1.1.7
	pre-neon-0_8_0:1.1.1.6
	postmerge-neon-0_7_7:1.1.1.6
	premerge-neon-0_7_7:1.1.1.6
	neon-0_7_7:1.1.1.6
	pre-neon-0_7_7:1.1.1.6
	postmerge-neon-0_7_6:1.1.1.6
	premerge-neon-0_7_6:1.1.1.6
	neon-0_7_6:1.1.1.6
	pre-neon-0_7_6:1.1.1.6
	postmerge-neon-0_7_5:1.1.1.6
	premerge-neon-0_7_5:1.1.1.6
	neon-0_7_5:1.1.1.6
	pre-neon-0_7_5:1.1.1.6
	postmerge-neon-0_7_4:1.1.1.6
	premerge-neon-0_7_4:1.1.1.6
	neon-0_7_4:1.1.1.6
	pre-neon-0_7_4:1.1.1.6
	postmerge-neon-0_7_3:1.1.1.6
	premerge-neon-0_7_3:1.1.1.6
	neon-0_7_3:1.1.1.6
	pre-neon-0_7_3:1.1.1.6
	postmerge-neon-0_7_2:1.1.1.6
	premerge-neon-0_7_2:1.1.1.6
	neon-0_7_2:1.1.1.6
	pre-neon-0_7_2:1.1.1.5
	postmerge-neon-0_7_1:1.1.1.5
	premerge-neon-0_7_1:1.1.1.5
	neon-0_7_1:1.1.1.5
	pre-neon-0_7_1:1.1.1.5
	postmerge-neon-0_7_0:1.1.1.5
	premerge-neon-0_7_0:1.1.1.5
	neon-0_7_0:1.1.1.5
	pre-neon-0_7_0:1.1.1.4
	postmerge-neon-0_6_0:1.1.1.4
	premerge-neon-0_6_0:1.1.1.4
	neon-0_6_0:1.1.1.4
	pre-neon-0_6_0:1.1.1.4
	postmerge-neon-0_5_1:1.1.1.4
	premerge-neon-0_5_1:1.1.1.4
	neon-0_5_1:1.1.1.4
	pre-neon-0_5_1:1.1.1.4
	postmerge-neon-0_5_0:1.1.1.4
	premerge-neon-0_5_0:1.1.1.4
	neon-0_5_0:1.1.1.4
	pre-neon-0_5_0:1.1.1.3
	postmerge-neon-0_4_2:1.1.1.3
	premerge-neon-0_4_2:1.1.1.3
	neon-0_4_2:1.1.1.3
	pre-neon-0_4_2:1.1.1.3
	postmerge-neon-0_4_1:1.1.1.3
	premerge-neon-0_4_1:1.1.1.3
	neon-0_4_1:1.1.1.3
	pre-neon-0_4_1:1.1.1.3
	postmerge-neon-0_4_0:1.1.1.3
	premerge-neon-0_4_0:1.1.1.3
	neon-0_4_0:1.1.1.3
	pre-neon-0_4_0:1.1.1.2
	postmerge-neon-0_3_1:1.1.1.2
	premerge-neon-0_3_1:1.1.1.2
	neon-0_3_1:1.1.1.2
	pre-neon-0_3_1:1.1.1.2
	postmerge-neon-0_3_0:1.1.1.2
	premerge-neon-0_3_0:1.1.1.2
	neon-0_3_0:1.1.1.2
	pre-neon-0_3_0:1.1.1.1
	postmerge-neon-0_2_1:1.1.1.1
	premerge-neon-0_2_1:1.1.1.1
	neon-0_2_1:1.1.1.1
	pre-neon-0_2_1:1.1.1.1
	postmerge-neon-0_2_0:1.1.1.1
	premerge-neon-0_2_0:1.1.1.1
	neon-0_2_0:1.1.1.1
	neon:1.1.1;
locks; strict;
comment	@# @;


1.5
date	2006.03.12.21.08.50;	author jbj;	state Exp;
branches;
next	1.4;

1.4
date	2006.03.12.20.57.54;	author jbj;	state Exp;
branches;
next	1.3;

1.3
date	2004.10.29.13.57.41;	author jbj;	state Exp;
branches;
next	1.2;

1.2
date	2004.10.29.13.34.35;	author jbj;	state Exp;
branches;
next	1.1;

1.1
date	2003.02.28.19.23.36;	author jbj;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2003.02.28.19.23.36;	author jbj;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	2003.02.28.19.23.50;	author jbj;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	2003.02.28.19.24.07;	author jbj;	state Exp;
branches;
next	1.1.1.4;

1.1.1.4
date	2003.02.28.19.24.27;	author jbj;	state Exp;
branches;
next	1.1.1.5;

1.1.1.5
date	2003.02.28.19.24.50;	author jbj;	state Exp;
branches;
next	1.1.1.6;

1.1.1.6
date	2003.02.28.19.25.00;	author jbj;	state Exp;
branches;
next	1.1.1.7;

1.1.1.7
date	2003.02.28.19.25.43;	author jbj;	state Exp;
branches;
next	1.1.1.8;

1.1.1.8
date	2003.02.28.19.26.13;	author jbj;	state Exp;
branches;
next	1.1.1.9;

1.1.1.9
date	2003.02.28.19.26.25;	author jbj;	state Exp;
branches;
next	1.1.1.10;

1.1.1.10
date	2003.02.28.19.26.36;	author jbj;	state Exp;
branches;
next	1.1.1.11;

1.1.1.11
date	2003.02.28.19.26.41;	author jbj;	state Exp;
branches;
next	1.1.1.12;

1.1.1.12
date	2003.02.28.19.31.13;	author jbj;	state Exp;
branches;
next	1.1.1.13;

1.1.1.13
date	2003.02.28.19.31.44;	author jbj;	state Exp;
branches;
next	1.1.1.14;

1.1.1.14
date	2003.02.28.19.32.14;	author jbj;	state Exp;
branches;
next	1.1.1.15;

1.1.1.15
date	2003.02.28.19.32.35;	author jbj;	state Exp;
branches;
next	1.1.1.16;

1.1.1.16
date	2003.02.28.19.32.58;	author jbj;	state Exp;
branches;
next	1.1.1.17;

1.1.1.17
date	2003.02.28.19.33.17;	author jbj;	state Exp;
branches;
next	1.1.1.18;

1.1.1.18
date	2003.02.28.19.33.31;	author jbj;	state Exp;
branches;
next	1.1.1.19;

1.1.1.19
date	2003.02.28.19.34.20;	author jbj;	state Exp;
branches;
next	;


desc
@@


1.5
log
@Upgrade to neon-0.26.0.
@
text
@
To Do List for neon                                      -*- text -*-
===================

Please submit feature requests to <mailto:neon@@webdav.org>

For one-point-oh
----------------

40. XML body acceptance callback should check Content-Type. Should
    also pass encoding to expat if one is given (how about libxml?).
    Recent mod_dav's return XML bodies in 424 responses which need
    parsing properly.

44. Finer-grained connection status feedback, i.e., "Sent Request",
    "Got response status-line"... "Reading response body"

Longer term
-----------

2. Add proper domain support to authentication code. (requires full
   URI parsing support). Need to tell the auth layer the server
   details.

6. PUT with ranges... ne_put_range

9. DeltaV support (http://www.webdav.org/deltav/). See also the
   subversion project (http://subversion.tigris.org/) who might build
   a versioning system over DAV.

14. Improved request-header manipulation... some kind of indexed table
    (a la Apache, libghttp, so we're sure we don't add the same header
    to the request twice.  Better control over adding Cache-Control
    headers would be good too.

21. Storing multiple authentication "sessions" within an actual
    auth_session, so I can log into e.g. /foo/ and /bar/ (which are
    not in the same authentication domain) and switch between them
    without having to re-enter passwords all the time.

46. Asynchronous request-dispatching? Makes integration into GUI loop
    easy... any other reasons?  Must leave existing request_dispatch
    interface intact.

50. opendir/readdir/closedir-esque interface for PROPFIND depth 1, 
    a la EZDAV. (cadaver has it already)

66. Useful for subversion/ra_dav:

    - a hook which runs *after* the response headers are read,
      but *before* the response body is read

@


1.4
log
@Upgrade to neon-0.25.5.
@
text
@a17 8
58. 2616 is quite strict about when to retry non-idempotent requests
    and when not to.  neon may not be compliant here.

62. Select which auth mechanisms are allowed, e.g. JUST SAY NO to
    basic might very well be useful to some apps.

64. Add options to only enable SSLv2 support, etc.

a30 8
10. ACL support (http://www.webdav.org/acl/)

11. DASL support (http://www.webdav.org/dasl/). Xythos have server
    support for this (www.sharemation.com). The UI is probably the
    hardest problem here.
      => Jim Whitehead's UCI postgrad team is working on this and
    has written a DASL implementation.

a35 5
17. Should we really be i18n'izing the low-level error messages in
    ne_request.c, ne_207.c ? It seems nice and clever to, so the user
    REALLY know what is going wrong with the server (probably), but it
    is maybe a bit frightening.

a40 7
35. Allow i18n'ization if building a shared library, iff gettext
    support is on the system (and hence add -lintl or whatever to
    NEON_LIBS). If system has no gettext support, then it's probably
    impossible to support i18n in the library (although *applications*
    can support it by bundling gettext themselves). Take a look at how
    other libraries handle this.

a46 10

53. "ne_session" concept is hazy.  Abstract out a "connection" concept
    too, and allow >1 connection per-session in multi-threaded use,
    somehow.

57. Add function to map of status-code values to i18n-ized reason
    phrase.

65. Add ne_uri_copy function and use it in ne_lock_copy.  (patch
    sent to neon@@webdav.org)
@


1.3
log
@Update to neon trunk.
@
text
@a9 8
23. Mechanism for aborting a request mid-response; e.g., when a GET
    fails due to out of disk space, abort the download.

31. Make it threadsafe:
    socket.c: getservbyname -> getservbyname_r.

38. Replace all use of split_string/pair_string with ne_token.

d13 1
a13 1
    displaying properly.
a20 3
61. Make everything namespace-safe:
       remove split_string/pair_string.

a28 8

1. Support for HTTP-extended authoring methods ala WebRFM etc; using
   New-URI header etc.  Also support the BROWSE and INDEX methods.  The
   protocol is documented at:
   http://www.ics.uci.edu/pub/ietf/webdav/ns_dav.html
   DON'T do this inside ne_basic.c, do it separately in
   ne_author.c or something. 

a56 3
20. Add decent and proper URI parser + handling. Or stop pretending we
    are doing "URI" parsing, and just handle HTTP URL's.

a61 2
28. Support response caching?

a72 12
47. Indexed table-based response-header access? Might simplify things
    like response body acceptance callbacks (i.e., can get access to
    Content-Type header for XML).

48. Possibly, store the time of last interaction over the TCP socket,
    call it 't'.  If the next request is made after t+20, presume the
    persistent connection is dead, so re-connect automatically.  If we
    don't do this, then we have two wasted write() calls making the
    request, then failing, then re-connecting.  It's really only worth
    doing this if this actually saves any packets on the wire, which
    it probably doesn't. strace / tcpdump might help here.

d85 6
@


1.2
log
@Update to 0.24.7.
@
text
@d35 1
a35 1
63. Unconditionally turn off Nagle algorithm.
d119 2
@


1.1
log
@Initial revision
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.3 2000/05/13 20:52:43 joe Exp 
d7 8
a14 4
1. Support for HTTP-extended authoring methods ala WebRFM etc; using
   New-URI header etc.  Also support the BROWSE and INDEX methods.  The
   protocol is documented at:
   http://www.ics.uci.edu/pub/ietf/webdav/ns_dav.html
d16 1
a16 3
2. Add proper domain support to authentication code. (requires full
   URI parsing support). Need to tell the auth layer the server
   details.
d18 4
a21 3
3. Add a callback to determine whether a specific request should go
   through the proxy server or not... based on URI, maybe method too
   since lots of HTTP/1.0 proxies break on DAV requests?
d23 2
a24 2
4. Better cnonce generation for authentication: use /dev/random or
   whatever like mod_auth_digest.
d26 2
a27 2
5. Add request hooks to remove all authentication code from
   http_request.c.
d29 2
a30 1
6. PUT/GET with ranges... http_get_range
d32 2
a33 1
7. hip_xml/dav_207/dav_prop might need a revamp.
d35 1
a35 3
   hip_xml: use an expat-esque interface; i.e. make hip_xml_parser
   opaque and add API to set handlers rather than initialize
   structures directly. Two problems need to be solved more elegantly:
d37 2
a38 2
   1) Allowing "sub-handler" for allowing parsing property element
   contents independantly of the overally 207 response parse.
a39 1
   2) Allow "mixed-mode" parsing of XML which mixes cdata + elements.
d41 6
a46 3
   Probably, make hip_xml more of a "utility" layer rather than a
   "driving" layer; abstract out expat/libxml, namespace lookups,
   element name -> id mapping, easy CDATA handling...
d48 3
a50 4
8. WebDAV class 2 locking. Problems: this requires parsing the XML
   within a property element. This could be achieved by doing a
   completely new XML parse of the property value returned by end_prop
   from the 207 code, but this is a bit noddy. Options:
d52 1
a52 5
   a) Ideally: extend hip_xml and the 207 layer to allow doing a
   proper start/end_element/cdata parse of the XML *within* a
   property. This is tricky since it means extending hip_xml to
   *dynamically* determine whether to be in "collect" mode or not. Add
   another callback for this?
d55 2
a56 2
   inversion project (http://inversion.tigris.org/) who might build a
   versioning system over DAV.
d61 9
a69 14
    support for this (www.sharemation.com).

12. SSL/TLS support... make it pluggable so we don't have to export
    crypto-related code at ALL?

13. Should we really be abort()'ing on out-of-memory? It makes a lot
    of code MUCH simpler (esp. sbuffer_* usage).

14. Nicer request-header manipulation... some kind of indexed data
    structure, so we're sure we don't add the same header to the
    request twice (e.g. Cache-Control). Must be at least as flexible
    as sbuffer usage, though.

16. Socket status notification (socket.c:sock_register_*) is awful.
d72 3
a74 7
    http_request.c, dav_207.c ? It seems nice and clever to, so the
    user REALLY know what is going wrong with the server (probably),
    but it is maybe a bit frightening.
    
18. PROPFIND/propnames support.

19. libtool support, for proper shared libraries.
d76 2
a77 2
20. Add full URI parser + handling. Or stop pretending we are doing
    "URI" parsing, and just handle HTTP URL's.
d80 35
a114 12
    http_auth_session, so I log into e.g. /foo/ and /bar/ (which
    are not in the same authentication domain)
    switch between them without having to re-enter passwords all the
    time.

22. Handle PROPFIND property error responses properly.

23. Mechanism for aborting a request mid-response; e.g., when a GET
    fails due to out of disk space, abort the download.

24. In a PROPFIND response, if a property were to include e.g., a
    DAV:multistatus element, this would not be handled correctly.
d116 2
a117 2
25. A BSD C library has an MD5 implementation in the C Library...
    support this. (someone who runs a BSD will need to do this)
@


1.1.1.1
log
@track: auto import
@
text
@@


1.1.1.2
log
@track: auto import
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.9 2000/07/16 16:29:58 joe Exp 
a10 2
   DON'T do this inside dav_basic.c, do it separately in
   http_authoring.c or something. 
d20 1
a20 1
4. Better cnonce generation for authentication: use /dev/{u}random or
d24 1
a24 1
   http_request.c?
d28 5
a32 2
7. hip_xml/dav_207/dav_prop layers: Two problems need to be solved more
   elegantly:
d39 14
a52 4
   Probably the best thing to do is to make hip_xml more of a
   "utility" layer rather than a "driving" layer; abstract out
   expat/libxml, namespace lookups, element name -> id mapping, easy
   CDATA handling...
d55 2
a56 2
   subversion project (http://subversion.tigris.org/) who might build
   a versioning system over DAV.
d61 4
a64 2
    support for this (www.sharemation.com). The UI is probably the
    hardest problem here.
d69 4
a72 3
14. Improved request-header manipulation... some kind of indexed table
    (a la Apache, libghttp, so we're sure we don't add the same header
    to the request twice (e.g. Cache-Control).
d83 2
d89 4
a92 3
    http_auth_session, so I log into e.g. /foo/ and /bar/ (which are
    not in the same authentication domain) and switch between them
    without having to re-enter passwords all the time.
d102 2
a103 99
27. Use a FQDN in the Host: header.  This is tricky, since the record
    returned by gethostbyname lists the real name not the cname, so
    we can't use that.

28. Support response caching.

29. URL handling in http_request/http_auth is a bit of a mess now SSL
    support is here, breaking the assumption that scheme == "http".
    Allow passing an absoluteURI to http_req_create?

30. Switch http_auth.c:request_digest to use an sbuffer.

31. Make it threadsafe:
    socket.c: gethostbyname -> gethostbyname_r.
    socket.c: getservbyname -> getservbyname_r.

33. Cookie support. Relevant specs:
     - RFC2109
     - http://home.netscape.com/newsref/std/cookie_spec.html
     - draft-ietf-http-state-man-mec-12 (obsoletes 2109)
     - draft-iesg-http-cookies (privacy considerations)
    Probably, for first-hack, do not let cookies persist beyond a
    single http_session lifetime (an excellent application for hooks).
    This should cover privacy requirements adequately.

34. Perhaps, make a proper 'read http header' function which combines
    sock_readline and read_message_header and folds continuation lines
    properly.

35. Allow i18n'ization if building a shared library, iff gettext
    support is on the system (and hence add -lintl or whatever to
    NEON_LIBS). If system has no gettext support, then it's probably
    impossible to support i18n in the library (although *applications*
    can support it by bundling gettext themselves). Take a look at how
    other libraries handle this.

36. The high-level interface (http_get etc) isn't easily modified,
    e.g. if I want to add a header "X-Foo: bar" to GET requests, I
    have to re-write the GET handler from scratch. Okay for simple
    methods, but bad for things like PROPFIND.

37. SSL certificate verification.

38. Remove pair_string + split_string, write parameter-modifying
    versions instead (i.e., like strsep/strtok).

39. sbuffer handling is broken: must the string have a trailing \0 or
    not?

40. XML body acceptance callback should check Content-Type. Should
    also pass encoding to expat if one is given (how about libxml?)

41. XML parsers: Support libxml2 (probably nothing to do except
    configure changes). Bundle expat and link into library if no
    parser is found on system? Bad idea, since expat is not LGPL
    probably.

42. Remove x* wrappers, use ne_malloc or something and make it public.

43. SOCKS support.

44. Finer-grained connection status feedback, i.e., "Sent Request",
    "Got response status-line"... "Reading response body"

46. Asynchronous request-dispatching? Makes integration into GUI loop
    easy... any other reasons?  Must leave existing request_dispatch
    interface intact.

47. Indexed table-based response-header access? Might simplify things
    like response body acceptance callbacks (i.e., can get access to
    Content-Type header for XML).

48. Possibly, store the time of last interaction over the TCP socket,
    call it 't'.  If the next request is made after t+20, presume the
    persistent connection is dead, so re-connect automatically.  If we
    don't do this, then we have two wasted write() calls making the
    request, then failing, then re-connecting.  It's really only worth
    doing this if this actually saves any packets on the wire, which
    it probably doesn't. strace / tcpdump might help here.

49. Configurable socket timeouts. (separate read/write?)

50. opendir/readdir/closedir-esque interface for PROPFIND depth 1, 
    a la EZDAV. (cadaver has it already)

51. Possibly, remove the requirement for http_status externally to
    request handling. Could be used via function calls instead: would
    make method handlers simpler.

52. Automatically follow 302 redirects... probably with a callback to
    get user confirmation. Would be nice to do this as a hook, but
    this would require the hook knowing how to manipulate http_req
    internals.

53. "http_session" concept is hazy.  Abstract out a "connection"
    concept too, and allow >1 connection per-session in multi-threaded
    use, somehow.


@


1.1.1.3
log
@track: auto import
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.12 2000/07/28 10:08:47 joe Exp 
d25 2
a26 3
5. Move authentication code into a hook.  Should now be possible to 
   completely remove any knowledge of authentication from the request 
   layer (http_request.[ch]).
d58 1
a58 2
    to the request twice.  Better control over adding Cache-Control
    headers would be good too.
d69 2
a70 2
20. Add decent and proper URI parser + handling. Or stop pretending we
    are doing "URI" parsing, and just handle HTTP URL's.
d124 3
a126 9
    methods, but bad for things like PROPFIND. A better use case, 
    is if I want to modify GET to retrieve the value of the Etag
    header, or Last-Modified, as well as perform the actual GET
    mechanism.

37. SSL certificate verification: Tommi Komulainen
    <Tommi.Komulainen@@iki.fi> has donated his SSL cert verification
    from the mutt IMAP/SSL code under the LGPL... it needs
    de-muttifying and plugging in.
d131 3
d135 1
a135 3
    also pass encoding to expat if one is given (how about libxml?).
    Recent mod_dav's return XML bodies in 424 responses which need
    displaying properly.
d174 4
a177 6
52. Automatically follow 302 redirects... with a callback to get user
    confirmation. Would be nice to do this as a hook, but this would
    require the hook knowing how to manipulate http_req internals.
    Maybe instead, return HTTP_REDIRECT for 3xx-class responses,
    and have a http_get_location() to get the location... or
    something. Hummm.
a182 22
54. Locks support: need to store hostname / absoluteURI.

55. Configure-time version checking, a NEON_CHECK_VERSION(x,y,z)
    macro which checks against neon-config output, and
    neon_check_version() function which does similarly.

56. Accurate way of doing response-body progress callbacks.  At the
    mo, doing it in the GET handler doesn't handle timeouts and 
    restarts properly.

57. Add function to map of status-code values to i18n-ized reason
    phrase.

58. 2616 is quite strict about when to retry non-idempotent requests
    and when not to.  We are not compliant here.

59. Should we use snprintf if it is not in libc?? Probably... yes.

60. Might be nice to rip the options out of libtool (using --config?)
    to determine how to add the prefix/lib directory to the runtime
    dynamic link library path, and add these to neon-config --libs
    output.
@


1.1.1.4
log
@track: auto import
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.13 2000/08/11 16:17:30 joe Exp 
d185 2
a186 1
    and have a http_get_location() to get the location... 
a214 3
61. Make everything namespace-safe:
       md5.c   uses md5_*... bad. Move to ne_md5_*
       string_utils.c is a hotch-potch.
@


1.1.1.5
log
@track: auto import
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.14 2000/08/13 15:00:33 joe Exp 
d181 5
a185 2
52. Useful redirect support. Needs to set URI for request properly.
    Currently, this breaks digest-auth, proxies.
@


1.1.1.6
log
@track: auto import
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.15 2000/09/06 22:52:05 joe Exp 
a213 2

62. Something is broken in SSL, it is way slow.
@


1.1.1.7
log
@track: auto import
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.16 2000/10/18 21:09:50 joe Exp 
a215 4

63. Progress + notify callbacks shouldn't be global, they should
    be per-socket. This would fix the sock_connect(_u) mess too.

@


1.1.1.8
log
@track: auto import
@
text
@d3 1
a3 1
-------------------     Id: TODO,v 1.18 2001/01/08 22:24:31 joe Exp 
d31 13
d79 2
d84 3
d93 4
d149 2
a219 3
64. People on httpwg say that a 'logout' function is useful for 
    HTTP authentication. Seems like a good idea, and zero-difficulty 
    to implement.
@


1.1.1.9
log
@track: auto import
@
text
@d3 1
a3 1
-------------------
d41 3
d153 4
d165 4
@


1.1.1.10
log
@track: auto import
@
text
@d18 4
d25 4
d46 2
d52 2
d72 2
d119 5
d159 4
d184 5
@


1.1.1.11
log
@track: auto import
@
text
@d90 1
a90 2
    mechanism.  Counter-argument is that it's so easy to write your
    own methods, don't bother.
d158 3
@


1.1.1.12
log
@track: auto import
@
text
@d157 2
@


1.1.1.13
log
@track: auto import
@
text
@d11 2
a12 2
   DON'T do this inside ne_basic.c, do it separately in
   ne_author.c or something. 
d21 1
a21 1
6. PUT with ranges... ne_put_range
d39 3
a41 3
    ne_request.c, ne_207.c ? It seems nice and clever to, so the user
    REALLY know what is going wrong with the server (probably), but it
    is maybe a bit frightening.
d47 1
a47 1
    auth_session, so I can log into e.g. /foo/ and /bar/ (which are
d55 2
a56 2
    returned by gethostbyname lists the real name not the cname, so we
    can't use that.  Possibly it's not correct to do so anyway.
d58 1
a58 1
28. Support response caching?
d63 9
a71 1
    strerror also has an _r variant.
d84 1
a84 1
36. The high-level interface (ne_get etc) isn't easily modified,
d98 2
a99 1
38. Replace all use of split_string/pair_string with ne_token.
d106 2
a147 1
    Can we inherit the trio *printf implementation out of libxml?
d155 2
a156 4
       move sock_* into ne_*
       move uri_* into ne_*?
       remove split_string/pair_string.

@


1.1.1.14
log
@track: auto import
@
text
@d124 3
a126 3
53. "ne_session" concept is hazy.  Abstract out a "connection" concept
    too, and allow >1 connection per-session in multi-threaded use,
    somehow.
d134 1
a134 1
    and when not to.  neon is probably not compliant here.
@


1.1.1.15
log
@track: auto import
@
text
@d3 1
a3 1
===================
a6 28
For one-point-oh
----------------

23. Mechanism for aborting a request mid-response; e.g., when a GET
    fails due to out of disk space, abort the download.

38. Replace all use of split_string/pair_string with ne_token.

40. XML body acceptance callback should check Content-Type. Should
    also pass encoding to expat if one is given (how about libxml?).
    Recent mod_dav's return XML bodies in 424 responses which need
    displaying properly.

58. 2616 is quite strict about when to retry non-idempotent requests
    and when not to.  neon may not be compliant here.

61. Make everything namespace-safe:
       move sock_* into ne_*
       move uri_* into ne_*?
       remove split_string/pair_string.

62. Select which auth mechanisms are allowed, e.g. JUST SAY NO to
    basic might very well be useful to some apps.

Longer term
-----------


d51 3
d76 21
d133 3
d138 10
@


1.1.1.16
log
@track: auto import
@
text
@d137 3
@


1.1.1.17
log
@track: auto import
@
text
@d25 1
d120 2
d131 2
@


1.1.1.18
log
@track: auto import
@
text
@a29 2
63. Unconditionally turn off Nagle algorithm.

d78 4
d121 3
@


1.1.1.19
log
@track: auto import
@
text
@a12 4
31. Make it threadsafe:
    socket.c: gethostbyname -> gethostbyname_r.
    socket.c: getservbyname -> getservbyname_r.

a19 3
44. Finer-grained connection status feedback, i.e., "Sent Request",
    "Got response status-line"... "Reading response body"

d24 1
a60 2
      => Jim Whitehead's UCI postgrad team is working on this and
    has written a DASL implementation.
d82 9
d97 3
@


