problems may have been fixed or changed somewhat since this was written.
1. HTTP
- 1.2 Multiple methods in a single WWW-Authenticate: header
1.3 STARTTRANSFER time is wrong for HTTP POSTs
1.4 multipart formposts file name encoding
1.5 Expect-100 meets 417
- 1.6 Unnecessary close when 401 received waiting for 100
- 1.7 Deflate error after all content was received
1.8 DoH is not used for all name resolves when enabled
1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
2. TLS
- 2.1 CURLINFO_SSL_VERIFYRESULT has limited support
- 2.2 DER in keychain
2.3 Unable to use PKCS12 certificate with Secure Transport
2.4 Secure Transport will not import PKCS#12 client certificates without a password
2.5 Client cert handling with Issuer DN differs between backends
5.4 Build with statically built dependency
5.5 cannot handle Unicode arguments in non-Unicode builds on Windows
5.6 make distclean loops forever
- 5.7 Visual Studio project gaps
5.8 configure finding libs in wrong directory
5.9 Utilize Requires.private directives in libcurl.pc
5.10 curl hangs on SMB upload over stdin
11. Internals
11.1 Curl leaks .onion hostnames in DNS
11.2 error buffer not set if connection to multiple addresses fails
- 11.3 Disconnects do not do verbose
11.4 HTTP test server 'connection-monitor' problems
11.5 Connection information when using TCP Fast Open
11.7 signal-based resolver timeouts
15.11 ExternalProject_Add does not set CURL_CA_PATH
15.12 cannot enable LDAPS on Windows
15.13 CMake build with MIT Kerberos does not work
- 15.14 cmake build is not thread-safe
16. Applications
1. HTTP
-1.2 Multiple methods in a single WWW-Authenticate: header
-
- The HTTP responses headers WWW-Authenticate: can provide information about
- multiple authentication methods as multiple headers or as several methods
- within a single header. The latter way, several methods in the same physical
- line, is not supported by libcurl's parser. (For no good reason.)
-
1.3 STARTTRANSFER time is wrong for HTTP POSTs
Wrong STARTTRANSFER timer accounting for POST requests Timer works fine with
the client application to redo the transfer after disabling Expect:.
https://curl.se/mail/archive-2008-02/0043.html
-1.6 Unnecessary close when 401 received waiting for 100
-
- libcurl closes the connection if an HTTP 401 reply is received while it is
- waiting for the 100-continue response.
- https://curl.se/mail/lib-2008-08/0462.html
-
-1.7 Deflate error after all content was received
-
- There's a situation where we can get an error in an HTTP response that is
- compressed, when that error is detected after all the actual body contents
- have been received and delivered to the application. This is tricky, but is
- ultimately a broken server.
-
- See https://github.com/curl/curl/issues/2719
-
1.8 DoH is not used for all name resolves when enabled
Even if DoH is specified to be used, there are some name resolves that are
2. TLS
-2.1 CURLINFO_SSL_VERIFYRESULT has limited support
-
- CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL, NSS and
- GnuTLS backends, so relying on this information in a generic app is flaky.
-
-2.2 DER in keychain
-
- Curl does not recognize certificates in DER format in keychain, but it works
- with PEM. https://curl.se/bug/view.cgi?id=1065
-
2.3 Unable to use PKCS12 certificate with Secure Transport
See https://github.com/curl/curl/issues/5403
See https://github.com/curl/curl/issues/7716
-5.7 Visual Studio project gaps
-
- The Visual Studio projects lack some features that the autoconf and nmake
- builds offer, such as the following:
-
- - support for zlib and nghttp2
- - use of static runtime libraries
- - add the test suite components
-
- In addition to this the following could be implemented:
-
- - support for other development IDEs
- - add PATH environment variables for third-party DLLs
-
5.8 configure finding libs in wrong directory
When the configure script checks for third-party libraries, it adds those
CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER
remains empty. Issue: https://github.com/curl/curl/issues/544
-11.3 Disconnects do not do verbose
-
- Due to how libcurl keeps connections alive in the "connection pool" after use
- to potentially transcend the life-time of the initial easy handle that was
- used to drive the transfer over that connection, it uses a *separate* and
- internal easy handle when it shuts down the connection. That separate
- connection might not have the same settings as the original easy handle, and
- in particular it is often note-worthy that it does not have the same VERBOSE
- and debug callbacks setup so that an application will not get the protocol
- data for the disconnect phase of a transfer the same way it got all the other
- data.
-
- This is because the original easy handle might have already been freed at that
- point and the application might not at all be prepared that the callback
- would get called again long after the handle was freed.
-
- See for example https://github.com/curl/curl/issues/6995
-
11.4 HTTP test server 'connection-monitor' problems
The 'connection-monitor' feature of the sws HTTP test server does not work
https://github.com/curl/curl/issues/6904
-15.14 cmake build is not thread-safe
-
- The cmake build does not check for and verify presence of a working Atomic
- type, which then makes curl_global_init() to not build thread-safe on
- non-Windows platforms.
-
- Bug: https://github.com/curl/curl/issues/8973
- Partial fix: https://github.com/curl/curl/pull/8982
-
16. Applications
17. HTTP/2
projects / thirdparty / curl.git / commitdiff
