1 _ _ ____ _ 2 ___| | | | _ \| | 3 / __| | | | |_) | | 4 | (__| |_| | _ <| |___ 5 \___|\___/|_| \_\_____| 6 7 Things that could be nice to do in the future 8 9 Things to do in project curl. Please tell us what you think, contribute and 10 send us patches that improve things. 11 12 Be aware that these are things that we could do, or have once been considered 13 things we could do. If you want to work on any of these areas, please 14 consider bringing it up for discussions first on the mailing list so that we 15 all agree it is still a good idea for the project. 16 17 All bugs documented in the KNOWN_BUGS document are subject for fixing. 18 19 1. libcurl 20 1.1 TFO support on Windows 21 1.2 Consult %APPDATA% also for .netrc 22 1.3 struct lifreq 23 1.4 alt-svc sharing 24 1.5 get rid of PATH_MAX 25 1.6 native IDN support on macOS 26 1.7 Support HTTP/2 for HTTP(S) proxies 27 1.8 CURLOPT_RESOLVE for any port number 28 1.9 Cache negative name resolves 29 1.10 auto-detect proxy 30 1.11 minimize dependencies with dynamically loaded modules 31 1.12 updated DNS server while running 32 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION 33 1.15 Monitor connections in the connection pool 34 1.16 Try to URL encode given URL 35 1.17 Add support for IRIs 36 1.18 try next proxy if one does not work 37 1.19 provide timing info for each redirect 38 1.20 SRV and URI DNS records 39 1.21 netrc caching and sharing 40 1.22 CURLINFO_PAUSE_STATE 41 1.23 Offer API to flush the connection pool 42 1.25 Expose tried IP addresses that failed 43 1.28 FD_CLOEXEC 44 1.29 Upgrade to websockets 45 1.30 config file parsing 46 1.31 erase secrets from heap/stack after use 47 1.32 add asynch getaddrinfo support 48 1.33 make DoH inherit more transfer properties 49 50 2. libcurl - multi interface 51 2.1 More non-blocking 52 2.2 Better support for same name resolves 53 2.3 Non-blocking curl_multi_remove_handle() 54 2.4 Split connect and authentication process 55 2.5 Edge-triggered sockets should work 56 2.6 multi upkeep 57 2.7 Virtual external sockets 58 2.8 dynamically decide to use socketpair 59 60 3. Documentation 61 3.1 Improve documentation about fork safety 62 3.2 Provide cmake config-file 63 64 4. FTP 65 4.1 HOST 66 4.2 Alter passive/active on failure and retry 67 4.3 Earlier bad letter detection 68 4.4 Support CURLOPT_PREQUOTE for dir listings too 69 4.5 ASCII support 70 4.6 GSSAPI via Windows SSPI 71 4.7 STAT for LIST without data connection 72 4.8 Passive transfer could try other IP addresses 73 74 5. HTTP 75 5.1 Provide the error body from a CONNECT response 76 5.2 Set custom client ip when using haproxy protocol 77 5.3 Rearrange request header order 78 5.4 Allow SAN names in HTTP/2 server push 79 5.5 auth= in URLs 80 5.6 alt-svc should fallback if alt-svc does not work 81 5.7 Require HTTP version X or higher 82 83 6. TELNET 84 6.1 ditch stdin 85 6.2 ditch telnet-specific select 86 6.3 feature negotiation debug data 87 6.4 exit immediately upon connection if stdin is /dev/null 88 89 7. SMTP 90 7.1 Passing NOTIFY option to CURLOPT_MAIL_RCPT 91 7.2 Enhanced capability support 92 7.3 Add CURLOPT_MAIL_CLIENT option 93 94 8. POP3 95 8.2 Enhanced capability support 96 97 9. IMAP 98 9.1 Enhanced capability support 99 100 10. LDAP 101 10.1 SASL based authentication mechanisms 102 10.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS 103 10.3 Paged searches on LDAP server 104 105 11. SMB 106 11.1 File listing support 107 11.2 Honor file timestamps 108 11.3 Use NTLMv2 109 11.4 Create remote directories 110 111 12. FILE 112 12.1 Directory listing for FILE: 113 114 13. TLS 115 13.1 TLS-PSK with OpenSSL 116 13.2 Provide mutex locking API 117 13.3 Defeat TLS fingerprinting 118 13.4 Cache/share OpenSSL contexts 119 13.5 Export session ids 120 13.6 Provide callback for cert verification 121 13.7 Less memory massaging with Schannel 122 13.8 Support DANE 123 13.9 TLS record padding 124 13.10 Support Authority Information Access certificate extension (AIA) 125 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY 126 13.12 Reduce CA certificate bundle reparsing 127 13.13 Make sure we forbid TLS 1.3 post-handshake authentication 128 13.14 Support the clienthello extension 129 130 14. GnuTLS 131 14.2 check connection 132 133 15. Schannel 134 15.1 Extend support for client certificate authentication 135 15.2 Extend support for the --ciphers option 136 15.4 Add option to allow abrupt server closure 137 138 16. SASL 139 16.1 Other authentication mechanisms 140 16.2 Add QOP support to GSSAPI authentication 141 142 17. SSH protocols 143 17.1 Multiplexing 144 17.2 Handle growing SFTP files 145 17.3 Read keys from ~/.ssh/id_ecdsa, id_ed25519 146 17.4 Support CURLOPT_PREQUOTE 147 17.5 SSH over HTTPS proxy with more backends 148 17.6 SFTP with SCP:// 149 150 18. Command line tool 151 18.1 sync 152 18.2 glob posts 153 18.4 --proxycommand 154 18.5 UTF-8 filenames in Content-Disposition 155 18.6 Option to make -Z merge lined based outputs on stdout 156 18.8 Consider convenience options for JSON and XML? 157 18.9 Choose the name of file in braces for complex URLs 158 18.10 improve how curl works in a windows console window 159 18.11 Windows: set attribute 'archive' for completed downloads 160 18.12 keep running, read instructions from pipe/socket 161 18.13 Ratelimit or wait between serial requests 162 18.14 --dry-run 163 18.15 --retry should resume 164 18.16 send only part of --data 165 18.17 consider file name from the redirected URL with -O ? 166 18.18 retry on network is unreachable 167 18.19 expand ~/ in config files 168 18.20 host name sections in config files 169 18.21 retry on the redirected-to URL 170 18.23 Set the modification date on an uploaded file 171 18.24 Use multiple parallel transfers for a single download 172 18.25 Prevent terminal injection when writing to terminal 173 18.26 Custom progress meter update interval 174 175 19. Build 176 19.1 roffit 177 19.2 Enable PIE and RELRO by default 178 19.3 Do not use GNU libtool on OpenBSD 179 19.4 Package curl for Windows in a signed installer 180 19.5 make configure use --cache-file more and better 181 182 20. Test suite 183 20.1 SSL tunnel 184 20.2 nicer lacking perl message 185 20.3 more protocols supported 186 20.4 more platforms supported 187 20.5 Add support for concurrent connections 188 20.6 Use the RFC6265 test suite 189 20.7 Support LD_PRELOAD on macOS 190 20.8 Run web-platform-tests URL tests 191 192 21. MQTT 193 21.1 Support rate-limiting 194 195============================================================================== 196 1971. libcurl 198 1991.1 TFO support on Windows 200 201 libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and 202 Mac OS. Windows supports TCP Fast Open starting with Windows 10, version 1607 203 and we should add support for it. 204 205 TCP Fast Open is supported on several platforms but not on Windows. Work on 206 this was once started but never finished. 207 208 See https://github.com/curl/curl/pull/3378 209 2101.2 Consult %APPDATA% also for .netrc 211 212 %APPDATA%\.netrc is not considered when running on Windows. should not it? 213 214 See https://github.com/curl/curl/issues/4016 215 2161.3 struct lifreq 217 218 Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and 219 SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete. 220 To support IPv6 interface addresses for network interfaces properly. 221 2221.4 alt-svc sharing 223 224 The share interface could benefit from allowing the alt-svc cache to be 225 possible to share between easy handles. 226 227 See https://github.com/curl/curl/issues/4476 228 2291.5 get rid of PATH_MAX 230 231 Having code use and rely on PATH_MAX is not nice: 232 https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html 233 234 Currently the libssh2 SSH based code uses it, but to remove PATH_MAX from 235 there we need libssh2 to properly tell us when we pass in a too small buffer 236 and its current API (as of libssh2 1.2.7) does not. 237 2381.6 native IDN support on macOS 239 240 On recent macOS versions, the getaddrinfo() function itself has built-in IDN 241 support. By setting the AI_CANONNAME flag, the function will return the 242 encoded name in the ai_canonname struct field in the returned information. 243 This could be used by curl on macOS when built without a separate IDN library 244 and an IDN host name is used in a URL. 245 246 See initial work in https://github.com/curl/curl/pull/5371 247 2481.7 Support HTTP/2 for HTTP(S) proxies 249 250 Support for doing HTTP/2 to HTTP and HTTPS proxies is still missing. 251 252 See https://github.com/curl/curl/issues/3570 253 2541.8 CURLOPT_RESOLVE for any port number 255 256 This option allows applications to set a replacement IP address for a given 257 host + port pair. Consider making support for providing a replacement address 258 for the host name on all port numbers. 259 260 See https://github.com/curl/curl/issues/1264 261 2621.9 Cache negative name resolves 263 264 A name resolve that has failed is likely to fail when made again within a 265 short period of time. Currently we only cache positive responses. 266 2671.10 auto-detect proxy 268 269 libcurl could be made to detect the system proxy setup automatically and use 270 that. On Windows, macOS and Linux desktops for example. 271 272 The pull-request to use libproxy for this was deferred due to doubts on the 273 reliability of the dependency and how to use it: 274 https://github.com/curl/curl/pull/977 275 276 libdetectproxy is a (C++) library for detecting the proxy on Windows 277 https://github.com/paulharris/libdetectproxy 278 2791.11 minimize dependencies with dynamically loaded modules 280 281 We can create a system with loadable modules/plug-ins, where these modules 282 would be the ones that link to 3rd party libs. That would allow us to avoid 283 having to load ALL dependencies since only the necessary ones for this 284 app/invoke/used protocols would be necessary to load. See 285 https://github.com/curl/curl/issues/349 286 2871.12 updated DNS server while running 288 289 If /etc/resolv.conf gets updated while a program using libcurl is running, it 290 is may cause name resolves to fail unless res_init() is called. We should 291 consider calling res_init() + retry once unconditionally on all name resolve 292 failures to mitigate against this. Firefox works like that. Note that Windows 293 does not have res_init() or an alternative. 294 295 https://github.com/curl/curl/issues/2251 296 2971.13 c-ares and CURLOPT_OPENSOCKETFUNCTION 298 299 curl will create most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and 300 close them with the CURLOPT_CLOSESOCKETFUNCTION callback. However, c-ares 301 does not use those functions and instead opens and closes the sockets 302 itself. This means that when curl passes the c-ares socket to the 303 CURLMOPT_SOCKETFUNCTION it is not owned by the application like other sockets. 304 305 See https://github.com/curl/curl/issues/2734 306 3071.15 Monitor connections in the connection pool 308 309 libcurl's connection cache or pool holds a number of open connections for the 310 purpose of possible subsequent connection reuse. It may contain a few up to a 311 significant amount of connections. Currently, libcurl leaves all connections 312 as they are and first when a connection is iterated over for matching or 313 reuse purpose it is verified that it is still alive. 314 315 Those connections may get closed by the server side for idleness or they may 316 get an HTTP/2 ping from the peer to verify that they are still alive. By 317 adding monitoring of the connections while in the pool, libcurl can detect 318 dead connections (and close them) better and earlier, and it can handle 319 HTTP/2 pings to keep such ones alive even when not actively doing transfers 320 on them. 321 3221.16 Try to URL encode given URL 323 324 Given a URL that for example contains spaces, libcurl could have an option 325 that would try somewhat harder than it does now and convert spaces to %20 and 326 perhaps URL encoded byte values over 128 etc (basically do what the redirect 327 following code already does). 328 329 https://github.com/curl/curl/issues/514 330 3311.17 Add support for IRIs 332 333 IRIs (RFC 3987) allow localized, non-ascii, names in the URL. To properly 334 support this, curl/libcurl would need to translate/encode the given input 335 from the input string encoding into percent encoded output "over the wire". 336 337 To make that work smoothly for curl users even on Windows, curl would 338 probably need to be able to convert from several input encodings. 339 3401.18 try next proxy if one does not work 341 342 Allow an application to specify a list of proxies to try, and failing to 343 connect to the first go on and try the next instead until the list is 344 exhausted. Browsers support this feature at least when they specify proxies 345 using PACs. 346 347 https://github.com/curl/curl/issues/896 348 3491.19 provide timing info for each redirect 350 351 curl and libcurl provide timing information via a set of different 352 time-stamps (CURLINFO_*_TIME). When curl is following redirects, those 353 returned time value are the accumulated sums. An improvement could be to 354 offer separate timings for each redirect. 355 356 https://github.com/curl/curl/issues/6743 357 3581.20 SRV and URI DNS records 359 360 Offer support for resolving SRV and URI DNS records for libcurl to know which 361 server to connect to for various protocols (including HTTP). 362 3631.21 netrc caching and sharing 364 365 The netrc file is read and parsed each time a connection is setup, which 366 means that if a transfer needs multiple connections for authentication or 367 redirects, the file might be reread (and parsed) multiple times. This makes 368 it impossible to provide the file as a pipe. 369 3701.22 CURLINFO_PAUSE_STATE 371 372 Return information about the transfer's current pause state, in both 373 directions. https://github.com/curl/curl/issues/2588 374 3751.23 Offer API to flush the connection pool 376 377 Sometimes applications want to flush all the existing connections kept alive. 378 An API could allow a forced flush or just a forced loop that would properly 379 close all connections that have been closed by the server already. 380 3811.25 Expose tried IP addresses that failed 382 383 When libcurl fails to connect to a host, it could offer the application the 384 addresses that were used in the attempt. Source + dest IP, source + dest port 385 and protocol (UDP or TCP) for each failure. Possibly as a callback. Perhaps 386 also provide "reason". 387 388 https://github.com/curl/curl/issues/2126 389 3901.28 FD_CLOEXEC 391 392 It sets the close-on-exec flag for the file descriptor, which causes the file 393 descriptor to be automatically (and atomically) closed when any of the 394 exec-family functions succeed. Should probably be set by default? 395 396 https://github.com/curl/curl/issues/2252 397 3981.29 Upgrade to websockets 399 400 libcurl could offer a smoother path to get to a websocket connection. 401 See https://github.com/curl/curl/issues/3523 402 403 Michael Kaufmann suggestion here: 404 https://curl.se/video/curlup-2017/2017-03-19_05_Michael_Kaufmann_Websocket_support_for_curl.mp4 405 4061.30 config file parsing 407 408 Consider providing an API, possibly in a separate companion library, for 409 parsing a config file like curl's -K/--config option to allow applications to 410 get the same ability to read curl options from files. 411 412 See https://github.com/curl/curl/issues/3698 413 4141.31 erase secrets from heap/stack after use 415 416 Introducing a concept and system to erase secrets from memory after use, it 417 could help mitigate and lessen the impact of (future) security problems etc. 418 However: most secrets are passed to libcurl as clear text from the 419 application and then clearing them within the library adds nothing... 420 421 https://github.com/curl/curl/issues/7268 422 4231.32 add asynch getaddrinfo support 424 425 Use getaddrinfo_a() to provide an asynch name resolver backend to libcurl 426 that does not use threads and does not depend on c-ares. The getaddrinfo_a 427 function is (probably?) glibc specific but that is a widely used libc among 428 our users. 429 430 https://github.com/curl/curl/pull/6746 431 4321.33 make DoH inherit more transfer properties 433 434 Some options are not inherited because they are not relevant for the DoH SSL 435 connections, or inheriting the option may result in unexpected behavior. For 436 example the user's debug function callback is not inherited because it would 437 be unexpected for internal handles (ie DoH handles) to be passed to that 438 callback. 439 440 If an option is not inherited then it is not possible to set it separately 441 for DoH without a DoH-specific option. For example: 442 CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and 443 CURLOPT_DOH_SSL_VERIFYSTATUS. 444 445 See https://github.com/curl/curl/issues/6605 446 4472. libcurl - multi interface 448 4492.1 More non-blocking 450 451 Make sure we do not ever loop because of non-blocking sockets returning 452 EWOULDBLOCK or similar. Blocking cases include: 453 454 - Name resolves on non-windows unless c-ares or the threaded resolver is used. 455 456 - The threaded resolver may block on cleanup: 457 https://github.com/curl/curl/issues/4852 458 459 - file:// transfers 460 461 - TELNET transfers 462 463 - GSSAPI authentication for FTP transfers 464 465 - The "DONE" operation (post transfer protocol-specific actions) for the 466 protocols SFTP, SMTP, FTP. Fixing multi_done() for this is a worthy task. 467 468 - curl_multi_remove_handle for any of the above. See section 2.3. 469 4702.2 Better support for same name resolves 471 472 If a name resolve has been initiated for name NN and a second easy handle 473 wants to resolve that name as well, make it wait for the first resolve to end 474 up in the cache instead of doing a second separate resolve. This is 475 especially needed when adding many simultaneous handles using the same host 476 name when the DNS resolver can get flooded. 477 4782.3 Non-blocking curl_multi_remove_handle() 479 480 The multi interface has a few API calls that assume a blocking behavior, like 481 add_handle() and remove_handle() which limits what we can do internally. The 482 multi API need to be moved even more into a single function that "drives" 483 everything in a non-blocking manner and signals when something is done. A 484 remove or add would then only ask for the action to get started and then 485 multi_perform() etc still be called until the add/remove is completed. 486 4872.4 Split connect and authentication process 488 489 The multi interface treats the authentication process as part of the connect 490 phase. As such any failures during authentication will not trigger the relevant 491 QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. 492 4932.5 Edge-triggered sockets should work 494 495 The multi_socket API should work with edge-triggered socket events. One of 496 the internal actions that need to be improved for this to work perfectly is 497 the 'maxloops' handling in transfer.c:readwrite_data(). 498 4992.6 multi upkeep 500 501 In libcurl 7.62.0 we introduced curl_easy_upkeep. It unfortunately only works 502 on easy handles. We should introduces a version of that for the multi handle, 503 and also consider doing "upkeep" automatically on connections in the 504 connection pool when the multi handle is in used. 505 506 See https://github.com/curl/curl/issues/3199 507 5082.7 Virtual external sockets 509 510 libcurl performs operations on the given file descriptor that presumes it is 511 a socket and an application cannot replace them at the moment. Allowing an 512 application to fully replace those would allow a larger degree of freedom and 513 flexibility. 514 515 See https://github.com/curl/curl/issues/5835 516 5172.8 dynamically decide to use socketpair 518 519 For users who do not use curl_multi_wait() or do not care for 520 curl_multi_wakeup(), we could introduce a way to make libcurl NOT 521 create a socketpair in the multi handle. 522 523 See https://github.com/curl/curl/issues/4829 524 5253. Documentation 526 5273.1 Improve documentation about fork safety 528 529 See https://github.com/curl/curl/issues/6968 530 5313.2 Provide cmake config-file 532 533 A config-file package is a set of files provided by us to allow applications 534 to write cmake scripts to find and use libcurl easier. See 535 https://github.com/curl/curl/issues/885 536 5374. FTP 538 5394.1 HOST 540 541 HOST is a command for a client to tell which host name to use, to offer FTP 542 servers named-based virtual hosting: 543 544 https://datatracker.ietf.org/doc/html/rfc7151 545 5464.2 Alter passive/active on failure and retry 547 548 When trying to connect passively to a server which only supports active 549 connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the 550 connection. There could be a way to fallback to an active connection (and 551 vice versa). https://curl.se/bug/feature.cgi?id=1754793 552 5534.3 Earlier bad letter detection 554 555 Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the 556 process to avoid doing a resolve and connect in vain. 557 5584.4 Support CURLOPT_PREQUOTE for dir listings too 559 560 The lack of support is mostly an oversight and requires the FTP state machine 561 to get updated to get fixed. 562 563 https://github.com/curl/curl/issues/8602 564 5654.5 ASCII support 566 567 FTP ASCII transfers do not follow RFC959. They do not convert the data 568 accordingly. 569 5704.6 GSSAPI via Windows SSPI 571 572 In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) 573 via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add 574 support for GSSAPI authentication via Windows SSPI. 575 5764.7 STAT for LIST without data connection 577 578 Some FTP servers allow STAT for listing directories instead of using LIST, 579 and the response is then sent over the control connection instead of as the 580 otherwise usedw data connection: https://www.nsftools.com/tips/RawFTP.htm#STAT 581 582 This is not detailed in any FTP specification. 583 5844.8 Passive transfer could try other IP addresses 585 586 When doing FTP operations through a proxy at localhost, the reported spotted 587 that curl only tried to connect once to the proxy, while it had multiple 588 addresses and a failed connect on one address should make it try the next. 589 590 After switching to passive mode (EPSV), curl could try all IP addresses for 591 "localhost". Currently it tries ::1, but it should also try 127.0.0.1. 592 593 See https://github.com/curl/curl/issues/1508 594 5955. HTTP 596 5975.1 Provide the error body from a CONNECT response 598 599 When curl receives a body response from a CONNECT request to a proxy, it will 600 always just read and ignore it. It would make some users happy if curl 601 instead optionally would be able to make that responsible available. Via a new 602 callback? Through some other means? 603 604 See https://github.com/curl/curl/issues/9513 605 6065.2 Set custom client ip when using haproxy protocol 607 608 This would allow testing servers with different client ip addresses (without 609 using x-forward-for header). 610 611 https://github.com/curl/curl/issues/5125 612 6135.3 Rearrange request header order 614 615 Server implementors often make an effort to detect browser and to reject 616 clients it can detect to not match. One of the last details we cannot yet 617 control in libcurl's HTTP requests, which also can be exploited to detect 618 that libcurl is in fact used even when it tries to impersonate a browser, is 619 the order of the request headers. I propose that we introduce a new option in 620 which you give headers a value, and then when the HTTP request is built it 621 sorts the headers based on that number. We could then have internally created 622 headers use a default value so only headers that need to be moved have to be 623 specified. 624 6255.4 Allow SAN names in HTTP/2 server push 626 627 curl only allows HTTP/2 push promise if the provided :authority header value 628 exactly matches the host name given in the URL. It could be extended to allow 629 any name that would match the Subject Alternative Names in the server's TLS 630 certificate. 631 632 See https://github.com/curl/curl/pull/3581 633 6345.5 auth= in URLs 635 636 Add the ability to specify the preferred authentication mechanism to use by 637 using ;auth=<mech> in the login part of the URL. 638 639 For example: 640 641 http://test:pass;auth=NTLM@example.com would be equivalent to specifying 642 --user test:pass;auth=NTLM or --user test:pass --ntlm from the command line. 643 644 Additionally this should be implemented for proxy base URLs as well. 645 6465.6 alt-svc should fallback if alt-svc does not work 647 648 The alt-svc: header provides a set of alternative services for curl to use 649 instead of the original. If the first attempted one fails, it should try the 650 next etc and if all alternatives fail go back to the original. 651 652 See https://github.com/curl/curl/issues/4908 653 6545.7 Require HTTP version X or higher 655 656 curl and libcurl provide options for trying higher HTTP versions (for example 657 HTTP/2) but then still allows the server to pick version 1.1. We could 658 consider adding a way to require a minimum version. 659 660 See https://github.com/curl/curl/issues/7980 661 6626. TELNET 663 6646.1 ditch stdin 665 666 Reading input (to send to the remote server) on stdin is a crappy solution 667 for library purposes. We need to invent a good way for the application to be 668 able to provide the data to send. 669 6706.2 ditch telnet-specific select 671 672 Move the telnet support's network select() loop go away and merge the code 673 into the main transfer loop. Until this is done, the multi interface will not 674 work for telnet. 675 6766.3 feature negotiation debug data 677 678 Add telnet feature negotiation data to the debug callback as header data. 679 6806.4 exit immediately upon connection if stdin is /dev/null 681 682 If it did, curl could be used to probe if there's an server there listening 683 on a specific port. That is, the following command would exit immediately 684 after the connection is established with exit code 0: 685 686 curl -s --connect-timeout 2 telnet://example.com:80 </dev/null 687 6887. SMTP 689 6907.1 Passing NOTIFY option to CURLOPT_MAIL_RCPT 691 692 Is there a way to pass the NOTIFY option to the CURLOPT_MAIL_RCPT option ? I 693 set a string that already contains a bracket. For instance something like 694 that: curl_slist_append( recipients, "<foo@bar> NOTIFY=SUCCESS,FAILURE" ); 695 696 https://github.com/curl/curl/issues/8232 697 6987.2 Enhanced capability support 699 700 Add the ability, for an application that uses libcurl, to obtain the list of 701 capabilities returned from the EHLO command. 702 7037.3 Add CURLOPT_MAIL_CLIENT option 704 705 Rather than use the URL to specify the mail client string to present in the 706 HELO and EHLO commands, libcurl should support a new CURLOPT specifically for 707 specifying this data as the URL is non-standard and to be honest a bit of a 708 hack ;-) 709 710 Please see the following thread for more information: 711 https://curl.se/mail/lib-2012-05/0178.html 712 713 7148. POP3 715 7168.2 Enhanced capability support 717 718 Add the ability, for an application that uses libcurl, to obtain the list of 719 capabilities returned from the CAPA command. 720 7219. IMAP 722 7239.1 Enhanced capability support 724 725 Add the ability, for an application that uses libcurl, to obtain the list of 726 capabilities returned from the CAPABILITY command. 727 72810. LDAP 729 73010.1 SASL based authentication mechanisms 731 732 Currently the LDAP module only supports ldap_simple_bind_s() in order to bind 733 to an LDAP server. However, this function sends username and password details 734 using the simple authentication mechanism (as clear text). However, it should 735 be possible to use ldap_bind_s() instead specifying the security context 736 information ourselves. 737 73810.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS 739 740 CURLOPT_SSL_CTX_FUNCTION works perfectly for HTTPS and email protocols, but 741 it has no effect for LDAPS connections. 742 743 https://github.com/curl/curl/issues/4108 744 74510.3 Paged searches on LDAP server 746 747 https://github.com/curl/curl/issues/4452 748 74911. SMB 750 75111.1 File listing support 752 753 Add support for listing the contents of a SMB share. The output should 754 probably be the same as/similar to FTP. 755 75611.2 Honor file timestamps 757 758 The timestamp of the transferred file should reflect that of the original 759 file. 760 76111.3 Use NTLMv2 762 763 Currently the SMB authentication uses NTLMv1. 764 76511.4 Create remote directories 766 767 Support for creating remote directories when uploading a file to a directory 768 that does not exist on the server, just like --ftp-create-dirs. 769 770 77112. FILE 772 77312.1 Directory listing for FILE: 774 775 Add support for listing the contents of a directory accessed with FILE. The 776 output should probably be the same as/similar to FTP. 777 778 77913. TLS 780 78113.1 TLS-PSK with OpenSSL 782 783 Transport Layer Security pre-shared key ciphersuites (TLS-PSK) is a set of 784 cryptographic protocols that provide secure communication based on pre-shared 785 keys (PSKs). These pre-shared keys are symmetric keys shared in advance among 786 the communicating parties. 787 788 https://github.com/curl/curl/issues/5081 789 79013.2 Provide mutex locking API 791 792 Provide a libcurl API for setting mutex callbacks in the underlying SSL 793 library, so that the same application code can use mutex-locking 794 independently of OpenSSL or GnutTLS being used. 795 79613.3 Defeat TLS fingerprinting 797 798 By changing the order of TLS extensions provided in the TLS handshake, it is 799 sometimes possible to circumvent TLS fingerprinting by servers. The TLS 800 extension order is of course not the only way to fingerprint a client. 801 802 See https://github.com/curl/curl/issues/8119 803 80413.4 Cache/share OpenSSL contexts 805 806 "Look at SSL cafile - quick traces look to me like these are done on every 807 request as well, when they should only be necessary once per SSL context (or 808 once per handle)". The major improvement we can rather easily do is to make 809 sure we do not create and kill a new SSL "context" for every request, but 810 instead make one for every connection and re-use that SSL context in the same 811 style connections are re-used. It will make us use slightly more memory but 812 it will libcurl do less creations and deletions of SSL contexts. 813 814 Technically, the "caching" is probably best implemented by getting added to 815 the share interface so that easy handles who want to and can reuse the 816 context specify that by sharing with the right properties set. 817 818 https://github.com/curl/curl/issues/1110 819 82013.5 Export session ids 821 822 Add an interface to libcurl that enables "session IDs" to get 823 exported/imported. Cris Bailiff said: "OpenSSL has functions which can 824 serialise the current SSL state to a buffer of your choice, and recover/reset 825 the state from such a buffer at a later date - this is used by mod_ssl for 826 apache to implement and SSL session ID cache". 827 82813.6 Provide callback for cert verification 829 830 OpenSSL supports a callback for customised verification of the peer 831 certificate, but this does not seem to be exposed in the libcurl APIs. Could 832 it be? There's so much that could be done if it were. 833 83413.7 Less memory massaging with Schannel 835 836 The Schannel backend does a lot of custom memory management we would rather 837 avoid: the repeated alloc + free in sends and the custom memory + realloc 838 system for encrypted and decrypted data. That should be avoided and reduced 839 for 1) efficiency and 2) safety. 840 84113.8 Support DANE 842 843 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL 844 keys and certs over DNS using DNSSEC as an alternative to the CA model. 845 https://www.rfc-editor.org/rfc/rfc6698.txt 846 847 An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 848 (https://curl.se/mail/lib-2013-03/0075.html) but it was a too simple 849 approach. See Daniel's comments: 850 https://curl.se/mail/lib-2013-03/0103.html . libunbound may be the 851 correct library to base this development on. 852 853 Björn Stenberg wrote a separate initial take on DANE that was never 854 completed. 855 85613.9 TLS record padding 857 858 TLS (1.3) offers optional record padding and OpenSSL provides an API for it. 859 I could make sense for libcurl to offer this ability to applications to make 860 traffic patterns harder to figure out by network traffic observers. 861 862 See https://github.com/curl/curl/issues/5398 863 86413.10 Support Authority Information Access certificate extension (AIA) 865 866 AIA can provide various things like CRLs but more importantly information 867 about intermediate CA certificates that can allow validation path to be 868 fulfilled when the HTTPS server does not itself provide them. 869 870 Since AIA is about downloading certs on demand to complete a TLS handshake, 871 it is probably a bit tricky to get done right. 872 873 See https://github.com/curl/curl/issues/2793 874 87513.11 Support intermediate & root pinning for PINNEDPUBLICKEY 876 877 CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root 878 certificates when comparing the pinned keys. Therefore it is not compatible 879 with "HTTP Public Key Pinning" as there also intermediate and root 880 certificates can be pinned. This is useful as it prevents webadmins from 881 "locking themselves out of their servers". 882 883 Adding this feature would make curls pinning 100% compatible to HPKP and 884 allow more flexible pinning. 885 88613.12 Reduce CA certificate bundle reparsing 887 888 When using the OpenSSL backend, curl will load and reparse the CA bundle at 889 the creation of the "SSL context" when it sets up a connection to do a TLS 890 handshake. A more effective way would be to somehow cache the CA bundle to 891 avoid it having to be repeatedly reloaded and reparsed. 892 893 See https://github.com/curl/curl/issues/9379 894 89513.13 Make sure we forbid TLS 1.3 post-handshake authentication 896 897 RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3 898 post-handshake authentication. We should make sure to live up to that. 899 900 See https://github.com/curl/curl/issues/5396 901 90213.14 Support the clienthello extension 903 904 Certain stupid networks and middle boxes have a problem with SSL handshake 905 packets that are within a certain size range because how that sets some bits 906 that previously (in older TLS version) were not set. The clienthello 907 extension adds padding to avoid that size range. 908 909 https://datatracker.ietf.org/doc/html/rfc7685 910 https://github.com/curl/curl/issues/2299 911 91214. GnuTLS 913 91414.2 check connection 915 916 Add a way to check if the connection seems to be alive, to correspond to the 917 SSL_peak() way we use with OpenSSL. 918 91915. Schannel 920 92115.1 Extend support for client certificate authentication 922 923 The existing support for the -E/--cert and --key options could be 924 extended by supplying a custom certificate and key in PEM format, see: 925 - Getting a Certificate for Schannel 926 https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx 927 92815.2 Extend support for the --ciphers option 929 930 The existing support for the --ciphers option could be extended 931 by mapping the OpenSSL/GnuTLS cipher suites to the Schannel APIs, see 932 - Specifying Schannel Ciphers and Cipher Strengths 933 https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx 934 93515.4 Add option to allow abrupt server closure 936 937 libcurl w/schannel will error without a known termination point from the 938 server (such as length of transfer, or SSL "close notify" alert) to prevent 939 against a truncation attack. Really old servers may neglect to send any 940 termination point. An option could be added to ignore such abrupt closures. 941 942 https://github.com/curl/curl/issues/4427 943 94416. SASL 945 94616.1 Other authentication mechanisms 947 948 Add support for other authentication mechanisms such as OLP, 949 GSS-SPNEGO and others. 950 95116.2 Add QOP support to GSSAPI authentication 952 953 Currently the GSSAPI authentication only supports the default QOP of auth 954 (Authentication), whilst Kerberos V5 supports both auth-int (Authentication 955 with integrity protection) and auth-conf (Authentication with integrity and 956 privacy protection). 957 958 95917. SSH protocols 960 96117.1 Multiplexing 962 963 SSH is a perfectly fine multiplexed protocols which would allow libcurl to do 964 multiple parallel transfers from the same host using the same connection, 965 much in the same spirit as HTTP/2 does. libcurl however does not take 966 advantage of that ability but will instead always create a new connection for 967 new transfers even if an existing connection already exists to the host. 968 969 To fix this, libcurl would have to detect an existing connection and "attach" 970 the new transfer to the existing one. 971 97217.2 Handle growing SFTP files 973 974 The SFTP code in libcurl checks the file size *before* a transfer starts and 975 then proceeds to transfer exactly that amount of data. If the remote file 976 grows while the transfer is in progress libcurl will not notice and will not 977 adapt. The OpenSSH SFTP command line tool does and libcurl could also just 978 attempt to download more to see if there is more to get... 979 980 https://github.com/curl/curl/issues/4344 981 98217.3 Read keys from ~/.ssh/id_ecdsa, id_ed25519 983 984 The libssh2 backend in curl is limited to only reading keys from id_rsa and 985 id_dsa, which makes it fail connecting to servers that use more modern key 986 types. 987 988 https://github.com/curl/curl/issues/8586 989 99017.4 Support CURLOPT_PREQUOTE 991 992 The two other QUOTE options are supported for SFTP, but this was left out for 993 unknown reasons. 994 99517.5 SSH over HTTPS proxy with more backends 996 997 The SSH based protocols SFTP and SCP did not work over HTTPS proxy at 998 all until PR https://github.com/curl/curl/pull/6021 brought the 999 functionality with the libssh2 backend. Presumably, this support 1000 can/could be added for the other backends as well. 1001 100217.6 SFTP with SCP:// 1003 1004 OpenSSH 9 switched their 'scp' tool to speak SFTP under the hood. Going 1005 forward it might be worth having curl or libcurl attempt SFTP if SCP fails to 1006 follow suite. 1007 100818. Command line tool 1009 101018.1 sync 1011 1012 "curl --sync http://example.com/feed[1-100].rss" or 1013 "curl --sync http://example.net/{index,calendar,history}.html" 1014 1015 Downloads a range or set of URLs using the remote name, but only if the 1016 remote file is newer than the local file. A Last-Modified HTTP date header 1017 should also be used to set the mod date on the downloaded file. 1018 101918.2 glob posts 1020 1021 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. 1022 This is easily scripted though. 1023 102418.4 --proxycommand 1025 1026 Allow the user to make curl run a command and use its stdio to make requests 1027 and not do any network connection by itself. Example: 1028 1029 curl --proxycommand 'ssh pi@raspberrypi.local -W 10.1.1.75 80' \ 1030 http://some/otherwise/unavailable/service.php 1031 1032 See https://github.com/curl/curl/issues/4941 1033 103418.5 UTF-8 filenames in Content-Disposition 1035 1036 RFC 6266 documents how UTF-8 names can be passed to a client in the 1037 Content-Disposition header, and curl does not support this. 1038 1039 https://github.com/curl/curl/issues/1888 1040 104118.6 Option to make -Z merge lined based outputs on stdout 1042 1043 When a user requests multiple lined based files using -Z and sends them to 1044 stdout, curl will not "merge" and send complete lines fine but may send 1045 partial lines from several sources. 1046 1047 https://github.com/curl/curl/issues/5175 1048 104918.8 Consider convenience options for JSON and XML? 1050 1051 Could we add `--xml` or `--json` to add headers needed to call rest API: 1052 1053 `--xml` adds -H 'Content-Type: application/xml' -H "Accept: application/xml" and 1054 `--json` adds -H 'Content-Type: application/json' -H "Accept: application/json" 1055 1056 Setting Content-Type when doing a GET or any other method without a body 1057 would be a bit strange I think - so maybe only add CT for requests with body? 1058 Maybe plain `--xml` and ` --json` are a bit too brief and generic. Maybe 1059 `--http-json` etc? 1060 1061 See https://github.com/curl/curl/issues/5203 1062 106318.9 Choose the name of file in braces for complex URLs 1064 1065 When using braces to download a list of URLs and you use complicated names 1066 in the list of alternatives, it could be handy to allow curl to use other 1067 names when saving. 1068 1069 Consider a way to offer that. Possibly like 1070 {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the 1071 colon is the output name. 1072 1073 See https://github.com/curl/curl/issues/221 1074 107518.10 improve how curl works in a windows console window 1076 1077 If you pull the scrollbar when transferring with curl in a Windows console 1078 window, the transfer is interrupted and can get disconnected. This can 1079 probably be improved. See https://github.com/curl/curl/issues/322 1080 108118.11 Windows: set attribute 'archive' for completed downloads 1082 1083 The archive bit (FILE_ATTRIBUTE_ARCHIVE, 0x20) separates files that shall be 1084 backed up from those that are either not ready or have not changed. 1085 1086 Downloads in progress are neither ready to be backed up, nor should they be 1087 opened by a different process. Only after a download has been completed it's 1088 sensible to include it in any integer snapshot or backup of the system. 1089 1090 See https://github.com/curl/curl/issues/3354 1091 109218.12 keep running, read instructions from pipe/socket 1093 1094 Provide an option that makes curl not exit after the last URL (or even work 1095 without a given URL), and then make it read instructions passed on a pipe or 1096 over a socket to make further instructions so that a second subsequent curl 1097 invoke can talk to the still running instance and ask for transfers to get 1098 done, and thus maintain its connection pool, DNS cache and more. 1099 110018.13 Ratelimit or wait between serial requests 1101 1102 Consider a command line option that can make curl do multiple serial requests 1103 slow, potentially with a (random) wait between transfers. There's also a 1104 proposed set of standard HTTP headers to let servers let the client adapt to 1105 its rate limits: 1106 https://www.ietf.org/id/draft-polli-ratelimit-headers-02.html 1107 1108 See https://github.com/curl/curl/issues/5406 1109 111018.14 --dry-run 1111 1112 A command line option that makes curl show exactly what it would do and send 1113 if it would run for real. 1114 1115 See https://github.com/curl/curl/issues/5426 1116 111718.15 --retry should resume 1118 1119 When --retry is used and curl actually retries transfer, it should use the 1120 already transferred data and do a resumed transfer for the rest (when 1121 possible) so that it does not have to transfer the same data again that was 1122 already transferred before the retry. 1123 1124 See https://github.com/curl/curl/issues/1084 1125 112618.16 send only part of --data 1127 1128 When the user only wants to send a small piece of the data provided with 1129 --data or --data-binary, like when that data is a huge file, consider a way 1130 to specify that curl should only send a piece of that. One suggested syntax 1131 would be: "--data-binary @largefile.zip!1073741823-2147483647". 1132 1133 See https://github.com/curl/curl/issues/1200 1134 113518.17 consider file name from the redirected URL with -O ? 1136 1137 When a user gives a URL and uses -O, and curl follows a redirect to a new 1138 URL, the file name is not extracted and used from the newly redirected-to URL 1139 even if the new URL may have a much more sensible file name. 1140 1141 This is clearly documented and helps for security since there's no surprise 1142 to users which file name that might get overwritten. But maybe a new option 1143 could allow for this or maybe -J should imply such a treatment as well as -J 1144 already allows for the server to decide what file name to use so it already 1145 provides the "may overwrite any file" risk. 1146 1147 This is extra tricky if the original URL has no file name part at all since 1148 then the current code path will error out with an error message, and we cannot 1149 *know* already at that point if curl will be redirected to a URL that has a 1150 file name... 1151 1152 See https://github.com/curl/curl/issues/1241 1153 115418.18 retry on network is unreachable 1155 1156 The --retry option retries transfers on "transient failures". We later added 1157 --retry-connrefused to also retry for "connection refused" errors. 1158 1159 Suggestions have been brought to also allow retry on "network is unreachable" 1160 errors and while totally reasonable, maybe we should consider a way to make 1161 this more configurable than to add a new option for every new error people 1162 want to retry for? 1163 1164 https://github.com/curl/curl/issues/1603 1165 116618.19 expand ~/ in config files 1167 1168 For example .curlrc could benefit from being able to do this. 1169 1170 See https://github.com/curl/curl/issues/2317 1171 117218.20 host name sections in config files 1173 1174 config files would be more powerful if they could set different 1175 configurations depending on used URLs, host name or possibly origin. Then a 1176 default .curlrc could a specific user-agent only when doing requests against 1177 a certain site. 1178 117918.21 retry on the redirected-to URL 1180 1181 When curl is told to --retry a failed transfer and follows redirects, it 1182 might get an HTTP 429 response from the redirected-to URL and not the 1183 original one, which then could make curl decide to rather retry the transfer 1184 on that URL only instead of the original operation to the original URL. 1185 1186 Perhaps extra emphasized if the original transfer is a large POST that 1187 redirects to a separate GET, and that GET is what gets the 529 1188 1189 See https://github.com/curl/curl/issues/5462 1190 119118.23 Set the modification date on an uploaded file 1192 1193 For SFTP and possibly FTP, curl could offer an option to set the 1194 modification time for the uploaded file. 1195 1196 See https://github.com/curl/curl/issues/5768 1197 119818.24 Use multiple parallel transfers for a single download 1199 1200 To enhance transfer speed, downloading a single URL can be split up into 1201 multiple separate range downloads that get combined into a single final 1202 result. 1203 1204 An ideal implementation would not use a specified number of parallel 1205 transfers, but curl could: 1206 - First start getting the full file as transfer A 1207 - If after N seconds have passed and the transfer is expected to continue for 1208 M seconds or more, add a new transfer (B) that asks for the second half of 1209 A's content (and stop A at the middle). 1210 - If splitting up the work improves the transfer rate, it could then be done 1211 again. Then again, etc up to a limit. 1212 1213 This way, if transfer B fails (because Range: is not supported) it will let 1214 transfer A remain the single one. N and M could be set to some sensible 1215 defaults. 1216 1217 See https://github.com/curl/curl/issues/5774 1218 121918.25 Prevent terminal injection when writing to terminal 1220 1221 curl could offer an option to make escape sequence either non-functional or 1222 avoid cursor moves or similar to reduce the risk of a user getting tricked by 1223 clever tricks. 1224 1225 See https://github.com/curl/curl/issues/6150 1226 122718.26 Custom progress meter update interval 1228 1229 Users who are for example doing large downloads in CI or remote setups might 1230 want the occasional progress meter update to see that the transfer is 1231 progressing and has not stuck, but they may not appreciate the 1232 many-times-a-second frequency curl can end up doing it with now. 1233 123419. Build 1235 123619.1 roffit 1237 1238 Consider extending 'roffit' to produce decent ASCII output, and use that 1239 instead of (g)nroff when building src/tool_hugehelp.c 1240 124119.2 Enable PIE and RELRO by default 1242 1243 Especially when having programs that execute curl via the command line, PIE 1244 renders the exploitation of memory corruption vulnerabilities a lot more 1245 difficult. This can be attributed to the additional information leaks being 1246 required to conduct a successful attack. RELRO, on the other hand, masks 1247 different binary sections like the GOT as read-only and thus kills a handful 1248 of techniques that come in handy when attackers are able to arbitrarily 1249 overwrite memory. A few tests showed that enabling these features had close 1250 to no impact, neither on the performance nor on the general functionality of 1251 curl. 1252 125319.3 Do not use GNU libtool on OpenBSD 1254 When compiling curl on OpenBSD with "--enable-debug" it will give linking 1255 errors when you use GNU libtool. This can be fixed by using the libtool 1256 provided by OpenBSD itself. However for this the user always needs to invoke 1257 make with "LIBTOOL=/usr/bin/libtool". It would be nice if the script could 1258 have some magic to detect if this system is an OpenBSD host and then use the 1259 OpenBSD libtool instead. 1260 1261 See https://github.com/curl/curl/issues/5862 1262 126319.4 Package curl for Windows in a signed installer 1264 1265 See https://github.com/curl/curl/issues/5424 1266 126719.5 make configure use --cache-file more and better 1268 1269 The configure script can be improved to cache more values so that repeated 1270 invokes run much faster. 1271 1272 See https://github.com/curl/curl/issues/7753 1273 127420. Test suite 1275 127620.1 SSL tunnel 1277 1278 Make our own version of stunnel for simple port forwarding to enable HTTPS 1279 and FTP-SSL tests without the stunnel dependency, and it could allow us to 1280 provide test tools built with either OpenSSL or GnuTLS 1281 128220.2 nicer lacking perl message 1283 1284 If perl was not found by the configure script, do not attempt to run the tests 1285 but explain something nice why it does not. 1286 128720.3 more protocols supported 1288 1289 Extend the test suite to include more protocols. The telnet could just do FTP 1290 or http operations (for which we have test servers). 1291 129220.4 more platforms supported 1293 1294 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove 1295 fork()s and it should become even more portable. 1296 129720.5 Add support for concurrent connections 1298 1299 Tests 836, 882 and 938 were designed to verify that separate connections 1300 are not used when using different login credentials in protocols that 1301 should not re-use a connection under such circumstances. 1302 1303 Unfortunately, ftpserver.pl does not appear to support multiple concurrent 1304 connections. The read while() loop seems to loop until it receives a 1305 disconnect from the client, where it then enters the waiting for connections 1306 loop. When the client opens a second connection to the server, the first 1307 connection has not been dropped (unless it has been forced - which we 1308 should not do in these tests) and thus the wait for connections loop is never 1309 entered to receive the second connection. 1310 131120.6 Use the RFC6265 test suite 1312 1313 A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at 1314 https://github.com/abarth/http-state/tree/master/tests 1315 1316 It'd be really awesome if someone would write a script/setup that would run 1317 curl with that test suite and detect deviances. Ideally, that would even be 1318 incorporated into our regular test suite. 1319 132020.7 Support LD_PRELOAD on macOS 1321 1322 LD_RELOAD does not work on macOS, but there are tests which require it to run 1323 properly. Look into making the preload support in runtests.pl portable such 1324 that it uses DYLD_INSERT_LIBRARIES on macOS. 1325 132620.8 Run web-platform-tests URL tests 1327 1328 Run web-platform-tests URL tests and compare results with browsers on wpt.fyi 1329 1330 It would help us find issues to fix and help us document where our parser 1331 differs from the WHATWG URL spec parsers. 1332 1333 See https://github.com/curl/curl/issues/4477 1334 133521. MQTT 1336 133721.1 Support rate-limiting 1338 1339 The rate-limiting logic is done in the PERFORMING state in multi.c but MQTT 1340 is not (yet) implemented to use that. 1341