X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=TODO;h=11b4d8068003ad1fa06a175ddbc45d126a7f4191;hp=21f04288884a12d8c61057d9c15cd2d0da73e6f7;hb=HEAD;hpb=dddb382bfe6523ddc2fb37564a0a51e2786e4429

diff --git a/TODO b/TODO
index 21f04288..f6c839f3 100644
--- a/TODO
+++ b/TODO
@@ -13,6 +13,7 @@ https://www.privoxy.org/donate
     Note that there is currently work in progress to leverage curl's
     test suite, patches have been submitted upstream:
     https://curl.se/mail/lib-2014-06/0070.html
+    https://curl.se/mail/lib-2021-01/0068.html
 
 3)  Fix some more XXX: comments.
 
@@ -164,7 +165,9 @@ https://www.privoxy.org/donate
 
 75) Create a tool that creates Privoxy action (and filter?) files
     out of adblock files. Could be implemented as option for
-    url-pattern-translator.pl.
+    url-pattern-translator.pl. Before doing that, the already
+    existing solutions should probably be evaluated to see if
+    they do the job already or could be improved.
 
 76) Cache DNS responses. Note that this has been requested
     several times by users, but is not a developer priority.
@@ -186,9 +189,7 @@ https://www.privoxy.org/donate
 86) Add a server-body-tagger action. This is trivial as as all the
     functionality required to do it already exists.
 
-87) Add a client-body-tagger action. This is less trivial as we currently
-    don't buffer client bodies. After 14) is implemented it would be
-    trivial, though.
+87) Add a client-body-tagger action. Work in progress.
 
 88) Investigate if there's a Perl module that Privoxy-Regression-Test
     could optionally use to keep connections alive, preferably while
@@ -355,8 +356,6 @@ https://www.privoxy.org/donate
      probably shouldn't be affected (such as actions like
      forward-override). Investigate and fix or document.
 
-142) Remove or update the "internal" pcre version.
-
 143) Add support for OpenBSD's pledge feature once it's stablelized.
      This should be a lot less work then #124.
 
@@ -378,7 +377,7 @@ https://www.privoxy.org/donate
      currently can result in client requests to config.privoxy.org on the
      Internet which may not be desirable.
 
-150) Add blacklistd support.
+150) Add blocklistd support (https://man.netbsd.org/blocklistd.8).
 
 151) Let the dok-tidy target work cross-platform without introducing
      a ton of white-space changes that hide the content changes.
@@ -423,16 +422,8 @@ https://www.privoxy.org/donate
 163) Use subdirectories in the certificate-directory to lower the number
      of files per directory.
 
-164) Evaluate switching from pcreposix(3) to pcre's native api
-     for URL matching which allows to compile the patterns once
-     at load-time.
-
 165) Add a max-connections-per-client directive.
 
-166) Figure out how to ship Windows binaries with external libraries
-     like pcre and MbedTLS. Required for #142. Somewhat related:
-     https://lists.privoxy.org/pipermail/privoxy-devel/2020-November/000400.html
-
 167) Set up a public Privoxy-Filter-Test instance.
 
 168) Add a privacy policy.
@@ -440,7 +431,7 @@ https://www.privoxy.org/donate
 169) Preserve all relevant copyright and license statements in binary
      packages we distribute.
 
-170) Serve the ca-cert-file through the CGI interface so client's
+170) Serve the ca-cert-file through the CGI interface so clients
      can conveniently import it (insecurely).
 
 171) Create a "view page using Privoxy" website where users can input
@@ -462,7 +453,7 @@ https://www.privoxy.org/donate
 177) Support https-inspection for intercepted requests.
 
 178) Warn on http://config.privoxy.org/client-tags if a Tag name
-     has't at least one matching action section.
+     hasn't at least one matching action section.
 
 179) Add a add-server-header{} action to add headers to the response
      sent to the client (including responses generated by Privoxy itself).
@@ -472,6 +463,87 @@ https://www.privoxy.org/donate
 181) Allow to upgrade an http request to https behind the
      client's back using a client-header filter.
 
+182) Before enforcing the client-header-order, check that the
+     client headers actually need sorting. Should reduce log
+     messages and memory allocations.
+
+183) Properly deal with proxy responses that arrive in multiple pieces
+     when https inspecting while using a forwarding proxy.
+
+184) Add support for wolfSSL. Work in progress, expected to be
+     committed after the 3.0.34 release. Funded with donations
+     made to the Privoxy project.
+
+185) The mbedTLS and OpenSSL versions of generate_host_certificate()
+     should only be called when necessary and the check should be
+     done without holding the certificate mutex.
+
+186) Privoxy should handle "OPTIONS *" requests properly.
+
+187) There should be a convenient way to see the versions of
+     the libraries Privoxy is using.
+
+188) In the windows config.txt file, add the line
+       user-manual ./doc/user-manual/
+     right after
+       # Copyright ...
+       #
+
+189) Bring back binary packages for macOS, preferably for both Intel and M1.
+     The first step would be getting at least one build system, either
+     donated or bought with donations earmarked for this.
+     Interested donors: 0.
+
+190) The socks5 authentication code should send user name an password
+     seperately or we should increase the cbuf size to allow longer
+     user names and passwords.
+
+191) The cipher-list directive should be split into cipher-list-server
+     and cipher-list-client.
+
+192) The client TLS contexts should probably be shared among threads
+     to spend less time and memory loading the root certificates.
+
+193) Use SHA256 instead of MD5 for the host hash used when generating file
+     names for host certificates and keys.
+
+194) There should be a way to force gif deanimation if the server does not
+     declare the content as gif.
+
+195) We should probably cache the server TLS contexts.
+
+196) Investigate if it's worth adding an optional mutex for the CGI handler.
+     Could reduce memory use and increase performance on single core systems
+     for some tests.
+
+197) Investigate if parts of Privoxy should get optional replacements
+     written in Rust.
+
+198) Add a config directive that prevent's IP addresses from being logged
+     (when logging is enabled).
+
+199) In actions.c the "#define DEFINE_ACTION_ALIAS 0" lines should probably
+     be changed to "#undef DEFINE_ACTION_ALIAS" or removed.
+
+200) Add a config directive that causes Privoxy to remove all
+     host certificates before exiting.
+
+201) Add an action to change the trusted-cas-file for a section.
+     This should be useful in countries where a person-in-the-middle
+     attack is known to happen on some domains but should not be tolerated
+     on others. It would also allow to limit the accepted CA certificates
+     for given domains instead of accepting all that are specified with
+     the trusted-cas-file directive.
+
+202) Allow to use multiple log files with different debug settings.
+     Suggested by Jonathan Marten in FR#607.
+
+203) Add HTTP/2 support.
+
+204) Make the Privoxy website available over IPv6.
+
+205) Document how commit messages should look like.
+
 ##########################################################################
 
 Hosting wish list (relevant for #53)