Import neon 0.24.0 to begin 0.24.x branch.

git-svn-id: http://svn.webdav.org/repos/projects/neon/branches/0.24.x@243 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845

1 files changed, 37 insertions, 0 deletions

diff --git a/BUGS b/BUGS
new file mode 100644
index 0000000..f4c4750
--- /dev/null
+++ b/BUGS
@@ -0,0 +1,37 @@
+
+Known problems/bugs in neon                                      -*- text -*-
+---------------------------
+
+* 2818 requires that a on rejection of the SSL server cert, a "bad certificate"
+ message should be sent - this is not being done currently (and can probably
+ only be done with OpenSSL by actually doing cert verification in the verify
+ callback)
+
+* ne_lock_discover does not handle multiple (shared) locks on
+  a single resource.
+
+* SSL session caching issues; only cache for clean shutdowns, and
+ only cache on shutdown, since the SSL_SESSION may change during
+ an ne_session.
+
+* test failures in `socket' on some non-Linux platforms:
+
+19. write_reset........... FAIL (write got 0 not reset)
+20. read_reset............ FAIL (read got -3 not reset)
+
+* server auth should not run on a CONNECT request; once a connection
+  has been CONNECT tunneled, subsequent requests through the tunnel
+  should not give proxy auth.
+
+* what is passed as 'path' to req create hook: auth needs Request-URI;
+  how does that interact with proxies?  also they will be passed NULL
+  for a CONNECT request, or "*" possibly as well.
+
+* expect100 support is broken.
+
+* It would be nice to fail with a friendly error message if a client
+cert is requested by the srever but one is not provided.  Currently,
+returning -1 from the provide_client_cert function would allow that
+(as it forces the SSL handshake to fail), but that would prevent
+opportunistic use of client certificates, of the "SSLVerifyClient
+optional" variety.