From 3d96d982adb090570b517a7dcdaec634266fc365 Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@esdenera.com>
Date: Fri, 2 Jan 2015 14:00:15 +0100
Subject: Add TODO list

---
 README.md |  5 +++++
 TODO.md   | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 TODO.md

diff --git a/README.md b/README.md
index a792a09..c146e57 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,12 @@ OpenBSD httpd
 
 httpd(8) is OpenBSD's web server.
 
+* http://bsd.plumbing/
+
 * http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/
 
 See [`LICENSE.md`](https://github.com/reyk/httpd/blob/master/LICENSE.md)
 for information about copyright and licensing.
+
+See [`TODO.md`](https://github.com/reyk/httpd/blob/master/TODO.md) for
+a (possibly outdated) list of open issues.
diff --git a/TODO.md b/TODO.md
new file mode 100644
index 0000000..6af9bb5
--- /dev/null
+++ b/TODO.md
@@ -0,0 +1,76 @@
+OpenBSD httpd TODO
+==================
+
+There is no official bug tracker at the moment.  You can look at the
+OpenBSD lists and the following summary which might be incomplete or
+outdated:
+
+#20150102-01 return **OPEN**
+----------------------------
+
+redirects / return 301 etc.: This can be done without regex by
+using a few built-in variables.  Current workaround is to either do it
+in the fastcgi backend or with, ahem, html refresh.  btw., nginx'
+"return 444;" is such an ugly workaround...
+
+#20150102-02 basic auth **OPEN**
+--------------------------------
+
+We don't have a satisfying implementation for authentication yet.  But
+it is needed and will be done.
+
+#20150102-03 block/deny **OPEN**
+--------------------------------
+
+We cannot deny access to specific locations but the current workaround
+is to set a non-accessible root:
+
+        location "*/.*" {
+                # mkdir -m 0 /var/www/forbidden
+                root "/forbidden"
+        }
+
+#20150102-04 server aliases **OPEN**
+------------------------------------
+
+Server aliases and a few restrictions of the grammar: Individual
+server blocks can currently only have one name and listen statement.
+This will be fixed in the parser later.  To avoid too much repeating
+configuration, I currently use includes:
+
+        server "www.example.com" {
+                listen on $ip4_addr port 80
+                include "/etc/httpd/example.com.inc"
+        }
+        server "www.example.com" {
+                listen on $ip6_addr port 80
+                include "/etc/httpd/example.com.inc"
+        }
+        server "www.example.com" {
+                listen on $ip4_addr tls port 443
+                include "/etc/httpd/example.com.ssl"
+                include "/etc/httpd/example.com.inc"
+        }
+        server "www.example.com" {
+                listen on $ip6_addr tls port 443
+                include "/etc/httpd/example.com.ssl"
+                include "/etc/httpd/example.com.inc"
+        }
+
+#20150102-05 charsets **OPEN**
+------------------------------
+
+Some minor things, eg. charsets (for auto index), fixes, ...
+
+#20150102-06 FAQ **OPEN**
+-------------------------
+
+The web server needs some more FAQ-style documentation in addition to
+our excellent man pages and examples.  Examples for each CMS would go
+beyond the scope of them, and probably don't fit into the OpenBSD FAQ.
+So I'm thinking about putting something on http://bsd.plumbing/.
+
+#20150102-07 root strip **OPEN**
+--------------------------------
+
+Finish httpd URI stripping by Christopher Zimmermann.
-- 
cgit v1.2.3-54-g00ecf