Known broken stuff as of v2.0:

- HTML parser still screws up on a few corner test cases (particular types
of invalid HTML).  Fortunately these are relatively abnormal and rare.

- XML parser is no where near functional.

- Net::SSL (Crypt::SSL) has a bug in version 0.51, when used in proxy mode.
I included a patch in the compat/ directory which temporarily fixes the bug,
but it has the side effect of disabling LWP HTTPS support.  Precompiled
binary users are out of luck until an updated version is available.

- Proxy-auth does not work with Net::SSL; the auth data needs to be set
using %ENV instead of the Proxy-Authenticate header which Libwhisker normally
sends.  Not sure if this will ever be fixed, as it would require significant
architecture changes to accomodate.  Use Net::SSLeay instead.

- NTLM proxy-auth is not supported for SSL connections.

- The combination of Paros HTTP proxy, Net::SSLeay, and SSL connections does
not currently work.  Paros only returns a "Error: 1" message, so I'm not even
sure where to begin on figuring out what's going wrong.  Net::SSL works just
fine (well, assuming you applied the patch referred to above).



Caveats as of v2.0:

- Cookie support does not yet account for expiration via Expires value.

- There are no nonblocking connects on Windows, yet.  I'm beta testing
some code.

- Various perl warnings when running under -w.  If you send me a copy of
the warnings (warning and line number reported), I can fix them.  Since
warnings are generated at runtime, it's hard to traverse every possible
code path and find the warnings.

- LW2::dump() sometimes messes up on the visual layout of the resulting
code...however, this does not affect the final representation/eval'ing, so
it's merely cosmetic.

- The internal session cache can grow quite big if you scan thousands of
hosts in a row without calling LW2::http_reset() or exiting. In order to
clear out any left over session information (when you're all done with a
host), be sure to call LW2::http_reset() every once in a while.

- Careful on trying to unset/remove various {whisker} request values.  
If it's not defined by default, then you should delete the key, rather 
than setting it to 0, since some libwhisker functions only check to see 
if a key is defined (it doesn't actually look at the value).

- The SSL libraries do not allow persistant connections, so all connections
will be closed at the end.

- NTLM web auth through an NTLM auth'd proxy is a toss-up, largely because
I'm not sure what's the most appropriate route to go.  Libwhisker's
implementation is how it *should* work IMHO, but I couldn't get it to actually
work through MS ISA proxy (although, I couldn't get IE to work correctly
through MS ISA proxy with double-NTLM auth either, so that leaves me to
suspect MS has issues somewhere...).  The general problem is that ISA proxy
doesn't seem to keep-alive the connection between the proxy and web server, 
so persistent requests from the client will have to re-auth to the web 
server. Technically, since everything is kept-alive, once all the NTLM
rigmarole for both proxy and web server are done, I should be able to just
fire requests off like normal (e.g. no auth) until the connection is closed.
So, in short, Microsoft screwed up their own implementation of double-NTLM
auth in ISA Server, and I don't really have another NTLM-capable proxy to test
with to ensure LW2 is perfectly implemented...but it should be. :)