TODO for nsopenssl:

- Make library loadable into tclsh
- Make ns_openssl commands available to Tcl API conns
- 

nsopenssl 3.0 release:
  - Ensure sslcontexts are not NULL before accessing (mostly tclcmds.c)
  - Remove all debug statements
  - Clean up log messages; ditch ones that are not really useful
  - Ensure clean shutdown operations (destroying all conns, then drivers, ...)
  - Validate client disconnect doesn't tie up reader thread
  - Ensure locking around structs is happening properly
  - Review session cache code
  - Clean up compiler warnings
  - Convert Tcl commands to TclObj commands

nsopenssl 3.1 release:
  - Add client IP address to log messages
  - Fix OpenSSL version reporting
  - Review any further commands that can be converted to TclObjs
  - Add ability to refuse keepalive an a per-user agent basis
  - Automate the testing via wget, openssl command line
  - Add instrumentation to nsopenssl and OpenSSL to benchmark timing at every point
  - Add ability to turn off Nagle algorithm for SSL connections
  - See if nsopenssl can adjust OpenSSL's default buffer size w/o a recompile
  - Are there any tunings I can  

nsopenssl 4.0 release:
  - Revamp Tcl API -- major overhaul will require changing of Tcl proc names
  - Add ability to introspect on Tcl API in/out socket conns; currently can
    only do this with core driver conns.
  - Change version number scheme to match AOLserver
  - Review PRNG code
  - Ignore any ciphers or protocols listed in config that weren't compiled into
    OpenSSL library
  - Add benchmarking/performance testing
  - Figure out how to work with keepalive

Wish List:
  - Move https.tcl into C
  - Give nsopenssl the ability to perform certificate operations so it can be
    used to drive a CA process.
  - Add CRL support
  - Add OCSP support
  - Add C and Tcl API for generation of CA / Client / Server cert
  - Add ability to wrap other module conns with an Ns_OpenSSLWrap C API function
  - Add ability to wrap ns_ldap conns
  - Add SSL session cache capability across multiple servers
  - Allow Tcl API sockcallbacks to be specified in config file (?)
  - Create pool of reusable conn structures