TODO for nsopenssl:

nsopenssl 3.0 release:
  - Ensure sslcontexts are not NULL before accessing (mostly tclcmds.c)
  - Remove all debug statements
  - Clean up log messages; ditch ones that are not really useful
  - Ensure clean shutdown operations (destroying all conns, then drivers, ...)
  - Validate client disconnect doesn't tie up reader thread
  - Ensure locking around structs is happening properly
  - Review session cache code
  - Clean up compiler warnings

nsopenssl 3.1 release:
  - Add client IP address to log messages
  - Fix OpenSSL version reporting
  - Review any commands that can be converted to TclObjs
  - Automate the testing via wget, openssl command line

nsopenssl 4.0 release:
  - Revamp Tcl API -- major overhaul will require changing of Tcl proc names
  - Add ability to introspect on Tcl API in/out socket conns; currently can
    only do this with core driver conns.
  - Change version number scheme to match AOLserver
  - Review PRNG code
  - Ignore any ciphers or protocols listed in config that weren't compiled into
    OpenSSL library
  - Add benchmarking/performance testing
  - Figure out how to work with keepalive


General Wish List:
  - Move https.tcl into C
  - Give nsopenssl the ability to perform certificate operations so it can be
    used to drive a CA process.
  - Add CRL support
  - Add OCSP support
  - Add C and Tcl API for generation of CA / Client / Server cert
  - Add ability to wrap other module conns with an Ns_OpenSSLWrap C API function
  - Add ability to wrap ns_ldap conns
  - Add SSL session cache capability across multiple servers
  - Allow Tcl API sockcallbacks to be specified in config file (?)
  - Create pool of reusable conn structures



