[what is openssl - where can you find it, and what tcl bindings exist?]
TV From what I know it open socket layer, does encryption and can amoung others, lets see, I think they got a simple url. Yup it does: http://www.openssl.org :
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
I know cygwin has a version of openssl, which works enough to make good high level encryption certificates, and there is an ssh for instance, too, maybe even a secure X server for the Xfree86 Xwindows emulation on windows, though I don't remember having made that work. It can simply be downloaded and installed with the package, except it is not so easy to find ones way through all stuff by simply following a document. The man pages are there, though, it has genkey and such comands. I think there is a library, too.
TV (Mar 9 2004) For what it is worth, this is the outline script I followed for the certificates on the tclhttpd server I let run [L1 ] , which uses the secure socket extension, and starts up easily once you feed it the right certs:
openssl genrsa -out skey.pem openssl req -new -nodex -out ./server.pem -key ./skey.pem openssl genrsa -out key1.pem openssl req -x509 -nodes -out ca.pem -key key1.pem -new openssl genrsa -out key2.pem openssl req -x509 -nodes -out s.pem -key key2.pem -new openssl ca -keyfile key1.pem -cert ca.pem -in s.pem
The subject came up on the chat, I didn't see anything like it. I run it on a recent cygwin having openssl.