Callum Lerwick writes: > Now it would be trivial to just have stunnel output the IP and source > port upon connecting to the wrapped daemon and patch the daemon to use > this information... sslserver already does this and will work with any program that follows the UCSPI interface: http://www.superscript.com/ucspi-ssl/sslserver.html > But I think the REAL reason is SSL/TLS is "too hard" to implement. > Clearly there needs to be a simplified library interface to allow > basic encryption to be easily implemented... I agree completely. I've been looking at implementing a minimal SSL library (the minimum required for HTTPS) using LibTomCrypt: http://libtomcrypt.org/ Something similar to MatrixSSL would be nice (only public domain instead of GPL): http://www.matrixssl.org/ MatrixSSL has a relatively simple socket API, though it's not suitable for all applications as it's blocking. -- David Phillips <david at acz.org> http://david.acz.org/ _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list