--- tls1.6/tls.c.openssl098a	2008-03-19 23:06:13.000000000 +0100
+++ tls1.6/tls.c	2010-02-21 19:11:55.000000000 +0100
@@ -26,7 +26,12 @@
 #include "tlsInt.h"
 #include "tclOpts.h"
 #include <stdlib.h>
-
+#if OPENSSL_VERSION_NUMBER >= 0x0090800
+#include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#endif
 /*
  * External functions
  */
@@ -1185,8 +1190,10 @@
  *	A standard Tcl result.
  *
  * Side effects:
- *	None.
- *
+ *   req - none
+ *   config - Openssl configuration file is loaded	
+ *   engine - specifig engine is loaded or configured
+ *   
  *-------------------------------------------------------------------
  */
 static int
@@ -1224,8 +1231,22 @@
     int objc;
     Tcl_Obj	*CONST objv[];
 {
-    CONST84 char *commands [] = { "req", NULL };
-    enum command { C_REQ, C_DUMMY };
+    CONST84 char *commands [] = { "req",
+#if OPENSSL_VERSION_NUMBER >= 0x0090800L		
+		"config", 
+#ifndef OPENSSL_NO_ENGINE		
+		"engine", 
+#endif		
+#endif		
+		NULL };
+    enum command { C_REQ, 
+#if OPENSSL_VERSION_NUMBER >= 0x0090800L		
+		C_CONFIG,
+#ifndef OPENSSL_NO_ENGINE		
+		C_ENGINE, 
+#endif		
+#endif		
+		C_DUMMY };
     int cmd;
 
     if (objc < 2) {
@@ -1362,6 +1383,48 @@
 	break;
     default:
 	break;
+#if OPENSSL_VERSION_NUMBER >= 0x0090800L	
+	case C_CONFIG:
+		if (objc<2 || objc>3) {
+			Tcl_WrongNumArgs(interp,2,objv,"?filename?");
+			return TCL_ERROR;
+		} else if (objc == 2) {
+			OPENSSL_config(NULL);
+		} else {
+			OPENSSL_config(Tcl_GetString(objv[2]));
+		}	
+	break;	
+#ifndef OPENSSL_NO_ENGINE	
+	case C_ENGINE:
+		{ ENGINE *e;
+		static int loaded_engines = 0;
+		if (objc!=3) {
+			Tcl_WrongNumArgs(interp,2,objv,"engine_id");
+			return TCL_ERROR;
+		}
+		if (!loaded_engines) {
+			ENGINE_load_builtin_engines();
+			loaded_engines=1;
+		}	
+		if ((e= ENGINE_by_id(Tcl_GetString(objv[2])))==NULL) {
+			Tcl_AppendResult(interp,"failed to load engine ",
+					Tcl_GetString(objv[2]),
+					"\n",ERR_error_string(ERR_get_error(),NULL),
+					NULL);
+			return TCL_ERROR;
+		}
+		if (!ENGINE_set_default(e,ENGINE_METHOD_ALL)) {
+			Tcl_AppendResult(interp,"Failed to enable engine ",
+					Tcl_GetString(objv[2]),
+					"\n",ERR_error_string(ERR_get_error(),NULL),
+					NULL);
+			return TCL_ERROR;
+		}	
+		ENGINE_free(e);
+		}
+	break;
+#endif	
+#endif	
     }
     return TCL_OK;
 }
--- tls1.6/tls.htm.openssl098a	2008-03-19 23:03:52.000000000 +0100
+++ tls1.6/tls.htm	2010-02-21 19:11:55.000000000 +0100
@@ -32,6 +32,7 @@
             <dd><b>tls::unimport</b><em> channel</em></dd>
             <dd><b>tls::ciphers </b><em>protocol ?verbose?</em></dd>
             <dd><b>tls::version</b></dd>
+			<dd><b>tls::misc</b> <em>subcommand ?args?</em></dd>
         </dl>
     </dd>
     <dd><a href="#COMMANDS">COMMANDS</a></dd>
@@ -64,7 +65,8 @@
 <a href="#tls::unimport"><b>tls::unimport </b><i>channel</i></a><br>
 <a href="#tls::ciphers protocol ?verbose?"><strong>tls::ciphers</strong>
 <em>protocol ?verbose?</em></a><br>
-<a href="#tls::version"><b>tls::version</b></a>
+<a href="#tls::version"><b>tls::version</b></a><br>
+<a href="#tls::misc"><b>tls::misc </b><i>subcommand ?args?</i></a><br>
 </p>
 
 <h3><a name="DESCRIPTION">DESCRIPTION</a></h3>
@@ -232,7 +234,62 @@
     <dt><a name="tls::version"><strong>tls::version</strong></a></dt>
     <dd>Returns the version string defined by OpenSSL.</dd>
 </dl>
-
+<dl><tt><a name="tls::misc"><strong>tls::misc</strong></a></tt></dt>
+<dd>Miscellaneous openssl functions. This command provides functions
+which are not directly related to TLS, but neccessary for proper
+operations. Following subcommands are supportd
+<dl>
+<dt><b>rec</b> <em>keysize keyfile certfile ?info?</em></dt>
+<p>
+Generates private key and certificate request in the keyfile and
+certfile. Currently only RSA keys are supported. Keysize is specified in
+bits. It is typically
+1024, because 512-bit keys are totally insecure, and 2048 bits too
+computational expensive.
+</p>
+<p>
+This command is here, because some tls applications, notably web
+browsers should have ability to generate requests for client
+certificates.
+</p>
+<p>
+Optional <em>info</em> argument is the list of key-value pairs which
+can contain following request attributes:
+<ol>
+<li><b>days</b> - how long certificate should be valid
+<li><b>serial</b> - serial number of certificate
+<li><b>C</b> - Country part of certificate subject
+<LI><b>ST</b> - State part of certificate subject
+<LI><b>L</b> -locality
+<LI><b>O</b> - organization
+<LI><b>OU</b> - organization unit
+<LI><b>CN</B> - Common Name
+<LI><b>Email</B> email address of certificate subject
+</OL>
+Default values for these options are obtained from OpenSSL configuration
+file if one is loaded by <b>tls::misc config</b>.
+<dd>
+<dt><b>config</b> <em>?filename?</em>
+<dd>Loads an OpenSSL configuration file. If no <em>filename</em>
+argument is provided, loads default configuration file, which is
+hardcoded into OpenSSL. Otherwise loads specified file. This command
+doesn't report error if file doesn't exist.
+</dd>
+<dt><b>engine</b> <em>engine_id</em>
+<dd><p>Loads alternate (hardware) implementation of cryptoalgorithms -
+engine in OpenSSL terminology and makes this implementation default for
+all algorithms, supported by particular engine.
+</p>
+<p>
+For now there is no way to send control commands to engine and specify
+path to dynamically loadable engine explicitely. So, only builtin
+engines and engines located in the default OpenSSL engine directory
+could be loaded.
+</p>
+</dd>
+</dl>
+</dd>
+</dl>
 <h3><a name="CALLBACK OPTIONS">CALLBACK OPTIONS</a></h3>
 
 <p>