Functionality decription:
 * Credential Manipulation
   * CSR generation, Proxy signing, EEC signing(probably useful for SLC/short lived credential)
   * Certificate verification: CRL, OCSP (retrieve OCSP responder URL via AIA/Authority Information Access extension)
   * Credential source for proxy generation: cert/priv key files; softoken from nss db (i.e., via pkcs11 interface, therefore user’s credential in Firefox can be utilized)

 * Secure Communication
   * Authenticated connection establishment, without expose openssl object such as X509 and SSL;
   * Could be easily extended to support other security lib, such as nss lib.
