diff --git a/CHANGELOG b/CHANGELOG
new file mode 100644
index 0000000..f9ffb6a
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,16 @@
+--------------------------------------------------------------------------------
+LuaSec 0.3
+----------
+- Add functions ssl.rawcontext() and ssl.rawconnection()
+- Add support to encrypted key password.
+
+--------------------------------------------------------------------------------
+LuaSec 0.2.1
+------------
+- 'key' and 'certificate' configurations become optional.
+- Add '_VERSION' variable to module.
+
+--------------------------------------------------------------------------------
+LuaSec 0.2
+----------
+Initial version
diff --git a/INSTALL b/INSTALL
index 94f4b9d..08f9916 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,4 +1,4 @@
-LuaSec 0.2
+LuaSec 0.3
 -----------
 
 * On Linux, BSD, and Mac OS X:
diff --git a/LICENSE b/LICENSE
index 959e081..28dc94e 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,5 +1,5 @@
-LuaSec 0.2 license
-Copyright (C) 2006-2007 Bruno Silvestre
+LuaSec 0.3 license
+Copyright (C) 2006-2008 Bruno Silvestre
 
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
@@ -20,25 +20,26 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE,  ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-----------------------------------------------------------------------------
+----------------------------------------------------------------------
 
 LuaSocket 2.0.2 license
 Copyright © 2004-2007 Diego Nehab
 
-Permission is hereby granted, free of charge, to any person obtaining a
-copy of this software and associated documentation files (the "Software"),
-to deal in the Software without restriction, including without limitation
-the rights to use, copy, modify, merge, publish, distribute, sublicense,
-and/or sell copies of the Software, and to permit persons to whom the
-Software is furnished to do so, subject to the following conditions:
+Permission is hereby granted, free  of charge, to any person obtaining
+a  copy  of this  software  and  associated documentation  files  (the
+"Software"), to  deal in  the Software without  restriction, including
+without limitation  the rights to  use, copy, modify,  merge, publish,
+distribute, sublicense,  and/or sell  copies of  the Software,  and to
+permit persons to whom the Software  is furnished to do so, subject to
+the following conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The  above  copyright  notice  and this  permission  notice  shall  be
+included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.
+THE  SOFTWARE IS  PROVIDED  "AS  IS", WITHOUT  WARRANTY  OF ANY  KIND,
+EXPRESS OR  IMPLIED, INCLUDING  BUT NOT LIMITED  TO THE  WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT  SHALL THE AUTHORS OR COPYRIGHT HOLDERS  BE LIABLE FOR ANY
+CLAIM, DAMAGES OR  OTHER LIABILITY, WHETHER IN AN  ACTION OF CONTRACT,
+TORT OR  OTHERWISE, ARISING  FROM, OUT  OF OR  IN CONNECTION  WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/luasec.ncb b/luasec.ncb
deleted file mode 100644
index a3569d5..0000000
Binary files a/luasec.ncb and /dev/null differ
diff --git a/luasec.sln b/luasec.sln
index a8f9164..b34bdfd 100644
--- a/luasec.sln
+++ b/luasec.sln
@@ -1,21 +1,19 @@
-Microsoft Visual Studio Solution File, Format Version 8.00
+Microsoft Visual Studio Solution File, Format Version 10.00
+# Visual C++ Express 2008
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
-	ProjectSection(ProjectDependencies) = postProject
-	EndProjectSection
 EndProject
 Global
-	GlobalSection(SolutionConfiguration) = preSolution
-		Debug = Debug
-		Release = Release
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
 	EndGlobalSection
-	GlobalSection(ProjectConfiguration) = postSolution
-		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Debug.ActiveCfg = Debug|Win32
-		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Debug.Build.0 = Debug|Win32
-		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Release.ActiveCfg = Release|Win32
-		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Release.Build.0 = Release|Win32
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Debug|Win32.Build.0 = Debug|Win32
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Release|Win32.ActiveCfg = Release|Win32
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Release|Win32.Build.0 = Release|Win32
 	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-	EndGlobalSection
-	GlobalSection(ExtensibilityAddIns) = postSolution
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
 	EndGlobalSection
 EndGlobal
diff --git a/luasec.suo b/luasec.suo
index a8a9000..ccbf856 100644
Binary files a/luasec.suo and b/luasec.suo differ
diff --git a/luasec.vcproj b/luasec.vcproj
index b76b049..895562d 100644
--- a/luasec.vcproj
+++ b/luasec.vcproj
@@ -1,116 +1,177 @@
 <?xml version="1.0" encoding="Windows-1252"?>
 <VisualStudioProject
 	ProjectType="Visual C++"
-	Version="7.10"
+	Version="9,00"
 	Name="luasec"
 	ProjectGUID="{A629932F-8819-4C0B-8835-CBF1FEED6376}"
-	Keyword="Win32Proj">
+	Keyword="Win32Proj"
+	TargetFrameworkVersion="131072"
+	>
 	<Platforms>
 		<Platform
-			Name="Win32"/>
+			Name="Win32"
+		/>
 	</Platforms>
+	<ToolFiles>
+	</ToolFiles>
 	<Configurations>
 		<Configuration
 			Name="Debug|Win32"
 			OutputDirectory="Debug"
 			IntermediateDirectory="Debug"
 			ConfigurationType="2"
-			CharacterSet="2">
+			InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
 			<Tool
 				Name="VCCLCompilerTool"
 				Optimization="0"
-				AdditionalIncludeDirectories="C:\devel\openssl\include;&quot;C:\devel\lua-5.1-md\include&quot;"
+				AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
 				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS"
-				MinimalRebuild="TRUE"
+				MinimalRebuild="true"
 				BasicRuntimeChecks="3"
 				RuntimeLibrary="3"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
-				Detect64BitPortabilityProblems="TRUE"
-				DebugInformationFormat="4"/>
+				DebugInformationFormat="4"
+			/>
 			<Tool
-				Name="VCCustomBuildTool"/>
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
 			<Tool
 				Name="VCLinkerTool"
-				AdditionalDependencies="libeay32MD.lib ssleay32MD.lib lua5.1.lib"
+				AdditionalDependencies="ws2_32.lib  libeay32MDd.lib ssleay32MDd.lib lua5.1.lib"
 				OutputFile="$(OutDir)/ssl.dll"
 				LinkIncremental="2"
-				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;&quot;C:\devel\lua-5.1-md\lib&quot;"
-				GenerateDebugInformation="TRUE"
+				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
+				GenerateDebugInformation="true"
 				ProgramDatabaseFile="$(OutDir)/luasec.pdb"
 				SubSystem="2"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
 				ImportLibrary="$(OutDir)/ssl.lib"
-				TargetMachine="1"/>
+				TargetMachine="1"
+			/>
 			<Tool
-				Name="VCMIDLTool"/>
+				Name="VCALinkTool"
+			/>
 			<Tool
-				Name="VCPostBuildEventTool"/>
+				Name="VCManifestTool"
+			/>
 			<Tool
-				Name="VCPreBuildEventTool"/>
+				Name="VCXDCMakeTool"
+			/>
 			<Tool
-				Name="VCPreLinkEventTool"/>
+				Name="VCBscMakeTool"
+			/>
 			<Tool
-				Name="VCResourceCompilerTool"/>
+				Name="VCFxCopTool"
+			/>
 			<Tool
-				Name="VCWebServiceProxyGeneratorTool"/>
+				Name="VCAppVerifierTool"
+			/>
 			<Tool
-				Name="VCXMLDataGeneratorTool"/>
-			<Tool
-				Name="VCWebDeploymentTool"/>
-			<Tool
-				Name="VCManagedWrapperGeneratorTool"/>
-			<Tool
-				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+				Name="VCPostBuildEventTool"
+			/>
 		</Configuration>
 		<Configuration
 			Name="Release|Win32"
 			OutputDirectory="Release"
 			IntermediateDirectory="Release"
 			ConfigurationType="2"
-			CharacterSet="2">
+			InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
+			CharacterSet="2"
+			>
+			<Tool
+				Name="VCPreBuildEventTool"
+			/>
+			<Tool
+				Name="VCCustomBuildTool"
+			/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"
+			/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"
+			/>
+			<Tool
+				Name="VCMIDLTool"
+			/>
 			<Tool
 				Name="VCCLCompilerTool"
-				AdditionalIncludeDirectories="C:\devel\openssl\include;&quot;C:\devel\lua-5.1-md\include&quot;"
+				AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
 				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;BUFFER_DEBUG;LUASEC_API=__declspec(dllexport)"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
-				Detect64BitPortabilityProblems="TRUE"
-				DebugInformationFormat="3"/>
+				DebugInformationFormat="3"
+			/>
 			<Tool
-				Name="VCCustomBuildTool"/>
+				Name="VCManagedResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCResourceCompilerTool"
+			/>
+			<Tool
+				Name="VCPreLinkEventTool"
+			/>
 			<Tool
 				Name="VCLinkerTool"
 				AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
 				OutputFile="$(OutDir)/ssl.dll"
 				LinkIncremental="1"
-				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;&quot;C:\devel\lua-5.1-md\lib&quot;"
-				GenerateDebugInformation="TRUE"
+				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
+				GenerateDebugInformation="true"
 				SubSystem="2"
 				OptimizeReferences="2"
 				EnableCOMDATFolding="2"
+				RandomizedBaseAddress="1"
+				DataExecutionPrevention="0"
 				ImportLibrary="$(OutDir)/ssl.lib"
-				TargetMachine="1"/>
+				TargetMachine="1"
+			/>
 			<Tool
-				Name="VCMIDLTool"/>
+				Name="VCALinkTool"
+			/>
 			<Tool
-				Name="VCPostBuildEventTool"/>
+				Name="VCManifestTool"
+			/>
 			<Tool
-				Name="VCPreBuildEventTool"/>
+				Name="VCXDCMakeTool"
+			/>
 			<Tool
-				Name="VCPreLinkEventTool"/>
+				Name="VCBscMakeTool"
+			/>
 			<Tool
-				Name="VCResourceCompilerTool"/>
+				Name="VCFxCopTool"
+			/>
 			<Tool
-				Name="VCWebServiceProxyGeneratorTool"/>
+				Name="VCAppVerifierTool"
+			/>
 			<Tool
-				Name="VCXMLDataGeneratorTool"/>
-			<Tool
-				Name="VCWebDeploymentTool"/>
-			<Tool
-				Name="VCManagedWrapperGeneratorTool"/>
-			<Tool
-				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+				Name="VCPostBuildEventTool"
+			/>
 		</Configuration>
 	</Configurations>
 	<References>
@@ -119,56 +180,72 @@
 		<Filter
 			Name="Source Files"
 			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
+			>
 			<File
-				RelativePath=".\src\buffer.c">
+				RelativePath=".\src\buffer.c"
+				>
 			</File>
 			<File
-				RelativePath=".\src\context.c">
+				RelativePath=".\src\context.c"
+				>
 			</File>
 			<File
-				RelativePath=".\src\io.c">
+				RelativePath=".\src\io.c"
+				>
 			</File>
 			<File
-				RelativePath=".\src\ssl.c">
+				RelativePath=".\src\ssl.c"
+				>
 			</File>
 			<File
-				RelativePath=".\src\timeout.c">
+				RelativePath=".\src\timeout.c"
+				>
 			</File>
 			<File
-				RelativePath=".\src\wsocket.c">
+				RelativePath=".\src\wsocket.c"
+				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
+			>
 			<File
-				RelativePath=".\src\buffer.h">
+				RelativePath=".\src\buffer.h"
+				>
 			</File>
 			<File
-				RelativePath=".\src\context.h">
+				RelativePath=".\src\context.h"
+				>
 			</File>
 			<File
-				RelativePath=".\src\io.h">
+				RelativePath=".\src\io.h"
+				>
 			</File>
 			<File
-				RelativePath=".\src\socket.h">
+				RelativePath=".\src\socket.h"
+				>
 			</File>
 			<File
-				RelativePath=".\src\ssl.h">
+				RelativePath=".\src\ssl.h"
+				>
 			</File>
 			<File
-				RelativePath=".\src\timeout.h">
+				RelativePath=".\src\timeout.h"
+				>
 			</File>
 			<File
-				RelativePath=".\src\wsocket.h">
+				RelativePath=".\src\wsocket.h"
+				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Resource Files"
 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
-			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}">
+			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
+			>
 		</Filter>
 	</Files>
 	<Globals>
diff --git a/samples/README b/samples/README
index a0d8725..ecdf3c9 100644
--- a/samples/README
+++ b/samples/README
@@ -29,3 +29,6 @@ Directories:
 
 * want
  Test want().
+
+* key
+ Test encrypted private key.
diff --git a/samples/certs/rootA.sh b/samples/certs/rootA.sh
index 1a93e42..7b588bf 100755
--- a/samples/certs/rootA.sh
+++ b/samples/certs/rootA.sh
@@ -1,3 +1,5 @@
+#!/bin/sh
+
 openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
 
 openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
diff --git a/samples/certs/rootB.sh b/samples/certs/rootB.sh
index 9081188..53969b3 100755
--- a/samples/certs/rootB.sh
+++ b/samples/certs/rootB.sh
@@ -1,3 +1,5 @@
+#!/bin/sh
+
 openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
 
 openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
diff --git a/samples/key/genkey.sh b/samples/key/genkey.sh
new file mode 100644
index 0000000..33881cf
--- /dev/null
+++ b/samples/key/genkey.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+openssl genrsa -des3 -out key.pem -passout pass:foobar 2048
diff --git a/samples/key/loadkey.lua b/samples/key/loadkey.lua
new file mode 100644
index 0000000..274d0e4
--- /dev/null
+++ b/samples/key/loadkey.lua
@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+require("ssl")
+
+local pass = "foobar"
+local cfg = {
+  protocol = "tlsv1",
+  mode = "client",
+  key = "key.pem",
+}
+
+-- Shell
+print(string.format("*** Hint: password is '%s' ***", pass))
+ctx, err = ssl.newcontext(cfg)
+assert(ctx, err)
+print("Shell: ok")
+
+-- Text password
+cfg.password = pass
+ctx, err = ssl.newcontext(cfg)
+assert(ctx, err)
+print("Text: ok")
+
+-- Callback
+cfg.password = function() return pass end
+ctx, err = ssl.newcontext(cfg)
+assert(ctx, err)
+print("Callback: ok")
diff --git a/src/Makefile b/src/Makefile
index cc53eb0..a4aa2e5 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -38,13 +38,13 @@ install: $(CMOD) $(LMOD)
 	$(CP) $(LMOD) $(LUAPATH)
 
 linux:
-	@make $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"
+	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"
 
 bsd:
-	@make $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)"
+	@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)"
 
 macosx:
-	@make $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)"
+	@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)"
 
 
 $(CMOD): $(OBJS)
diff --git a/src/context.c b/src/context.c
index dca8c9e..1d39d3c 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.2
- * Copyright (C) 2006-2007 Bruno Silvestre
+ * LuaSec 0.3
+ * Copyright (C) 2006-2008 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
@@ -115,6 +115,27 @@ static int set_verify_flag(const char *str, int *flag)
   return 0;
 }
 
+/**
+ * Password callback for reading the private key.
+ */
+static int passwd_cb(char *buf, int size, int flag, void *udata)
+{
+  lua_State *L = (lua_State*)udata;
+  switch (lua_type(L, 3)) {
+  case LUA_TFUNCTION:
+    lua_pushvalue(L, 3);
+    lua_call(L, 0, 1);
+    if (lua_type(L, -1) != LUA_TSTRING)
+       return 0;
+    /* fallback */
+  case LUA_TSTRING:
+    strncpy(buf, lua_tostring(L, -1), size);
+    buf[size-1] = '\0';
+    return (int)strlen(buf);
+  }
+  return 0;
+}
+
 /*------------------------------ Lua Functions -------------------------------*/
 
 /**
@@ -191,17 +212,32 @@ static int load_cert(lua_State *L)
  */
 static int load_key(lua_State *L)
 {
+  int ret = 1;
   SSL_CTX *ctx = ctx_getcontext(L, 1);
   const char *filename = luaL_checkstring(L, 2);
-  
-  if (SSL_CTX_use_PrivateKey_file(ctx, filename, SSL_FILETYPE_PEM) != 1) {
-    lua_pushboolean(L, 0);
-    lua_pushfstring(L, "error loading private key (%s)",
-      ERR_reason_error_string(ERR_get_error()));
-    return 2;
+  switch (lua_type(L, 3)) {
+  case LUA_TSTRING:
+  case LUA_TFUNCTION:
+    SSL_CTX_set_default_passwd_cb(ctx, passwd_cb);
+    SSL_CTX_set_default_passwd_cb_userdata(ctx, L);
+    /* fallback */
+  case LUA_TNIL: 
+    if (SSL_CTX_use_PrivateKey_file(ctx, filename, SSL_FILETYPE_PEM) == 1)
+      lua_pushboolean(L, 1);
+    else {
+      ret = 2;
+      lua_pushboolean(L, 0);
+      lua_pushfstring(L, "error loading private key (%s)",
+        ERR_reason_error_string(ERR_get_error()));
+    }
+    SSL_CTX_set_default_passwd_cb(ctx, NULL);
+    SSL_CTX_set_default_passwd_cb_userdata(ctx, NULL);
+    break;
+  default:
+    lua_pushstring(L, "invalid callback value");
+    lua_error(L);
   }
-  lua_pushboolean(L, 1);
-  return 1;
+  return ret;
 }
 
 /**
@@ -302,6 +338,16 @@ static int set_mode(lua_State *L)
   return 1;
 }   
 
+/**
+ * Return a pointer to SSL_CTX structure.
+ */
+static int raw_ctx(lua_State *L)
+{
+  p_context ctx = checkctx(L, 1);
+  lua_pushlightuserdata(L, (void*)ctx->context);
+  return 1;
+}
+
 /**
  * Package functions
  */
@@ -315,6 +361,7 @@ static luaL_Reg funcs[] = {
   {"setverify",  set_verify},
   {"setoptions", set_options},
   {"setmode",    set_mode},
+  {"rawcontext", raw_ctx},
   {NULL, NULL}
 };
 
diff --git a/src/context.h b/src/context.h
index 8544200..608f675 100644
--- a/src/context.h
+++ b/src/context.h
@@ -2,8 +2,8 @@
 #define __CONTEXT_H__
 
 /*--------------------------------------------------------------------------
- * LuaSec 0.2
- * Copyright (C) 2006-2007 Bruno Silvestre
+ * LuaSec 0.3
+ * Copyright (C) 2006-2008 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
diff --git a/src/ssl.c b/src/ssl.c
index f8d6cda..85b9af3 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.2
- * Copyright (C) 2006-2007 Bruno Silvestre
+ * LuaSec 0.3
+ * Copyright (C) 2006-2008 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
@@ -334,6 +334,16 @@ static int meth_want(lua_State *L)
   return 1;
 }
   
+/**
+ * Return a pointer to SSL structure.
+ */
+static int meth_rawconn(lua_State *L)
+{
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
+  lua_pushlightuserdata(L, (void*)ssl->ssl);
+  return 1;
+}
+
 /*---------------------------------------------------------------------------*/
 
 
@@ -356,9 +366,10 @@ static luaL_Reg meta[] = {
  * SSL functions 
  */
 static luaL_Reg funcs[] = {
-  {"create", meth_create},
-  {"setfd",  meth_setfd},
-  {NULL,     NULL}
+  {"create",        meth_create},
+  {"setfd",         meth_setfd},
+  {"rawconnection", meth_rawconn},
+  {NULL,            NULL}
 };
 
 /**
diff --git a/src/ssl.h b/src/ssl.h
index 98593bd..a549abf 100644
--- a/src/ssl.h
+++ b/src/ssl.h
@@ -2,8 +2,8 @@
 #define __SSL_H__
 
 /*--------------------------------------------------------------------------
- * LuaSec 0.2
- * Copyright (C) 2006-2007 Bruno Silvestre
+ * LuaSec 0.3
+ * Copyright (C) 2006-2008 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
diff --git a/src/ssl.lua b/src/ssl.lua
index 5e2c070..0ee9928 100644
--- a/src/ssl.lua
+++ b/src/ssl.lua
@@ -1,6 +1,6 @@
 ------------------------------------------------------------------------------
--- LuaSec 0.2
--- Copyright (C) 2006-2007 Bruno Silvestre
+-- LuaSec 0.3
+-- Copyright (C) 2006-2008 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
 
@@ -9,10 +9,15 @@ module("ssl", package.seeall)
 require("ssl.core")
 require("ssl.context")
 
-             
-_COPYRIGHT = "LuaSec 0.2 - Copyright (C) 2006-2007 Bruno Silvestre\n" .. 
+
+_VERSION   = "0.3"
+_COPYRIGHT = "LuaSec 0.3 - Copyright (C) 2006-2008 Bruno Silvestre\n" .. 
              "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
 
+-- Export functions
+rawconnection = core.rawconnection
+rawcontext    = context.rawcontext
+
 --
 --
 --
@@ -39,11 +44,15 @@ function newcontext(cfg)
    succ, msg = context.setmode(ctx, cfg.mode)
    if not succ then return nil, msg end
    -- Load the key
-   succ, msg = context.loadkey(ctx, cfg.key)
-   if not succ then return nil, msg end
+   if cfg.key then
+      succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
+      if not succ then return nil, msg end
+   end
    -- Load the certificate
-   succ, msg = context.loadcert(ctx, cfg.certificate)
-   if not succ then return nil, msg end
+   if cfg.certificate then
+      succ, msg = context.loadcert(ctx, cfg.certificate)
+      if not succ then return nil, msg end
+   end
    -- Load the CA certificates
    if cfg.cafile or cfg.capath then
       succ, msg = context.locations(ctx, cfg.cafile, cfg.capath)