diff --git a/dsn/odbc_dsn.c b/dsn/odbc_dsn.c
index 9361779e..f5f339c7 100644
--- a/dsn/odbc_dsn.c
+++ b/dsn/odbc_dsn.c
@@ -16,7 +16,6 @@
    or write to the Free Software Foundation, Inc., 
    51 Franklin St., Fifth Floor, Boston, MA 02110, USA
 *************************************************************************************/
-#define WIN32_LEAN_AND_MEAN
 
 #include <Windows.h>
 #include <stdlib.h>
@@ -83,6 +82,7 @@ MADB_DsnMap DsnMap[] = {
   {&DsnKeys[14], 2, ckReconnect,          0, 0},
   {&DsnKeys[15], 2, ckConnectPrompt,      0, 0},
   {&DsnKeys[16], 2, cbCharset,            0, 0},
+  {&DsnKeys[34], 2, txtServerKey,       260, 0},
   {&DsnKeys[18], 3, txtPluginDir,       260, 0},
   {&DsnKeys[19], 4, txtSslKey,          260, 0},
   {&DsnKeys[20], 4, txtSslCert,         260, 0},
@@ -94,7 +94,7 @@ MADB_DsnMap DsnMap[] = {
   {&DsnKeys[32], 4, cbTls12,              2, 0},
   {&DsnKeys[32], 4, cbTls13,              4, 0},
   {&DsnKeys[33], 4, cbForceTls,           0, 0},
-  {&DsnKeys[34], 4, txtServerKey,       260, 0},
+  {&DsnKeys[27], 4, txtCrl,               0, 0},
   {&DsnKeys[25], 4, txtTlsPeerFp,       41, 0},
   {&DsnKeys[26], 4, txtTlsPeerFpList,   260, 0 },
   {NULL, 0, 0, 0, 0}
@@ -729,6 +729,10 @@ INT_PTR CALLBACK DialogDSNProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lPara
       res=   SelectPath(hDlg, txtTlsPeerFpList, L"Select File with SHA1 fingerprints of server certificates", FALSE, OpenCurSelection);
       OpenCurSelection= OpenCurSelection && !res;
       return res;
+    case pbCrlBrowse:
+      res = SelectPath(hDlg, txtCrl, L"Select PEM File Certificate Revocation List(CRL)", FALSE, OpenCurSelection);
+      OpenCurSelection = OpenCurSelection && !res;
+      return res;
     case rbTCP:
 	  case rbPipe:
 		  if (HIWORD(wParam) == BN_CLICKED)
diff --git a/dsn/odbc_dsn.rc b/dsn/odbc_dsn.rc
index 7fc1c896..5cdfcba6 100644
--- a/dsn/odbc_dsn.rc
+++ b/dsn/odbc_dsn.rc
@@ -129,21 +129,27 @@ Page_2 DIALOGEX 0, 0, 299, 182
 STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
-    LTEXT           "Do you want tio send initial statement(s) after establishing connection to MariaDB?",IDC_STATIC,7,7,264,8,0,WS_EX_TRANSPARENT
-    EDITTEXT        txtInitCmd,74,30,197,39,ES_MULTILINE | ES_AUTOHSCROLL | WS_VSCROLL
-    LTEXT           "Statement(s):",IDC_STATIC,20,32,46,8,0,WS_EX_TRANSPARENT
-    RTEXT           "Connection timeout in sec:",IDC_STATIC,17,77,86,8,0,WS_EX_TRANSPARENT
-    EDITTEXT        txtConnectionTimeOut,111,75,40,14,ES_AUTOHSCROLL
-    CONTROL         "Enable automatic &reconnect",ckReconnect,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,94,107,10,WS_EX_TRANSPARENT
-    CONTROL         "Don't prompt when connecting",ckConnectPrompt,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,110,113,10,WS_EX_TRANSPARENT
-    CONTROL         "Use compression",ckCompressed,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,94,107,10,WS_EX_TRANSPARENT
-    CONTROL         "Read odbc section from my.cnf",ckUseMycnf,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,110,198,10,WS_EX_TRANSPARENT
+    LTEXT           "Do you want to send initial statement(s) after establishing connection to MariaDB?",IDC_STATIC,7,0,264,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtInitCmd,74,15,197,39,ES_MULTILINE | ES_AUTOHSCROLL | WS_VSCROLL
+    LTEXT           "Statement(s):",IDC_STATIC,20,17,46,8,0,WS_EX_TRANSPARENT
+    RTEXT           "Connection timeout in sec:",IDC_STATIC,17,62,86,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtConnectionTimeOut,111,60,40,14,ES_AUTOHSCROLL
+    CONTROL         "Enable automatic &reconnect",ckReconnect,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,79,107,10,WS_EX_TRANSPARENT
+    CONTROL         "Don't prompt when connecting",ckConnectPrompt,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,95,113,10,WS_EX_TRANSPARENT
+    CONTROL         "Use compression",ckCompressed,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,79,107,10,WS_EX_TRANSPARENT
+    CONTROL         "Read odbc section from my.cnf",ckUseMycnf,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,163,95,198,10,WS_EX_TRANSPARENT
+
+    COMBOBOX        cbCharset,113,110,160,80,CBS_DROPDOWN | CBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
+    RTEXT           "Connection Character Set:",IDC_STATIC,7,113,96,8,0,WS_EX_TRANSPARENT
+
+    RTEXT           "Server RSA public key:",IDC_STATIC,15,128,88,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtServerKey,113,127,110,12,ES_AUTOHSCROLL
+    PUSHBUTTON      "Browse",pbServerKeyBrowse,224,126,30,14
+
     PUSHBUTTON      "Cancel",IDCANCEL,178,149,50,14
     PUSHBUTTON      "Next >",PB_NEXT,104,149,50,14
     PUSHBUTTON      "< Previous",PB_PREV,50,149,50,14,WS_DISABLED
     PUSHBUTTON      "Help",IDCANCEL4,236,149,50,14
-    COMBOBOX        cbCharset,113,127,160,80,CBS_DROPDOWN | CBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
-    RTEXT           "Connection Character Set:",IDC_STATIC,7,130,96,8,0,WS_EX_TRANSPARENT
 END
 
 Page_3 DIALOGEX 0, 0, 299, 182
@@ -165,11 +171,11 @@ BEGIN
     PUSHBUTTON      "Help",IDCANCEL4,236,149,50,14
 END
 
-Page_4 DIALOGEX 0, 0, 299, 182
+Page_4 DIALOGEX -10, -9, 320, 188
 STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
-    GROUPBOX        "SSL Settings",IDC_STATIC,7,-2,278,148,0,WS_EX_TRANSPARENT
+    GROUPBOX        "TLS Settings",IDC_STATIC,1,-2,303,151,0,WS_EX_TRANSPARENT
 
     LTEXT           "Key",IDC_STATIC,15,10,56,8,0,WS_EX_TRANSPARENT
     EDITTEXT        txtSslKey,84,10,110,10,ES_AUTOHSCROLL
@@ -199,11 +205,11 @@ BEGIN
     CONTROL         "v.1.2",cbTls12,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,155,91,30,10,WS_EX_TRANSPARENT
     CONTROL         "v.1.3",cbTls13,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,185,91,30,10,WS_EX_TRANSPARENT
 
-    LTEXT           "Server public key",IDC_STATIC,15,104,68,8,0,WS_EX_TRANSPARENT
-    EDITTEXT        txtServerKey,84,104,110,10,ES_AUTOHSCROLL
-    PUSHBUTTON      "Browse",pbServerKeyBrowse,195,102,30,14
+    LTEXT           "CRL File",IDC_STATIC,15,104,68,8,0,WS_EX_TRANSPARENT
+    EDITTEXT        txtCrl,84,104,110,10,ES_AUTOHSCROLL
+    PUSHBUTTON      "Browse",pbCrlBrowse,195,102,30,14
 
-    LTEXT           "Tls Peer Fingerprint", IDC_STATIC, 15, 118, 68, 8, 0, WS_EX_TRANSPARENT
+    LTEXT           "TLS Peer Fingerprint", IDC_STATIC, 15, 118, 68, 8, 0, WS_EX_TRANSPARENT
     EDITTEXT        txtTlsPeerFp, 84, 118, 110, 10, ES_AUTOHSCROLL
 
     LTEXT           "Fingerprints List File", IDC_STATIC, 15, 132, 68, 8, 0, WS_EX_TRANSPARENT
diff --git a/dsn/resource.h b/dsn/resource.h
index 46f9b447..7a56d67b 100644
Binary files a/dsn/resource.h and b/dsn/resource.h differ
diff --git a/libmariadb b/libmariadb
index 8e9c3116..2759b87d 160000
--- a/libmariadb
+++ b/libmariadb
@@ -1 +1 @@
-Subproject commit 8e9c3116105d9a998a60991b7f4ba910d454d4b1
+Subproject commit 2759b87d72926b7c9b5426437a7c8dd15ff57945
diff --git a/ma_connection.c b/ma_connection.c
index 604d1b2d..e21997ce 100644
--- a/ma_connection.c
+++ b/ma_connection.c
@@ -777,6 +777,10 @@ SQLRETURN MADB_DbcConnectDB(MADB_Dbc *Connection,
     mysql_optionsv(Connection->mariadb, MYSQL_OPT_SSL_ENFORCE, (const char*)&ForceTls);
   }
 
+  if (!MADB_IS_EMPTY(Dsn->SslCrl))
+  {
+    mysql_optionsv(Connection->mariadb, MYSQL_OPT_SSL_CRL, Dsn->SslCrl);
+  }
   if (!MADB_IS_EMPTY(Dsn->SslCrlPath))
   {
     mysql_optionsv(Connection->mariadb, MYSQL_OPT_SSL_CRLPATH, Dsn->SslCrlPath);
@@ -796,6 +800,11 @@ SQLRETURN MADB_DbcConnectDB(MADB_Dbc *Connection,
     mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PEER_FP_LIST, (void*)Dsn->TlsPeerFpList);
   }
 
+  if (!MADB_IS_EMPTY(Dsn->TlsKeyPwd))
+  {
+    mysql_optionsv(Connection->mariadb, MARIADB_OPT_TLS_PASSPHRASE, (void*)Dsn->TlsKeyPwd);
+  }
+
   if (!mysql_real_connect(Connection->mariadb,
       Dsn->Socket ? "localhost" : Dsn->ServerName, Dsn->UserName, Dsn->Password,
         Dsn->Catalog && Dsn->Catalog[0] ? Dsn->Catalog : NULL, Dsn->Port, Dsn->Socket, client_flags))
diff --git a/ma_dsn.c b/ma_dsn.c
index ee56d2e7..f9c229c6 100644
--- a/ma_dsn.c
+++ b/ma_dsn.c
@@ -72,7 +72,8 @@ MADB_DsnKey DsnKeys[]=
   {"USE_MYCNF",      offsetof(MADB_Dsn, ReadMycnf),         DSN_TYPE_OPTION, MADB_OPT_FLAG_USE_CNF, 0},
   {"TLSVERSION",     offsetof(MADB_Dsn, TlsVersion),        DSN_TYPE_CBOXGROUP, 0, 0},
   {"FORCETLS",       offsetof(MADB_Dsn, ForceTls),          DSN_TYPE_BOOL,   0, 0},
-  {"SERVERKEY",      offsetof(MADB_Dsn, ServerKey),         DSN_TYPE_STRING,   0, 0},
+  {"SERVERKEY",      offsetof(MADB_Dsn, ServerKey),         DSN_TYPE_STRING, 0, 0},
+  {"TLSKEYPWD",      offsetof(MADB_Dsn, TlsKeyPwd),         DSN_TYPE_STRING, 0, 0},
   /* Aliases. Here offset is index of aliased key */
   {"SERVERNAME",     DSNKEY_SERVER_INDEX,                   DSN_TYPE_STRING, 0, 1},
   {"USER",           DSNKEY_UID_INDEX,                      DSN_TYPE_STRING, 0, 1},
@@ -156,7 +157,7 @@ void MADB_DSN_Free(MADB_Dsn *Dsn)
   MADB_FREE(Dsn->TlsPeerFpList);
   MADB_FREE(Dsn->SaveFile);
   MADB_FREE(Dsn->ServerKey);
-
+  MADB_FREE(Dsn->TlsKeyPwd);
   if (Dsn->FreeMe)
     MADB_FREE(Dsn); 
 }
diff --git a/ma_dsn.h b/ma_dsn.h
index c0e4b820..ecf8d070 100644
--- a/ma_dsn.h
+++ b/ma_dsn.h
@@ -129,6 +129,7 @@ typedef struct st_madb_dsn
   char *SslCrlPath;
   char *TlsPeerFp;
   char *TlsPeerFpList;
+  char *TlsKeyPwd;
   my_bool SslVerify;
   char TlsVersion;
   my_bool ForceTls;