diff --git a/include/ma_ssl.h b/include/ma_ssl.h
index b994f08c..b227ac5e 100644
--- a/include/ma_ssl.h
+++ b/include/ma_ssl.h
@@ -151,5 +151,6 @@ const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl);
 my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list);
 my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
 my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
+void ma_pvio_ssl_end();
 
 #endif /* _ma_ssl_h_ */
diff --git a/include/mysql.h b/include/mysql.h
index f0c6b153..ef8f133d 100644
--- a/include/mysql.h
+++ b/include/mysql.h
@@ -226,6 +226,9 @@ extern unsigned int mariadb_deinitialize_ssl;
     MARIADB_CLIENT_ERRORS,
     MARIADB_CLIENT_VERSION,
     MARIADB_CLIENT_VERSION_ID,
+    MARIADB_CONNECTION_ERROR,
+    MARIADB_CONNECTION_ERROR_ID,
+    MARIADB_CONNECTION_SQLSTATE,
     MARIADB_CONNECTION_ASYNC_TIMEOUT,
     MARIADB_CONNECTION_ASYNC_TIMEOUT_MS,
     MARIADB_CONNECTION_HOST,
@@ -239,6 +242,7 @@ extern unsigned int mariadb_deinitialize_ssl;
     MARIADB_CONNECTION_SERVER_VERSION_ID,
     MARIADB_CONNECTION_SOCKET,
     MARIADB_CONNECTION_SSL_CIPHER,
+    MARIADB_CONNECTION_SSL_LIBRARY,
     MARIADB_CONNECTION_SSL_VERSION,
     MARIADB_CONNECTION_SSL_VERSION_ID,
     MARIADB_CONNECTION_TYPE,
diff --git a/libmariadb/libmariadb.c b/libmariadb/libmariadb.c
index acb4ece1..11fc88cc 100644
--- a/libmariadb/libmariadb.c
+++ b/libmariadb/libmariadb.c
@@ -3122,10 +3122,9 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...)
   case MARIADB_OPT_SSL_PASSPHRASE:
     *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_pw : NULL;
     break;
-    /* todo
   case MARIADB_OPT_CONNECTION_READ_ONLY:
+    *((my_bool *)arg)= mysql->options.extension ? mysql->options.extension->read_only : 0;
     break;
-    */
   case MARIADB_OPT_USERDATA:
     /* nysql_get_optionv(mysql, MARIADB_OPT_USERDATA, key, value) */
     {
@@ -3450,6 +3449,9 @@ void STDCALL mysql_server_end(void)
   list_free(pvio_callback, 0);
   if (my_init_done)
     my_end(0);
+#ifdef HAVE_SSL
+  ma_pvio_ssl_end();
+#endif  
   mysql_client_init= 0;
   my_init_done= 0;
 }
@@ -3570,6 +3572,21 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
   case MARIADB_NET_BUFFER_LENGTH:
     *((size_t *)arg)= (size_t)net_buffer_length;
     break;
+  case MARIADB_CONNECTION_ERROR_ID:
+    if (!mysql)
+      goto error;
+    *((unsigned int *)arg)= mysql->net.last_errno;
+    break;
+  case MARIADB_CONNECTION_ERROR:
+    if (!mysql)
+      goto error;
+    *((char **)arg)= mysql->net.last_error;
+    break;
+  case MARIADB_CONNECTION_SQLSTATE:
+    if (!mysql)
+      goto error;
+    *((char **)arg)= mysql->net.sqlstate;
+    break;
   case MARIADB_CONNECTION_SSL_VERSION:
     #ifdef HAVE_SSL
     if (mysql && mysql->net.pvio && mysql->net.pvio->cssl)
@@ -3594,6 +3611,19 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
     #endif
       goto error;
     break;
+  case MARIADB_CONNECTION_SSL_LIBRARY:
+#ifdef HAVE_SSL
+#ifdef HAVE_GNUTLS
+    *((char **)arg)= "GNUTLS";
+#elif HAVE_OPENSSL
+    *((char **)arg)= "OPENSSL";
+#elif HAVE_SCHANNEL
+    *((char **)arg)= "SCHANNEL";
+#endif
+#else
+    *((char **)arg)= "OFF";
+#endif
+    break;
   case MARIADB_CLIENT_VERSION:
     *((char **)arg)= MYSQL_CLIENT_VERSION;
     break;
diff --git a/libmariadb/ma_pvio.c b/libmariadb/ma_pvio.c
index 054ef45d..1d763381 100644
--- a/libmariadb/ma_pvio.c
+++ b/libmariadb/ma_pvio.c
@@ -70,6 +70,7 @@ MARIADB_PVIO *ma_pvio_init(MA_PVIO_CINFO *cinfo)
    * Currently we support the following pvio types:
    *   pvio_socket
    *   pvio_namedpipe
+   *   pvio_sharedmed
    */
   char *pvio_plugins[] = {"pvio_socket", "pvio_npipe", "pvio_shmem"};
   int type;
diff --git a/libmariadb/ma_ssl.c b/libmariadb/ma_ssl.c
index 2ea474a8..529979ea 100644
--- a/libmariadb/ma_ssl.c
+++ b/libmariadb/ma_ssl.c
@@ -78,7 +78,11 @@ MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql)
 
 my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl)
 {
-  return ma_ssl_connect(cssl);
+  my_bool rc;
+  
+  if ((rc= ma_ssl_connect(cssl)))
+    ma_ssl_close(cssl);
+  return rc;
 }
 
 size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
@@ -106,6 +110,11 @@ const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl)
   return ma_ssl_get_cipher(cssl);
 }
 
+void ma_pvio_ssl_end()
+{
+  return ma_ssl_end();
+}
+
 my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version)
 {
   return ma_ssl_get_protocol_version(cssl, version);
diff --git a/libmariadb/secure/gnutls.c b/libmariadb/secure/gnutls.c
index a315bb5d..534c2592 100644
--- a/libmariadb/secure/gnutls.c
+++ b/libmariadb/secure/gnutls.c
@@ -35,6 +35,7 @@ pthread_mutex_t LOCK_gnutls_config;
 
 static gnutls_certificate_credentials_t GNUTLS_xcred;
 extern my_bool ma_ssl_initialized;
+extern unsigned int mariadb_deinitialize_ssl;
 
 static int my_verify_callback(gnutls_session_t ssl);
 
@@ -137,7 +138,8 @@ void ma_ssl_end()
     gnutls_certificate_free_crls(GNUTLS_xcred);
     gnutls_certificate_free_ca_names(GNUTLS_xcred);
     gnutls_certificate_free_credentials(GNUTLS_xcred);
-    gnutls_global_deinit();
+    if (mariadb_deinitialize_ssl)
+      gnutls_global_deinit();
     ma_ssl_initialized= FALSE;
   }
   pthread_mutex_unlock(&LOCK_gnutls_config);
diff --git a/libmariadb/secure/openssl.c b/libmariadb/secure/openssl.c
index e659a1a1..f8a844dd 100644
--- a/libmariadb/secure/openssl.c
+++ b/libmariadb/secure/openssl.c
@@ -41,6 +41,7 @@
 #include <my_pthread.h>
 
 extern my_bool ma_ssl_initialized;
+extern unsigned int mariadb_deinitialize_ssl;
 static SSL_CTX *SSL_context= NULL;
 
 #define MAX_SSL_ERR_LEN 100
@@ -226,14 +227,16 @@ void ma_ssl_end()
       SSL_CTX_free(SSL_context);
       SSL_context= NULL;
     }
-    ERR_remove_state(0);
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    ERR_free_strings();
-    //ENGINE_cleanup();
-    CONF_modules_free();
-    CONF_modules_unload(1);
-    sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+    if (mariadb_deinitialize_ssl)
+    {
+      ERR_remove_state(0);
+      EVP_cleanup();
+      CRYPTO_cleanup_all_ex_data();
+      ERR_free_strings();
+      CONF_modules_free();
+      CONF_modules_unload(1);
+      sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+    }
     ma_ssl_initialized= FALSE;
   }
   pthread_mutex_unlock(&LOCK_openssl_config);
@@ -293,7 +296,12 @@ static int ma_ssl_set_certs(MYSQL *mysql)
   if (keyfile && keyfile[0])
   {
     if (SSL_CTX_use_PrivateKey_file(SSL_context, keyfile, SSL_FILETYPE_PEM) != 1)
-      goto error;
+    {
+      unsigned long err= ERR_peek_error();
+      if (!(ERR_GET_LIB(err) == ERR_LIB_X509 &&
+	  ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE))
+        goto error;
+    }
   }
   if (OPT_HAS_EXT_VAL(mysql, ssl_pw))
   {
diff --git a/libmariadb/secure/schannel.c b/libmariadb/secure/schannel.c
index 3f84c17f..1f27dd44 100644
--- a/libmariadb/secure/schannel.c
+++ b/libmariadb/secure/schannel.c
@@ -310,7 +310,6 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
   return 0;
 
 end:
-  /* todo: cleanup */
   if (pRemoteCertContext)
     CertFreeCertificateContext(pRemoteCertContext);
   if (rc && sctx->IoBufferSize)
@@ -322,6 +321,9 @@ end:
     CertFreeCertificateContext(sctx->client_cert_ctx);
   if (sctx->client_crl_ctx)
     CertFreeCRLContext(sctx->client_crl_ctx);
+  sctx->client_ca_ctx= 0;
+  sctx->client_cert_ctx= 0;
+  sctx->client_crl_ctx= 0;
   return 1;
 }
 
diff --git a/plugins/connection/CMakeLists.txt b/plugins/connection/CMakeLists.txt
index 4ccdd611..c9cc1932 100644
--- a/plugins/connection/CMakeLists.txt
+++ b/plugins/connection/CMakeLists.txt
@@ -20,7 +20,7 @@ IF(REPLICATION_PLUGIN_TYPE MATCHES "DYNAMIC")
   SET(INSTALL_LIBS replication)
 ENDIF()
 
-IF(REPLICATION_PLUGIN_TYPE MATCHES "DYNAMIC")
+IF(AURORA_PLUGIN_TYPE MATCHES "DYNAMIC")
   IF(WIN32)
     SET_VERSION_INFO("TARGET:aurora"
                      "FILE_TYPE:VFT_DLL"
diff --git a/unittest/libmariadb/ssl.c.in b/unittest/libmariadb/ssl.c.in
index 1f77c446..866aa34b 100644
--- a/unittest/libmariadb/ssl.c.in
+++ b/unittest/libmariadb/ssl.c.in
@@ -53,18 +53,7 @@ static int check_cipher(MYSQL *mysql)
     return 1;
   diag("cipher: %s", cipher);
 
-#ifdef HAVE_GNUTLS
-  {
-    return strcmp(cipher, "AES-256-CBC");
-  }
-#elif HAVE_OPENSSL
-  if (!strcmp(cipher, "DHE-RSA-AES256-SHA") ||
-      !strcmp(cipher, "DHE-RSA-AES256-GCM-SHA384"))
-    return 0;
-#elif HAVE_SCHANNEL
-  return strcmp(cipher, "CALG_AES_256");
-#endif
-  return 1;
+  return 0;
 }
 
 static int create_ssl_user(const char *ssluser, my_bool is_X509)
@@ -90,6 +79,8 @@ static int create_ssl_user(const char *ssluser, my_bool is_X509)
   rc= mysql_query(mysql, "FLUSH PRIVILEGES");
   check_mysql_rc(rc,mysql);
 
+  mysql_close(mysql);
+
   return rc;
 }
 
@@ -775,7 +766,7 @@ static int test_ssl_fp_list(MYSQL *unused)
 static int test_ssl_version(MYSQL *mysql)
 {
   unsigned int iversion;
-  char *version;
+  const char *version, *library;
   MYSQL *my;
 
   if (check_skip_ssl())
@@ -794,6 +785,10 @@ static int test_ssl_version(MYSQL *mysql)
   mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION, &version);
   diag("protocol: %s", version);
 
+  mariadb_get_infov(my, MARIADB_CONNECTION_SSL_LIBRARY, &library);
+  diag("library: %s", library);
+
+
   mysql_close(my);
 
   return OK;