diff --git a/include/mysqld_error.h b/include/mysqld_error.h
index 17ededfbb5233c50804b0f32ac9f19297d30d54b..e5c2898d0e7d56e30a02912bec01fd3dc8205ef0 100644
--- a/include/mysqld_error.h
+++ b/include/mysqld_error.h
@@ -288,4 +288,5 @@
 #define ER_CANT_AGGREGATE_NCOLLATIONS 1269
 #define ER_VARIABLE_IS_NOT_STRUCT 1270
 #define ER_UNKNOWN_COLLATION 1271
-#define ER_ERROR_MESSAGES 272
+#define ER_SLAVE_IGNORED_SSL_PARAMS 1272
+#define ER_ERROR_MESSAGES 273
diff --git a/mysql-test/Makefile.am b/mysql-test/Makefile.am
index fb97dd5b1de231c2c33a4cd19fe9ee37d38bebde..2babb6fba660c4f77114946ace10f367ebdd416b 100644
--- a/mysql-test/Makefile.am
+++ b/mysql-test/Makefile.am
@@ -21,8 +21,9 @@ benchdir_root=		$(prefix)
 testdir =	        $(benchdir_root)/mysql-test
 EXTRA_SCRIPTS = 	mysql-test-run.sh install_test_db.sh
 EXTRA_DIST = 		$(EXTRA_SCRIPTS) 
-test_SCRIPTS = 		mysql-test-run install_test_db
-CLEANFILES = 		$(test_SCRIPTS)
+test_SCRIPTS = 		mysql-test-run install_test_db 
+test_DATA = std_data/client-key.pem std_data/client-cert.pem std_data/cacert.pem
+CLEANFILES = 		$(test_SCRIPTS) $(test_DATA)
 
 dist-hook:
 	mkdir -p $(distdir)/t $(distdir)/r $(distdir)/include \
@@ -32,6 +33,8 @@ dist-hook:
 	$(INSTALL_DATA) $(srcdir)/r/*.result $(srcdir)/r/*.require $(distdir)/r
 	$(INSTALL_DATA) $(srcdir)/std_data/*.dat $(srcdir)/std_data/*.000001 $(distdir)/std_data
 	$(INSTALL_DATA) $(srcdir)/std_data/des_key_file $(distdir)/std_data
+	$(INSTALL_DATA) $(srcdir)/std_data/*.pem $(distdir)/std_data
+
 
 install-data-local:
 	$(mkinstalldirs) \
@@ -49,6 +52,11 @@ install-data-local:
 	$(INSTALL_DATA) $(srcdir)/include/*.inc $(DESTDIR)$(testdir)/include
 	$(INSTALL_DATA) $(srcdir)/std_data/*.dat $(DESTDIR)$(testdir)/std_data
 	$(INSTALL_DATA) $(srcdir)/std_data/des_key_file $(DESTDIR)$(testdir)/std_data
+	$(INSTALL_DATA) $(srcdir)/std_data/*.pem $(DESTDIR)$(testdir)/std_data
+
+std_data/%.pem:
+	@CP@ $(top_srcdir)/SSL/$(@F) $(srcdir)/std_data
+
 
 SUFFIXES = .sh
 
diff --git a/mysql-test/r/rpl000015.result b/mysql-test/r/rpl000015.result
index 047f1ac50446f5f922e8bb8aad013028029a1d91..8a9f8320218e03a0e3583fa563d3052c29f81ff3 100644
--- a/mysql-test/r/rpl000015.result
+++ b/mysql-test/r/rpl000015.result
@@ -4,20 +4,20 @@ File	Position	Binlog_do_db	Binlog_ignore_db
 master-bin.000001	79		
 reset slave;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
 change master to master_host='127.0.0.1';
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	test	MASTER_PORT	7		4	slave-relay-bin.000001	4		No	No							0		0	0	4
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	test	MASTER_PORT	7		4	slave-relay-bin.000001	4		No	No							0		0	0	4	No					
 change master to master_host='127.0.0.1',master_user='root',
 master_password='',master_port=MASTER_PORT;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	7		4	slave-relay-bin.000001	4		No	No							0		0	0	4
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	7		4	slave-relay-bin.000001	4		No	No							0		0	0	4	No					
 start slave;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	7	master-bin.000001	79	slave-relay-bin.000001	123	master-bin.000001	Yes	Yes							0		0	79	123
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	7	master-bin.000001	79	slave-relay-bin.000001	123	master-bin.000001	Yes	Yes							0		0	79	123	No					
 drop table if exists t1;
 create table t1 (n int);
 insert into t1 values (10),(45),(90);
diff --git a/mysql-test/r/rpl_empty_master_crash.result b/mysql-test/r/rpl_empty_master_crash.result
index 6aac1cbfc9136197eabfb28f5130b2cf695bb670..10b1fdeb0ecb656a2aa9be72ace5615da93d4e6a 100644
--- a/mysql-test/r/rpl_empty_master_crash.result
+++ b/mysql-test/r/rpl_empty_master_crash.result
@@ -5,7 +5,7 @@ reset slave;
 drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
 start slave;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
 load table t1 from master;
 ERROR 08S01: Error connecting to master: Master is not configured
 load table t1 from master;
diff --git a/mysql-test/r/rpl_flush_log_loop.result b/mysql-test/r/rpl_flush_log_loop.result
index 954ab107123d9988978ce1d290980787d9588320..b9cfa7fb55d93b664029780b2ea0b060118e39d8 100644
--- a/mysql-test/r/rpl_flush_log_loop.result
+++ b/mysql-test/r/rpl_flush_log_loop.result
@@ -13,5 +13,5 @@ master_password='',master_port=SLAVE_PORT;
 start slave;
 flush logs;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	SLAVE_PORT	60	slave-bin.000001	79	relay-log.000001	122	slave-bin.000001	Yes	Yes							0		0	79	122
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	SLAVE_PORT	60	slave-bin.000001	79	relay-log.000001	122	slave-bin.000001	Yes	Yes							0		0	79	122	No					
diff --git a/mysql-test/r/rpl_log.result b/mysql-test/r/rpl_log.result
index 050e9274a992443e198dfd8f76efee839cd87166..db8c383b0a07ada495cab146e835ceafecf6858a 100644
--- a/mysql-test/r/rpl_log.result
+++ b/mysql-test/r/rpl_log.result
@@ -92,7 +92,7 @@ slave-bin.000002	4	Query	1	110	use `test`; create table t1 (n int)
 slave-bin.000002	62	Query	1	168	use `test`; insert into t1 values (1)
 slave-bin.000002	122	Query	1	228	use `test`; drop table t1
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	1	master-bin.000002	276	slave-relay-bin.000002	1531	master-bin.000002	Yes	Yes							0		0	276	1535
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	1	master-bin.000002	276	slave-relay-bin.000002	1531	master-bin.000002	Yes	Yes							0		0	276	1535	No					
 show binlog events in 'slave-bin.000005' from 4;
 ERROR HY000: Error when executing command SHOW BINLOG EVENTS: Could not find target log
diff --git a/mysql-test/r/rpl_log_pos.result b/mysql-test/r/rpl_log_pos.result
index b42e7ff5dc41ea0f06976ec9bdf50face398f333..7787243410d9845c2bd34eb6e657f889f64f894a 100644
--- a/mysql-test/r/rpl_log_pos.result
+++ b/mysql-test/r/rpl_log_pos.result
@@ -8,26 +8,26 @@ show master status;
 File	Position	Binlog_do_db	Binlog_ignore_db
 master-bin.000001	79		
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	1	master-bin.000001	79	slave-relay-bin.000002	123	master-bin.000001	Yes	Yes							0		0	79	127
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	1	master-bin.000001	79	slave-relay-bin.000002	123	master-bin.000001	Yes	Yes							0		0	79	127	No					
 stop slave;
 change master to master_log_pos=73;
 start slave;
 stop slave;
 change master to master_log_pos=73;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	1	master-bin.000001	73	slave-relay-bin.000001	4	master-bin.000001	No	No							0		0	73	4
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	1	master-bin.000001	73	slave-relay-bin.000001	4	master-bin.000001	No	No							0		0	73	4	No					
 start slave;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	1	master-bin.000001	73	slave-relay-bin.000001	4	master-bin.000001	No	Yes							0		0	73	4
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	1	master-bin.000001	73	slave-relay-bin.000001	4	master-bin.000001	No	Yes							0		0	73	4	No					
 stop slave;
 change master to master_log_pos=173;
 start slave;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	1	master-bin.000001	173	slave-relay-bin.000001	4	master-bin.000001	No	Yes							0		0	173	4
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	1	master-bin.000001	173	slave-relay-bin.000001	4	master-bin.000001	No	Yes							0		0	173	4	No					
 show master status;
 File	Position	Binlog_do_db	Binlog_ignore_db
 master-bin.000001	79		
diff --git a/mysql-test/r/rpl_openssl.result b/mysql-test/r/rpl_openssl.result
new file mode 100644
index 0000000000000000000000000000000000000000..43cf6bf8176bf0db59518f793aeadcbfc8dd9dff
--- /dev/null
+++ b/mysql-test/r/rpl_openssl.result
@@ -0,0 +1,30 @@
+stop slave;
+drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
+reset master;
+reset slave;
+drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
+start slave;
+grant replication slave on *.* to replssl@'%' require ssl;
+create table t1 (t int);
+stop slave;
+change master to master_user='replssl',master_password='';
+start slave;
+insert into t1 values (1);
+select * from t1;
+t
+stop slave;
+change master to master_ssl=1 , master_ssl_ca ='MYSQL_TEST_DIR/std_data/cacert.pem', master_ssl_cert='MYSQL_TEST_DIR/std_data/client-cert.pem', master_ssl_key='MYSQL_TEST_DIR/std_data/client-key.pem';
+start slave;
+select * from t1;
+t
+1
+show slave status;
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	replssl	MASTER_MYPORT	1	master-bin.000001	289	slave-relay-bin.000001	64	master-bin.000001	Yes	Yes							0		0	289	64	Yes	MYSQL_TEST_DIR/std_data/cacert.pem		MYSQL_TEST_DIR/std_data/client-cert.pem		MYSQL_TEST_DIR/std_data/client-key.pem
+stop slave;
+change master to master_user='root',master_password='', master_ssl=0;
+start slave;
+drop table t1;
+show slave status;
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_MYPORT	1	master-bin.000001	337	slave-relay-bin.000001	52	master-bin.000001	Yes	Yes							0		0	337	52	No	MYSQL_TEST_DIR/std_data/cacert.pem		MYSQL_TEST_DIR/std_data/client-cert.pem		MYSQL_TEST_DIR/std_data/client-key.pem
diff --git a/mysql-test/r/rpl_redirect.result b/mysql-test/r/rpl_redirect.result
index 79ff6685706a98730f98474155e757b419c0e7e3..ce82ef54355bf4869c406a4347ccdd662a42cdc3 100644
--- a/mysql-test/r/rpl_redirect.result
+++ b/mysql-test/r/rpl_redirect.result
@@ -5,7 +5,7 @@ reset slave;
 drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
 start slave;
 SHOW SLAVE STATUS;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
 SHOW SLAVE HOSTS;
 Server_id	Host	Port	Rpl_recovery_rank	Master_id
 2	127.0.0.1	SLAVE_PORT	2	1
diff --git a/mysql-test/r/rpl_replicate_do.result b/mysql-test/r/rpl_replicate_do.result
index 4d740cafbd0ccb603b1c01aa41eea7ca1f087f37..2daa9cd0ef377907295c8beb88cabb93313e0879 100644
--- a/mysql-test/r/rpl_replicate_do.result
+++ b/mysql-test/r/rpl_replicate_do.result
@@ -27,5 +27,5 @@ select * from t11;
 ERROR 42S02: Table 'test.t11' doesn't exist
 drop table if exists t1,t2,t11;
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	1	master-bin.000001	1281	slave-relay-bin.000002	1325	master-bin.000001	Yes	Yes			test.t1				0		0	1281	1329
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	1	master-bin.000001	1281	slave-relay-bin.000002	1325	master-bin.000001	Yes	Yes			test.t1				0		0	1281	1329	No					
diff --git a/mysql-test/r/rpl_rotate_logs.result b/mysql-test/r/rpl_rotate_logs.result
index 753edebea60b53a8b739e60c4dbaff9ea9043815..9261ade5225424541a885b82b13421f63bb1f1b3 100644
--- a/mysql-test/r/rpl_rotate_logs.result
+++ b/mysql-test/r/rpl_rotate_logs.result
@@ -15,8 +15,8 @@ insert into temp_table values ("testing temporary tables");
 create table t1 (s text);
 insert into t1 values('Could not break slave'),('Tried hard');
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	60	master-bin.000001	417	slave-relay-bin.000001	461	master-bin.000001	Yes	Yes							0		0	417	461
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	60	master-bin.000001	417	slave-relay-bin.000001	461	master-bin.000001	Yes	Yes							0		0	417	461	No					
 select * from t1;
 s
 Could not break slave
@@ -56,8 +56,8 @@ Log_name
 master-bin.000003
 insert into t2 values (65);
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	60	master-bin.000003	290	slave-relay-bin.000001	1088	master-bin.000003	Yes	Yes							0		0	290	1088
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	60	master-bin.000003	290	slave-relay-bin.000001	1088	master-bin.000003	Yes	Yes							0		0	290	1088	No					
 select * from t2;
 m
 34
@@ -82,8 +82,8 @@ select * from t4;
 a
 testing temporary tables part 2
 show slave status;
-Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space
-127.0.0.1	root	MASTER_PORT	60	master-bin.000006	838	slave-relay-bin.000001	8067	master-bin.000006	Yes	Yes							0		0	838	8067
+Master_Host	Master_User	Master_Port	Connect_retry	Master_Log_File	Read_Master_Log_Pos	Relay_Log_File	Relay_Log_Pos	Relay_Master_Log_File	Slave_IO_Running	Slave_SQL_Running	Replicate_do_db	Replicate_ignore_db	Replicate_do_table	Replicate_ignore_table	Replicate_wild_do_table	Replicate_wild_ignore_table	Last_errno	Last_error	Skip_counter	Exec_master_log_pos	Relay_log_space	Master_SSL_Allowed	Master_SSL_CA_File	Master_SSL_CA_Path	Master_SSL_Cert	Master_SSL_Cipher	Master_SSL_Key
+127.0.0.1	root	MASTER_PORT	60	master-bin.000006	838	slave-relay-bin.000001	8067	master-bin.000006	Yes	Yes							0		0	838	8067	No					
 lock tables t3 read;
 select count(*) from t3 where n >= 4;
 count(*)
diff --git a/mysql-test/t/rpl_openssl.test b/mysql-test/t/rpl_openssl.test
new file mode 100644
index 0000000000000000000000000000000000000000..bd658786bd74b8c072090089d27252d02818299c
--- /dev/null
+++ b/mysql-test/t/rpl_openssl.test
@@ -0,0 +1,60 @@
+source include/have_openssl_1.inc;
+source include/master-slave.inc;
+
+# We don't test all types of ssl auth params here since it's a bit hard 
+# until problems with OpenSSL 0.9.7 are unresolved
+
+# creating replication user for whom ssl auth is required
+# preparing playground
+connection master;
+grant replication slave on *.* to replssl@'%' require ssl;
+create table t1 (t int);
+save_master_pos;
+
+#syncing with master
+connection slave;
+sync_with_master;
+
+#trying to use this user without ssl
+stop slave;
+change master to master_user='replssl',master_password='';
+start slave;
+
+#showing that replication don't work
+connection master;
+insert into t1 values (1);
+#reasonable timeout for changes to propagate to slave
+sleep 3;
+connection slave;
+select * from t1;
+
+#showing that replication could work with ssl params
+stop slave;
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
+eval change master to master_ssl=1 , master_ssl_ca ='$MYSQL_TEST_DIR/std_data/cacert.pem', master_ssl_cert='$MYSQL_TEST_DIR/std_data/client-cert.pem', master_ssl_key='$MYSQL_TEST_DIR/std_data/client-key.pem';
+start slave;
+
+#avoiding unneeded sleeps
+connection master;
+save_master_pos;
+connection slave;
+sync_with_master;
+
+#checking that replication is ok
+select * from t1;
+
+#checking show slave status
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
+show slave status;
+
+#checking if replication works without ssl also performing clean up
+stop slave;
+change master to master_user='root',master_password='', master_ssl=0;
+start slave;
+connection master;
+drop table t1;
+save_master_pos;
+connection slave;
+sync_with_master;
+--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
+show slave status;
diff --git a/sql/lex.h b/sql/lex.h
index c2860f4551ad19b35d4e9058fd53afeba6a9b3c9..61b7162b8fe24eefc96cd639411523db7ad4053c 100644
--- a/sql/lex.h
+++ b/sql/lex.h
@@ -249,6 +249,12 @@ static SYMBOL symbols[] = {
   { "MASTER_PASSWORD",           SYM(MASTER_PASSWORD_SYM),0,0},
   { "MASTER_PORT",           SYM(MASTER_PORT_SYM),0,0},
   { "MASTER_SERVER_ID",           SYM(MASTER_SERVER_ID_SYM),0,0},
+  { "MASTER_SSL",       SYM(MASTER_SSL_SYM),0,0},
+  { "MASTER_SSL_CA",    SYM(MASTER_SSL_CA_SYM),0,0},
+  { "MASTER_SSL_CAPATH",SYM(MASTER_SSL_CAPATH_SYM),0,0},
+  { "MASTER_SSL_CERT",  SYM(MASTER_SSL_CERT_SYM),0,0},
+  { "MASTER_SSL_CIPHER",SYM(MASTER_SSL_CIPHER_SYM),0,0},
+  { "MASTER_SSL_KEY",   SYM(MASTER_SSL_KEY_SYM),0,0},
   { "MASTER_USER",           SYM(MASTER_USER_SYM),0,0},
   { "MAX_ROWS",		SYM(MAX_ROWS),0,0},
   { "MAX_QUERIES_PER_HOUR", SYM(MAX_QUERIES_PER_HOUR), 0,0},
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index 8ddcbdc572f64a2aac6b188260dee78601bbaf53..7f839c9f0e86f6325689009b47515e31721d35b3 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -359,15 +359,15 @@ pthread_t signal_thread;
 pthread_attr_t connection_attrib;
 
 /* replication parameters, if master_host is not NULL, we are a slave */
-my_bool master_ssl;
 uint master_port= MYSQL_PORT, master_connect_retry = 60;
 uint report_port= MYSQL_PORT;
 ulong master_retry_count=0;
 char *master_user, *master_password, *master_host, *master_info_file;
-char *relay_log_info_file, *master_ssl_key, *master_ssl_cert;
-char *master_ssl_capath, *master_ssl_cipher, *report_user;
-char *report_password, *report_host;
+char *relay_log_info_file, *report_user, *report_password, *report_host;
 char *opt_relay_logname = 0, *opt_relaylog_index_name=0;
+my_bool master_ssl;
+char *master_ssl_key, *master_ssl_cert;
+char *master_ssl_ca, *master_ssl_capath, *master_ssl_cipher;
 
 /* Static variables */
 
@@ -3389,7 +3389,7 @@ enum options
   OPT_MASTER_RETRY_COUNT,
   OPT_MASTER_SSL,              OPT_MASTER_SSL_KEY,
   OPT_MASTER_SSL_CERT,         OPT_MASTER_SSL_CAPATH,
-  OPT_MASTER_SSL_CIPHER,
+  OPT_MASTER_SSL_CIPHER,       OPT_MASTER_SSL_CA,
   OPT_SQL_BIN_UPDATE_SAME,     OPT_REPLICATE_DO_DB,
   OPT_REPLICATE_IGNORE_DB,     OPT_LOG_SLAVE_UPDATES,
   OPT_BINLOG_DO_DB,            OPT_BINLOG_IGNORE_DB,
@@ -3723,27 +3723,28 @@ thread is in the master's binlogs.",
    (gptr*) &master_info_file, (gptr*) &master_info_file, 0, GET_STR,
    REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
   {"master-ssl", OPT_MASTER_SSL,
-   "Planned to enable the slave to connect to the master using SSL. Does nothing yet.",
+   "Enable the slave to connect to the master using SSL.",
    (gptr*) &master_ssl, (gptr*) &master_ssl, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0,
    0, 0},
   {"master-ssl-key", OPT_MASTER_SSL_KEY,
-   "Master SSL keyfile name. Only applies if you have enabled master-ssl. Does \
-nothing yet.",
+   "Master SSL keyfile name. Only applies if you have enabled master-ssl.",
    (gptr*) &master_ssl_key, (gptr*) &master_ssl_key, 0, GET_STR, OPT_ARG,
    0, 0, 0, 0, 0, 0},
   {"master-ssl-cert", OPT_MASTER_SSL_CERT,
    "Master SSL certificate file name. Only applies if you have enabled \
-master-ssl. Does nothing yet.",
+master-ssl",
    (gptr*) &master_ssl_cert, (gptr*) &master_ssl_cert, 0, GET_STR, OPT_ARG,
    0, 0, 0, 0, 0, 0},
+  {"master-ssl-ca", OPT_MASTER_SSL_CA,
+   "Master SSL CA file. Only applies if you have enabled master-ssl.",
+   (gptr*) &master_ssl_ca, (gptr*) &master_ssl_ca, 0, GET_STR, OPT_ARG,
+   0, 0, 0, 0, 0, 0},
   {"master-ssl-capath", OPT_MASTER_SSL_CAPATH,
-   "Master SSL CA path. Only applies if you have enabled master-ssl. \
-Does nothing yet.",
+   "Master SSL CA path. Only applies if you have enabled master-ssl.",
    (gptr*) &master_ssl_capath, (gptr*) &master_ssl_capath, 0, GET_STR, OPT_ARG,
    0, 0, 0, 0, 0, 0},
   {"master-ssl-cipher", OPT_MASTER_SSL_CIPHER,
-   "Master SSL cipher. Only applies if you have enabled master-ssl. \
-Does nothing yet.",
+   "Master SSL cipher. Only applies if you have enabled master-ssl.",
    (gptr*) &master_ssl_cipher, (gptr*) &master_ssl_capath, 0, GET_STR, OPT_ARG,
    0, 0, 0, 0, 0, 0},
   {"myisam-recover", OPT_MYISAM_RECOVER,
@@ -4717,8 +4718,9 @@ static void mysql_init_variables(void)
   master_user= (char*) "test";
   master_password= master_host= 0;
   master_info_file= (char*) "master.info",
-    relay_log_info_file= (char*) "relay-log.info",
-    master_ssl_key= master_ssl_cert= master_ssl_capath= master_ssl_cipher= 0;
+    relay_log_info_file= (char*) "relay-log.info";
+  master_ssl_key= master_ssl_cert= master_ssl_ca= 
+    master_ssl_capath= master_ssl_cipher= 0;
   report_user= report_password = report_host= 0;	/* TO BE DELETED */
   opt_relay_logname= opt_relaylog_index_name= 0;
 
diff --git a/sql/repl_failsafe.cc b/sql/repl_failsafe.cc
index 60af9a92c76a5e16ea0336ff314507f9c34ca16f..47459896cd77a9933159c34778a279c889fad859 100644
--- a/sql/repl_failsafe.cc
+++ b/sql/repl_failsafe.cc
@@ -669,6 +669,17 @@ int connect_to_master(THD *thd, MYSQL* mysql, MASTER_INFO* mi)
   }
   mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (char *) &slave_net_timeout);
   mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, (char *) &slave_net_timeout);
+
+#ifdef HAVE_OPENSSL
+  if (mi->ssl)
+    mysql_ssl_set(mysql, 
+        mi->ssl_key[0]?mi->ssl_key:0,
+        mi->ssl_cert[0]?mi->ssl_cert:0,
+        mi->ssl_ca[0]?mi->ssl_ca:0, 
+        mi->ssl_capath[0]?mi->ssl_capath:0,
+        mi->ssl_cipher[0]?mi->ssl_cipher:0);
+#endif
+    
   mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset_info->csname);
   mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir);
   if (!mysql_real_connect(mysql, mi->host, mi->user, mi->password, 0,
diff --git a/sql/share/czech/errmsg.txt b/sql/share/czech/errmsg.txt
index b43c4b43b502b7fe2e2ddff9cd6fcf48fbc5dcae..44482efaa86f153753253a725701590d22aed378 100644
--- a/sql/share/czech/errmsg.txt
+++ b/sql/share/czech/errmsg.txt
@@ -277,3 +277,4 @@ v/*
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/danish/errmsg.txt b/sql/share/danish/errmsg.txt
index 2eb9e6d2219748fa2cf71955963f36f9c9b9bc9b..2fe03e6d3ccf0545a330b9828283a3d030fc91f4 100644
--- a/sql/share/danish/errmsg.txt
+++ b/sql/share/danish/errmsg.txt
@@ -271,3 +271,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/dutch/errmsg.txt b/sql/share/dutch/errmsg.txt
index 2a663a176f8131a58a99f590b9abfd155e6bb101..36400c7890fe3bab87058776161c5468a6ef9d91 100644
--- a/sql/share/dutch/errmsg.txt
+++ b/sql/share/dutch/errmsg.txt
@@ -279,3 +279,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/english/errmsg.txt b/sql/share/english/errmsg.txt
index f4019d63055af936b4be1198e8f80f8ad84599a6..9e824ae5663092f15d0fe87ac345a524a02bd74f 100644
--- a/sql/share/english/errmsg.txt
+++ b/sql/share/english/errmsg.txt
@@ -273,3 +273,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/estonian/errmsg.txt b/sql/share/estonian/errmsg.txt
index d3a38ede5bce1659eb39313b57dc65ce8afa20f4..bc7f54a2edcf533448b4174e0f43e63264f63fe9 100644
--- a/sql/share/estonian/errmsg.txt
+++ b/sql/share/estonian/errmsg.txt
@@ -273,3 +273,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/french/errmsg.txt b/sql/share/french/errmsg.txt
index ccff24c57591ce4ee8cbbf7b61e00e5faca3342e..e33fe90171486378bf37017cd08cab04ba596edd 100644
--- a/sql/share/french/errmsg.txt
+++ b/sql/share/french/errmsg.txt
@@ -268,3 +268,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/german/errmsg.txt b/sql/share/german/errmsg.txt
index 52f3eb78c1133f889d4d4836c201a31811cccc8b..0613a726bdebc62bec64588a841a7827ce712579 100644
--- a/sql/share/german/errmsg.txt
+++ b/sql/share/german/errmsg.txt
@@ -277,3 +277,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/greek/errmsg.txt b/sql/share/greek/errmsg.txt
index 1ce052bdf22db0ce0a3ad4d639558d355eec16ce..1168e233e03006475e768338caa983fbcb502ce1 100644
--- a/sql/share/greek/errmsg.txt
+++ b/sql/share/greek/errmsg.txt
@@ -268,3 +268,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/hungarian/errmsg.txt b/sql/share/hungarian/errmsg.txt
index 6143ea2a1c40f3b7d3c1e4be3010b10171c19be1..274a81ae1a3e6711fe2a9bcac70952ee6a12fbc4 100644
--- a/sql/share/hungarian/errmsg.txt
+++ b/sql/share/hungarian/errmsg.txt
@@ -270,3 +270,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/italian/errmsg.txt b/sql/share/italian/errmsg.txt
index 8164757d8231bbb7a366ee70821afe7efa4ecb0c..c5fc0315cf188a68594282c378485a7c343d12ea 100644
--- a/sql/share/italian/errmsg.txt
+++ b/sql/share/italian/errmsg.txt
@@ -268,3 +268,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/japanese/errmsg.txt b/sql/share/japanese/errmsg.txt
index 747d3611cc95e36ad2def91b0cdf6ac847d76bca..b77f749409f879c57f71036e9d31aab8d384406d 100644
--- a/sql/share/japanese/errmsg.txt
+++ b/sql/share/japanese/errmsg.txt
@@ -270,3 +270,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/korean/errmsg.txt b/sql/share/korean/errmsg.txt
index 93d86d329374f121266fd31d2f6b52b4a4664d9c..4e50bfe1bc54f17065f8476eed5e8574aedc8462 100644
--- a/sql/share/korean/errmsg.txt
+++ b/sql/share/korean/errmsg.txt
@@ -268,3 +268,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/norwegian-ny/errmsg.txt b/sql/share/norwegian-ny/errmsg.txt
index e9319246fc622ed61e73f0fdfbbc72eddced18cc..663ef2110eabd3d8248550e4676ce6a0c6cd5e43 100644
--- a/sql/share/norwegian-ny/errmsg.txt
+++ b/sql/share/norwegian-ny/errmsg.txt
@@ -270,3 +270,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/norwegian/errmsg.txt b/sql/share/norwegian/errmsg.txt
index edb5854db7e38d1b3543dac37c982e98682e2ae1..358bbc4e1fa12996a163a4c82bb0cabb58614d85 100644
--- a/sql/share/norwegian/errmsg.txt
+++ b/sql/share/norwegian/errmsg.txt
@@ -270,3 +270,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/polish/errmsg.txt b/sql/share/polish/errmsg.txt
index 27b4d0d661fec906a2444ab3300c2525eaa62a96..600424bc27be8f6eb21c696f5e87f348a34aed0e 100644
--- a/sql/share/polish/errmsg.txt
+++ b/sql/share/polish/errmsg.txt
@@ -272,3 +272,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/portuguese/errmsg.txt b/sql/share/portuguese/errmsg.txt
index 60ace09ab330679bfc0a241435570e3751416ee0..ceb024ba5760a210f3435c7f4cd9fbf436bd40f9 100644
--- a/sql/share/portuguese/errmsg.txt
+++ b/sql/share/portuguese/errmsg.txt
@@ -268,3 +268,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/romanian/errmsg.txt b/sql/share/romanian/errmsg.txt
index 8824d64876a31389780f731ab8fe083e1daf6c21..d4782649333c3759b4fe39c573c2221eee23545a 100644
--- a/sql/share/romanian/errmsg.txt
+++ b/sql/share/romanian/errmsg.txt
@@ -272,3 +272,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/russian/errmsg.txt b/sql/share/russian/errmsg.txt
index ddfc0a8f7deed794743bcc8824fe5351f52972b7..625fee9c3bc596f2d05bc01da1e4591af5ce2f7c 100644
--- a/sql/share/russian/errmsg.txt
+++ b/sql/share/russian/errmsg.txt
@@ -270,3 +270,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/serbian/errmsg.txt b/sql/share/serbian/errmsg.txt
index 9e2a37e4053faf0864511572cbcf3456ca12f1f5..e6609d391dd2096c2fd3f1ad8c739a45559b0e11 100644
--- a/sql/share/serbian/errmsg.txt
+++ b/sql/share/serbian/errmsg.txt
@@ -264,3 +264,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/slovak/errmsg.txt b/sql/share/slovak/errmsg.txt
index ed1d8cadb80ef8e58c0f41f5ffa4617c76281ade..82672a7570f10766011a49b4d45a88437346cfe7 100644
--- a/sql/share/slovak/errmsg.txt
+++ b/sql/share/slovak/errmsg.txt
@@ -276,3 +276,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/spanish/errmsg.txt b/sql/share/spanish/errmsg.txt
index 5f3a2f38109530b04b197b943d299d59e4f96f98..94a1b6186881d97264d0a139742e3d5b0566f8cf 100644
--- a/sql/share/spanish/errmsg.txt
+++ b/sql/share/spanish/errmsg.txt
@@ -269,3 +269,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/swedish/errmsg.txt b/sql/share/swedish/errmsg.txt
index d108618834ea0dc3e083c1fa74a0b77b681bcb88..b797f343e14ca375ab6b13b6c849dfdb55f8c4fe 100644
--- a/sql/share/swedish/errmsg.txt
+++ b/sql/share/swedish/errmsg.txt
@@ -268,3 +268,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/share/ukrainian/errmsg.txt b/sql/share/ukrainian/errmsg.txt
index 96b9f40feaca007d7d058f9117f9983484531294..152422b9fae4e2986ed89ee7a982e7e54ac421e7 100644
--- a/sql/share/ukrainian/errmsg.txt
+++ b/sql/share/ukrainian/errmsg.txt
@@ -273,3 +273,4 @@
 "Illegal mix of collations for operation '%s'",
 "Variable '%-.64s' is not a variable component (Can't be used as XXXX.variable_name)",
 "Unknown collation: '%-.64s'",
+"SSL parameters in CHANGE MASTER are ignored because this MySQL slave was compiled without SSL support. They can be used later when MySQL slave with SSL will be started."
diff --git a/sql/slave.cc b/sql/slave.cc
index 37979576b730e20c224cf6a7eb4486f3876b7ec7..210d2c0c744afa9f743892499a07b8f6d1a8d286 100644
--- a/sql/slave.cc
+++ b/sql/slave.cc
@@ -1409,6 +1409,7 @@ static int count_relay_log_space(RELAY_LOG_INFO* rli)
   DBUG_RETURN(0);
 }
 
+#define LINES_IN_MASTER_INFO_WITH_SSL 14
 
 int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
 		     const char* slave_info_fname,
@@ -1462,6 +1463,18 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
       strmake(mi->password, master_password, HASH_PASSWORD_LENGTH);
     mi->port = master_port;
     mi->connect_retry = master_connect_retry;
+  
+    mi->ssl= master_ssl;
+    if (master_ssl_ca)
+      strmake(mi->ssl_ca, master_ssl_ca, sizeof(mi->ssl_ca)-1);
+    if (master_ssl_capath)
+      strmake(mi->ssl_capath, master_ssl_capath, sizeof(mi->ssl_capath)-1);
+    if (master_ssl_cert)
+      strmake(mi->ssl_cert, master_ssl_cert, sizeof(mi->ssl_cert)-1);
+    if (master_ssl_cipher)
+      strmake(mi->ssl_cipher, master_ssl_cipher, sizeof(mi->ssl_cipher)-1);
+    if (master_ssl_key)
+      strmake(mi->ssl_key, master_ssl_key, sizeof(mi->ssl_key)-1);
   }
   else // file exists
   {
@@ -1473,12 +1486,50 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
       goto err;
 
     mi->fd = fd;
-    int port, connect_retry, master_log_pos;
-
+    int port, connect_retry, master_log_pos, ssl= 0, lines;
+    char *first_non_digit;
+    
+    /*
+       Starting from 4.1.x master.info has new format. Now its
+       first line contains number of lines in file. By reading this 
+       number we will be always distinguish to which version our 
+       master.info corresponds to. We can't simply count lines in 
+       file since versions before 4.1.x could generate files with more
+       lines than needed.
+       If first line doesn't contain a number or contain number less than 
+       14 then such file is treated like file from pre 4.1.1 version.
+       There is no ambiguity when reading an old master.info, as before 
+       4.1.1, the first line contained the binlog's name, which is either
+       empty or has an extension (contains a '.'), so can't be confused 
+       with an integer.
+
+       So we're just reading first line and trying to figure which version 
+       is this.
+    */
+    
+    /* 
+       The first row is temporarily stored in mi->master_log_name, 
+       if it is line count and not binlog name (new format) it will be 
+       overwritten by the second row later.
+    */
     if (init_strvar_from_file(mi->master_log_name,
 			      sizeof(mi->master_log_name), &mi->file,
-			      "") ||
-	init_intvar_from_file(&master_log_pos, &mi->file, 4) ||
+			      ""))
+      goto errwithmsg;
+    
+    lines= strtoul(mi->master_log_name, &first_non_digit, 10);
+
+    if (mi->master_log_name[0]!='\0' && 
+        *first_non_digit=='\0' && lines >= LINES_IN_MASTER_INFO_WITH_SSL)
+    {                                          // Seems to be new format
+      if (init_strvar_from_file(mi->master_log_name,     
+            sizeof(mi->master_log_name), &mi->file, ""))
+        goto errwithmsg;
+    }
+    else
+      lines= 7;
+    
+    if (init_intvar_from_file(&master_log_pos, &mi->file, 4) ||
 	init_strvar_from_file(mi->host, sizeof(mi->host), &mi->file,
 			      master_host) ||
 	init_strvar_from_file(mi->user, sizeof(mi->user), &mi->file,
@@ -1488,10 +1539,34 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
 	init_intvar_from_file(&port, &mi->file, master_port) ||
 	init_intvar_from_file(&connect_retry, &mi->file,
 			      master_connect_retry))
-    {
-      sql_print_error("Error reading master configuration");
-      goto err;
-    }
+      goto errwithmsg;
+
+    /* 
+       If file has ssl part use it even if we have server without 
+       SSL support. But these option will be ignored later when 
+       slave will try connect to master, so in this case warning 
+       is printed.
+     */
+    if (lines >= LINES_IN_MASTER_INFO_WITH_SSL && 
+        (init_intvar_from_file(&ssl, &mi->file, master_ssl) ||
+         init_strvar_from_file(mi->ssl_ca, sizeof(mi->ssl_ca), 
+                               &mi->file, master_ssl_ca) ||
+         init_strvar_from_file(mi->ssl_capath, sizeof(mi->ssl_capath), 
+                               &mi->file, master_ssl_capath) ||
+         init_strvar_from_file(mi->ssl_cert, sizeof(mi->ssl_cert),
+                               &mi->file, master_ssl_cert) ||
+         init_strvar_from_file(mi->ssl_cipher, sizeof(mi->ssl_cipher),
+                               &mi->file, master_ssl_cipher) ||
+         init_strvar_from_file(mi->ssl_key, sizeof(mi->ssl_key),
+                              &mi->file, master_ssl_key)))
+      goto errwithmsg;
+#ifndef HAVE_OPENSSL
+    if (ssl)
+      sql_print_error("SSL information in the master info file "
+                      "('%s') are ignored because this MySQL slave was compiled "
+                      "without SSL support.", fname);
+#endif /* HAVE_OPENSSL */
+    
     /*
       This has to be handled here as init_intvar_from_file can't handle
       my_off_t types
@@ -1499,6 +1574,7 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
     mi->master_log_pos= (my_off_t) master_log_pos;
     mi->port= (uint) port;
     mi->connect_retry= (uint) connect_retry;
+    mi->ssl= (my_bool) ssl;
   }
   DBUG_PRINT("master_info",("log_file_name: %s  position: %ld",
 			    mi->master_log_name,
@@ -1514,7 +1590,10 @@ int init_master_info(MASTER_INFO* mi, const char* master_info_fname,
   error=test(flush_master_info(mi));
   pthread_mutex_unlock(&mi->data_lock);
   DBUG_RETURN(error);
-
+  
+errwithmsg:
+  sql_print_error("Error reading master configuration");
+  
 err:
   if (fd >= 0)
   {
@@ -1648,6 +1727,18 @@ int show_master_info(THD* thd, MASTER_INFO* mi)
 					   MYSQL_TYPE_LONGLONG));
   field_list.push_back(new Item_return_int("Relay_log_space", 10,
 					   MYSQL_TYPE_LONGLONG));
+  field_list.push_back(new Item_empty_string("Master_SSL_Allowed", 7));
+  field_list.push_back(new Item_empty_string("Master_SSL_CA_File",
+                                             sizeof(mi->ssl_ca)));
+  field_list.push_back(new Item_empty_string("Master_SSL_CA_Path", 
+                                             sizeof(mi->ssl_capath)));
+  field_list.push_back(new Item_empty_string("Master_SSL_Cert", 
+                                             sizeof(mi->ssl_cert)));
+  field_list.push_back(new Item_empty_string("Master_SSL_Cipher", 
+                                             sizeof(mi->ssl_cipher)));
+  field_list.push_back(new Item_empty_string("Master_SSL_Key", 
+                                             sizeof(mi->ssl_key)));
+  
   if (protocol->send_fields(&field_list, 1))
     DBUG_RETURN(-1);
 
@@ -1694,6 +1785,17 @@ int show_master_info(THD* thd, MASTER_INFO* mi)
     protocol->store((uint32) mi->rli.slave_skip_counter);
     protocol->store((ulonglong) mi->rli.group_master_log_pos);
     protocol->store((ulonglong) mi->rli.log_space_total);
+#ifdef HAVE_OPENSSL 
+    protocol->store(mi->ssl? "Yes":"No", &my_charset_bin);
+#else
+    protocol->store(mi->ssl? "Ignored":"No", &my_charset_bin);
+#endif
+    protocol->store(mi->ssl_ca, &my_charset_bin);
+    protocol->store(mi->ssl_capath, &my_charset_bin);
+    protocol->store(mi->ssl_cert, &my_charset_bin);
+    protocol->store(mi->ssl_cipher, &my_charset_bin);
+    protocol->store(mi->ssl_key, &my_charset_bin);
+    
     pthread_mutex_unlock(&mi->rli.data_lock);
     pthread_mutex_unlock(&mi->data_lock);
   
@@ -1712,11 +1814,22 @@ bool flush_master_info(MASTER_INFO* mi)
   DBUG_ENTER("flush_master_info");
   DBUG_PRINT("enter",("master_pos: %ld", (long) mi->master_log_pos));
 
+  /*
+     In certain cases this code may create master.info files that seems 
+     corrupted, because of extra lines filled with garbage in the end 
+     file (this happens if new contents take less space than previous 
+     contents of file). But because of number of lines in the first line 
+     of file we don't care about this garbage.
+  */
+  
   my_b_seek(file, 0L);
-  my_b_printf(file, "%s\n%s\n%s\n%s\n%s\n%d\n%d\n",
-	      mi->master_log_name, llstr(mi->master_log_pos, lbuf),
+  my_b_printf(file, "%u\n%s\n%s\n%s\n%s\n%s\n%d\n%d\n%d\n%s\n%s\n%s\n%s\n%s\n",
+	      LINES_IN_MASTER_INFO_WITH_SSL,
+              mi->master_log_name, llstr(mi->master_log_pos, lbuf),
 	      mi->host, mi->user,
-	      mi->password, mi->port, mi->connect_retry);
+	      mi->password, mi->port, mi->connect_retry,
+              (int)(mi->ssl), mi->ssl_ca, mi->ssl_capath, mi->ssl_cert,
+              mi->ssl_cipher, mi->ssl_key);
   flush_io_cache(file);
   DBUG_RETURN(0);
 }
@@ -3061,6 +3174,17 @@ static int connect_to_master(THD* thd, MYSQL* mysql, MASTER_INFO* mi,
 
   mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (char *) &slave_net_timeout);
   mysql_options(mysql, MYSQL_OPT_READ_TIMEOUT, (char *) &slave_net_timeout);
+ 
+#ifdef HAVE_OPENSSL
+  if (mi->ssl)
+    mysql_ssl_set(mysql, 
+                  mi->ssl_key[0]?mi->ssl_key:0,
+                  mi->ssl_cert[0]?mi->ssl_cert:0, 
+                  mi->ssl_ca[0]?mi->ssl_ca:0,
+                  mi->ssl_capath[0]?mi->ssl_capath:0,
+                  mi->ssl_cipher[0]?mi->ssl_cipher:0);
+#endif
+
   mysql_options(mysql, MYSQL_SET_CHARSET_NAME, default_charset_info->csname);
   /* This one is not strictly needed but we have it here for completeness */
   mysql_options(mysql, MYSQL_SET_CHARSET_DIR, (char *) charsets_dir);
diff --git a/sql/slave.h b/sql/slave.h
index 668fff52d0871cefcd09bad4295c4d8088c88d61..9d21ca5925b01b44dae6127e6fd8fa15b8a5967c 100644
--- a/sql/slave.h
+++ b/sql/slave.h
@@ -293,6 +293,9 @@ typedef struct st_master_info
   char host[HOSTNAME_LENGTH+1];
   char user[USERNAME_LENGTH+1];
   char password[HASH_PASSWORD_LENGTH+1];
+  my_bool ssl; // enables use of SSL connection if true
+  char ssl_ca[FN_REFLEN], ssl_capath[FN_REFLEN], ssl_cert[FN_REFLEN];
+  char ssl_cipher[FN_REFLEN], ssl_key[FN_REFLEN];
   pthread_mutex_t data_lock,run_lock;
   pthread_cond_t data_cond,start_cond,stop_cond;
   THD *io_thd;
@@ -310,10 +313,13 @@ typedef struct st_master_info
   volatile ulong slave_run_id;
   
   st_master_info()
-    :fd(-1), io_thd(0), inited(0), old_format(0),abort_slave(0),
+    :fd(-1), ssl(0), io_thd(0), inited(0), old_format(0),abort_slave(0),
      slave_running(0), slave_run_id(0)
   {
     host[0] = 0; user[0] = 0; password[0] = 0;
+    ssl_ca[0]= 0; ssl_capath[0]= 0; ssl_cert[0]= 0;
+    ssl_cipher[0]= 0; ssl_key[0]= 0;
+    
     bzero(&file, sizeof(file));
     pthread_mutex_init(&run_lock, MY_MUTEX_INIT_FAST);
     pthread_mutex_init(&data_lock, MY_MUTEX_INIT_FAST);
@@ -459,6 +465,10 @@ extern my_string master_user, master_password, master_host,
        master_info_file, relay_log_info_file, report_user, report_host,
        report_password;
 
+extern my_bool master_ssl;
+extern my_string master_ssl_ca, master_ssl_capath, master_ssl_cert,
+       master_ssl_cipher, master_ssl_key;
+       
 extern I_List<i_string> replicate_do_db, replicate_ignore_db;
 extern I_List<i_string_pair> replicate_rewrite_db;
 extern I_List<THD> threads;
diff --git a/sql/sql_lex.h b/sql/sql_lex.h
index faf7e16e54a69b214467899ba4dafbb0ec72d3f0..ed9132d5d202196a6718d25cda82dc5f7272a208 100644
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -85,6 +85,13 @@ typedef struct st_lex_master_info
   uint port, connect_retry;
   ulonglong pos;
   ulong server_id;
+  /* 
+     Variable for MASTER_SSL option.
+     MASTER_SSL=0 in CHANGE MASTER TO corresponds to SSL_DISABLE
+     MASTER_SSL=1 corresponds to SSL_ENABLE
+  */
+  enum {SSL_UNCHANGED=0, SSL_DISABLE, SSL_ENABLE} ssl; 
+  char *ssl_key, *ssl_cert, *ssl_ca, *ssl_capath, *ssl_cipher;
   char *relay_log_name;
   ulong relay_log_pos;
 } LEX_MASTER_INFO;
diff --git a/sql/sql_repl.cc b/sql/sql_repl.cc
index 121411379f86b7b4c2ed3229ddc45b25269d5892..f6e5ad127dfb8559dc982b266848cb2fa0958bdb 100644
--- a/sql/sql_repl.cc
+++ b/sql/sql_repl.cc
@@ -888,6 +888,25 @@ int change_master(THD* thd, MASTER_INFO* mi)
     mi->port = lex_mi->port;
   if (lex_mi->connect_retry)
     mi->connect_retry = lex_mi->connect_retry;
+ 
+  if (lex_mi->ssl != LEX_MASTER_INFO::SSL_UNCHANGED)
+    mi->ssl= (lex_mi->ssl == LEX_MASTER_INFO::SSL_ENABLE);
+  if (lex_mi->ssl_ca)
+    strmake(mi->ssl_ca, lex_mi->ssl_ca, sizeof(mi->ssl_ca)-1);
+  if (lex_mi->ssl_capath)
+    strmake(mi->ssl_capath, lex_mi->ssl_capath, sizeof(mi->ssl_capath)-1);
+  if (lex_mi->ssl_cert)
+    strmake(mi->ssl_cert, lex_mi->ssl_cert, sizeof(mi->ssl_cert)-1);
+  if (lex_mi->ssl_cipher)
+    strmake(mi->ssl_cipher, lex_mi->ssl_cipher, sizeof(mi->ssl_cipher)-1);
+  if (lex_mi->ssl_key)
+    strmake(mi->ssl_key, lex_mi->ssl_key, sizeof(mi->ssl_key)-1);
+#ifndef HAVE_OPENSSL
+  if (lex_mi->ssl || lex_mi->ssl_ca || lex_mi->ssl_capath ||
+      lex_mi->ssl_cert || lex_mi->ssl_cipher || lex_mi->ssl_key )
+    push_warning(thd, MYSQL_ERROR::WARN_LEVEL_NOTE, 
+                 ER_SLAVE_IGNORED_SSL_PARAMS, ER(ER_SLAVE_IGNORED_SSL_PARAMS));
+#endif
 
   if (lex_mi->relay_log_name)
   {
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 90c586dc2f1e43c48cf491777363de63a4c80d7a..175919d1cd4fd71218d8059d5d796e0257d72eba 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -276,6 +276,12 @@ bool my_yyoverflow(short **a, YYSTYPE **b,int *yystacksize);
 %token	MASTER_PORT_SYM
 %token	MASTER_CONNECT_RETRY_SYM
 %token	MASTER_SERVER_ID_SYM
+%token	MASTER_SSL_SYM
+%token	MASTER_SSL_CA_SYM
+%token	MASTER_SSL_CAPATH_SYM
+%token	MASTER_SSL_CERT_SYM
+%token	MASTER_SSL_CIPHER_SYM
+%token	MASTER_SSL_KEY_SYM
 %token	RELAY_LOG_FILE_SYM
 %token	RELAY_LOG_POS_SYM
 %token	MATCH
@@ -844,6 +850,31 @@ master_def:
          /* Adjust if < BIN_LOG_HEADER_SIZE (same comment as Lex->mi.pos) */
          Lex->mi.relay_log_pos = max(BIN_LOG_HEADER_SIZE, Lex->mi.relay_log_pos);
        }
+       | MASTER_SSL_SYM EQ ULONG_NUM
+         {
+           Lex->mi.ssl= $3 ? 
+               LEX_MASTER_INFO::SSL_ENABLE : LEX_MASTER_INFO::SSL_DISABLE;
+         }
+       | MASTER_SSL_CA_SYM EQ TEXT_STRING_sys
+         {
+           Lex->mi.ssl_ca= $3.str;
+         }
+       | MASTER_SSL_CAPATH_SYM EQ TEXT_STRING_sys
+         {
+           Lex->mi.ssl_capath= $3.str;
+         }
+       | MASTER_SSL_CERT_SYM EQ TEXT_STRING_sys
+         {
+           Lex->mi.ssl_cert= $3.str;
+         }
+       | MASTER_SSL_CIPHER_SYM EQ TEXT_STRING_sys
+         {
+           Lex->mi.ssl_cipher= $3.str;
+         }
+       | MASTER_SSL_KEY_SYM EQ TEXT_STRING_sys
+         {
+           Lex->mi.ssl_key= $3.str;
+         }
        ;
 
 
@@ -4430,6 +4461,12 @@ keyword:
 	| MASTER_USER_SYM	{}
 	| MASTER_PASSWORD_SYM	{}
 	| MASTER_CONNECT_RETRY_SYM	{}
+	| MASTER_SSL_SYM	{}
+	| MASTER_SSL_CA_SYM	{}
+	| MASTER_SSL_CAPATH_SYM	{}
+	| MASTER_SSL_CERT_SYM	{}
+	| MASTER_SSL_CIPHER_SYM	{}
+	| MASTER_SSL_KEY_SYM	{}
 	| MAX_CONNECTIONS_PER_HOUR	 {}
 	| MAX_QUERIES_PER_HOUR	{}
 	| MAX_UPDATES_PER_HOUR	{}