diff -ur postgresql-8.3.1.ref/src/interfaces/libpq/fe-connect.c postgresql-8.3.1-ssl/src/interfaces/libpq/fe-connect.c
--- postgresql-8.3.1.ref/src/interfaces/libpq/fe-connect.c	2008-01-28 21:06:30.000000000 -0500
+++ postgresql-8.3.1-ssl/src/interfaces/libpq/fe-connect.c	2008-06-06 11:01:22.000000000 -0400
@@ -181,6 +181,19 @@
 	{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
 	"SSL-Mode", "", 8},			/* sizeof("disable") == 8 */
 
+	{"sslcert", "PGSSLCERT", NULL, NULL,
+	"SSL-Client-Cert", "", 64},
+
+	{"sslkey", "PGSSLKEY", NULL, NULL,
+	"SSL-Client-Key", "", 64},
+
+	{"ssltrustcrt", "PGSSLKEY", NULL, NULL,
+	"SSL-Trusted-Keys", "", 64},
+
+	{"sslcrl", "PGSSLKEY", NULL, NULL,
+	"SSL-Revocation-List", "", 64},
+
+
 #if defined(KRB5) || defined(ENABLE_GSS) || defined(ENABLE_SSPI)
 	/* Kerberos and GSSAPI authentication support specifying the service name */
 	{"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL,
@@ -413,6 +426,14 @@
 	conn->connect_timeout = tmp ? strdup(tmp) : NULL;
 	tmp = conninfo_getval(connOptions, "sslmode");
 	conn->sslmode = tmp ? strdup(tmp) : NULL;
+	tmp = conninfo_getval(connOptions, "sslkey");
+	conn->sslkey = tmp ? strdup(tmp) : NULL;
+	tmp = conninfo_getval(connOptions, "sslcert");
+	conn->sslcert = tmp ? strdup(tmp) : NULL;
+	tmp = conninfo_getval(connOptions, "ssltrustcrt");
+	conn->ssltrustcrt = tmp ? strdup(tmp) : NULL;
+	tmp = conninfo_getval(connOptions, "sslcrl");
+	conn->sslcrl = tmp ? strdup(tmp) : NULL;
 #ifdef USE_SSL
 	tmp = conninfo_getval(connOptions, "requiressl");
 	if (tmp && tmp[0] == '1')
diff -ur postgresql-8.3.1.ref/src/interfaces/libpq/fe-secure.c postgresql-8.3.1-ssl/src/interfaces/libpq/fe-secure.c
--- postgresql-8.3.1.ref/src/interfaces/libpq/fe-secure.c	2008-01-28 21:03:39.000000000 -0500
+++ postgresql-8.3.1-ssl/src/interfaces/libpq/fe-secure.c	2008-06-06 11:12:56.000000000 -0400
@@ -631,7 +631,11 @@
 	}
 
 	/* read the user certificate */
-	snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
+
+	if(conn->sslcert)
+       		strncpy(fnbuf, conn->sslcert, sizeof(fnbuf));
+       	else
+       		snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
 
 	/*
 	 * OpenSSL <= 0.9.8 lacks error stack handling, which means it's likely to
@@ -682,7 +686,7 @@
 	BIO_free(bio);
 
 #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) && !defined(OPENSSL_NO_ENGINE)
-	if (getenv("PGSSLKEY"))
+	if (getenv("PGSSLKEY") && !conn->sslkey)
 	{
 		/* read the user key from engine */
 		char	   *engine_env = getenv("PGSSLKEY");
@@ -734,7 +738,11 @@
 #endif   /* use PGSSLKEY */
 	{
 		/* read the user key from file */
-		snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);
+		if(conn->sslkey)
+			strncpy(fnbuf, conn->sslkey, sizeof(fnbuf));
+		else
+			snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);
+
 		if (stat(fnbuf, &buf) == -1)
 		{
 			printfPQExpBuffer(&conn->errorMessage,
@@ -921,7 +929,10 @@
 	/* Set up to verify server cert, if root.crt is present */
 	if (pqGetHomeDirectory(homedir, sizeof(homedir)))
 	{
-		snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CERT_FILE);
+               if(conn->ssltrustcrt)
+                       strncpy(fnbuf, conn->ssltrustcrt, sizeof(fnbuf));
+               else
+                       snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CERT_FILE);
 		if (stat(fnbuf, &buf) == 0)
 		{
 			X509_STORE *cvstore;
@@ -939,8 +950,13 @@
 
 			if ((cvstore = SSL_CTX_get_cert_store(SSL_context)) != NULL)
 			{
+                                if(conn->sslcrl)
+                                        strncpy(fnbuf, conn->sslcrl, sizeof(fnbuf));
+                                else
+                                        snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, ROOT_CRL_FILE);
+
 				/* setting the flags to check against the complete CRL chain */
-				if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) != 0)
+				if (X509_STORE_load_locations(cvstore, fnbuf, NULL) != 0)
 /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
 #ifdef X509_V_FLAG_CRL_CHECK
 					X509_STORE_set_flags(cvstore,
diff -ur postgresql-8.3.1.ref/src/interfaces/libpq/libpq-int.h postgresql-8.3.1-ssl/src/interfaces/libpq/libpq-int.h
--- postgresql-8.3.1.ref/src/interfaces/libpq/libpq-int.h	2008-01-01 14:46:00.000000000 -0500
+++ postgresql-8.3.1-ssl/src/interfaces/libpq/libpq-int.h	2008-06-06 11:15:09.000000000 -0400
@@ -293,6 +293,11 @@
 	char	   *pgpass;
 	bool		pgpass_from_client;	/* did password come from connect args? */
 	char	   *sslmode;		/* SSL mode (require,prefer,allow,disable) */
+        char       *sslkey;     /* ssl key file filename for call back */
+        char       *sslcert;    /* ssl certificate filename for call back */
+        char       *ssltrustcrt; /* Trusted certificuits */
+        char       *sslcrl;     /* certificates revoked by certificate authorities */
+
 #if defined(KRB5) || defined(ENABLE_GSS) || defined(ENABLE_SSPI)
 	char	   *krbsrvname;		/* Kerberos service name */
 #endif
diff -ur postgresql-8.3.1.ref/src/interfaces/libpq/libpq.rc postgresql-8.3.1-ssl/src/interfaces/libpq/libpq.rc
--- postgresql-8.3.1.ref/src/interfaces/libpq/libpq.rc	2008-03-14 23:24:54.000000000 -0400
+++ postgresql-8.3.1-ssl/src/interfaces/libpq/libpq.rc	2008-06-06 11:19:28.000000000 -0400
@@ -1,8 +1,8 @@
 #include <winver.h>
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 8,3,1,8075
- PRODUCTVERSION 8,3,1,8075
+ FILEVERSION 8,3,1,8158
+ PRODUCTVERSION 8,3,1,8158
  FILEFLAGSMASK 0x3fL
  FILEFLAGS 0
  FILEOS VOS__WINDOWS32