--- src/http/Configuration.h	Tue Jan 20 00:26:36 1970
+++ src/http/Configuration.h	Tue Jan 20 00:26:36 1970
@@ -35,6 +35,9 @@
 class Configuration
 {
 public:
+  typedef boost::function<std::string(std::size_t, boost::int32_t)> ssl_password_cb_t;
+
+public:
   Configuration(Wt::WLogger& logger, bool silent = false);
   ~Configuration();
 
@@ -75,6 +78,15 @@
 
   ::int64_t maxMemoryRequestSize() const { return maxMemoryRequestSize_; }
 
+  // ssl Password callback is not configurable from a file but we store it
+  // here because it's used in the Server constructor (inside start())
+  void setSslPasswordCallback(ssl_password_cb_t cb)
+  { sslPasswordCallback_ = cb; }
+  ssl_password_cb_t sslPasswordCallback()
+  { return sslPasswordCallback_; }
+  bool hasSslPasswordCallback()
+  { return sslPasswordCallback_; }
+
 private:
   Wt::WLogger& logger_;
   bool silent_;
@@ -109,6 +121,8 @@
   std::string accessLog_;
 
   ::int64_t maxMemoryRequestSize_;
+
+  ssl_password_cb_t sslPasswordCallback_;
 
   void createOptions(po::options_description& options);
   void readOptions(const po::variables_map& vm);
--- src/http/Server.C	Tue Jan 20 00:26:36 1970
+++ src/http/Server.C	Tue Jan 20 00:26:36 1970
@@ -158,6 +158,9 @@
       sslOptions |= asio::ssl::context::no_sslv3;
 
     ssl_context_.set_options(sslOptions);
+    
+    if (config_.hasSslPasswordCallback())
+      ssl_context_.set_password_callback(config_.sslPasswordCallback());
 
     if (config_.sslClientVerification() == "none") {
       ssl_context_.set_verify_mode(asio::ssl::context::verify_none);
@@ -230,14 +233,6 @@
 int Server::httpPort() const
 {
   return tcp_acceptor_.local_endpoint().port();
-}
-
-void Server::setSslPasswordCallback(
-  boost::function<std::string (std::size_t max_length)> cb)
-{
-#ifdef HTTP_WITH_SSL
-  ssl_context_.set_password_callback(boost::bind(cb, _1));
-#endif // HTTP_WITH_SSL
 }
 
 void Server::startAccept()
--- src/http/Server.h	Tue Jan 20 00:26:36 1970
+++ src/http/Server.h	Tue Jan 20 00:26:36 1970
@@ -67,9 +67,6 @@
   /// Returns the http port number.
   int httpPort() const;
 
-  // Sets callback for SSL passwords
-  void setSslPasswordCallback(boost::function<std::string (std::size_t max_length)> cb);
-
   Wt::WebController *controller();
 
   const Configuration &configuration() { return config_; }
--- src/http/WServer.C	Tue Jan 20 00:26:36 1970
+++ src/http/WServer.C	Tue Jan 20 00:26:36 1970
@@ -63,10 +63,13 @@
   ~Impl()
   {
     delete serverConfiguration_;
+    ssl_pw_cb_.clear();
   }
 
   http::server::Configuration *serverConfiguration_;
   http::server::Server        *server_;
+
+  WServer::ssl_password_cb_t  ssl_pw_cb_;
 };
 
 WServer::WServer(const std::string& applicationPath,
@@ -146,8 +149,14 @@
     configuration().setNumThreads(impl_->serverConfiguration_->threads());
 
   try {
+    
+    if (impl_->ssl_pw_cb_)
+    {
+      impl_->serverConfiguration_->setSslPasswordCallback(impl_->ssl_pw_cb_);
+    }
+
     impl_->server_ = new http::server::Server(*impl_->serverConfiguration_,
-					      *this);
+				      *this);
 
 #ifndef WT_THREADED
     LOG_WARN("No boost thread support, running in main thread.");
@@ -209,6 +218,9 @@
 
     ioService().stop();
 
+    impl_->ssl_pw_cb_ = NULL;
+    impl_->serverConfiguration_->setSslPasswordCallback(NULL);
+
     delete impl_->server_;
     impl_->server_ = 0;
   } catch (asio_system_error& e) {
@@ -228,10 +240,9 @@
   return impl_->server_->httpPort();
 }
 
-void WServer::setSslPasswordCallback(
-  boost::function<std::string (std::size_t max_length)> cb)
+void WServer::setSslPasswordCallback(ssl_password_cb_t cb)
 {
-  impl_->server_->setSslPasswordCallback(cb);
+  impl_->ssl_pw_cb_ = cb;
 }
 
 int WRun(int argc, char *argv[], ApplicationCreator createApplication)
--- src/isapi/WServer.C	Tue Jan 20 00:26:36 1970
+++ src/isapi/WServer.C	Tue Jan 20 00:26:36 1970
@@ -188,8 +188,7 @@
 //  return impl_->configuration()->readConfigurationProperty(name, value);
 //}
 
-void WServer::setSslPasswordCallback(
-  boost::function<std::string (std::size_t max_length)> cb)
+void WServer::setSslPasswordCallback(ssl_password_cb_t cb)
 {
   log("info") << "setSslPasswordCallback(): has no effect in isapi connector";
 }
--- src/Wt/WServer	Tue Jan 20 00:26:36 1970
+++ src/Wt/WServer	Tue Jan 20 00:26:36 1970
@@ -72,6 +72,12 @@
 class WServer
 {
 public:
+
+  /*! \brief 
+   * Callback used for reading SSL private keys protected with password
+   */
+  typedef boost::function<std::string(std::size_t, boost::int32_t)> ssl_password_cb_t;
+  
   /*! \class Exception
    *  \brief Server %Exception class.
    */
@@ -349,8 +355,7 @@
    * The max_length parameter is informational and indicates that the
    * underlying implementation will truncate the password to this length.
    */
-  WT_API void setSslPasswordCallback(
-    boost::function<std::string (std::size_t max_length)> cb);
+  WT_API void setSslPasswordCallback(ssl_password_cb_t cb);
 
 #endif // WT_TARGET_JAVA