+ {"daemon", 0, POPT_ARG_NONE, 0, OPT_DAEMON, 0, 0 },
+@@ -570,6 +597,13 @@ static void daemon_usage(enum logcode F)
+ rprintf(F," -4, --ipv4 prefer IPv4\n");
+ rprintf(F," -6, --ipv6 prefer IPv6\n");
+ #endif
++#ifdef HAVE_OPENSSL
++ rprintf(F," --ssl allow socket connections to use SSL\n");
++ rprintf(F," --ssl-cert=FILE path to daemon's SSL certificate\n");
++ rprintf(F," --ssl-key=FILE path to daemon's SSL private key\n");
++ rprintf(F," --ssl-key-passwd=PASS password for PEM-encoded private key\n");
++ rprintf(F," --ssl-ca-certs=FILE path to trusted CA certificates\n");
++#endif
+ rprintf(F," --help show this help screen\n");
+
+ rprintf(F,"\n");
+@@ -596,6 +630,13 @@ static struct poptOption long_daemon_opt
+ {"protocol", 0, POPT_ARG_INT, &protocol_version, 0, 0, 0 },
+ {"server", 0, POPT_ARG_NONE, &am_server, 0, 0, 0 },
+ {"temp-dir", 'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 },
++#ifdef HAVE_OPENSSL
++ {"ssl", 0, POPT_ARG_NONE, 0, OPT_USE_SSL, 0, 0},
++ {"ssl-cert", 0, POPT_ARG_STRING, &ssl_cert_path, OPT_USE_SSL, 0, 0},
++ {"ssl-key", 0, POPT_ARG_STRING, &ssl_key_path, OPT_USE_SSL, 0, 0},
++ {"ssl-key-passwd", 0, POPT_ARG_STRING, &ssl_key_passwd, OPT_USE_SSL, 0, 0},
++ {"ssl-ca-certs", 0, POPT_ARG_STRING, &ssl_ca_path, OPT_USE_SSL, 0, 0},
++#endif
+ {"verbose", 'v', POPT_ARG_NONE, 0, 'v', 0, 0 },
+ {"no-verbose", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 },
+ {"no-v", 0, POPT_ARG_VAL, &verbose, 0, 0, 0 },
+@@ -853,6 +894,12 @@ int parse_arguments(int *argc, const cha
+ verbose++;
+ break;