--- a/src/context.c	Sun Dec 05 23:45:10 2010 -0800
+++ b/src/context.c	Sun Dec 05 23:45:57 2010 -0800
@@ -19,7 +19,10 @@
 };
 typedef struct ssl_option_s ssl_option_t;
 
-int luasec_ssl_idx = -1;
+/* index into the SSL storage where the context is.
+ * see SSL_CTX_get_ex_data().
+ */
+static int luasec_sslctx_idx = -1;
 
 /* The export DH key */
 static DH *dh_512    = NULL;
@@ -227,6 +230,14 @@
   p_context ctx;
   SSL_METHOD *method;
 
+  if (luasec_sslctx_idx == -1) {
+    luasec_sslctx_idx = SSL_CTX_get_ex_new_index(0, "luasec sslctx context", NULL, NULL, NULL);
+    if (luasec_sslctx_idx == -1) {
+      lua_pushnil(L);
+      lua_pushstring(L, "error creating luasec SSL index");
+      return 2;
+    }
+  }
   method = str2method(luaL_checkstring(L, 1));
   if (!method) {
     lua_pushnil(L);
@@ -254,6 +265,8 @@
    * for server mode, but clearer to put it here rather than set_mode.
    */
   SSL_CTX_set_tmp_dh_callback(ctx->context, dh_param_cb);
+  SSL_CTX_set_ex_data(ctx->context, luasec_sslctx_idx, ctx);
+
   luaL_getmetatable(L, "SSL:Context");
   lua_setmetatable(L, -2);
   return 1;
@@ -392,17 +405,19 @@
 
 int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
+  SSL_CTX *context;
   SSL *ssl;
-  p_context ctx = NULL;
+  p_context l_ctx;
 
   /* Short-circuit optimization */
   if (preverify_ok)
     return 1;
 
   ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
-  ctx = SSL_get_ex_data(ssl, luasec_ssl_idx);
+  context = ssl->ctx;
+  l_ctx = SSL_CTX_get_ex_data(context, luasec_sslctx_idx);
 
-  if (ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) {
+  if (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_IGNORE_PURPOSE) {
     int err, depth;
 
     err = X509_STORE_CTX_get_error(x509_ctx);
@@ -414,7 +429,7 @@
       preverify_ok = 1;
     }
   }
-  return (ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok);
+  return (l_ctx->verify_flags & LUASEC_VERIFY_FLAGS_ALWAYS_CONTINUE ? 1 : preverify_ok);
 }
 
 /**