Index: tclpkcs11.c
==================================================================
--- tclpkcs11.c
+++ tclpkcs11.c
@@ -413,11 +413,11 @@
 		return(NULL);
 	}
 
 	return(new_handle);
 #elif defined(HAVE_DLOPEN)
-	return(dlopen(pathname, RTLD_LAZY | RTLD_LOCAL));
+	return(dlopen(pathname, RTLD_NOW | RTLD_GLOBAL));
 #elif defined(HAVE_SHL_LOAD)
 	return(shl_load(pathname, BIND_DEFERRED, 0L));
 #elif defined(_WIN32)
 	return(LoadLibrary(pathname));
 #endif
@@ -1328,10 +1328,11 @@
 			Tcl_ListObjAppendElement(interp, pki_real_cmd, Tcl_NewStringObj("-nounpad", -1));
 		}
 
 		Tcl_ListObjAppendElement(interp, pki_real_cmd, Tcl_NewStringObj("-pub", -1));
 		Tcl_ListObjAppendElement(interp, pki_real_cmd, Tcl_NewStringObj("-binary", -1));
+		Tcl_ListObjAppendElement(interp, pki_real_cmd, Tcl_NewStringObj("--", -1));
 		Tcl_ListObjAppendElement(interp, pki_real_cmd, tcl_input);
 		Tcl_ListObjAppendElement(interp, pki_real_cmd, tcl_keylist);
 
 		return(Tcl_EvalObjEx(interp, pki_real_cmd, 0));
 	}

Index: test.tcl
==================================================================
--- test.tcl
+++ test.tcl
@@ -36,24 +36,24 @@
 foreach certinfo_list $certs {
 	unset -nocomplain certinfo
 	array set certinfo $certinfo_list
 	puts "Cert: $certinfo(pkcs11_label) / $certinfo(subject)"
 
-	set cipher [pki::encrypt -binary -pub $orig $certinfo_list]
+	set cipher [pki::encrypt -binary -pub -- $orig $certinfo_list]
 
 	if {[catch {
-		set plain  [pki::decrypt -binary -priv $cipher $certinfo_list]
+		set plain  [pki::decrypt -binary -priv -- $cipher $certinfo_list]
 	} err]} {
 		if {$err == "PKCS11_ERROR USER_NOT_LOGGED_IN"} {
 			# Login and try it again...
 			puts -nonewline " *** ENTER PIN: "
 			flush stdout
 
 			gets stdin password
 			pki::pkcs11::login $handle $token_slotid $password
 
-			set plain  [pki::decrypt -binary -priv $cipher $certinfo_list]
+			set plain  [pki::decrypt -binary -priv -- $cipher $certinfo_list]
 		} else {
 			puts stderr "$::errorInfo"
 
 			exit 1
 		}
@@ -63,12 +63,12 @@
 		puts "Decryption error!  Expected \"$orig\", got \"$plain\""
 
 		exit 1
 	}
 
-	set cipher [pki::encrypt -binary -priv $orig $certinfo_list]
-	set plain  [pki::decrypt -binary -pub $cipher $certinfo_list]
+	set cipher [pki::encrypt -binary -priv -- $orig $certinfo_list]
+	set plain  [pki::decrypt -binary -pub -- $cipher $certinfo_list]
 
 	set sig    [pki::sign $orig $certinfo_list]
 	set verify [pki::verify $sig $orig $certinfo_list]
 
 	if {!$verify} {