diff --git a/ChangeLog b/ChangeLog
deleted file mode 100644
--- a/ChangeLog
+++ /dev/null
@@ -1,3 +0,0 @@
-v0.1.0.1
-
-	* Documentation updates.
diff --git a/ChangeLog.md b/ChangeLog.md
new file mode 100644
--- /dev/null
+++ b/ChangeLog.md
@@ -0,0 +1,19 @@
+#### 0.1.0.4 *2020-08-23*
+
+	* Improve detection of the certificate store location in recent versions of FreeBSD.
+
+#### 0.1.0.3 *2016-08-23*
+
+	* Documentation updates.
+
+#### 0.1.0.2 *2015-04-02*
+
+	* Documentation updates.
+
+#### 0.1.0.1 *2015-02-20*
+
+	* Documentation updates.
+
+#### 0.1.0.0 *2015-02-16*
+
+	* Initial public release.
diff --git a/HsOpenSSL-x509-system.cabal b/HsOpenSSL-x509-system.cabal
--- a/HsOpenSSL-x509-system.cabal
+++ b/HsOpenSSL-x509-system.cabal
@@ -1,5 +1,5 @@
 name:                HsOpenSSL-x509-system
-version:             0.1.0.3
+version:             0.1.0.4
 synopsis:            Use the system's native CA certificate store with HsOpenSSL
 description:
   A cross-platform library that tries to find a (reasonable) CA certificate
@@ -19,7 +19,7 @@
 cabal-version:       >=1.10
 
 extra-source-files:
-  ChangeLog
+  ChangeLog.md
 
 source-repository head
   type: git
diff --git a/OpenSSL/X509/SystemStore.hs b/OpenSSL/X509/SystemStore.hs
--- a/OpenSSL/X509/SystemStore.hs
+++ b/OpenSSL/X509/SystemStore.hs
@@ -14,10 +14,11 @@
 #endif
 
 -- | Add the certificates from the system-wide certificate store to the
--- given @openssl@ context. Note that
--- __this does not automatically enable peer certificate verification__.
--- You also need to call 'OpenSSL.Session.contextSetVerificationMode' and
--- __check manually if the hostname matches__ the one specified in the
+-- given @openssl@ context. Note that in __older versions of OpenSSL__
+-- (namely <1.1.0), this does not automatically enable peer certificate
+-- verification. In that case,
+-- you also need to call 'OpenSSL.Session.contextSetVerificationMode' and
+-- check manually if the hostname matches the one specified in the
 -- certificate. You can find information about how to do the latter
 -- <https://github.com/iSECPartners/ssl-conservatory/blob/master/openssl/everything-you-wanted-to-know-about-openssl.pdf here>.
 contextLoadSystemCerts :: SSLContext -> IO () 
diff --git a/OpenSSL/X509/SystemStore/Unix.hs b/OpenSSL/X509/SystemStore/Unix.hs
--- a/OpenSSL/X509/SystemStore/Unix.hs
+++ b/OpenSSL/X509/SystemStore/Unix.hs
@@ -33,11 +33,11 @@
 -- [2] https://bugzilla.redhat.com/show_bug.cgi?id=1053882
 defaultSystemPaths :: [(Bool, FilePath)]
 defaultSystemPaths =
-    [ (False, "/etc/pki/tls/certs/ca-bundle.crt"      ) -- red hat, fedora. centos
+    [ (False, "/etc/pki/tls/certs/ca-bundle.crt"      ) -- red hat, fedora, centos
     , (True , "/etc/ssl/certs"                        ) -- other linux, netbsd
     , (True , "/system/etc/security/cacerts"          ) -- android
-    , (True , "/usr/local/share/certs"                ) -- freebsd
-    , (False, "/etc/ssl/cert.pem"                     ) -- openbsd
+    , (False, "/etc/ssl/cert.pem"                     ) -- openbsd/freebsd
     , (False, "/usr/share/ssl/certs/ca-bundle.crt"    ) -- older red hat
     , (False, "/usr/local/share/certs/ca-root-nss.crt") -- freebsd (security/ca-root-nss)
+    , (True , "/usr/local/share/certs"                ) -- freebsd
     ]
