diff --git a/AUTHORS b/AUTHORS
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,4 +1,4 @@
-This is the list of contributors to the HsOpenSSL.
+This is an incomplete list of contributors to the HsOpenSSL:
 
 * Adam Langley <agl@imperialviolet.org>
 * John Van Enk <vanenkj@gmail.com> and his friend
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,454 @@
+2013-12-11  PHO  <pho@cielonegro.org>
+
+	* OpenSSL.hsc [base < 4.6] (modifyMVar_): Fix compilation,
+	Patch by Gregory Collins.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.3.6
+
+2013-11-07  PHO  <pho@cielonegro.org>
+
+	* OpenSSL.hsc (withOpenSSL): OpenSSL.withOpenSSL is now safe to be
+	applied redundantly,  Suggested by Andrew Cowie (#26).
+
+	* COPYING: Update the license to CC0: copyright waiver with a
+	public license fallback. See
+	http://creativecommons.org/publicdomain/zero/1.0/
+
+	* HsOpenSSL.cabal: Bump version to 0.10.3.5
+
+2013-09-05  PHO  <pho@cielonegro.org>
+
+	* cbits/HsOpenSSL.c, cbits/HsOpenSSL.h: Fix a compilation issue
+	that occurs when using a different builddir with "cabal build
+	--builddir=DIR",  Reported by Bit Connor (#23), Gregory Collins
+	(#24) and Bas van Dijk (#25).
+
+	* HsOpenSSL.cabal: Bump version to 0.10.3.4
+
+2012-08-28  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc: Merged #17 "Use MVar instead of QSem in
+	OpenSSL.Session",  Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.3.3
+
+2012-07-21  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/PEM.hsc, OpenSSL/Session.hsc: Merged #15 "Fixed build
+	with base-4.6",  Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Added a configuration flag 'fast-bignum' (#16).
+
+	* HsOpenSSL.cabal: Bump version to 0.10.3.2
+
+2012-04-24  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/X509/Store.hsc: Merged #14 "Fixed X509_STORE_CTX
+	bindings vs OpenSSL 0.9.x",  Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.3.1
+
+2012-04-17  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/X509/Store.hsc (getStoreCtxCert, getStoreCtxIssuer)
+	(getStoreCtxCRL, getStoreCtxChain): Merged #12 "Bindings to some
+	of the X509_STORE_CTX functions",  Patch by Mikhail Vorozhtsov.
+
+	* OpenSSL/Session.hsc: Merged #13 "Fixed early verification
+	callback deallocation crash",  Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.3
+
+2012-04-16  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/PEM.hsc: Merged #10 "Fix X509 PEM reading/writing",
+	Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.2.1
+
+2012-04-06  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc (readPtr, tryReadPtr, writePtr)
+	(tryWritePtr): Merged #9 "Add raw pointer read/write operations",
+	Patch by Iavor S. Diatchki.
+
+	* cbits/HsOpenSSL.h: Fixed #8 "HsOpenSSL 0.10.1.4 won't build",
+	Reported by vcxp.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.2
+
+2012-03-08  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/EVP/Internal.hsc, OpenSSL/X509.hsc: Fixed #7 "Haskell
+	Platform 2011.4 Support",  Reported by stepcut.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.1.4
+
+2012-03-04  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc (SSL, SSLContext, SSLResult, ShutdownType)
+	(VerificationMode): Make these types instances of Typeable.
+
+	* OpenSSL/Utils.hs: Add Num to constraints with Bits,
+	Patch by Ben Gamari.
+
+	* OpenSSL/DSA.hsc, OpenSSL/EVP/Base64.hsc, OpenSSL/EVP/Digest.hsc,
+	OpenSSL/EVP/Open.hsc, OpenSSL/RSA.hsc: Use unsafePerformIO from
+	System.IO.Unsafe,  Patch by Ben Gamari.
+
+	* OpenSSL/EVP/Internal.hsc, OpenSSL/X509.hsc:
+	Use unsafeForeignPtrToPtr from Foreign.ForeignPtr.Unsafe,
+	Patch by Ben Gamari.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.1.3
+
+2011-11-16  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc: SSL_get_error() must be called within the
+	OS thread which caused the failed operation as it inspects the
+	thread-local storage.
+
+	* OpenSSL/Session.hsc: write/tryWrite should throw EPIPE for
+	cleanly-closed connections rather than EOF.
+
+	* OpenSSL/Session.hsc: shutdown/tryShutdown shouldn't throw an
+	exception when a remote peer sends us a "close notify" alert and
+	closes the connection without waiting for our reply.
+
+	* OpenSSL/Session.hsc: ProtocolError should contain an error
+	message string.
+
+	* OpenSSL/EVP/*: Moved all EVP-related private functions to
+	OpenSSL.EVP.Internal,  Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.1.2
+
+2011-09-22  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc: GHC 6.12.3 friendliness: don't use
+	Control.Monad.void,  Patch by Peter Gammie.
+
+	* OpenSSL/BN.hsc, OpenSSL/Cipher.hsc: Placate LLVM in GHC 7.3.x
+	HEAD: give memcpy the right type.  Patch by Peter Gammie and David
+	Terei.
+
+	* OpenSSL/Session.hsc: Use throwIO instead of throw to raise SSL
+	exceptions,  Patch by Mikhail Vorozhtsov.
+
+	* cbits/HsOpenSSL.c, cbits/HsOpenSSL.h: DHparams_dup() is a
+	function in OpenSSL 1.0.0 but is a macro in 0.9.8.
+
+	* OpenSSL/X509/Revocation.hsc: OpenSSL 0.9.8 doesn't provide
+	X509_CRL_get0_by_serial().
+
+	* HsOpenSSL.cabal: Bump version to 0.10.1.1
+
+2011-08-27  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/DH.hsc: Added bindings to Diffie-Hellman functions,
+	Patch by Mikhail Vorozhtsov.
+
+	* OpenSSL/X509/Revocation.hsc: Added revocation lookup function,
+	Patch by Mikhail Vorozhtsov.
+
+	* OpenSSL/Session.hsc: Added optional verification callback to
+	VerifyPeer,  Patch by Mikhail Vorozhtsov.
+
+	* OpenSSL/Session.hsc: Expose low-level asynchronous versions of
+	accept, connect, read, write and shutdown,
+	Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.10.1
+
+2011-07-26  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc (fdConnection, sslSocket): Support wrapping
+	plain file descriptors in SSL connections,
+	Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.10
+
+2011-06-21  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/BN.hsc: Added missing BangPatterns pragma,
+	Patch by Mikhail Vorozhtsov.
+
+	* HsOpenSSL.cabal: Bump version to 0.9.0.1
+
+2010-11-13  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc: Operations in OpenSSL.Session now throw
+	exceptions of individual exception types instead of plain strings,
+	Suggested by Arthur Chan.
+
+	* HsOpenSSL.cabal: Bump version to 0.9
+
+2010-09-19  PHO  <pho@cielonegro.org>
+
+	* HsOpenSSL.cabal: Fix Windows support as suggested in
+	<http://hackage.haskell.org/trac/ghc/wiki/Builder>,
+	Reported by Edward Z. Yang.
+
+	* HsOpenSSL.cabal: Bump version to 0.8.0.2
+
+2010-02-09  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/PEM.hsc: Add PEM-functionality with a new PwBS that
+	works like PwStr except there are no superfluous extra copies
+	retained in the memory,  Patch by Taru Karttunen.
+
+	* OpenSSL/PEM.hsc: Make PEM callbacks use bracket which makes
+	cleanup work even if there are exceptions,
+	Patch by Taru Karttunen.
+
+	* OpenSSL/EVP/Sign.hsc: Export OpenSSL.EVP.Sign.signFinal,
+	Patch by Taru Karttunen.
+
+	* OpenSSL/EVP/Sign.hsc: Make OpenSSL.EVP.Sign.signFinal use
+	ByteStrings internally,  Patch by Taru Karttunen.
+
+	* OpenSSL/EVP/Digest.hsc: Document pkcs5_pbkdf2_hmac_sha1 in
+	OpenSSL.EVP.Digest,  Patch by Taru Karttunen.
+
+	* OpenSSL/RSA.hsc: Add rsaCopyPublic and rsaKeyPairFinalize to
+	OpenSSL.RSA,  Patch by Taru Karttunen.
+
+	* OpenSSL/EVP/Cipher.hsc: Add cipherStrictLBS - Encrypt a lazy
+	bytestring in a strict manner. Does not leak the keys,
+	Patch by Taru Karttunen.
+
+	* HsOpenSSL.cabal: Bump version to 0.8
+
+2010-01-24  PHO  <pho@cielonegro.org>
+
+	* HsOpenSSL.cabal, OpenSSL/BN.hsc: Make HsOpenSSL compatible with
+	GHC 6.12.1,  Patch by Taru Karttunen.
+
+	* HsOpenSSL.cabal: Bump version to 0.7
+
+2009-08-03  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Cipher.hsc: OpenSSL.Cipher now exports the type AESCtx,
+	Suggested by Carl Mackey.
+
+	* HsOpenSSL.cabal: Bump version to 0.6.5
+
+2009-07-14  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/BIO.hsc: Unbreak BIO ForeignPtrs for GHC 6.10,
+	Patch by Taru Karttunen.
+
+	* HsOpenSSL.cabal: Bump version to 0.6.4
+
+2009-07-13  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/EVP/Sign.hsc (signBS, signLBS): These functions should
+	return Strict.Bytestring and Lazy.Bytestring respectively,
+	Suggested by Grant Monroe.
+
+	* HsOpenSSL.cabal: Bump version to 0.6.3
+
+2009-06-28  PHO  <pho@cielonegro.org>
+
+	* HsOpenSSL.cabal: Moved away from the Configure build type to the
+	Simple build type,  Patch by John Van Enk and his friend.
+
+	* cbits/mutex-*: Removed the direct dependency on pthreads. This
+	involved an indirection layer using the preprocessor. In
+	linux/bsd, we use pthreads. In windows, we call out to the OS
+	mutexing functions. This allows us to "cabal install" the
+	HsOpenSSL library from the cmd.exe terminal in windows *without*
+	having to use cygwin,  Patch by John Van Enk and his friend.
+
+	* HsOpenSSL.cabal: Bump version to 0.6.2
+
+2009-06-02  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc (lazyRead, lazyWrite, contextGetCAStore)
+	(contextSetPrivateKey, contextSetCertificate): New functions.
+
+	* HsOpenSSL.cabal: Bump version to 0.6.1
+
+2009-03-27  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/DSA.hsc: The data type "DSA" is now broken into two
+	separate types "DSAPubKey" and "DSAKeyPair" to distinguish between
+	public keys and keypairs at type-level. These two data types are
+	instances of class "DSAKey".
+
+	* OpenSSL/DSA.hsc (generateDSAParameters, generateDSAKey)
+	(generateDSAParametersAndKey, signDigestedDataWithDSA)
+	(verifyDigestedDataWithDSA): Rename functions to avoid name
+	collision with OpenSSL.RSA.
+
+	* OpenSSL/DSA.hsc (dsaToTuple, tupleToDSA): Break into separate
+	functions.
+
+	* OpenSSL/RSA.hsc: The data type "RSA" is now broken into two
+	separate types "RSAPubKey" and "RSAKeyPair" to distinguish between
+	public keys and keypairs at type-level. These two data types are
+	instances of class "RSAKey".
+
+	* OpenSSL/EVP/PKey.hsc: The data type "PKey" is now broken into
+	two separate classes, not data types, "PublicKey" and "KeyPair" to
+	distinguish between public keys and keypairs at type-level. You
+	can pass "RSAPubKey" and such like directly to cryptographic
+	functions instead of the prior polymorphic type "PKey", for the
+	sake of type classes.
+
+	* OpenSSL/EVP/Open.hsc (open, openBS, openLBS): Take "KeyPair k"
+	instead of "PKey".
+
+	* OpenSSL/EVP/Seal.hsc (seal, sealBS, sealLBS): Take
+	"SomePublicKey" instead of "PKey".
+
+	* OpenSSL/EVP/Sign.hsc (sign, signBS, signLBS): Take "KeyPair k"
+	instead of "PKey".
+
+	* OpenSSL/EVP/Verify.hsc (verify, verifyBS, verifyLBS): Take
+	"PublicKey k" instead of "PKey".
+
+	* OpenSSL/PEM.hsc (writePKCS8PrivateKey, readPrivateKey)
+	(writePublicKey, readPublicKey): Take/return "KeyPair k",
+	"SomKeyPair", "PublicKey k", or "SomePublicKey" instead of "PKey".
+
+	* OpenSSL/PKCS7.hsc (pkcs7Sign, pkcs7Decrypt): Take "KeyPair k"
+	instead of "PKey".
+
+	* OpenSSL/X509.hsc (signX509, verifyX509, getPublicKey)
+	(setPublicKey): Take/return "KeyPair k", "PublicKey k", or
+	"SomePublicKey" instead of "PKey".
+
+	* OpenSSL/X509/Request.hsc (signX509Req, verifyX509Req)
+	(getPublicKey, setPublicKey): Take/return "KeyPair k", "PublicKey
+	k", or "SomePublicKey" instead of "PKey".
+
+	* OpenSSL/X509/Revocation.hsc (signCRL, verifyCRL): Take "KeyPair
+	k" or "PublicKey k" instead of "PKey".
+
+	* OpenSSL/RSA.hsc (RSAPubKey, RSAKeyPair): Let these types be
+	instances of Eq, Ord and Show.
+
+	* OpenSSL/RSA.hsc (generateRSAKey'): New function.
+
+	* OpenSSL/DSA.hsc (DSAPubKey, DSAKeyPair): Let these types be
+	instances of Eq, Ord and Show.
+
+	* HsOpenSSL.cabal: Bump version to 0.6
+
+2009-02-20  PHO  <pho@cielonegro.org>
+
+	* HsOpenSSL.cabal: Fix incorrect dependency declaration in
+	HsOpenSSL.cabal. No semantical changes to the code.
+
+	* HsOpenSSL.cabal: Bump version to 0.5.2
+
+2009-02-02  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/**/*.hsc: Fix breakage on 64-bit architectures,
+	Reported by Neumark Péter.
+
+	* HsOpenSSL.cabal: Bump version to 0.5.1
+
+2009-01-14  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/BN.hsc, OpenSSL/PEM.hsc: Fix breakage on GHC 6.10.1, and
+	now requires 6.10.1...
+
+	* OpenSSL/EVP/Digest.hsc (pkcs5_pbkdf2_hmac_sha1): New function,
+	Patch by Taru Karttunen.
+
+	* HsOpenSSL.cabal: Bump version to 0.5
+
+2008-06-11  PHO  <pho@cielonegro.org>
+
+	* HsOpenSSL.cabal: No .hs files which are generated from .hsc
+	files should be in the tarball. If any .hs files are outdated,
+	Cabal seems to compile the outdated files instead of newer .hsc
+	files.
+
+	* HsOpenSSL.cabal: Bump version to 0.4.2
+
+2008-03-19  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc: Turn the Session IO inside out,
+	Patch by Adam Langley.
+
+	* OpenSSL/EVP/Digest.hsc: 64-bit fix for HMAC,
+	Patch by Adam Langley.
+
+	* OpenSSL/EVP/Cipher.hsc: Fix the foreign types of the cipher
+	functions to use CInt, not Int,  Patch by Adam Langley.
+
+	* OpenSSL/EVP/Digest.hsc: Add ByteString version of digestBS,
+	Patch by Adam Langley.
+
+	* OpenSSL/BN.hsc: Fix BN<->Integer conversions on 64-bit systems,
+	Patch by Adam Langley.
+
+	* OpenSSL/ASN1.hsc (peekASN1String): Another 64-bit fix,
+	Patch by Adam Langley.
+
+	* HsOpenSSL.cabal: Bump version to 0.4.1
+
+2008-02-14  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Session.hsc: Add the beginnings of session support,
+	Patch by Adam Langley.
+
+	* HsOpenSSL.cabal: Bump version to 0.4
+
+2007-11-05  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/EVP/Base64.hsc (decodeBlock): decodeBase64* weren't
+	dropping the padding NUL.
+
+	* HsOpenSSL.cabal: Updates for 6.8.1 (also *requires* 6.8.1 now),
+	Patch by Adam Langley
+
+	* HsOpenSSL.cabal: Bump version to 0.3.1
+
+2007-10-29  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/Cipher.hsc: Add non-EVP cipher support,
+	Patch by Adam Langley.
+
+	* OpenSSL/EVP/Digest.hsc: Add HMAC support in EVP,
+	Patch by Adam Langley.
+
+	* OpenSSL/Random.hsc: Add OpenSSL.Random,
+	Patch by Adam Langley.
+
+	* OpenSSL/BN.hsc: Additional utility functions in BN and exposing
+	BN,  Patch by Adam Langley.
+
+	* OpenSSL/BN.hsc: Bug fix for fast Integer<->BN functions,
+	Patch by Adam Langley.
+
+	* HsOpenSSL.cabal: Bump version to 0.3
+
+2007-10-14  PHO  <pho@cielonegro.org>
+
+	* OpenSSL/BN.hsc: Add support for fast Integer<->BN conversions,
+	Patch by Adam Langley.
+
+	* OpenSSL/DSA.hsc: Add DSA support,  Patch by Adam Langley.
+
+	* OpenSSL/BN.hsc (newBN): New BN utility function,
+	Patch by Adam Langley.
+
+	* OpenSSL/BN.hsc: FIX: set the BN ptr to NULL before calling
+	BN_dec2bn, otherwise that function thinks that there's a valid BN
+	there,  Patch by Adam Langley.
+
+	* OpenSSL/Utils.hsc: Add utility functions to print and read hex
+	numbers,  Patch by Adam Langley.
+
+	* HsOpenSSL.cabal: Bump version to 0.2
+
+2007-08-25  PHO  <pho@cielonegro.org>
+
+	* HsOpenSSL.hsc: Move hidden modules from Exposed-Modules to
+	Other-Modules.
+
+	* HsOpenSSL.cabal: Bump version to 0.1.1
diff --git a/HsOpenSSL.cabal b/HsOpenSSL.cabal
--- a/HsOpenSSL.cabal
+++ b/HsOpenSSL.cabal
@@ -12,7 +12,7 @@
     <http://hackage.haskell.org/package/tls>, which is a pure Haskell
     implementation of SSL.
     .
-Version:       0.10.3.5
+Version:       0.10.3.6
 License:       PublicDomain
 License-File:  COPYING
 Author:        Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen
@@ -26,7 +26,7 @@
 Build-Type:    Simple
 Extra-Source-Files:
     AUTHORS
-    NEWS
+    ChangeLog
     README.rst
     cbits/HsOpenSSL.h
     cbits/mutex.h
diff --git a/NEWS b/NEWS
deleted file mode 100644
--- a/NEWS
+++ /dev/null
@@ -1,438 +0,0 @@
--*- coding: utf-8 -*-
-
-Changes from 0.10.3.4 to 0.10.3.5
----------------------------------
-* OpenSSL.withOpenSSL is now safe to be applied redundantly, suggested
-  by Andrew Cowie (#26).
-
-* COPYING: Update the license to CC0: copyright waiver with a public
-  license fallback. See
-  http://creativecommons.org/publicdomain/zero/1.0/
-
-
-Changes from 0.10.3.3 to 0.10.3.4
----------------------------------
-* Fix a compilation issue that occurs when using a different builddir
-  with "cabal build --builddir=DIR", reported by Bit Connor (#23),
-  Gregory Collins (#24) and Bas van Dijk (#25).
-
-
-Changes from 0.10.3.2 to 0.10.3.3
----------------------------------
-* Merged #17 "Use MVar instead of QSem in OpenSSL.Session" by Mikhail
-  Vorozhtsov.
-
-
-Changes from 0.10.3.1 to 0.10.3.2
----------------------------------
-* Merged #15 "Fixed build with base-4.6" by Mikhail Vorozhtsov.
-* Added a configuration flag 'fast-bignum', fixes #16.
-
-
-Changes from 0.10.3 to 0.10.3.1
--------------------------------
-* Merged #14 "Fixed X509_STORE_CTX bindings vs OpenSSL 0.9.x" by
-  Mikhail Vorozhtsov.
-
-
-Changes from 0.10.2.1 to 0.10.3
--------------------------------
-* Merged #12 "Bindings to some of the X509_STORE_CTX functions" by
-  Mikhail Vorozhtsov:
-
-  - New functions in OpenSSL.X509.Store:
-    - getStoreCtxCert
-    - getStoreCtxIssuer
-    - getStoreCtxCRL
-    - getStoreCtxChain
-
-* Merged #13 "Fixed early verification callback deallocation crash" by
-  Mikhail Vorozhtsov.
-
-
-Changes from 0.10.2 to 0.10.2.1
--------------------------------
-* Merged #10 "Fix X509 PEM reading/writing" by Mikhail Vorozhtsov:
-
-  - OpenSSL.PEM.readX509 now uses PEM_read_bio_X509() instead of
-    PEM_read_bio_X509_AUX().
-
-  - OpenSSL.PEM.writeX509 now uses PEM_write_bio_X509() instead of
-    PEM_write_bio_X509_AUX().
-
-
-Changes from 0.10.1.4 to 0.10.2
--------------------------------
-* Merged #9 "Add raw pointer read/write operations" by Iavor
-  S. Diatchki:
-
-  - OpenSSL.Session.readPtr
-  - OpenSSL.Session.tryReadPtr
-  - OpenSSL.Session.writePtr
-  - OpenSSL.Session.tryWritePtr
-
-* Fixed #8 "HsOpenSSL 0.10.1.4 won't build" reported by vcxp:
-
-  - Workaround for broken versions of Cabal, including one that comes
-    with ghc-7.0.4.
-
-
-Changes from 0.10.1.3 to 0.10.1.4
----------------------------------
-* Fixed #7 "Haskell Platform 2011.4 Support", reported by stepcut:
-  - Foreign.ForeignPtr.Unsafe does not exist prior to base-4.4
-
-
-Changes from 0.10.1.2 to 0.10.1.3
----------------------------------
-* OpenSSL.Session:
-  - SSL, SSLContext, SSLResult, ShutdownType and VerificationMode are
-    now instances of Typeable.
-
-* Applied a series of patches "Various fixes for GHC 7.5" by Ben Gamari:
-  - Use unsafeForeignPtrToPtr from Foreign.ForeignPtr.Unsafe
-  - Use unsafePerformIO from System.IO.Unsafe
-  - Add Num to constraints with Bits
-
-
-Changes from 0.10.1.1 to 0.10.1.2
----------------------------------
-* Applied a patch by Mikhail Vorozhtsov:
-  - Moved all EVP-related private functions to OpenSSL.EVP.Internal.
-
-* Improve the error handling in OpenSSL.Session:
-  - SSL_get_error() must be called within the OS thread which caused
-    the failed operation as it inspects the thread-local storage.
-  - write/tryWrite should throw EPIPE for cleanly-closed connections
-    rather than EOF.
-  - shutdown/tryShutdown shouldn't throw an exception when a remote
-    peer sends us a "close notify" alert and closes the connection
-    without waiting for our reply.
-  - ProtocolError should contain an error message string.
-
-
-Changes from 0.10.1 to 0.10.1.1
--------------------------------
-* Applied a patch by Peter Gammie:
-  - GHC 6.12.3 friendliness: don't use Control.Monad.void
-
-* Applied a patch by Peter Gammie and David Terei:
-  - Placate LLVM in GHC 7.3.x HEAD: give memcpy the right
-    type. Courtesy of David Terei.
-
-* Applied a patch by Mikhail Vorozhtsov:
-  - Use throwIO instead of throw to raise SSL exceptions.
-
-* Fixed breakage on OpenSSL 0.9.8:
-  - DHparams_dup() is a function in OpenSSL 1.0.0 but is a macro in 0.9.8.
-  - OpenSSL 0.9.8 doesn't provide X509_CRL_get0_by_serial().
-
-
-Changes from 0.10 to 0.10.1
----------------------------
-* Applied patches by Mikhail Vorozhtsov:
-  - Added optional verification callback to VerifyPeer.
-  - Added revocation lookup function.
-  - Added bindings to Diffie-Hellman functions.
-  - Expose low-level asynchronous versions of accept, connect, read,
-    write and shutdown.
-
-* Moved the repository to GitHub:
-  git://github.com/phonohawk/HsOpenSSL.git
-
-
-Changes from 0.9.0.1 to 0.10
-----------------------------
-* Applied a patch by Mikhail Vorozhtsov to support wrapping plain file
-  descriptors in SSL connections.
-
-  - New function:
-      fdConnection :: SSLContext -> Socket -> IO SSL
-      sslFd :: SSL -> Fd
-
-  - Function signature change:
-      sslSocket :: SSL -> Maybe Socket
-      (It was "SSL -> Socket" before.)
-
-
-Changes from 0.9 to 0.9.0.1
----------------------------
-* Applied a patch by Mikhail Vorozhtsov
-
-  - Added missing BangPatterns pragma to OpenSSL/BN.hsc. It was
-    failing to build on GHC 7.1 without this.
-
-
-Changes from 0.8.0.2 to 0.9
----------------------------
-* (Suggested by Arthur Chan) Operations in OpenSSL.Session now throw
-  exceptions of individual exception types instead of plain
-  strings. The following exception types are defined:
-
-    - ConnectionCleanlyClosed
-    - ConnectionAbruptlyTerminated
-    - WantConnect
-    - WantAccept
-    - WantX509Lookup
-    - SSLIOError
-    - ProtocolError
-    - UnknownError(..)
-
-
-Changes from 0.8 to 0.8.0.2
----------------------------
-* 0.8.0.1 was broken so it's invalidated.
-
-* Fix Windows support as suggested in this page:
-  http://hackage.haskell.org/trac/ghc/wiki/Builder
-  (Thanks Edward Z. Yang for notifying me.)
-
-
-Changes from 0.7 to 0.8
------------------------
-* Applied 7 patches by Taru Karttunen:
-
-  - Add cipherStrictLBS - Encrypt a lazy bytestring in a strict
-    manner. Does not leak the keys
-
-  - Add rsaCopyPublic and rsaKeyPairFinalize to OpenSSL.RSA
-
-  - Document pkcs5_pbkdf2_hmac_sha1 in OpenSSL.EVP.Digest
-
-  - Make OpenSSL.EVP.Sign.signFinal use ByteStrings internally
-
-  - Export OpenSSL.EVP.Sign.signFinal
-
-  - Add PEM-functionality with a new PwBS that works like PwStr except
-    there are no superfluous extra copies retained in the memory.
-
-  - Make PEM callbacks use bracket which makes cleanup work even if
-    there are exceptions.
-
-
-Changes from 0.6.5 to 0.7
--------------------------
-* Applied patches by Taru Karttunen to make HsOpenSSL compatible with
-  GHC 6.12.1.
-
-* Many cosmetic changes to suppress warnings which GHC 6.12.1
-  emits. It shouldn't change any semantics.
-
-
-Changes from 0.6.4 to 0.6.5
----------------------------
-* Suggestion by Carl Mackey:
-
-  - OpenSSL.Cipher now exports a type AESCtx.
-
-
-Changes from 0.6.3 to 0.6.4
----------------------------
-* Applied a patch by Taru Karttunen:
-
-  > Unbreak BIO ForeignPtrs for GHC 6.10
-  >
-  > In GHC 6.10 it is no longer possible to mix C and Haskell
-  > finalizers on the same ForeignPtr. This patch fixes that
-  > and unbreaks things for GHC 6.10.
-
-
-Changes from 0.6.2 to 0.6.3
----------------------------
-* Suggestion by Grant Monroe:
-
-  - Changed the signature of OpenSSL.EVP.Sign.signBS from
-      signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO String
-    to
-      signBS :: KeyPair key => Digest -> key -> Strict.ByteString -> IO Strict.ByteString
-
-  - Changed the signature of OpenSSL.EVP.Sign.signLBS from
-      signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO String
-    to
-      signLBS :: KeyPair key => Digest -> key -> Lazy.ByteString -> IO Lazy.ByteString
-
-
-Chanegs from 0.6.1 to 0.6.2
----------------------------
-* Applied a patch by John Van Enk and his friend:
-
-  1) Moved away from the Configure build type to the Simple build
-     type.
-
-  2) Removed the direct dependency on pthreads. This involved an
-     indirection layer using the preprocessor. In linux/bsd, we use
-     pthreads. In windows, we call out to the OS mutexing
-     functions. This allows us to "cabal install" the HsOpenSSL
-     library from the cmd.exe terminal in windows *without* having to
-     use cygwin.
-
-
-Changes from 0.6 to 0.6.1
--------------------------
-* OpenSSL.Session:
-    - New functions:
-      # lazyRead
-      # lazyWrite
-      # contextGetCAStore
-      # contextSetPrivateKey
-      # contextSetCertificate
-
-
-Changes from 0.5.2 to 0.6
--------------------------
-* INCOMPATIBLE CHANGES:
-    + OpenSSL.DSA:
-        - The data type "DSA" is now broken into two separate types
-          "DSAPubKey" and "DSAKeyPair" to distinguish between public
-          keys and keypairs at type-level. These two data types are
-          instances of class "DSAKey".
-        - These functions are renamed to avoid name collision with
-          OpenSSL.RSA:
-            # generateParameters       --> generateDSAParameters
-            # generateKey              --> generateDSAKey
-            # generateParametersAndKey --> generateDSAParametersAndKey
-            # signDigestedData         --> signDigestedDataWithDSA
-            # verifyDigestedData       --> verifyDigestedDataWithDSA
-        - These functions are broken into two separate functions:
-            # dsaToTuple --> dsaPubKeyToTuple, dsaKeyPairToTuple
-            # tupleToDSA --> tupleToDSAPubKey, tupleToDSAKeyPair
-    + OpenSSL.RSA:
-        - The data type "RSA" is now broken into two separate types
-          "RSAPubKey" and "RSAKeyPair" to distinguish between public
-          keys and keypairs at type-level. These two data types are
-          instances of class "RSAKey".
-    + OpenSSL.EVP.PKey:
-        - The data type "PKey" is now broken into two separate
-          classes, not data types, "PublicKey" and "KeyPair" to
-          distinguish between public keys and keypairs at
-          type-level. You can pass "RSAPubKey" and such like directly
-          to cryptographic functions instead of the prior polymorphic
-          type "PKey", for the sake of type classes.
-    + OpenSSL.EVP.Open:
-        - These functions now take "KeyPair k" instead of "PKey":
-            # open
-            # openBS
-            # openLBS
-    + OpenSSL.EVP.Seal:
-        - These functions now take "SomePublicKey" instead of "PKey":
-            # seal
-            # sealBS
-            # sealLBS
-    + OpenSSL.EVP.Sign:
-        - These functions now take "KeyPair k" instead of "PKey":
-            # sign
-            # signBS
-            # signLBS
-    + OpenSSL.EVP.Verify:
-        - These functions now take "PublicKey k" instead of "PKey":
-            # verify
-            # verifyBS
-            # verifyLBS
-    + OpenSSL.PEM:
-        - writePKCS8PrivateKey now takes "KeyPair k" instead of "PKey".
-        - readPrivateKey now returns "SomeKeyPair" instead of "PKey".
-        - writePublicKey now takes "PublicKey k" instead of "PKey".
-        - readPublicKey now returns "SomePublicKey" instead of "PKey".
-    + OpenSSL.PKCS7:
-        - pkcs7Sign now takes "KeyPair k" instead of "PKey".
-        - pkcs7Decrypt now takes "KeyPair k" instead of "PKey".
-    + OpenSSL.X509:
-        - signX509 now takes "KeyPair k" instead of "PKey".
-        - verifyX509 now takes "PublicKey k" instead of "PKey".
-        - getPublicKey now returns "SomePublicKey" instead of "PKey".
-        - setPublicKey now takes "PublicKey k" instead of "PKey".
-    + OpenSSL.X509.Request:
-        - signX509Req now takes "KeyPair k" instead of "PKey".
-        - verifyX509Req now takes "PublicKey k" instead of "PKey".
-        - getPublicKey now returns "SomePublicKey" instead of "PKey".
-        - setPublicKey now takes "PublicKey k" instead of "PKey".
-    + OpenSSL.X509.Revocation:
-        - signCRL now takes "KeyPair k" instead of "PKey".
-        - verifyCRL now takes "PublicKey k" instead of "PKey".
-* OpenSSL.RSA:
-    - RSAPubKey and RSAKeyPair are now instances of Eq, Ord and Show.
-    - New function: generateRSAKey'
-* OpenSSL.DSA:
-    - DSAPubKey and DSAKeyPair are now instances of Eq, Ord and Show.
-
-Changes from 0.5.1 to 0.5.2
----------------------------
-* Fixed incorrect dependency declaration in HsOpenSSL.cabal. No
-  semantical changes to the code.
-
-Changes from 0.5 to 0.5.1
--------------------------
-* Fixed breakage on 64-bit architectures.
-  Reported by: Neumark Péter
-
-Changes from 0.4.2 to 0.5
--------------------------
-* Fixed breakage on GHC 6.10.1. And now requires 6.10.1...
-* Applied a patch by Taru Karttunen:
-  -  Add pkcs5_pbkdf2_hmac_sha1 to OpenSSL.EVP.Digest
-
-
-Changes from 0.4.1 to 0.4.2
----------------------------
-* No .hs files which are generated from .hsc files should be in the
-  tarball. If any .hs files are outdated, Cabal seems to compile the
-  outdated files instead of newer .hsc files.
-
-
-Changes from 0.4 to 0.4.1
--------------------------
-* Applied patches by Adam Langley:
-  - Fix BN<->Integer conversions on 64-bit systems
-  - Another 64-bit fix (OpenSSL.ASN1.peekASN1String)
-  - Add ByteString version of digestBS
-  - Fix the foreign types of the cipher functions to use CInt, not Int
-  - 64-bit fix for HMAC
-  - Turn the Session IO inside out
-  - Silly cosmetic change
-
-
-Changes from 0.3.1 to 0.4
--------------------------
-* Applied patches by Adam Langley:
-  - Add the beginnings of session support
-  - Add an example SSL server
-
-
-Changes from 0.3 to 0.3.1
--------------------------
-* OpenSSL.EVP.Base64: Fix a bug in an internal function `decodeBlock':
-  decodeBase64* didn't drop the padding NUL.
-* Applied patches by Adam Langley:
-  - Updates for 6.8.1 (also *requires* 6.8.1 now)
-  - tests/Base64.hs: Test for Base64
-
-
-Changes from 0.2 to 0.3
------------------------
-* Applied patches by Adam Langley:
-  - tests/DSA.hs: Add a DSA test: this just adds a binary which tests
-    a few simple DSA cases (and runs a timing test) and prints "PASS"
-    as the last line of stdout in the case that everything looks good.
-    It doesn't include any hooks nor framework for running these.
-  - Bug fix for fast Integer<->BN functions
-  - OpenSSL.Cipher: Add non-EVP cipher support
-  - OpenSSL.EVP.Digest: Add HMAC support in EVP
-  - OpenSSL.Random: Add OpenSSL.Random
-  - OpenSSL.BN: Additional utility functions in BN and exposing BN
-
-
-Changes from 0.1.1. to 0.2
---------------------------
-* Applied patches by Adam Langley:
-  - OpenSSL.DSA: Add DSA support
-  - OpenSSL.BN: Add support for fast Integer<->BN conversions
-  - OpenSSL.BN: New BN utility function, newBN
-  - OpenSSL.BN: FIX: set the BN ptr to NULL before calling BN_dec2bn,
-    otherwise that function thinks that there's a valid BN there
-  - OpenSSL.Utils: Add utility functions to print and read hex numbers
-
-
-Changes from 0.1 to 0.1.1
--------------------------
-* Moved hidden modules from Exposed-Modules to Other-Modules.
-* Added "time >= 1.1.1" to the Build-Depends.
diff --git a/OpenSSL.hsc b/OpenSSL.hsc
--- a/OpenSSL.hsc
+++ b/OpenSSL.hsc
@@ -55,6 +55,9 @@
 import OpenSSL.SSL
 import System.IO.Unsafe
 
+#if !MIN_VERSION_base(4,6,0)
+import Control.Exception (onException, mask_)
+#endif
 
 foreign import ccall "HsOpenSSL_setupMutex"
         setupMutex :: IO ()
@@ -91,6 +94,19 @@
                 return True
          io
 
+#if !MIN_VERSION_base(4,6,0)
+{-|
+  Like 'modifyMVar_', but the @IO@ action in the second argument is executed with
+  asynchronous exceptions masked.
+-}
+{-# INLINE modifyMVarMasked_ #-}
+modifyMVarMasked_ :: MVar a -> (a -> IO a) -> IO ()
+modifyMVarMasked_ m io =
+  mask_ $ do
+    a  <- takeMVar m
+    a' <- io a `onException` putMVar m a
+    putMVar m a'
+#endif
 
 -- This variable must be atomically fetched/stored not to initialise
 -- the library twice.
