diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2021-04-19  Vladimir Shabanov  <dev@vshabanov.com>
+
+	* HsOpenSSL.cabal (Version): Bump version to 0.11.7
+
+	* Added Session.contextSetDefaultVerifyPaths
+	by Alexander Biehl @alexbiehl (#59)
+
+	* Fix for LibreSSL (#58)
+
 2021-04-05  Vladimir Shabanov  <dev@vshabanov.com>
 
 	* HsOpenSSL.cabal (Version): Bump version to 0.11.6.1
diff --git a/HsOpenSSL.cabal b/HsOpenSSL.cabal
--- a/HsOpenSSL.cabal
+++ b/HsOpenSSL.cabal
@@ -10,7 +10,7 @@
     systems and stable. You may also be interested in the @tls@ package,
     <http://hackage.haskell.org/package/tls>, which is a pure Haskell
     implementation of SSL.
-Version:       0.11.6.2
+Version:       0.11.7
 License:       PublicDomain
 License-File:  COPYING
 Author:        Adam Langley, Mikhail Vorozhtsov, PHO, Taru Karttunen
diff --git a/OpenSSL/Cipher.hsc b/OpenSSL/Cipher.hsc
--- a/OpenSSL/Cipher.hsc
+++ b/OpenSSL/Cipher.hsc
@@ -1,3 +1,6 @@
+#include "HsOpenSSL.h"
+#include "openssl/aes.h"
+
 {-# LANGUAGE EmptyDataDecls           #-}
 {-# LANGUAGE ForeignFunctionInterface #-}
 -- | This module interfaces to some of the OpenSSL ciphers without using
@@ -21,8 +24,7 @@
 #endif
     )
     where
-#include "HsOpenSSL.h"
-#include "openssl/aes.h"
+
 import           Control.Monad (when, unless)
 import           Data.IORef
 import           Foreign
diff --git a/OpenSSL/Session.hsc b/OpenSSL/Session.hsc
--- a/OpenSSL/Session.hsc
+++ b/OpenSSL/Session.hsc
@@ -26,6 +26,7 @@
   , contextCheckPrivateKey
   , VerificationMode(..)
   , contextSetVerificationMode
+  , contextSetDefaultVerifyPaths
   , contextSetCAFile
   , contextSetCADirectory
   , contextGetCAStore
@@ -78,7 +79,7 @@
 
   ) where
 
-#include "openssl/ssl.h"
+#include "HsOpenSSL.h"
 
 import Prelude hiding (
 #if !MIN_VERSION_base(4,6,0)
@@ -308,6 +309,27 @@
     _ssl_set_verify_mode ctx mode $ fromMaybe nullFunPtr newCb
     return ()
 
+foreign import ccall unsafe "SSL_CTX_set_default_verify_paths"
+  _ssl_set_default_verify_paths :: Ptr SSLContext_ -> IO CInt
+
+-- | Specifies that the default locations from which CA certificates are loaded
+-- should be used. There is one default directory and one default file.
+--
+-- The default CA certificates directory is called "certs" in the default OpenSSL
+-- directory. Alternatively the SSL_CERT_DIR environment variable can be defined
+-- to override this location.
+--
+-- The default CA certificates file is called "cert.pem" in the default OpenSSL
+-- directory. Alternatively the SSL_CERT_FILE environment
+-- variable can be defined to override this location.
+--
+-- See <https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html> for
+-- more information.
+contextSetDefaultVerifyPaths :: SSLContext -> IO ()
+contextSetDefaultVerifyPaths context =
+  withContext context $ \ctx ->
+    _ssl_set_default_verify_paths ctx >>= failIf_ (/= 1)
+
 foreign import ccall unsafe "SSL_CTX_load_verify_locations"
   _ssl_load_verify_locations :: Ptr SSLContext_ -> Ptr CChar -> Ptr CChar -> IO CInt
 
@@ -501,11 +523,13 @@
   (#const SSL_ERROR_WANT_CONNECT) -> "SSL_ERROR_WANT_CONNECT"
   (#const SSL_ERROR_WANT_ACCEPT) -> "SSL_ERROR_WANT_ACCEPT"
   (#const SSL_ERROR_WANT_X509_LOOKUP) -> "SSL_ERROR_WANT_X509_LOOKUP"
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if defined(SSL_ERROR_WANT_ASYNC)
   (#const SSL_ERROR_WANT_ASYNC) -> "SSL_ERROR_WANT_ASYNC"
+#endif
+#if defined(SSL_ERROR_WANT_ASYNC_JOB)
   (#const SSL_ERROR_WANT_ASYNC_JOB) -> "SSL_ERROR_WANT_ASYNC_JOB"
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if defined(SSL_ERROR_WANT_CLIENT_HELLO_CB)
   (#const SSL_ERROR_WANT_CLIENT_HELLO_CB) -> "SSL_ERROR_WANT_CLIENT_HELLO_CB"
 #endif
   (#const SSL_ERROR_SYSCALL) -> "SSL_ERROR_SYSCALL"
