diff --git a/AUTHORS b/AUTHORS
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,4 +1,5 @@
 This is a list of contributors to the HsOpenSSL.
 
 * Adam Langley <agl@imperialviolet.org>
+* Taru Karttunen <taruti@taruti.net>
 * PHO <pho@cielonegro.org>
diff --git a/HsOpenSSL.cabal b/HsOpenSSL.cabal
--- a/HsOpenSSL.cabal
+++ b/HsOpenSSL.cabal
@@ -5,16 +5,16 @@
         generate RSA and DSA keys, read and write PEM files, generate
         message digests, sign and verify messages, encrypt and decrypt
         messages.
-Version: 0.4.2
+Version: 0.5
 License: PublicDomain
 License-File: COPYING
 Author: Adam Langley <agl at imperialviolet.org>, PHO <pho at cielonegro.org>
 Maintainer: PHO <pho at cielonegro.org>
 Stability: experimental
-Homepage: http://ccm.sherry.jp/HsOpenSSL/
+Homepage: http://cielonegro.org/HsOpenSSL/
 Category: Cryptography
-Tested-With: GHC == 6.8.1
-Cabal-Version: >= 1.2
+Tested-With: GHC == 6.10.1
+Cabal-Version: >= 1.2.3
 Build-Type: Configure
 
 Extra-Source-Files:
@@ -38,13 +38,13 @@
 
 Library
   if flag(splitBase)
-    build-depends: base >= 3, bytestring, time >= 1.1.1, old-locale, network>=2.1.0.0
+    build-depends: base >= 3, bytestring, ghc-prim, integer, time >= 1.1.1, old-locale, network>=2.1.0.0
   else
     build-depends: base < 3, time >= 1.1.1
 
   --PkgConfig-Depends: openssl >= 0.9.7l
   -- We really should use this instead of the configure script but
-  -- Cabal 1.2.2.0 can't handle the weird version scheme of OpenSSL.
+  -- Cabal 1.6.0.1 can't handle this weird version scheme of OpenSSL.
 
   Exposed-Modules:
           OpenSSL
@@ -78,9 +78,10 @@
           OpenSSL.Utils
           OpenSSL.X509.Name
   Extensions:
-          ForeignFunctionInterface, EmptyDataDecls, MagicHash
+          ForeignFunctionInterface, EmptyDataDecls, MagicHash,
+          UnboxedTuples, UnliftedFFITypes, DeriveDataTypeable
   ghc-options:
-          -Wall -fglasgow-exts
+          -Wall
   C-Sources:
           cbits/HsOpenSSL.c
   Include-Dirs:
diff --git a/NEWS b/NEWS
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+Changes from 0.4.2 to 0.5
+___________________________
+* Fixed breakage on GHC 6.10.1. And now requires 6.10.1...
+* Applied a patch by Taru Karttunen:
+  -  Add pkcs5_pbkdf2_hmac_sha1 to OpenSSL.EVP.Digest
+
+
 Changes from 0.4.1 to 0.4.2
 ---------------------------
 * No .hs files which are generated from .hsc files should be in the
diff --git a/OpenSSL/BN.hsc b/OpenSSL/BN.hsc
--- a/OpenSSL/BN.hsc
+++ b/OpenSSL/BN.hsc
@@ -54,6 +54,7 @@
 import           GHC.Base
 import           GHC.Num
 import           GHC.Prim
+import           GHC.Integer.Internals
 import           GHC.IOBase (IO(..))
 #endif
 
diff --git a/OpenSSL/EVP/Digest.hsc b/OpenSSL/EVP/Digest.hsc
--- a/OpenSSL/EVP/Digest.hsc
+++ b/OpenSSL/EVP/Digest.hsc
@@ -27,11 +27,12 @@
     , digestLBS
 
     , hmacBS
+    , pkcs5_pbkdf2_hmac_sha1
     )
     where
 
 import           Control.Monad
-import           Data.ByteString.Internal (createAndTrim)
+import           Data.ByteString.Internal (createAndTrim, create)
 import           Data.ByteString.Unsafe (unsafeUseAsCStringLen)
 import qualified Data.ByteString.Char8 as B8
 import qualified Data.ByteString.Lazy.Char8 as L8
@@ -204,3 +205,21 @@
   do _HMAC md keydata (fromIntegral keylen) inputdata (fromIntegral inputlen) bufPtr bufLenPtr
      bufLen <- liftM fromIntegral $ peek bufLenPtr
      B8.packCStringLen (bufPtr, bufLen)
+
+pkcs5_pbkdf2_hmac_sha1 :: B8.ByteString -- ^ password
+                       -> B8.ByteString -- ^ salt
+                       -> Int           -- ^ iterations
+                       -> Int           -- ^ destination key length
+                       -> B8.ByteString -- ^ destination key
+pkcs5_pbkdf2_hmac_sha1 pass salt iter dkeylen =
+  unsafePerformIO $
+  unsafeUseAsCStringLen pass $ \(passdata, passlen) ->
+  unsafeUseAsCStringLen salt $ \(saltdata, saltlen) ->
+  create dkeylen $ \dkeydata ->
+  do _PKCS5_PBKDF2_HMAC_SHA1 passdata (fromIntegral passlen) saltdata (fromIntegral saltlen) (fromIntegral iter) (fromIntegral dkeylen) (castPtr dkeydata)
+     return ()
+
+foreign import ccall unsafe "PKCS5_PBKDF2_HMAC_SHA1" _PKCS5_PBKDF2_HMAC_SHA1 :: Ptr CChar -> CInt
+                                                                             -> Ptr CChar -> CInt
+                                                                             -> CInt -> CInt -> Ptr CChar
+                                                                             -> IO CInt
diff --git a/OpenSSL/PEM.hsc b/OpenSSL/PEM.hsc
--- a/OpenSSL/PEM.hsc
+++ b/OpenSSL/PEM.hsc
@@ -53,12 +53,14 @@
 
 -- |@'PemPasswordCallback'@ represents a callback function to supply a
 -- password.
-type PemPasswordCallback
-    =  Int                -- ^ maximum length of the password to be
-                          --   accepted
-    -> PemPasswordRWState -- ^ context
-    -> IO String          -- ^ the result password
-
+--
+--   [@Int@] The maximum length of the password to be accepted.
+--
+--   [@PemPasswordRWState@] The context.
+--
+--   [@IO String@] The resulting password.
+--
+type PemPasswordCallback  = Int -> PemPasswordRWState -> IO String
 type PemPasswordCallback' = Ptr CChar -> Int -> Int -> Ptr () -> IO Int
 
 
@@ -108,7 +110,7 @@
                     return passLen
       in
         try `catch` \ exc ->
-            do hPutStrLn stderr $ show exc
+            do hPutStrLn stderr (show (exc :: SomeException))
                return 0 -- zero indicates an error
     where
       failForTooLongPassword :: Int -> IO a
diff --git a/OpenSSL/Session.hsc b/OpenSSL/Session.hsc
--- a/OpenSSL/Session.hsc
+++ b/OpenSSL/Session.hsc
@@ -137,8 +137,10 @@
 
 -- | See <http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html>
 data VerificationMode = VerifyNone
-                      | VerifyPeer Bool  -- ^ is a certificate required
-                                   Bool  -- ^ only request once per connection
+                      | VerifyPeer {
+                          vpFailIfNoPeerCert :: Bool  -- ^ is a certificate required
+                        , vpClientOnce       :: Bool  -- ^ only request once per connection
+                        }
 
 foreign import ccall unsafe "SSL_CTX_set_verify"
    _ssl_set_verify_mode :: Ptr SSLContext_ -> CInt -> Ptr () -> IO ()
diff --git a/tests/Base64.hs b/tests/Base64.hs
--- a/tests/Base64.hs
+++ b/tests/Base64.hs
@@ -9,6 +9,24 @@
 import qualified Data.ByteString.Lazy as BSL
 import           OpenSSL.EVP.Base64
 
+{-
+  Comment by PHO:
+
+  These instance declarations now seem to be part of
+  Data.ByteString. What should we do then?
+
+  Base64.hs:12:9:
+      Duplicate instance declarations:
+        instance IsString BS.ByteString -- Defined at Base64.hs:12:9-30
+        instance IsString BS.ByteString -- Defined in Data.ByteString.Char8
+
+  Base64.hs:17:9:
+      Duplicate instance declarations:
+        instance IsString BSL.ByteString -- Defined at Base64.hs:17:9-31
+        instance IsString BSL.ByteString
+          -- Defined in Data.ByteString.Lazy.Char8
+-}
+{-
 instance IsString BS.ByteString where
   fromString = BS.pack . map (fromIntegral . ord)
 
@@ -16,6 +34,7 @@
 -- This is to stress the lazy code - not because it's a good idea generally
 instance IsString BSL.ByteString where
   fromString = BSL.fromChunks . map (BS.singleton . fromIntegral . ord)
+-}
 
 encodeTests :: [(BS.ByteString, BS.ByteString)]
 encodeTests =
