diff --git a/Examples/Stunnel.hs b/Examples/Stunnel.hs
--- a/Examples/Stunnel.hs
+++ b/Examples/Stunnel.hs
@@ -17,7 +17,6 @@
 import Data.Certificate.PEM
 import Data.Certificate.X509
 import qualified Data.Certificate.KeyRSA as KeyRSA
-import qualified Crypto.Cipher.RSA as RSA
 
 import qualified Crypto.Random.AESCtr as RNG
 import Network.TLS
@@ -114,19 +113,9 @@
 	let pkdata = case parsePEMKeyRSA content of
 		Nothing -> error ("no valid RSA key section")
 		Just x  -> L.fromChunks [x]
-	let pk = case KeyRSA.decodePrivate pkdata of
-		Left err -> error ("cannot decode key: " ++ err)
-		Right x  -> PrivRSA $ RSA.PrivateKey
-			{ RSA.private_sz   = fromIntegral $ KeyRSA.lenmodulus x
-			, RSA.private_n    = KeyRSA.modulus x
-			, RSA.private_d    = KeyRSA.private_exponant x
-			, RSA.private_p    = KeyRSA.p1 x
-			, RSA.private_q    = KeyRSA.p2 x
-			, RSA.private_dP   = KeyRSA.exp1 x
-			, RSA.private_dQ   = KeyRSA.exp2 x
-			, RSA.private_qinv = KeyRSA.coef x
-			}
-	return pk
+	case KeyRSA.decodePrivate pkdata of
+		Left err     -> error ("cannot decode key: " ++ err)
+		Right (_,pk) -> return $ PrivRSA pk
 
 data Stunnel =
 	  Client
diff --git a/Network/TLS/Extra/Certificate.hs b/Network/TLS/Extra/Certificate.hs
--- a/Network/TLS/Extra/Certificate.hs
+++ b/Network/TLS/Extra/Certificate.hs
@@ -121,17 +121,16 @@
 --   md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
 --   md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
 --   md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
-verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD2.hash asn1 (mkRSA rsak)
+verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD2.hash asn1 rsak
 	where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x02\x10"
 
-verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD5.hash asn1 (mkRSA rsak)
+verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD5.hash asn1 rsak
 	where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10"
 
-verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify SHA1.hash asn1 (mkRSA rsak)
+verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify SHA1.hash asn1 rsak
 	where asn1 = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14"
 
-verifyF (SignatureALG HashSHA1 PubKeyALG_DSA) (PubKeyDSA (pub,p,q,g)) = dsaSHA1Verify pk
-	where pk = DSA.PublicKey { DSA.public_params = (p,g,q), DSA.public_y = pub }
+verifyF (SignatureALG HashSHA1 PubKeyALG_DSA) (PubKeyDSA dsak) = dsaSHA1Verify dsak
 			
 verifyF _ _ = (\_ _ -> Left "unexpected/wrong signature")
 
@@ -139,9 +138,6 @@
 	where asig = (0,0) {- FIXME : need to work out how to get R/S from the bytestring a -}
 
 rsaVerify h hdesc pk a b = either (Left . show) (Right) $ RSA.verify h hdesc pk a b
-
-mkRSA (lenmodulus, modulus, e) =
-	RSA.PublicKey { RSA.public_sz = lenmodulus, RSA.public_n = modulus, RSA.public_e = e }
 
 -- | Verify that the given certificate chain is application to the given fully qualified host name.
 certificateVerifyDomain :: String -> [X509] -> TLSCertificateUsage
diff --git a/tls-extra.cabal b/tls-extra.cabal
--- a/tls-extra.cabal
+++ b/tls-extra.cabal
@@ -1,5 +1,5 @@
 Name:                tls-extra
-Version:             0.4.0
+Version:             0.4.1
 Description:
    a set of extra definitions, default values and helpers for tls.
 License:             BSD3
@@ -28,15 +28,15 @@
 
 Library
   Build-Depends:     base > 3 && < 5
-                   , tls >= 0.8 && < 0.9
+                   , tls >= 0.8.2 && < 0.9
                    , mtl
                    , network >= 2.3
                    , cryptohash >= 0.6
                    , bytestring
                    , vector
                    , crypto-api >= 0.5
-                   , cryptocipher >= 0.2.5
-                   , certificate >= 0.9.3 && < 1.0
+                   , cryptocipher >= 0.3.0
+                   , certificate >= 1.0.0 && < 1.1.0
                    , text >= 0.5 && < 1.0
                    , time
   Exposed-modules:   Network.TLS.Extra
@@ -54,7 +54,7 @@
   if flag(executable)
     Build-Depends:   network
                    , cmdargs
-                   , cprng-aes
+                   , cprng-aes >= 0.2.3
     Buildable:       True
   else
     Buildable:       False
@@ -76,7 +76,7 @@
   if flag(executable)
     Build-Depends:   network
                    , cmdargs
-                   , cprng-aes
+                   , cprng-aes >= 0.2.3
     Buildable:       True
   else
     Buildable:       False
