diff --git a/doc/examples/makefile.am b/doc/examples/makefile.am
index 5575f3d..e6b38c4 100644
--- a/doc/examples/makefile.am
+++ b/doc/examples/makefile.am
@@ -12,7 +12,7 @@ pcsc_demo_SOURCES = pcsc-demo.cxx
 pcsc_demo_LDADD = -lpcsclite
 
 cryptoki_demo_SOURCES = cryptoki-demo.cxx
-cryptoki_demo_LDADD = -ldl -lpthread -lcryptoki++
+cryptoki_demo_LDADD = -ldl -lpthread -lssl -lcryptoki++
 cryptoki_demo_LDFLAGS = -L${top_builddir}/src
 
 MAINTAINERCLEANFILES = makefile.in
diff --git a/src/makefile.am b/src/makefile.am
index 78d3cdc..922c2ac 100644
--- a/src/makefile.am
+++ b/src/makefile.am
@@ -12,6 +12,7 @@ pkcs11dir = ${includedir}/pkcs11
 lib_LTLIBRARIES = libcryptoki++.la
 
 libcryptoki___la_SOURCES = cryptoki.cxx cryptoki.hxx ${pkcs11_HEADERS}
+libcryptoki___la_LIBADD = -llibssl
 
 if BUILD_WIN
 else
diff --git a/src/openssl.hxx b/src/openssl.hxx
index 861f92d..9b97f41 100644
--- a/src/openssl.hxx
+++ b/src/openssl.hxx
@@ -15,6 +15,7 @@
 #include <openssl/err.h>
 #include <vector>
 
+#include <openssl/x509v3.h> // BASIC_CONSTRAINTS
 #include <cryptaux.hxx>
 #include <cstdio>
 
@@ -338,19 +339,15 @@ namespace openssl {
         return std::string((char*)M_ASN1_STRING_data(cn),
                            M_ASN1_STRING_length(cn));
       }
-      //! Check for basic constraints.
-      /*! e.g. check for CA certificate:
-          @code
-          if (x509.basicConstraints() && x509.basicConstraints()->ca) [...]
-          @endcode
-          @return 0 if there are no basic constraints */
-      BASIC_CONSTRAINTS* basicConstraints() {
+      //! Check whether it's a CA certificate.
+      bool isCa() {
         static BASIC_CONSTRAINTS* bc(0);
         if (!bc) {
           int pos(X509_get_ext_by_NID(_x509, NID_basic_constraints, -1));
-          if (pos>=0) bc = X509V3_EXT_d2i(X509_get_ext(_x509, pos));
+          if (pos>=0)
+            bc = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(X509_get_ext(_x509, pos));
         }
-        return bc;
+        return bc&&bc->ca;
       }
       //! Get organizational unit name.
       std::string organizationalUnitName() const {
@@ -367,11 +364,11 @@ namespace openssl {
       std::string keyUsageFlags() const {
         int pos(X509_get_ext_by_NID(_x509, NID_key_usage, -1));
         if (pos>=0) {
-          ASN1_BIT_STRING ku(d2i(X509_get_ext(_x509, pos)));
+          ASN1_BIT_STRING* ku((ASN1_BIT_STRING*)X509V3_EXT_d2i
+                              (X509_get_ext(_x509, pos)));
           return std::string((char*)M_ASN1_STRING_data(ku),
-                             M_ASN1_STRING_lengthku));
-        else
-          return std::string(); //! @todo better throw exception?
+                             M_ASN1_STRING_length(ku));
+        } else return std::string(); //! @todo better throw exception?
       }
     private:
       ::X509* _x509;