Remove pointless MD5 hash.
Contributed by: Anonymous <nobody@replay.com>
diff --git a/CHANGES b/CHANGES
index c3f7f18..d117eb6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
Changes between 0.9.1c and 0.9.2
+ *) Remove pointless MD5 hash when using DSA keys in ca.
+ [Anonymous <nobody@replay.com>]
+
*) Generate an error if given an empty string as a cert directory. Also
generate an error if handed NULL (previously returned 0 to indicate an
error, but didn't set one).
diff --git a/apps/ca.c b/apps/ca.c
index 7a14285..1ea90aa 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1023,11 +1023,15 @@
}
}
else
- dgst=EVP_md5();
+ {
#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- dgst = EVP_dss1() ;
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst=EVP_dss1();
+ else
#endif
+ dgst=EVP_md5();
+ }
+
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
