Make `openssl x509 -noout -modulus' functional also for DSA certificates (in
addition to RSA certificates) to match the behaviour of `openssl dsa -noout
-modulus' as it's already the case for `openssl rsa -noout -modulus'.  For RSA
the -modulus is the real "modulus" while for DSA currently the public key is
printed (a decision which was already done by `openssl dsa -modulus' in the
past) which serves a similar purpose.  Additionally the NO_RSA no longer
completely removes the whole -modulus option; it now only avoids using the RSA
stuff. Same applies to NO_DSA now, too.
diff --git a/CHANGES b/CHANGES
index 93f1447..19bd019 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,17 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
   *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
      BIO. See the source (crypto/evp/bio_ok.c) for more info.
      [Arne Ansper <arne@ats.cyber.ee>]