diff --git a/CHANGES b/CHANGES index 93f1447627..19bd019401 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,17 @@ Changes between 0.9.1c and 0.9.2 + *) Make `openssl x509 -noout -modulus' functional also for DSA certificates + (in addition to RSA certificates) to match the behaviour of `openssl dsa + -noout -modulus' as it's already the case for `openssl rsa -noout + -modulus'. For RSA the -modulus is the real "modulus" while for DSA + currently the public key is printed (a decision which was already done by + `openssl dsa -modulus' in the past) which serves a similar purpose. + Additionally the NO_RSA no longer completely removes the whole -modulus + option; it now only avoids using the RSA stuff. Same applies to NO_DSA + now, too. + [Ralf S. Engelschall] + *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested BIO. See the source (crypto/evp/bio_ok.c) for more info. [Arne Ansper ] diff --git a/apps/x509.c b/apps/x509.c index c4e4890999..c20d213b3d 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -468,7 +468,6 @@ bad: BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } else -#ifndef NO_RSA if (modulus == i) { EVP_PKEY *pkey; @@ -481,15 +480,21 @@ bad: goto end; } BIO_printf(STDout,"Modulus="); +#ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) BN_print(STDout,pkey->pkey.rsa->n); else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + BN_print(STDout,pkey->pkey.dsa->pub_key); + else +#endif BIO_printf(STDout,"Wrong Algorithm type"); BIO_printf(STDout,"\n"); EVP_PKEY_free(pkey); } else -#endif if (C == i) { unsigned char *d;