diff --git a/CHANGES b/CHANGES
index c3f7f1890..d117eb631 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Remove pointless MD5 hash when using DSA keys in ca.
+     [Anonymous <nobody@replay.com>]
+
   *) Generate an error if given an empty string as a cert directory. Also
      generate an error if handed NULL (previously returned 0 to indicate an
      error, but didn't set one).
diff --git a/apps/ca.c b/apps/ca.c
index 7a1428539..1ea90aa96 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1023,11 +1023,15 @@ bad:
 				}
 			}
 		else
-			dgst=EVP_md5();
+		    {
 #ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA) 
-		    dgst = EVP_dss1() ;
+		    if (pkey->type == EVP_PKEY_DSA) 
+			dgst=EVP_dss1();
+		    else
 #endif
+			dgst=EVP_md5();
+		    }
+
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
 		PEM_write_bio_X509_CRL(Sout,crl);